Category Archives: Industry News

Potential Victims to Very Smart Thieves

cat paw stealing cookie

Employees need to know what their employers’ philosophy is behind technology. Does my employer want me to use whatever app I choose? Can I just store and share work information where it is most convenient for me? Will my employer listen when I explain how much my cloud app does to improve my workflow? If you as the employer listen, you could save your business from an incident or a serious breach.

It is amazing that the news is filled with data breach, data loss, ransomware, and spear phishing, and yet many businesses still think they are immune from an attack. If you are connected to the Internet, you are a highly susceptible victim. Do not take this to mean that you should not run your business with the highly efficient and collaborative tools that cloud services offer. It just means think and act to protect your enterprise assets and employees.

Let’s first cover where a major number of incidents start. Your enterprise weakness . . . the employee. It doesn’t matter if you have the best employees in the universe, they are human. Hackers perfect the way they attack; that is their job. They have become so good at what they do that good employees send out W-2s, transfer millions to banks in foreign countries, and hand out their logon credentials without question.

Now let’s talk about what you can do to help your employees to not become victims.

  • Educate them; make them a part of the process. Communicate. It is everyone’s fight.
  • Go ahead and make your most techy employee an honorary go-to person for others with questions.
  • Gain visibility with proactive monitoring tools. Trust me–this is not an employee privacy invasion. You need to know what is going on first; then make informed decisions.
  • Make sure there is a process in place for an employee who questions something. Make the process part of your Acceptable Use Policy (AUP).

And then the important basics we all know, but are worth repeating . . .

  • Back up regularly and make sure your recovery process is tried and true. Think ransomware attack recovery, so keep it where you can get to it but others can’t.
  • Patch – There is no longer an option to do updates. Many are for security, so just do it and do it consistently. It’s patch management, not patch whenever.
  • Passwords – Maintain, manage, and get creative. Use a password manager if needed.
  • Off-boarding – Make sure to purge all credentials for ex-employees or contractors. How do you know if they are still there? Monitor!!
  • Layered security – Get a firewall, but don’t expect all-in-one add-ons to be impressive. For example, don’t expect the firewall Web-use reporting feature to provide comprehensive and interactive reporting capability. Invest in the solution that means serious employee Web-use reporting business–no more wishy-washy reports that are useless.

Think and act to protect your enterprise assets and employees. Take some time to communicate with your employees about the exploits that they may fall prey to. It is not their fault; they are not an “insider threat” but a potential victim to very smart thieves.

About Wavecrest Computing

Celebrating 20 years in business, Wavecrest Computing, headquartered in historic downtown Melbourne, FL, has provided commercial business and government clients with reliable, accurate Web-use management and Cloud Access Security Broker products since 1996. Managed Service Providers, IT specialists, HR professionals, and business managers trust Wavecrest’s Cyfin and CyBlock products to manage employee Internet usage — managing cloud services, reducing liability risks, improving productivity, saving bandwidth, and controlling costs. Wavecrest has clients worldwide, including General Electric, Lockheed Martin, Florida Department of Health, Siemens, Department of Homeland Security, and a growing list of global enterprises and government agencies. We are a proud long-term GSA contract holder. For more information on the company, products, and partners, visit https://www.wavecrest.net.

Your Employees and Their 917 Different Cloud Apps. Are You a Sitting Duck?

targeted duckEvery day someone in your company is using a cloud app. Actually, it is probably more like every minute. Let’s not go into the personal versus work devices on the company network, or whether it is Facebook or Dropbox they are using. Those details don’t really tend to matter when the access allowed is for your own business to decide. It is about the sheer number of cloud services and apps in use in the enterprise today, the visibility in knowing what they are, and the many employees who are left out of the conversation.

We hear managers talk about how it can’t happen to them. They have the best employees, and the discussion is unnecessary. It is already understood–they would NEVER do that! Or our favorite–big brother–the need to let your employees know you really trust them and respect their privacy by allowing them to do what they think they need to do on their own. But that’s not going to protect your business when malware hits or a breach happens . . . and the chances of these happening to you are growing exponentially every day, especially when you are not communicating security issues with your employees.

With all the headlines being about Shadow IT, malware, data loss, intrusions, and ransomware, you would think it would be a common workplace discussion. But based on some recent surveys, companies aren’t saying much internally.

Some numbers that may surprise you. What percentage of employees:

  • Have not been told the right way to download/use cloud applications: almost 60%
  • Have not been told risks of downloading cloud apps without IT’s knowledge: just under 40%
  • Have not been told how to transfer and store corporate data securely: over 40% !!!!

To keep things in perspective–studies are showing that on average, enterprises have 917 different cloud apps in use!

This is not a respect for privacy issue. It’s a security issue, for your business and for your employees! Keeping them in the dark does not show them respect or protect them, it makes them victims before anything even happens.

As technology gets stronger, we as individuals have more decisions on what we use to make our lives, including work, more efficient. But if you do not educate and communicate regularly about cyber threats with your employees, have real visibility into their Web usage, or have a clear, agile Acceptable Use Policy (AUP), you are basically a sitting duck.

About Wavecrest Computing

Celebrating 20 years in business, Wavecrest Computing, headquartered in historic downtown Melbourne, FL, has provided commercial business and government clients with reliable, accurate Web-use management and Cloud Access Security Broker products since 1996. Managed Service Providers, IT specialists, HR professionals, and business managers trust Wavecrest’s Cyfin and CyBlock products to manage employee Internet usage — managing cloud services, reducing liability risks, improving productivity, saving bandwidth, and controlling costs. Wavecrest has clients worldwide, including General Electric, Lockheed Martin, Florida Department of Health, Siemens, Department of Homeland Security, and a growing list of global enterprises and government agencies. We are a proud long-term GSA contract holder. For more information on the company, products, and partners, visit https://www.wavecrest.net.

 

*Stats based on surveys from Softchoice and Netskope.

Do You Have the Necessary Enterprise Cloud Services Visibility?

img_cloud_computingToday, cloud services are the way businesses run. Collaboration among employees, file sharing, data storage, and even accounting are accomplished via cloud services. There are very few businesses left that use absolutely no cloud services. It is just a fact that we all live in a world with data spread out everywhere, at speeds we could not even fathom ten years ago. Hence, the concept of Shadow IT, Shadow Data, and Shadow IoT (Internet of Things) are becoming more commonplace terms. All of these are basically variations on employees using services and devices outside of their IT department’s knowledge. What does it all mean when running your business? Two questions . . . do you know what cloud services are being used and where your data is going?

Visibility . . . a key element for enterprise security. Knowing what cloud services your users are accessing is detailed visibility that a business can’t live without. Unsanctioned cloud applications and services can expose the company’s network and data security to a long list of serious threats. The IT department knows managers want the Web-usage visibility too . . . without the rest of the “visual noise” and meaningless information (to them, at least). They want detail on what employees are doing with cloud services, and they want it easily accessible, interactive, understandable, and meaningful.

It is time to take a good look at what’s being used to monitor and control your employees’ cloud services usage. Make sure you have a Cloud Access Security Broker (CASB) solution that gives you the critical cloud services management tools you need. Learn more about how to Detect, Analyze, and Manage Cloud Services in the Enterprise.

About Wavecrest Computing

Celebrating 20 years in business, Wavecrest Computing, headquartered in historic downtown Melbourne, FL, has provided commercial business and government clients with reliable, accurate Web-use management and Cloud Access Security Broker products since 1996. Managed Service Providers, IT specialists, HR professionals, and business managers trust Wavecrest’s Cyfin and CyBlock products to manage employee Internet usage — managing cloud services, reducing liability risks, improving productivity, saving bandwidth, and controlling costs. Wavecrest has clients worldwide, including General Electric, Lockheed Martin, Florida Department of Health, Siemens, Department of Homeland Security, and a growing list of global enterprises and government agencies. We are a proud long-term GSA contract holder. For more information on the company, products, and partners, visit https://www.wavecrest.net.

 

Wavecrest Continues to be a Valued GSA-Approved Vendor

Contract_Holder_StarMark

 

Wavecrest Computing has once again been awarded a renewal for a GSA Contract. Our first award was in 2000, and now we are proud to be renewed all the way to 2021!

Since 1996, Wavecrest Computing has been a global leader in employee Web-access security and Web-use monitoring and analytics solutions, with scalable filtering and reporting analysis, forensic data tools, and products designed to enable organizations with today’s distributed workforce to successfully address cyber threats.

Our clients include:

  • National Archives
  • Superior Court of California
  • U.S. Computer Emergency Readiness Team (Homeland Security)
  • U.S. Department of Veterans Affairs
  • Florida Department of Health
  • New York City Department of Buildings
  • Georgia Department of Transportation
  • Defense Logistics Agency
  • U.S. Department of Justice
  • National Ground Intelligence Center
  • U.S. Army

Wavecrest’s CyBlock and Cyfin solutions are built with today’s unique business in mind, offering comprehensive cloud services management and visibility into Shadow IT and insider threats, as well addressing legal liability, workforce productivity, and Web security threats such as malware and phishing attempts. We offer multiple deployments that include Cloud Access Security Broker (CASB), Cloud, Hybrid, Software, and Hardware deployments that fit any business type or size. Wavecrest Computing is headquartered in Melbourne, Florida, U.S.A.

For more information on the company, products, and partners, visit https://www.wavecrest.net or follow us on LinkedIn, Facebook, and Twitter.

Since the holidays are about good cheer, don’t be a grinch this year!


CyBer Monday

The holiday shopping season is fast approaching once again. Every year, more and more people use online shopping for the majority of their purchases. Is your business ready for the online shopping that your employees will likely do during business hours? Is your bandwidth ready to make sure your mission-critical applications take priority?

Cyber Monday will come up faster than you think, but that is only one day of online shopping. Cyber Monday 2014 ranked as the heaviest online buying day that year with $2.038 billion in desktop spending, but the day after Cyber Monday wasn’t far behind, ranking second for the season at $1.796 billion. It doesn’t even stop there! On the second Monday in December (Green Monday), online buying was $1.615 billion! These are all regular business days! And each year the amount of time and money spent online shopping increases! The whole season is about shopping for those important to us, and employees are going to try to get online to grab the best deals no matter what day, or time of day, it is.

Since the holidays are about good cheer, don’t be a grinch this year. Find ways to satisfy all your business and employee needs. Give your employees the gift of online shopping time during this holiday season, while making sure your IT team receives the gift of proactively throttling bandwidth for noncritical applications when needed.

Wavecrest Computing has been the recognized leader in Web Security for over 19 years with CyBlock and Cyfin Solutions. These scalable filtering and forensic reporting analysis products are designed to enable organizations to successfully address Internet abuse, legal liability, shadow IT, workforce productivity, and Web security threats. FREE bandwidth audit available!

Ex-user credentials haunting your network?

insider_threat“Joe” left two weeks ago. Are his user credentials still appearing active? Maybe because IT is backed up on “offboarding?” Or, maybe they don’t even know he is gone yet!

According to a survey done by Lieberman Software, “More than 13% can still access a previous employers’ systems using their old credentials.” This means the information that “Joe” had access to as a privileged employee, is still available…to him…right now…from outside the company. And most likely, many have that access for a rather long period of time. “Almost 25% work in organizations that do not change their service and process account passwords within 90 days,” stated the Lieberman Software survey. In the days of paper, it didn’t seem to matter that an old employee’s name still showed as a project manager on a document. Nowadays, this can not only cause confusion, it can pose serious risks to the company’s data, network, and reputation. Most employees or contractors do not pose a threat, but it is that one that you may miss that will have access to material with devastating consequences. Kentucky.com reported the following example in 2014 on the sentencing of an ex-contractor gaining access to Toyota’s systems:  “…caused considerable downtime or loss of functionality with a number of systems, affecting Toyotasupplier.com the most, according to court documents. Several Toyotasupplier.com and internal applications did not work properly or shut down for hours, according to the affidavit.”

Many companies are so busy with other tasks and decisions, the simple cleanup of the obvious things go unnoticed. We all have so many different access points to so many different applications today, that keeping track ourselves is overwhelming, but IT has to keep track of everyone’s access. Communication is the number one task to protect a company from data loss or threat risk. Tell IT–they can’t purge the system and protect the company if they are not kept informed. Today, IT is one of the most important departments for the functionality, security… lifeblood…of an organization. They should be first on the list. With access to comprehensive monitoring and reporting tools, IT can run a investigative query on demand.

What needs to be done to help protect your privileged information and network no matter where your data is located? The following should be at the top of the list:

  1. Make sure your internal process of employee onboarding and offboarding has IT included at all levels.
  2. Make sure your corporate policy is understood and signed off on when an employee is hired and again when discharged.
  3. Confirm that this policy clearly informs all employees that their actions, while using company devices, are logged, monitored, and audited.
  4. Verify that all users, including contractors, have their own, unique login credentials.
  5. Validate that your IT procedures include all levels of employee information access, especially privileged accounts.
  6. Make certain a corporate policy for discharging an employee has immediate impact on any access for that employee, even one day could be detrimental.
  7. Do not forget about social media. Many view this as a harmless side effect of today’s business world. It is not harmless. A disgruntled employee can do serious damage to a company’s reputation through this ever-increasing communication channel. Access to the company’s social media needs to be regulated just like any proprietary corporate network.

Lastly, audit…audit…audit. Use a comprehensive monitoring tool with detailed, drill-down capability to analyze data on any activity. It is always good practice to regularly screen for activity on users who are no longer with the company. Investigate any missed credentials and correct the issue before data loss, malware intrusion, or simple unethical behavior, such as accessing and posting on the company social media sites, happens. This is the only way to ensure that all avenues were covered. Today, monitoring, filtering, and reporting solutions are no longer a luxury–they are a requirement.

Wavecrest Computing has been the recognized leader in Web Security for over 19 years with CyBlock and Cyfin Solutions. These scalable filtering and forensic reporting analysis products are designed to enable organizations to successfully address Internet abuse, legal liability, shadow IT, workforce productivity, and Web security threats.

Wavecrest, the leader in Web security, and Check Point have announced a partnership.

CF_Full_FWavecrest Computing, a leading global provider of advanced Web security solutions, and Check Point Software Technologies have announced a technology partnership.

Wavecrest’s Cyfin, along with Check Point log files, efficiently and accurately make for an easy-to-manage, cost-effective log file analyzer and reporter. This integration easily addresses collection and analysis of Web-use activity data by producing rapid, accurate, and actionable, manager-ready reports for audits, investigations, or distribution. Predefined reports, such as top users or sites, bandwidth, legal liability detail, and user audit detail, as well as the benefit for managers to run selected user reports by department, provide visibility into every aspect of enterprise Web-use activity. Learn more at: https://www.wavecrest.net

Can you see your enterprise shadow IT?

shadow-it-300x171Can you? It’s there…hidden on your employees’ devices and on your network. We all know people try to use the path of least resistance in getting something done. Today, cloud computing allows us all to do almost anything from anywhere with relatively no resistance at all. Within corporations though, this can become a problem commonly known as shadow IT. “There are an astonishing 10,000 cloud services available on the market today, which creates a growing problem for IT around Shadow IT as only 9.3 percent of those apps meet enterprise data, security and legal requirements, cloud security company Skyhigh Networks found in its Q1 2015 Cloud Adoption and Risk Report.” Corporations need to control their proprietary information, network, and Web security. While employees may be thinking they can get their job done faster, the corporation is thinking about threats. “The result is technologies that empower individuals and teams limit the organisation as a whole.”

There are several views for this, all valuable. From the employees’ view, they believe they are finding ways to be more productive and efficient by using technology that is easily accessible and likely, not costing the corporation anything additional. It is quick and easy and can get the job done before the IT department would even have a chance to look at a request form. So, why would the corporation be upset? Here’s why–unauthorized applications, or shadow IT, can cause serious risks, such as Malware, data loss, and other severe network security concerns. As the responsible party, IT needs to know what is happening, especially when it comes to the random unauthorized applications users are bringing into the network.

What can be done? Which view holds more importance? That depends on your organization but gathering the information to make that decision can be quick and easy. You need total visibility into Web use so you can find and analyze any potential shadow IT. Proactive, comprehensive reporting of all Web-use activity allows a full view of users’ activities. IT and management need to see detailed drill-down activity per user, per group, or per category, and determine if the “shadow” application is to be quarantined, or discover the application is actually useful to the organization as a whole and add to the acceptable applications list.

It is important to take into consideration the employees’ need to have access to useful and contemporary tools. No post, article, or news story can tell you what to do within your organization. Only you know what will best suit your environment. Try collaboration though, between users, management, and IT. The key is to find the most useful applications and move toward applications that work, with the best interest of the overall corporation at heart.

Wavecrest Computing has been the recognized leader in Web Security for over 19 years with CyBlock and Cyfin Solutions. These scalable filtering and forensic reporting analysis products are designed to enable organizations to successfully address Internet abuse, legal liability, shadow IT, workforce productivity, and Web security threats.

Are you willing to stake your business’ success and security on another commercial buyout by a federal contractor?

buyoutWe have all heard about the Websense acquisition–Raytheon bringing Websense into the Raytheon Cyber Products fold. It is big news for a defense contractor like Raytheon to make such an acquisition in the commercial market. Many times though, this strategy of a government contractor getting into the commercial business world backfires. For current Websense customers, this risk would hurt you the most.

As a Websense customer, are you prepared to take this risk? Are you concerned that your business may not fit into the Goliath corporate mentality, or about the potential for government-level new pricing or contractual terms? These changes may happen faster than you think, or they may drag on forever with you never knowing what will come up or when.

With a positive SMB mentality, Wavecrest strongly believes in one-on-one communication with our prospects, customers, and partners.  When you reach out to us, we have a human being on the other end of the line that knows the product well, communicates well, and will take the extra step to get your enterprise and employees secure. You don’t have to go through automated calls, ticketing, or several levels of technical support to reach the person with the knowledge you need.

Wavecrest also has the products you require–agile and reliable solutions for your Web Security needs, ranging from software and hardware deployments to cloud and hybrid deployments. No matter your business size, industry, or distributed workforce, Wavecrest has a solution for you.

Leave the government contractor-level pricing, contractual terms, and confusion behind. Don’t become another ticket number. Let Wavecrest focus on your business and your specific requirements. Talk to us today.

Into the Madness of March…brackets, bandwidth, malware, and all.

BracketMarch Madness begins on March 17th this year. We all know that employees check out highlights or even stream a whole game. According to Turner Sports’ Will Funk’s interview with AdWeek,Turner did 70 million live streams on broadband and mobile during March Madness 2014. That is a lot of streaming. With all the streaming and new apps that are out since last year, 2015 will likely set another record.

This year, have the choice to allow your employees some freedom to watch and enjoy! CyBlock Web Security Solutions will help protect your business, blocking sites known for malware and proactively controlling bandwidth consumption, while allowing responsible viewing.

With Wavecrest’s Bandwidth Management in CyBlock, there are numerous ways to be able to control access when you need to. With Real-Time Data Usage Monitoring, you will be able to easily view current data usage for the entire enterprise, detect unexpected spikes that could indicate excessive data use, or just observe the last 5, 10, or 15 minutes of real-time updates.

You can also make sure the critical business operations remain functioning efficiently, even during the games, by using the Bandwidth Throttling features. Be more restrictive as the noncritical usage gets higher by setting one of the automatically triggered, higher-usage policy thresholds to throttle more or even block. E-mail alerts will keep you informed wherever you are. Once a policy is activated, policy-specific traffic is throttled or blocked, allowing business-critical applications (VoIP, CRM, etc.) to continue operating as needed.

Don’t forget about protecting your company from malware. March Madness search results have had a history of being known for malware in past years, and this year will likely be no different. As your employees search for brackets or results, CyBlock blocks traffic to the constantly growing number of sites that generate and/or promote malware. Keep out viruses, Trojan horses, phishing attacks, and more.

March Madness has become a way of life. Decide how your company will handle the traffic and proactively prepare for it by letting CyBlock help protect and secure your business and your employees. Find out more about all the Web Security product lines at Wavecrest Computing.