Your Employees and Their 917 Different Cloud Apps. Are You a Sitting Duck?

Every day someone in your company is using a cloud app. Actually, it is probably more like every minute. Let’s not go into the personal versus work devices on the company network, or whether it is Facebook or Dropbox they are using. Those details don’t really tend to matter when the access allowed is for your own business to decide. It is about the sheer number of cloud services and apps in use in the enterprise today, the visibility in knowing what they are, and the many employees who are left out of the conversation.

We hear managers talk about how it can’t happen to them. They have the best employees, and the discussion is unnecessary. It is already understood–they would NEVER do that! Or our favorite–big brother–the need to let your employees know you really trust them and respect their privacy by allowing them to do what they think they need to do on their own. But that’s not going to protect your business when malware hits or a breach happens . . . and the chances of these happening to you are growing exponentially every day, especially when you are not communicating security issues with your employees.

With all the headlines being about Shadow IT, malware, data loss, intrusions, and ransomware, you would think it would be a common workplace discussion. But based on some recent surveys, companies aren’t saying much internally.

Some numbers that may surprise you. What percentage of employees:

Have not been told the right way to download/use cloud applications: almost 60%
Have not been told risks of downloading cloud apps without IT’s knowledge: just under 40%
Have not been told how to transfer and store corporate data securely: over 40% !!!!

To keep things in perspective–studies are showing that on average, enterprises have 917 different cloud apps in use!

This is not a respect for privacy issue. It’s a security issue, for your business and for your employees! Keeping them in the dark does not show them respect or protect them, it makes them victims before anything even happens.

As technology gets stronger, we as individuals have more decisions on what we use to make our lives, including work, more efficient. But if you do not educate and communicate regularly about cyber threats with your employees, have real visibility into their Web usage, or have a clear, agile Acceptable Use Policy (AUP), you are basically a sitting duck.

About Wavecrest Computing

Celebrating 20 years in business, Wavecrest Computing, headquartered in historic downtown Melbourne, FL, has provided commercial business and government clients with reliable, accurate Web-use management and Cloud Access Security Broker products since 1996. Managed Service Providers, IT specialists, HR professionals, and business managers trust Wavecrest’s Cyfin and CyBlock products to manage employee Internet usage — managing cloud services, reducing liability risks, improving productivity, saving bandwidth, and controlling costs. Wavecrest has clients worldwide, including General Electric, Lockheed Martin, Florida Department of Health, Siemens, Department of Homeland Security, and a growing list of global enterprises and government agencies. We are a proud long-term GSA contract holder. For more information on the company, products, and partners, visit https://www.wavecrest.net.

*Stats based on surveys from Softchoice and Netskope.

Do You Have the Necessary Enterprise Cloud Services Visibility?

Today, cloud services are the way businesses run. Collaboration among employees, file sharing, data storage, and even accounting are accomplished via cloud services. There are very few businesses left that use absolutely no cloud services. It is just a fact that we all live in a world with data spread out everywhere, at speeds we could not even fathom ten years ago. Hence, the concept of Shadow IT, Shadow Data, and Shadow IoT (Internet of Things) are becoming more commonplace terms. All of these are basically variations on employees using services and devices outside of their IT department’s knowledge. What does it all mean when running your business? Two questions . . . do you know what cloud services are being used and where your data is going?

Visibility . . . a key element for enterprise security. Knowing what cloud services your users are accessing is detailed visibility that a business can’t live without. Unsanctioned cloud applications and services can expose the company’s network and data security to a long list of serious threats. The IT department knows managers want the Web-usage visibility too . . . without the rest of the “visual noise” and meaningless information (to them, at least). They want detail on what employees are doing with cloud services, and they want it easily accessible, interactive, understandable, and meaningful.

It is time to take a good look at what’s being used to monitor and control your employees’ cloud services usage. Make sure you have a Cloud Access Security Broker (CASB) solution that gives you the critical cloud services management tools you need. Learn more about how to Detect, Analyze, and Manage Cloud Services in the Enterprise.

About Wavecrest Computing

Let the games begin!

Once again, it is time for some basketball! Every year at this time, bandwidth hogs, productivity losses, and malware catch our eye. But the business world has become more accepting of personal device use and personal time on corporate devices. It is up to each business to design an Acceptable Use Policy (AUP) that works for them. So as this year brings on the games we wait all year to watch, taking a look at what we should expect for March Madness viewing numbers and working in some refresher employee training are key to making it through the season.

Watching March Madness on mobile devices was big last year but no matter the device, your network has the potential to get bogged down or pick up malware. Just check out these NCAA viewing stats from 2015:

2015 set all-time records with 80.7 million live video streams and 17.8 million hours of live video consumption.
Record-setting live video streams were up 17 percent over 2014, with hours of live video consumption up 19 percent vs. 2014.
Mobile consumption also surged with live video streams and hours of live video consumption both up 20 percent over 2014.

Now is the time to prepare for even higher amounts of viewing this year. Whether game watching at work is acceptable at your company or not, your business still needs to function smoothly. Make sure you have bandwidth management in place and be proactive on the distribution of these resources. Set bandwidth usage thresholds so that game watching does not freeze up mission-critical operations. If you don’t have a bandwidth management solution in place that allows you to set multiple thresholds with alerts, it should be something to seriously consider. Even during normal business days, you can have bandwidth hog issues that could affect critical business operations.

Malware tends to spike during March Madness as well. Random clicking can be devastating to your business. Make sure you have protections in place. Refresh your employees on your current AUP, remind them about phishing techniques and ads that are almost too enticing not to click, and be proactive by having a comprehensive solution in place that blocks access to malicious URLs.

Prepare to secure and protect your network and mission-critical operations before the games begin, and March Madness season will be enjoyable for everyone!

About Wavecrest Computing

CyBlock/Cyfin Release 9.2.2 Now Available

We are pleased to announce the release of several enhancements in the new version of CyBlock and Cyfin. The first major enhancement is the new Wavecrest URL List 9 that adds specific cloud service categories, such as Collaboration and Cloud Storage, as well as renames and remaps categories, giving you more visibility into the Web sites and cloud services your employees are using. To report on cloud service activity, we have added the Cloud Services Detail and Cloud Services Summary reports.

Another enhancement is for CyBlock Appliance. The Real-Time Protocol Monitor has been updated to function just like the Real-Time Web Monitor. With icons now available on the monitor, you can easily control the live protocol traffic you want to see.

For CyBlock Cloud, logon accounts have been enhanced for individual customers as well as Managed Service Providers (MSPs). MSP-linked customers can now be given full access to the product interface and be licensed for additional logons. MSPs can create logon accounts for their own company as well as for their customers and also view the last interface logon for their customers. The enhancements are highlighted below.

Wavecrest URL List 9. The following features have been added:
- The new URL List 9 includes new categories, category changes, default abuse threshold changes (not applicable to CyBlock Cloud), cloud service categories, and updated category descriptions. See Category Update for more information.
- (not applicable to CyBlock Cloud) For existing customers on a previous list version, the following changes apply after upgrading the product:
  - On the Home page, the Wavecrest URL List Update section indicates that the new list is available and that you read the Category Update document before upgrading the list. A link is provided to go to the URL List Version page.
  - URL List Version Page:
    - The List 9 option has been added to the page.
    - After you upgrade to List 9, the service is restarted, and you are required to download the list. You are then returned to the URL List Version page which indicates that the current URL List version is 9.
    - A List Conversion Summary Report shows the policies and URL customizations that were affected by the change to List 9. It will also be sent via e-mail to the administrator.
- Individual CyBlock Cloud customers and MSP Partners will be sent the List Conversion Summary Report via e-mail. MSP Partners will receive one e-mail per customer account.
- For CyBlock Hybrid customers, ensure that your local CyBlock installation is on List 9 in order to sync with your cloud account.
Cloud Services Reports. The following features have been added:
- Report Selection. On the Report Selection page, a Cloud Services Reports section has been added. Cloud Services Detail and Cloud Services Summary are listed in this section and generate reports on only cloud service categories.
- Cloud Services Summary. This is a high-level report that shows employee Web use of cloud services. Web activity includes visits to sites in the following cloud service categories: Audio Streaming, Cloud Infrastructure, Cloud Storage, Collaboration, CRM, Development, File Sharing, HR, Personal E-Mail, Video Streaming, and VoIP Services. The report can be used to identify cloud service usage patterns, better manage cloud subscriptions, and highlight abnormal activity.
- Cloud Services Detail. This is a low-level report that shows the specific URLs of cloud services by user, that is, visits to only the cloud service categories. It provides management with a complete view of every cloud service URL the user has clicked. This information can be used for cloud usage audits, identifying the most active users and the most heavily visited sites.

CyBlock Appliance

Real-Time Protocol Monitor. The following features have been added:
- The Real-Time Protocol Monitor page has been updated to function like and have a similar user interface to the Real-Time Web Monitor.
  - The selections for the Controls field have been moved to the Real-Time Protocol Monitor and replaced by icons.
- On the Real-Time Protocol Monitor, the controls and settings are available in a toolbar and can be changed while the monitor is gathering data in real time.

CyBlock Cloud

Additional Admin Accounts. The following features have been added:
- On the User Management – Logon Accounts – Add screen, the Additional Logons field displays the number of additional logon accounts that have been created in the interface out of the number of licensed additional logons.
- On the User Management – Logon Accounts – Delete screen, the Logon Accounts label has been added to the selection box.
- If you are an MSP Partner adding or deleting a logon account, the Customer menu in the upper-right corner is removed, and the Customer field is displayed allowing you to select a customer or your own company.

MSP Partner Portal. The following features have been added:
- Interface Access for MSP-Linked Customers:
  - MSP-linked customers can now have full access to the product interface.
  - MSP-linked customers will be licensed for 5 logon accounts and can add and delete logon accounts from these licensed logons.
  - Once a logon account has been created for an MSP-linked customer, they will receive an e-mail notification to complete their registration by logging on to the interface.
  - After logging on with the temporary password, they will be required to change their password on the Change Your Password screen.
- Home Page:
  - When you click a customer name in your customer list, an Interface Details section is now displayed on the General tab.
  - The Last Interface Logon field shows the last date/time on which your customer logged on to the interface.
  - The Additional Logons field displays the number of additional logon accounts that your customer has created in the interface out of their number of licensed additional logons.

There are also a number of corrections in this release. To see the full release notes for your product, visit our Web site or knowledge base. You can upgrade to the latest release by going to the Help – Check for Updates screen in your product.

For additional assistance, please feel free to contact us.

Wavecrest Continues to be a Valued GSA-Approved Vendor

Wavecrest Computing has once again been awarded a renewal for a GSA Contract. Our first award was in 2000, and now we are proud to be renewed all the way to 2021!

Our clients include:

National Archives
Superior Court of California
U.S. Computer Emergency Readiness Team (Homeland Security)
U.S. Department of Veterans Affairs
Florida Department of Health
New York City Department of Buildings
Georgia Department of Transportation
Defense Logistics Agency
U.S. Department of Justice
National Ground Intelligence Center
U.S. Army

Wavecrest’s CyBlock and Cyfin solutions are built with today’s unique business in mind, offering comprehensive cloud services management and visibility into Shadow IT and insider threats, as well addressing legal liability, workforce productivity, and Web security threats such as malware and phishing attempts. We offer multiple deployments that include Cloud Access Security Broker (CASB), Cloud, Hybrid, Software, and Hardware deployments that fit any business type or size. Wavecrest Computing is headquartered in Melbourne, Florida, U.S.A.

For more information on the company, products, and partners, visit https://www.wavecrest.net or follow us on LinkedIn, Facebook, and Twitter.

20 Years Young and Excited About the Next 20!

We are proud to announce that Wavecrest Computing has reached a pretty big milestone…its 20th anniversary! It has been a path we have happily taken with innovative products and a dedicated staff, many of which have been with us since the beginning. We would also like to thank you…our customers, partners, and followers for sharing this journey and challenging us to be constantly reaching for the stars…or the cloud, as the case may be! Here is to an exciting next 20 years where we will remain “at your side” securing your growing, distributed, and agile workforce.

Since 1996, Wavecrest Computing has been a global leader in employee Web-access security and Web-use monitoring and analytics solutions, with scalable filtering and reporting analysis, forensic data tools, and products designed to enable organizations with today’s distributed workforce to successfully address cyber threats. Wavecrest’s CyBlock and Cyfin solutions are built with today’s unique business in mind, offering comprehensive cloud services management and visibility into Shadow IT and insider threats, as well addressing legal liability, workforce productivity, and Web security threats such as malware and phishing attempts. We offer multiple deployments that include Cloud Access Security Broker (CASB), Cloud, Hybrid, Software, and Hardware deployments that fit any business type or size. Wavecrest Computing is headquartered in Melbourne, Florida and is a longstanding GSA contract holder.

For more information on the company, products, and partners, visit https://www.wavecrest.net or follow us on LinkedIn, Facebook, and Twitter.

MSP: Manage Client Bandwidth and Cloud Services

Are unsanctioned cloud services using up all of your clients’ bandwidth? As a managed service provider (MSP) today, knowing your client’s cloud services usage is crucial. Cloud services can range from acceptable collaboration tools to unsanctioned personal usage apps that waste critical bandwidth. Most businesses run cloud services to be able to communicate & collaborate more efficiently. Employees, though, tend to find apps that suit their needs best, even when unsanctioned. Help your clients by finding & managing their bandwidth and cloud services with Wavecrest’s CyBlock.

CyBlock Cloud Services Right Here on the Space Coast

Wavecrest Computing, a leading provider of advanced Web security and Cloud Access Security Broker (CASB) solutions, introduces a new cloud services location right here on the Space Coast.

As a successful Space Coast-based business since 1996, Wavecrest is proud to help local businesses keep mission-critical cloud service applications, and more, running smoothly and securely, on or off premises, with CyBlock Cloud service now located within TerraCom Direct’s secure, Tier 3 purpose-built facility in Melbourne.

“The ability to centrally manage policies and activities is crucial for enterprises that want to make strategic use of cloud services while still controlling their users’ activities. End users, MSPs, and resellers now have the opportunity to manage their cloud services locally, with professionals from their community and within an environment that is comprehensive and secure. In today’s world, it is almost impossible to find experts in a company’s own backyard.” Dennis McCabe, CEO, Wavecrest Computing.

Wavecrest’s CyBlock Cloud and CyBlock Hybrid provide security policy enforcement points placed between cloud service users and cloud applications to combine and interject enterprise security policies as the cloud-based resources are accessed. These points provide cloud service visibility, threat prevention, data protection, and regulatory compliance by finding anomalies, user activity, or threats, such as unsanctioned cloud services use, unnecessary data sprawl, and underused or unused cloud services. CyBlock provides data loss protection, analytics of usage behaviors, automated alerting and reporting, and easy-to-use policy management tools including filtering and bandwidth management.

CyBlock is designed to fit all types and sizes of businesses. End users will see efficiency and productivity increase while protecting the company’s interests and network data. MSPs will find a proactive and agile Cloud Access Security Broker solution that will provide the visibility and control to take care of clients with minimal time and effort. Increase profits, growth, and service quality while knowing that a local team of experts is here to help. Find out more at www.wavecrest.net.

About Wavecrest Computing

Wavecrest Computing, headquartered in historic downtown Melbourne, FL, has provided commercial business and government clients with reliable, accurate Web-use management and Cloud Access Security Broker products since 1996. Managed Service Providers, IT specialists, HR professionals, and business managers trust Wavecrest’s Cyfin and CyBlock products to manage employee Internet usage — managing cloud services, reducing liability risks, improving productivity, saving bandwidth, and controlling costs. Wavecrest has clients worldwide, including General Electric, Lockheed Martin, Florida Department of Health, Siemens, Department of Homeland Security, and a growing list of global enterprises and government agencies. For more information on the company, products, and partners, visit https://www.wavecrest.net.

Since the holidays are about good cheer, don’t be a grinch this year!

The holiday shopping season is fast approaching once again. Every year, more and more people use online shopping for the majority of their purchases. Is your business ready for the online shopping that your employees will likely do during business hours? Is your bandwidth ready to make sure your mission-critical applications take priority?

Cyber Monday will come up faster than you think, but that is only one day of online shopping. Cyber Monday 2014 ranked as the heaviest online buying day that year with $2.038 billion in desktop spending, but the day after Cyber Monday wasn’t far behind, ranking second for the season at $1.796 billion. It doesn’t even stop there! On the second Monday in December (Green Monday), online buying was $1.615 billion! These are all regular business days! And each year the amount of time and money spent online shopping increases! The whole season is about shopping for those important to us, and employees are going to try to get online to grab the best deals no matter what day, or time of day, it is.

Since the holidays are about good cheer, don’t be a grinch this year. Find ways to satisfy all your business and employee needs. Give your employees the gift of online shopping time during this holiday season, while making sure your IT team receives the gift of proactively throttling bandwidth for noncritical applications when needed.

Wavecrest Computing has been the recognized leader in Web Security for over 19 years with CyBlock and Cyfin Solutions. These scalable filtering and forensic reporting analysis products are designed to enable organizations to successfully address Internet abuse, legal liability, shadow IT, workforce productivity, and Web security threats. FREE bandwidth audit available!

The Tip of the Spear . . . Phishing

Spear phishing has become a leading way hackers gain access to business systems and data. They use natural human familiarity as the weakness. You receive an e-mail from an executive within your company. Will you take the time to second guess the sender? Will you hesitate clicking a link or an attachment that is deemed important by this person? Likely not. Even those who know the risks and precautions may easily fall victim to this type of hack. It thrives on the information that is already available to the hacker. They find out enough about you to make the e-mail not only look like it is from someone you know, but also include information within the e-mail that will reinforce this familiarity, such as referring to a project or another team member.

For a business to try and fight against this type of hack, employee communication is important. In 2014, 56% of those polled by Dark Reading cited “lack of employee awareness” as the most dangerous social engineering threat to organizations. Consistent training and constant communication will give employees the tools to proactively question an e-mail they receive.

Avoiding the most obvious risk should be lesson number one. No matter who the e-mail is from, even the CEO of the company, make sure employees know not to give out information such as passwords or business account numbers. They should question and verify the e-mail when this type of information is requested at any time. You can no longer trust an obvious phishing sign like a request from a foreign national looking for money. Spear phishing takes the extra effort to look past the initial information in the e-mail into the overall intention.

As always, make sure your employees know to think before clicking a URL or downloading any files. Today, malicious attachments come in all types, not just .exe files, and URLs may lead them to a Web site that looks legit but is actually a phishing site that will then request confidential information, such as logon credentials. It is easy to verify a domain or run a scan on an attachment, so users should know the necessary steps of verification.

Lastly, recommend that your company take precautions when it comes to cybersecurity. Instead of large, all-in-one product add-on tools that just give you a small, top-level view of activity, recommend that your company use the most targeted security tools available. To mitigate security risks, this should include the ability to proactively block malicious URLs, discover and analyze Shadow IT and cloud services, and supply comprehensive drill-down reporting on Web-access activity for your entire distributed workforce.

Wavecrest Blog

The Latest news, tips and resources straight from the Wavecrest team.

Let the games begin!

Wavecrest Continues to be a Valued GSA-Approved Vendor

CyBlock Cloud Services Right Here on the Space Coast

Since the holidays are about good cheer, don’t be a grinch this year!

The Tip of the Spear . . . Phishing