First out of the chute: Don’t fall for the CNN.com Top News e-mails or the MSNBC.com Top News e-mails. They are fake and dangerous. If you click, you’ll get a load of sophisticated viruses.
Second, with billions of e-mails and Instant
Messages flying across enterprise and personal computers and cell phones daily,
it’s no wonder that there are growing security and privacy headaches. And,
there is no doubt that e-mail traffic can run you over coming and going. With
the increase in gas prices, corporations and government agencies are
encouraging – if not giving up on trying to stop – telecommuting.
However,
personal and private information related to both employees and their employers
may be compromised by telecommuting staff if privacy risks are not dealt with
effectively, according to a report developed by Ernst & Young LLP and the
Center for Democracy and Technology.
Get a Crush on Smishing
And it’s no surprise that the geeks and vendors have coined new cyber world words in the never-ending effort to keep up with the explosion of e-mail-centric threats.
There’s smishing: A recent trend that
usually involves use of VoIP phone number accounts obtained through e-mail
phishing attacks. Recent evil e-mail devices (CNN.com, for example) no longer
distribute viruses as an attachment, but rather host the virus on a Web site
and distribute e-mails that link to it. And today a crush is not puppy love or
a soft drink but it’s an attack distributed through SMS messaging, e-mail and
social network communication that entices users to login to a Web page and
unknowingly opt in for a premium rate SMS service.
Karl Anderson has his eye on the various
security concerns centering on e-mail.
Network security manager at Domino’s Pizza,
he said, “At Domino’s we are in the process of implementing a corporate-wide
data loss prevention initiative to avoid any accidental loss of private or
proprietary information. We realized that e-mails being sent to partners and
vendors, such as insurance providers, may contain information, like Social
Security numbers, that must be encrypted before sending.”
So the giant pizza retailer brought in
technology -- SecureMail from Voltage Security -- to provide corporate-wide
e-mail protection by easily encrypting e-mails containing sensitive corporate
or private personal information being sent to anyone, anywhere. It’s part of a
corporate-wide data loss prevention initiative. “I can’t imagine any company
not needing this,” said Anderson, who was surprised to find an enterprise
solution that integrated so easily within his existing infrastructure, and one
that required little -- if any -- end-user training.
The system will encrypt e-mails sent between
corporate headquarters in , and among
key partners and vendors. The technology automatically flags those e-mails
containing sensitive data and encrypts them prior to sending. Decisions about
encryption are based on pre-set policy, not by individuals on a one-off basis.
A secure application enables the recipient to read an encrypted e-mail without
first downloading and installing client software.
Still there is the other side of the coin.
University of Iowa police are glad
one of their political science professors did not encrypt his e-mail. The
police recently gathered dozens of e-mails sent to and from the professor’s UI
account in which messages allegedly offered improved grades in exchange for
sexual favors from female students.
The professor’s e-mails to several students
allegedly mentioned setting up meetings to talk about a grade, extensions for
work or assistance and an offer from the professor to “negotiate,” according to
media reports.
The retrieval of enterprise and personal
e-mail has become big business as law enforcement and Federal and state
regulators find evidence and supporting documents in the never-say-die e-mails.
