Mobile Data Security + User Freedom = Shavlik’s Newest Product: Secure Mobile Email by LetMobile

Shavlik is happy to announce that we have added a new product, Secure Mobile Email by LetMobile, to our product line. LetMobile is a secure email solution that brings the same effectiveness and ease of management that you have come to expect from Shavlik to the challenge of protecting corporate information on mobile devices.

Today, I sat down with product manager Eran Livne to learn more about Secure Mobile Email by LetMobile. Eran has led this product from its inception and has spent years studying the mobile device management space.

 

Anne: Why LetMobile? What problem does it solve for our friends in IT?

Eran:  There’s a new challenge with all of these smart devices.  Users buy devices and want to use them for work; however, they don’t want IT to control them and have less concern about security. IT is used to managing and controlling, owns security, and is held responsible if a data breach occurs. There is a huge gap between the interests of these two sides.

 

Anne:  How do we bridge this gap?

Eran:  LetMobile was built to find this balance and to bridge this gap. We provide the best of both worlds; IT gets security compliance management and data protection, and users get a native email experience on the device of their choosing. They don’t have to use subpar email clients to consume corporate emails or separate the process of reading work email from reading personal email.

With LetMobile security policies apply only to corporate data, so the solution has no knowledge or control over personal data or app’s. This means users are free to use their devices how they wish, do not need to fear corporate “big brother,” and don’t have to comply with annoying policies like being forced to lock their devices or granting the company access to wipe their devices.

 

LetMobile diagramAnne:  Wow, that sounds almost too good to be true. How does LetMobile work?

Eran:  LetMobile is a gateway solution. We offer on-premise and SaaS offerings that act as an intermediary between Exchange (or your email service) and user devices. The LetMobile gateway streams email to the device, so email and email attachments are never stored on the device. Additionally, corporate credentials are never stored on the mobile device, so if the device is lost, the user’s corporate creds cannot be compromised.

 

Anne:  Beyond basic email security what are some of the other cool capabilities of LetMobile?

Eran:  LetMobile includes data loss prevention (DLP) capabilities that look into the “body” of emails and attachments and can take action based on the presence of keywords or regular expressions. This coupled with LetMobile’s geo-fencing capabilities means say a financial institution could enforce a policy where customer account numbers are masked in emails unless the device is in a trusted location. LetMobile can keep confidential information from leaving the four walls of your corporate headquarters and even your country’s borders.

 

Anne:  If readers want to learn more about LetMobile or see a demo, what should they do?

Eran:  We have a wealth of information out there on our website. Check out…

Also, Shavlik will be hosting a number of live LetMobile webinars in the coming weeks, so stay tuned to our webinars page for more information.

Shavlik Security Advisory: Insufficient Patch Management Could Lead to Attacks From More Than Just Hackers

Two months ago, Shavlik released a security advisory alerting our customer community to the availability of off-the-shelf, exploit kits that enable less sophisticated hackers to mimic a Target-like attack.

In that advisory, Rob Juncker, Vice President of R&D for Shavlik, accurately predicted the availability of these exploit kits would lead to the following.

  • More companies will be coming forward to report breaches.
  • The scope of these breaches will go beyond retailers to impact all types of business that have valuable and private information.

Earlier this month, the game changed again, but this time the threat doesn’t come from hackers alone; it’s coming from the court room, the halls of government, and maybe even from your own employees. For the first time we are seeing companies being held legally and financially responsible for security breaches that occurred due to insufficient and/or negligent security practices.

Today, Shavlik is issuing another security advisory to draw your attention to three landmark cases that made headlines earlier this month.

 

$150K HIPAA Fine for Unpatched Software  

Anchorage Community Health Services was fined $150,000 by the U.S. Department of Health and Human Services’ Office of Civil Rights (OCR) for “failure to apply software patches [that] contributed to a 2012 malware-related breach affecting more than 2,700 individuals,” according to GovInfoSecurity.

This incident is the first where a company has been held liable by OCR for failing to patch software, and now a precedent has been set, making disciplined patch management a critical part of HIPAA compliance.

“Successful HIPAA compliance requires a common sense approach to assessing and addressing the risks to ePHI on a regular basis. This includes reviewing systems for unpatched vulnerabilities,” OCR Director Jocelyn Samuels said to GovInfoSecurity.

 

Target Ruling Raises Stakes for Cybersecurity Vigilance 

U.S. District Court in Minnesota denied Target Corporation’s motion to have litigation dismissed that has been filed by financial institutions who suffered losses as a result of Target’s 2013 data breach.

According to Reuters, Judge Paul Magnuson found “…banks were foreseeable victims of Target’s allegedly negligent conduct.”The report went on to say, “Importantly, Judge Magnuson said that imposing a duty of care on Target ‘will aid Minnesota’s policy of punishing companies that do not secure consumers’ credit- and debit-card information.’”

This case may set a precedent for companies to be financially liable to both consumers and financial institutions for breaches that compromise customer data.

 

Employee Data Breach the Worst Part of Sony Hack

Two employees filed a class action lawsuit against Sony for allegedly not taking adequate precautions to secure employee data.

According to an article posted on TechCrunch, “The complaint references a tech blog reporting to note that Sony was aware of the insecurity on its network and took the risk.”

It has been confirmed that employee emails, website viewing activities, credit card website credentials, and social security numbers were among the data made public as a result of the Sony breach, and now after having already lost an estimated $100 million, Sony could be in for more expense at the hands of its own employees.

 

In a month where the security stakes have never been higher for corporations, CIO Magazine reported that Most Companies Fail at Keeping Track of Patches, Sensitive Data. According to its report,

  • 12% of companies have no patch management process at all
  • 58% of companies have a patch management process that is not fully mature (e.g. may patch the OS but not third-party applications)
  • 19% of companies have no control or tracking of sensitive data at all

If you see your organization in any of these statistics, now is the time to act. Your response will not only help keep your company out of the headlines but also out of the court room.