» 

Blog

Posts Categorized Under "DATA SECURITY"

Top Takeaways from the 2017 Cybersecurity Trend Report


Do you ever wish you knew how other businesses are dealing with today’s security threats? The 2017 Cybersecurity Trends Report, recently released by Crowd Research Partners, provides insight into the cybersecurity concerns and priorities of organizations across a wide range of industries.

The report is a comprehensive study revealing current cybersecurity trends in threat management, data protection, cloud security, application security, mobile security, security training and certification, managed security, and more. The 2017 report is based on a survey of more than 1,900 cybersecurity professionals across businesses of all sizes, from those with fewer than 10 employees (7 percent of respondents) to those with over 10,000 (26 percent of respondents). Download the full report here or read on for a few top takeaways.

#1 - Everyone is Worried about Cybersecurity

Security threats are a very real and urgent concern for most companies. Over half (54 percent) of cybersecurity professionals anticipate successful cyberattacks on their organization in the next 12 months. And they aren’t taking that threat lightly. 52 percent are boosting their security budget by an average of 21 percent.

Most professionals are not convinced that they are ready for an attack. 62 percent of respondents were moderately confident to not at all confident in their organization’s overall security posture.

#2 - Lack of Budget is Greatest Barrier to Security

While the majority of organizations are increasing their security budget, finances remain one of the top obstacles to stronger security, with 45 percent of respondents citing lack of budget as a barrier that inhibits the organization from defending against cyber threats.

For this reason, it’s essential that companies spend their money on solutions that give them a solid return on investment. Using free tools and apps where an enterprise-class product is needed can cause a company to fall victim to a cyberattack, while purchasing the most expensive tools on the market can leave you with empty pockets and a long list of features you don’t need.

ROI of MFT calculatorNeed to secure and streamline your file transfers? Maximize your investment with the MFT ROI Calculator.

 

#3 - Internal Threats & Untrained Employees are Biggest Threats

33 percent of cybersecurity professionals are worried about threats coming from within the company. While a malicious employee may hack into sensitive data intentionally, in most cases the more pressing concern is careless or uninformed staff members. A lack of skilled employees tops the list of barriers to both stronger security (45 percent) and to threat management (33 percent).

Whether your insider threats are malicious or careless, solutions with role-based security and auditing are recommended to help mitigate risk of a breach. Role-based security enables organizations to restrict permissions of individual users to only the information and functionality required to do their job, while auditing capabilities provide detailed audit logs of actions taken by each user.

Another top concern is the security of cloud applications, services, and infrastructure. Respondents cited fears including the need to protect against data loss, threats to data privacy, and breaches of confidentiality. To protect sensitive data transferred using a cloud-based solution, experts recommend  verifying that the solution provides end-to-end encryption for protecting files at rest and in transit.

#4 - Encryption is Greatest File Transfer Challenge

The number one concern when it comes to transferring files is security, with 59 percent of survey respondents citing encryption of files as a challenge they face. This is a serious shortcoming given that 67 percent of respondents ranked data encryption as the most effective means for protecting against cybersecurity attacks. It’s critical that any organization transferring files implements a secure managed file transfer solution that streamlines the process of providing various types of encryption like SSL, SSH, AES, and OpenPGP.

Unfortunately, the majority of organizations surveyed are still using inadequate solutions. For example, email is still the most common file transfer method for smaller files, even though unsecured email is both vulnerable to cyberattack and difficult to track for auditing.

Over half of professionals surveyed said that they lack the tools to prove compliance related to transfer of sensitive files. The right enterprise file transfer software simplifies compliance by providing the security features required by major industry regulations, the reports an auditor needs to see, and even tools to help you check if your data transfers are meeting standards.

Learn more about what the 2017 Cybersecurity Trends Report means for your file transfers, or read the full report now.

Download the Cybersecurity Trends Report

cybersecurity trends report


The State of File Transfer Security

file transfer security
The 2017 Cybersecurity Trends Report was recently released by Crowd Research Partners. The report covers many aspects of cybersecurity, such as general security trends, cloud and mobile security, and managed security services. It also looks at how organizations are securing their file transfers, including some common file security pitfalls.

Here’s what the CyberSecurity Trends Report has to say about file transfers.

file transfer concern graphSecurity is the Top File Transfer Concern

When it comes to the challenges businesses face when transferring files, security is at the top of the list, with 59 percent of respondents citing it as a concern. Furthermore, over half of the IT security professionals surveyed said that if their file sharing practices were audited for regulatory compliance, they do not have the tools they need to streamline the process.

Managed file transfer (MFT) is the clear answer for both security and compliance challenges. A good MFT solution will provide a variety of encryption methods and secure protocols to combat modern data security threats. MFT software also includes detailed audit logging capabilities to ensure you can prove your file transfers are compliant in case of an audit.

Securing Customer Data is Critical

Protecting sensitive data is a significant concern for most organizations. Above all, companies are worried about the security of customer data—72 percent of survey respondents cited it as a type of sensitive data they are most concerned about protecting.

types of sensitive data transferred graph

There’s good reason to be careful about customer data. According to Verizon’s latest PCI DSS Compliance Report, 69 percent of consumers would be less inclined to do business with an organization that had suffered a data breach. Customer data security is also essential for maintaining compliance with PCI DSS and other industry standards.

Other types of data that respondents are concerned about protecting include employee data (66 percent), email (54 percent), corporate financial data (46 percent), and health information (33 percent)—important if you need to comply with HIPAA.

A managed file transfer solution can provide end-to-end encryption to protect files at rest and in transit. 67 percent of survey respondents ranked encryption as the most effective means for protecting data.

Too Many Organizations are Using Inadequate File Transfer Methods

Email is still the most common file transfer method for smaller files, used by 63 percent of respondents. This is a serious risk as unsecured email is both vulnerable to cyberattack and difficult to track for auditing purposes. Another 18 percent rely on writing custom scripts, a method that is both time-consuming and prone to error.

file exchange mediums graphFortunately, 49 percent of respondents have implemented managed file transfer software. Managed file transfer streamlines the secure exchange of data and provides organizations with a single point of control for all file transfers. Implementing an MFT solution that provides enterprise-level security features, role-based security, and full audit trails, is the best way to make sure your data transfers stay ahead of constantly evolving security threats.

To learn more, download the full Cybersecurity Trends Report.

cybersecurity trends report

 


Linoma Software Earns a Spot on the Cybersecurity 500

cybersecurity company

We are proud to announce that Linoma Software, a HelpSystems company, has been named to the Cybersecurity 500, a global list from Cybersecurity Ventures of the hottest and most innovative companies in the cybersecurity industry.

Cybersecurity Ventures chooses the Cybersecurity 500 by soliciting feedback from CISOs, IT security practitioners, and service providers, and researching hundreds of cybersecurity events and news sources. Joseph Steinberg, a cybersecurity expert and Inc. columnist, says that for years “business publications have shared lists of companies of which they recommend readers take note. The Cybersecurity 500 gives the same convenience and wisdom to people interested in the cybersecurity industry.”

Linoma made the list in the category of file security and data encryption. Linoma’s GoAnywhere Managed File Transfer software is an enterprise-level solution for automating and securing file transfers through a single interface. With extensive security controls and detailed audit trails, GoAnywhere MFT helps businesses achieve regulatory compliance, increase security, and streamline processes.


How to Create a Cybersecurity Policy for Your Organization

The cyberattacks and data breaches that make the news are usually the ones that happen at big corporations like TJX or Home Depot. But every organization, large or small, needs to be concerned about cybersecurity.

According to Symantec’s 2016 Internet Security Threat Report, 43 percent of cyberattacks in 2015 targeted small businesses—up from just 18 percent in 2011. Hackers might be starting to understand that even though small and mid-sized businesses may not have as much valuable information available to steal, they are also less likely than their large counterparts to have strong security measures in place.

An attack is usually devastating to a small company. The U.S. National Cyber Security Alliance found that 60 percent of small companies are unable to sustain their businesses over six months after a cyberattack. If you don’t want your organization to be put out of business by a hacker, it’s time to improve your security posture. The first thing to do is develop something that most of the big companies already have: a cybersecurity policy. Here’s how:

Step One: Secure Senior Management Buy-in

If you’re in IT, you could probably tell most of your fellow employees a thing or two about security best practices. But in order to have the resources to design the policy and the authority to enforce it, you need management on your side.

It may help to point out that if you don’t have a cybersecurity policy, it could open you up to legal liability. For example, if you don’t want your employees connecting to your network with their own devices but you haven’t told them not to, what happens when an employee’s device with corporate data stored on it is lost? Your first reaction may be to remotely wipe the device—but can you legally do that without a written and user-acknowledged policy?

Step Two: Determine Your Security Guidelines

A key reason you need a policy in the first place is that modern cybersecurity has gotten very complex. There are a lot of details to keep track of, even for a small organization, and the landscape is constantly changing as both cybersecurity technology and cyber criminals become more advanced. Only you know your organization’s unique needs, but some things you might want to keep in mind include:

  • Which industry regulations do you need to comply with?
  • What data do you need to protect and how should it be stored and transferred?
  • What business software needs to be maintained and updated to stay secure?
  • What do you expect of all employees in terms of choosing passwords, appropriate internet use, remote network access, email guidelines, etc.?
  • Who will manage and maintain the cybersecurity policy?
  • How will you enforce the guidelines (what is the penalty for willful non-compliance)?

Once you have these questions answered, you should be able to draft your company’s policy. Depending on your current situation, understanding your security needs could be easy or could require extensive auditing of your current assets and tools.

We’ve compiled a few resources that provide templates and examples of cybersecurity policies below.

Step Three: Educate Your Employees

Did you know that internal actors are responsible for 43 percent of data loss? Half of this is intentional—disgruntled or opportunistic employees, contractors, or suppliers performing deliberate acts of data theft. But half of it is simply negligence. Employees don’t want to change their password every month if they can stick with “password123” forever. Some of them probably don’t see the problem downloading the attachment from that suspicious “urgent” email.

Communicate your new cybersecurity policy to employees, and make sure they understand the relevant details: what they are expected to do, how to do it, and what could happen if they don’t. Remember that things that seem obvious to you—like how to change that password—might not be known to everyone in the company.

Some organizations regularly test their employees on their cybersecurity knowledge. Make it fun and rewarding—there should be some kind of incentive for mastering security best practices.

Step Four: Monitor and Update Your Policy

Now your cybersecurity policy is up and running! But that doesn’t mean the work is over. A cybersecurity policy is a living document that needs to be updated regularly to include changes in your business, in technology, and in compliance regulations. Set a timeline for when you will re-evaluate the policy.

You’ll also need to determine how you will self-audit along the way. How will you know if the latest updates to your security software have been installed or that no one changed the server settings a month ago? Ideally, maintaining compliance with your policy will not be a fully manual process.

Bonus Step: Choose Solutions that Complement Your Cybersecurity Policy

Maintaining security and compliance across your entire business and all your employees can be daunting. Fortunately, dealing with all those moving parts doesn’t have to be so complicated. Implementing the right software solutions can mean that your security policy practically enforces itself.

For example, you may be checking systems manually that could be monitored automatically. And if you expect employees to update their passwords regularly, what’s easier—checking if they have done it on their own or using software that requires it? Software with role-based security and audit logging will ensure that you always know who accessed or changed what, and when they did it.

Ideally, any solution you choose to implement should come from a vendor that you trust to keep the software updated to match current security threats. Needing to replace your security tools or update custom scripts makes it much more difficult to keep compliant with your own policy.

Sometimes despite your best efforts, your data is breached. Check out these resources to help you create a data breach response plan.


Exclusive Sneak Peak of COMMON 2017 Sessions

In just a few days, Power Systems professionals from around the world will gather for expert discussions on IBM i, open source and cybersecurity topics at the COMMON 2017 Annual Conference. Known as the largest Power Systems event of its kind, the conference offers over 300 sessions and presented by more than 100 experts in the field.

As the event quickly approaches, we sat down with some of this year’s speakers to uncover their passions, advice to attendees and exclusive peaks into next week’s presentations. Read on to see what each shared.

 

Greg Cannella

Director of MIS at Magid Glove & Safety Mfg

Greg will be presenting at two sessions titled Creating SQL Functions and How to Use the SQL Descriptor. You may view Greg’s biography and session schedule here.

Which one of your sessions are you most passionate about, and why?
“I am most passionate about Creating SQL Functions.  This topic has very broad applications and is most likely to appeal to the widest audience.  Once people learn how easy it is to create a function and how much they can do for you, the adoption rate should be very high.  My goal is to provide everything someone needs so they can go back to the office the next day and create a function.”

What are you most looking forward to at COMMON?

“Since I am a first time speaker at Common, I am definitely looking forward to those sessions.  I am also looking forward to meeting up with all of the other people that I have worked with in the industry.”

 

Raymond Johnson COMMON speakerRaymond Johnson

Consultant / Owner at iSolutions Consulting, Inc

Ray will be presenting at three sessions titled No More Excuses, Save the Entire System Using the IBM i Default Job Scheduler, Are You Secure? Are You Monitoring the IBM i Audit Journal? and IBM ACS Overview. You may view Ray’s biography and session schedule here.

What’s one topic you’re hoping to learn about at this year’s conference?

“I plan to learn more about VIOS since I now have two VIOS partitions to manage and the AIX environment is NOT like the IBM i (it is not integrated). Everything has its own version and the PTF and upgrade processes are nowhere near as easy (or maybe familiar??) as the IBM i processes.”

What do you predict will be the hottest topic of discussion at this year’s conference?

“I predict system and network security will be a hot topic of discussion.”

 

Carol Woodbury COMMON speakerCarol Woodbury

VP Global Security Services at HelpSystems

Carol will be presenting three sessions, with titles including IBM i Security from the Ground Up and Best Practices for the IBM i Security Administrator.  You may view Carol’s biography and session schedule here.

Which one of your sessions are you most passionate about, and why?
I’m probably most passionate about the Best Practices for the IBM i Administrator.  Attendees sit through a lot of sessions about new and advanced technology, but sometimes, it’s not obvious how to apply it. In this session I provide actionable tasks that administrators can take back to their workplace and start making their systems more secure.  In other words, it’s full of practical advice that’s easily applied in their work environment.

What is one piece of advice you’d offer to first-time attendees?
Don’t be afraid to ask questions. You’re there to learn! If something’s not clear… ask!

 

Liam Allan COMMON speakerLiam Allan

Product Developer at Profound Logic

Liam will be presenting at three sessions titled Git Fun and Games, Open-Source ILE Concepts and Web Requests in Embedded SQL. You may view Liam’s biography and session schedule here.

Which one of your sessions are you most passionate about, and why?

“I am actually most excited for the workshop I am giving with Alan Seiden and Steph Rabbani. I am not only excited to talk about something I am passionate about, but having the opportunity to do it with two amazing people makes it even more exciting for me.”

What are you most looking forward to at COMMON?

“I am most looking forward to hanging out with people that I have worked with in the last year. My favourite part about COMMON is the social element to it.”

 

Bob Luebbe COMMON speaker IBM iBob Luebbe

Chief Architect at Linoma Software

Bob will be presenting at two sessions titled Simplify Encryption with DB2 Field Procedures and Securing Your File Transfers from the IBM i. You may view Bob’s biography and session schedule here.

Which one of your sessions are you most passionate about, and why?

“I am most excited to talk about encryption using DB2 field procedures since a lot of organizations are looking at how to encrypt data at rest.  With field procedures, encryption has greatly been simplified.  Oftentimes, companies do not have to make any changes to their applications to implement encryption.  So it is much easier to do encryption at the field level now.”

What do you predict will be the hottest topic of discussion at this year’s conference?

“I think security is going to be a hot topic since so many organizations are facing strict regulations regarding sensitive data.”

 

Randall Munson

President of Creatively Speaking

Randall will be presenting at three sessions titled WRITE RIGHT! Business Writing for Geeks, Magic of SELLING Technology! and Riding the Rapids of CHANGE! You may view Randall’s biography and session schedule here.

Which one of your sessions are you most passionate about, and why?

"The presentation I am most passionate about is, 'Magic of SELLING Technology!'. Since working in the IBM development lab in Rochester as the interface between the lab and IBM sales and marketing more than 20 years ago, I have been focused on how to sell IBM i technology around the world. I've helped companies make millions of dollars in increased sales. I enjoy sharing with others what I have learned so that they can improve their marketing and sales. But this presentation isn't just for people in sales and marketing roles. It is also valuable for showing technical people how to sell their own company's decision makers on products and services that would be valuable to them."

What do you enjoy most about speaking at COMMON?

"I love teaching valuable information in a way that is fun and memorable. I'm deeply gratified when people tell me things like, 'I've been working on this for 6 years and now I finally understand it!' or, 'Ten years ago I saw you present and I'll never forget what you said!' or 'You've changed my life.' Most people don't have a chance to experience that but speaking at COMMON for 30 years has given me that opportunity and I am grateful."

 

Tom Huntington COMMON speaker IBM iTom Huntington

EVP of Technical Solutions at HelpSystems

Tom will be presenting a session titled High Availability Options for SMB IBM i Users on Tuesday, May 9th at 2:00pm. You may view Tom’s biography and session details here.

What is the largest takeaway that you’re hoping to leave the audience with?
“High availability can be hosted in the cloud and it can be affordable.”

What are you most looking forward to at COMMON?
“It’s great to unite with our customers and friends in the industry; I always learn so much from them. There’s a unique energy behind COMMON because it’s run by experts from all different industries using IBM Power Systems running IBM i.”


Vern Hamberg

Senior IT Developer at Ecolab, Pest Elimination

Vern will be presenting at nine sessions, with titles including Query Management: What is it? Why Should I Care?, Fast Modern Excel Workbook Creation Using RPG and Extend Your Reach to Remote Data with Open Access: RPG Edition. You may view Vern’s biography and session schedule here.

Which one of your sessions are you most passionate about, and why?
“Although I feel strongly about them all, probably I’m most passionate about the 2 on ‘Fast Modern Excel (XLSX) Workbook Creation Using RPG’. I hope they convey the idea that we should find ways to say ‘Yes!’ to almost any ‘Can you do this…?’ request. And to accomplish this goal in effective and interesting and well-pleasing ways.”

What’s one topic you’re hoping to learn about at this year’s conference?
“I want to learn more about the open source possibilities on our favorite system.”

 

Rich Diedrich COMMON speaker IBM iRich Diedrich

IBM i Wizard at Rich Diedrich Consulting, LLC

Rich will be presenting at three sessions titled Accessing Java from RPG IV, The RPG Programs Used by Madoff and Encryption on IBMi. You may view Rich’s biography and session schedule here.

Which one of your sessions are you most passionate about, and why?

“The RPG Programs Used by Madoff (33CN) is the most fun because it is very different from my other more technical presentations. I get to talk about the experience of being an expert witness in a federal trial, how I did the analysis of the programs, and show the actual code used. I particularly appreciate talking through the code with an audience that understands the code and some of the more humorous aspects of how it was done.”

What do you predict will be the hottest IBM i topic of the conference this year?

“I am not sure what it will be, but based on the presentations and presenters available, this conference will be an excellent opportunity for attendees to think and learn about how their IBM i data needs to be made available in current application environments and the serious security considerations that need to accompany that availability.”

 

Dawn May COMMON speaker IBM iDawn May

Senior Technical Staff Member at IBM

Dawn will be presenting at ten sessions, with titles including Predictive Performance Management, Introduction to the IBM i Performance Data Investigator and Hidden Gems of IBM i. You may view Dawn’s biography and session schedule here.

Which of your sessions are you most looking forward to presenting, and why?

“One of my favorite presentations to give is ‘Introduction to the IBM i Performance Data Investigator’. I find there are a lot of people that have never used this function even though it is included with the operating system and everyone has it. I've really enjoyed it when someone tells me they logged onto their own system to try it out during the presentation.

I also look forward to presenting the ‘Manage Work Better with Better Work Management’ session. IBM i work management is a significant differentiator for IBM i and IBM has delivered some important enhancements that make it even better.”

As a seasoned COMMON veteran, what do you enjoy most about the conference?

“Of course it's the people in the IBM i community! Over the years, I've met a lot of people while at COMMON and there are a set of folks that I only see when at the conference. Each year, I meet a few more people and my professional network gets a little bit bigger. The best part is that the people in the IBM i community are the friendliest!”

 

Conrad Feldt COMMON speaker IBM iConrad Feldt

Owner / IT Consultant at Itasca Computer Resources

Conrad will be presenting two sessions titled Windows 7 & 10 Tips, Tricks & Techniques and Improving Your Memory. You may view Conrad’s biography and session schedule here.

Which one of your sessions are you most passionate about, and why?

“My session Tuesday afternoon Improving Your Memory.  It is non-Technical session and it gives a break from the other sessions.  We all know that we do not remember as well as we would like to.  This is an interactive session and has proven to be a lot of fun.  Come to relax and at the same time come away with some useful tips on Improving Your Memory.”

What are you most looking forward to at COMMON?

“I enjoy meeting up with past acquaintances from 18 years ago to last year, and meeting new people, sharing ideas, thoughts, and knowledge.  Simply put the networking.”

 

Robin Tatum COMMON speaker IBM iRobin Tatam

Director of Security Technologies at HelpSystems

Robin will be presenting five sessions, with titles including IBM i Security: The Good, the Bad and the Downright Ugly, Data Breaches: Is IBM i Really at Risk? and IBM i Security for Programmers. You may view Robin’s biography and session schedule here.

Which one of your sessions are you most passionate about, and why?

“The session I am most passionate about is definitely the enthusiastic discussion surrounding our annual "State of IBM i Security" study.  This is an award-winning session for a reason. Each year, we pour a wealth of resources into compiling what is the only study of its kind, and it always amazes me the provocative things we uncover.  It's a good education for the uninitiated as well as those that mistakenly think that security on a Power Server is correctly and fully preconfigured at the factory.”

As a seasoned COMMON veteran, what do you enjoy most about the conference?

“I thoroughly enjoy COMMON's encouragement of knowledge expansion. While we all gravitate towards sessions that are 100% pertinent to our daily grind, I also encourage attendees to sign up for one session whose abstract is completely outside of the box; just to get some exposure to something new.  It's also an unparalleled opportunity for our team to share what we work on behind the scenes and the expansive suite business solutions (software and services) we bring to the corporate table. From the human side, let's not forget meeting up with old friends as well as introductions to numerous new ones via a networking opportunity like no other!”

 

Gordon Leary COMMON speaker IBM iGordon Leary

IT Manager at AMPORTS, Inc.

Gordon will be presenting at two sessions, the Reception for First-time Attendees and the First Timers Social. You may view Gordon’s biography and session schedule here.

You’ve been attending COMMON conferences for quite some time. What keeps you coming back?

“I have been attending COMMON conferences since 1987 for several reasons. The first is education. The IT business is in a constant state of change, and COMMON has always kept me up to date on this change. Every time I come to a conference, I learn something that I can take back to my organization to use. It may be a new skill, a new relationship, or a new application that can be used to save my corporation time and resources. I can also use this information to take advantage of the year-round learning that COMMON offers.

The second reason I keep coming to a COMMON conference is relationships. The COMMON community is a helpful group of IT professionals. I do not know how many times I did not know how to pursue a problem, but I knew someone else that I met at the annual conference that does know the answer. A short email or phone call always brings help! The COMMON community wants to help and see every member grow in their profession.”

What is one piece of advice you’d offer to first-time attendees?

“Don’t be shy! The speakers are there to help you become a better IT professional. Ask questions, participate in sessions, talk to people outside of sessions.  Talk to the vendors in the Expo. You may not have a need for their product now, but things change. I keep a drawer full of vendor products. It is great to be able to pull out the answer for that new challenging project. If someone give out an email, it is because they truly want you to ask questions at any time. This is a great community, and COMMON is here to help grow that community.”

 

Steven Wolk COMMON speaker IBM iSteven Wolk

CTO at PC Richard & Son

Steven will be presenting at six sessions, with titles including Let’s Learn Linux, Words to Live By: A Blueprint for Success and Command Jeopardy. You may view Steven’s biography and session schedule here.

Which one of your sessions are you most passionate about, and why?

“Of the six sessions I’m presenting at this year’s Annual Meeting, I’d have to say I’m most passionate about ‘Words to Live By: A Blueprint for Success’. While I enjoy speaking about a variety of technical topics that are near and dear to my heart, my true passion in teaching is helping people succeed. Personal success is a topic I’ve studied for many years, and I’ve identified what I believe are 12 key principles we can all follow that will lead to greater success in our own lives. We’ll discuss these principles through the context of meaningful motivational quotes, combined with some very personal stories demonstrating how these lessons can be applied. Many of the stories are funny, while others are poignant, but it’s my hope that they will be remembered – and help attendees be more successful - long after the conference has ended.”

What do you predict will be the hottest topic of discussion at this year’s conference?

“I think open source will be the hottest topic of discussion at this year’s Annual Meeting. While the IBM i has always been a very open operating system, the interest I’m seeing in running open source software on the i seems to just be exploding. That’s why I decided to present a brand new session at this year’s conference, ‘Let's Learn Linux’. It’s a great way for attendees to get their feet wet with open source software, without assuming any previous knowledge. And the skills learned will be applicable across a wide variety of platforms, ranging from Linux servers, to desktops, to our favorite server, the IBM i!”


Debbie Saugen COMMON speaker IBM iDebbie Saugen

Director of Business Continuity Services at HelpSystems

Debbie will be presenting four sessions, with titles including Essentials of Backup Recovery for Disaster Recovery on IBM i and Getting the Most Out of BRMS Recoveries. You may view Debbie’s biography and session schedule here.

Which one of your sessions are you most passionate about, and why?

“Everyone who knows me, understands the passion I have about IBM i disaster recovery. My session on Essentials of Backup/Recovery for Disaster Recovery on IBM i will help you prepare for being recovery ready should  a system failure or disaster occur.  During this session, I will share true stories from my decades of experience helping companies recover their systems after a disaster.”

What are you most looking forward to at COMMON?
“I’m looking forward to seeing all my friends, making new friends and sharing my knowledge about the latest for IBM i Backup/Recovery and Disaster Recovery. Not only do I get to share my knowledge and experiences, but I will also be learning from others!”

 

Ron Byrd COMMON speaker IBM iRon Byrd

Director of Professional Services at Linoma Software

Ron will be presenting alongside Bob Luebbe of Linoma Software at two sessions titled Simplify Encryption with DB2 Field Procedures and Securing Your File Transfers from the IBM i. You may view Ron’s biography and session schedule here.

What are you most looking forward to at COMMON?

“I am looking forward to seeing all our customers that go to COMMON to learn more about the IBM i.”

What is one piece of advice you’d offer to first-time attendees?

"COMMON can be overwhelming for a first-time attendee. Spend time before you arrive to check out online the classes you want to attend. Learning can also happen in the Exposition. There are a lot of talented people working in the Exposition. Stop by and ask the vendors questions that you have about different processes and products. You will find that the vendors are always willing to help people learn."

 

 

From the teams at Linoma Software and HelpSystems, we wish this year’s COMMON speakers the best of luck!

Linoma Software, together with HelpSystems, will be participating in the Expo at booths 413 and 417. Be sure to stop by! For more information on the COMMON 2017 Annual Meeting and Exposition, visit www.common.org/events/annual-meeting/.


Are You Ready for the 2018 PCI DSS Deadlines?

PCI DSS 2018 deadlines

Sometime last year you achieved total compliance with PCI DSS, the information security standard for all organizations that process credit or debit cards. That means your data is safe, the auditors will leave you alone, and you can kick back and relax, right?

Unfortunately, hackers don’t take breaks. Their methods are constantly evolving, making it essential that you are compliant with the latest security standards. Fortunately, PCI DSS is designed to ensure that you know exactly what to do to stay ahead of new threats. Staying PCI DSS compliant also lets you avoid hefty fines.  

The latest version of PCI DSS is version 3.2, which was announced in April 2016. Hopefully you’ve already seen the new rules and are taking steps to improve your security. You should be aware that some major PCI DSS compliance deadlines are approaching in 2018.

Although PCI DSS 3.1 technically expired in October 2016, all new requirements in version 3.2 will be considered best practices until 2018, when they’ll become mandatory. Here are some of the most important changes:

 

Multi-Factor Authentication (Best Practice Now, Mandatory February 2018)

PCI DSS version 3.1 called for two-factor authentication. Don’t worry about the name change to multi-factor authentication—it’s just to clarify that more than two types of authentication are possible. The more important update is that the requirement is expanded to include all individual non-console administrative access as well as all remote access to the cardholder environment (CDE).

That means that for any potential CDE access points, including through tools like your managed file transfer solution, you need to have multi-factor authentication either at the network or the system level.

 

TLS 1.1 or Above (Best Practice Now, Mandatory June 2018)

SSL and its immediate successor, TLS 1.0, are no longer considered strong encryption methods. Originally, the new PCI DSS requirement mandated that every organization migrate to TLS 1.1 and above (ideally TLS 1.2) by June 2016. This deadline was later pushed out to June 2018.

However, if you’re using SSL or early TLS, you should know that you’re not using current security best practices. We recommend that you move your file transfers to a stronger encryption method as soon as possible.

 

PCI DSS 3.2Get the Full Scoop

In order to help you fully understand the changes to PCI DSS 3.2, especially how they relate to managed file transfer, we’ve created a new whitepaper. Download it to learn:

  • Who needs to comply with PCI DSS 3.2
  • What has changed since version 3.1
  • How PCI DSS compliance affects your file transfer processes and solutions

Get the Whitepaper

 


FBI Issues Warning on FTP Servers

FBI warning for FTPThe FBI recently issued a Private Industry Notification to healthcare providers warning them of the dangers of unsecured FTP servers. According to the alert, the FBI is aware of criminal actors actively targeting FTP servers operating in “anonymous” mode, meaning a user can authenticate to the FTP server with a common username like “anonymous” or with a generic email address or password. The FBI notification cited a 2015 study from the University of Michigan that indicated over one million FTP servers were configured to allow anonymous access.

While the notification was intended for medical and dental facilities, inadequate FTP security is a concern across all industries. According to the FBI, “Any misconfigured or unsecured server operating on a business network on which sensitive data is stored or processed exposes the business to data theft and compromise by cyber criminals.”

The problems with FTP servers go beyond anonymous mode. For one thing, many organizations are running legacy FTP software that hasn’t been kept up-to-date with modern security concerns. Another widespread issue comes from granting excess permissions to trading partners or internal staff. Anyone given administrative access could change a setting on the server without realizing the potential security implications.

Hopefully it’s clear that you should be using encryption to protect your data. What some businesses fail to realize is that encryption methods vary greatly in strength based on factors like  key size and type of encryption ciphers used. Many of the older ciphers and protocols have been broken and are now obsolete. Finally, a major problem with legacy FTP servers is a lack of alerts if anything goes wrong and the lack of detailed logs to help you maintain compliance with industry regulations.

These common pitfalls can be addressed with a robust managed file transfer (MFT) solution. Managed file transfer offers a variety of strong, up-to-date protocols and encryption methods, allowing you to replace standard FTP with something more secure like SFTP or FTPS. Software with role-based security gives you the option to limit any user or user group to just the permissions they absolutely need, and detailed audit logs keep track of exactly which user took what action and when—essential information for your team and for auditors alike.

To learn more about how to secure an FTP server, watch the on-demand webinar, Top 10 Tips for Securing Your FTP or SFTP Server.

 


Still using SHA-1 to secure file transfers? It’s time to say goodbye.

Sha-1 Shattered

Securing information is rising in importance for organizations worldwide. Using outdated technology is extremely risky, yet many organizations continue to do so because of legacy systems that don’t allow them to upgrade, lack of resources and time to upgrade, or they are simply unaware. The commonly used SHA-1 algorithm is a perfect example of an obsolete encryption standard that should have been completely phased out long ago. So why are people talking about it today?

With over a decade of warnings about the security vulnerabilities of SHA-1, and deprecation by The National Institute of Standards and Technology (NIST) in 2011, many organizations have since phased out use of this older hash algorithm. For those remaining organizations who haven’t migrated away from SHA-1, Google’s recent public announcement of the first SHA-1 collision should motivate them to abandon this algorithm completely.

Hash algorithms are widely used for a variety of functions including authentication and digital signatures. With file transfers, the algorithm was typically utilized to verify the integrity of sent messages. Using SHA-1, files are compressed into a 160-bit message digest or hash file which is calculated both before and after transmission. On receipt, the two hash values (or signatures) for that transmission are checked to ensure the data has remained intact, as long as both values still match. If the hash values don’t match, the file was likely compromised at some point along the way.

Having two different messages that produce the same hash value should be almost impossible. However, advancements in technology and computational power since the introduction of SHA-1 have exposed its vulnerabilities. With last week’s announcement, Google has proven that systems using SHA-1 can be fooled into thinking a signature is valid when it’s not by producing the same cryptographic hash with two different files. By publicizing their work, this legacy algorithm has been rendered obsolete and insecure.

How does the SHA-1 collision affect file transfers?

If you are still using SHA-1 to verify the integrity of file transfers, you should know that it is no longer considered a safe or secure method. Bottom line, if you still use SHA-1, it should be transitioned to a more secure standard as soon as possible.

If you’re looking to replace SHA-1, an obvious alternative would be SHA-2. The SHA-2 algorithm is a family of hash functions with values of 224, 256, 384 or 512 bits, thus providing stronger security with longer message digests. The more complex algorithms generate more potential hash combinations than were possible with SHA-1 which make the SHA-2 algorithm extremely difficult to break using today’s technology.

GoAnywhere Managed File Transfer and SHA-2

GoAnywhere MFT fully supports the SHA-2 algorithm for secure file transfers over SFTP and FTPS. In addition, GoAnywhere is Drummond Certified for AS2 file transfers and successfully met all requirements for the optional AS2 secure hashing algorithm 2 (SHA-2) tests.

 


Preview of RSA Conference 2017 #RSAC

RSA conference

 

For those that are new to the annual RSA Conference U.S., this is one of the greatest info security conferences all year. The 2017 conference is said to be better than ever: more space, expanded food options, the new “Reserve a Seat” option and three full days of info security discussion led by global security experts.

Linoma Software will be attending this year’s conference, exhibiting in the North Expo. Our team is looking forward to learning which security topics are most prevalent among peers and engaging in meaningful discussions on today’s challenges and innovation. From an educational standpoint, there are several sessions we are most looking forward to:

 

CSA summit at RSACloud Security Alliance Summit 2017

February 13, 2017 | 9:00 AM - 4:00 PM | Marriott Marquis | Yerba Buena 5

Ah, “the cloud.” Over the past decade, businesses worldwide have been making the transition towards cloud computing and storage, and concern for security within the cloud has never been higher. In this special summit taking place during RSA 2017, world-leading security experts and cloud providers will join to discuss the threat landscape, data security innovations and global governance.

The keynote speakers are General Keith Alexander, CEO and President of IronNet Cybersecurity, and Robert Herjavec, CEO and Founder of Herjavec Group, and frequent investor on Shark Tank. Together with top officials from Symantec, Cryptozone, Duo Security and Oracle, these speakers are sure to bring decades of experience, lively discussion and actionable advice.

 

Peer2Peer at RSAMobile Devices: What Could Go Wrong? Discussion from the Frontlines

February 14, 2017 | 2:30 PM - 3:15 PM | Marriott Marquis | Nob Hill B

How many of your employees use their personal phones to access email, calendars or internal web resources? As of 2016, 77% of U.S. adults owned a smartphone, according to the Pew Research Center. In a world of BYOD (bring your own device), this session offers the opportunity to learn how your peers are dealing with security risks associated with mobile devices, apps and wi-fi networks that employees use.

This discussion will take place as part of the “Peer2Peers” breakout sessions, which is one of our favorite aspects of this conference. Facilitated by David Jevans, VP of Mobile Security at Proofpoint, it’s sure to spur meaningful conversations and peer-to-peer discussion.

 

Secure File Transfer for Enhanced Data Security

February 13-16, 2017 | Linoma Software Booth 4407, North Expo | San Francisco Moscone Center

Bring your most pressing file transfer questions to the North Expo, where secure file transfer experts from Linoma Software will be available to answer questions. This is a great opportunity to learn how a managed file transfer solution like GoAnywhere MFT can help to secure and automate transfers using a centralized approach.

We’re looking forward to connecting with you during the RSA 2017 conference! Be sure to stop by booth 4407 (map below).

RSA expo map to Linoma booth

 

Ready to get into the information security mindset? Watch the RSA 2016 opening theme video below for a glimpse into the discussions sure to occur during the 2017 conference.