In the last U.S. presidential election the candidates clashed on the issue of privatizing the Social Security system. I'll leave the political debate to the professional politicians, but I would like to address this matter from the standpoint of millions of U.S. workers. Many of them are already banking on their 401(k)s as the largest part of their retirement savings, and they barely have enough time to check their balances, much less make insightful investment decisions. There are 42 million Americans holding an estimated $1.9 trillion in assets in their 401(k)s, and they tend to rely on the simple guided selling interfaces that investment firms had five or more years ago. Overly simplistic views of risk vs. return and incomplete investment selection tools were commonplace, leaving many individual investors shortchanged relative to the expertise available to them, for free, from these firms. Think of what that the Bush Administration proposal will do to the total assets held in … [Read more...] about Social Security Administration: The Next Salesforce.com?
By Christopher J. Bucholtz Oct 21, 2010 5:00 AM PT Social CRM is quickly transforming from a concept to a reality. However, because of the diverse nature of customers and the broad range of options they have among social media channels, the best practices for capitalizing on Social CRM vary from segment to segment. That means some industries may have a more difficult path to Social CRM success. But there are some that have a natural affinity for winning with Social CRM, where conditions already lend themselves to acceptance by both the customer and the organization. These are where the best-publicized successes are likely to originate in the next 365 days. Their stories are likely to be more inspirational than informational -- again, the best practices for Social CRM will be specific to each organization's circumstances -- but they should serve notice that with some focused thinking and proper devotion to the concept, Social CRM can be successful in boosting the fortunes of any … [Read more...] about 3 Industries Geared for Social CRM Success
Security is one of the fastest growing areas in technology today. Internet scams and hackers are more malicious and widespread than ever. For example, TJX recently announced that its computer system that stores and processes customer information was breached. T.J. Maxx, Marshalls, HomeGoods and A.J. Wright stores in the United States and Puerto Rico and Winners and HomeSense stores in Canada were affected, as was information dating back to 2003. The threat of hackers is so great that even the Department of Homeland Security conducted its own test cyberattack, called "Cyber Storm," to determine reaction, recovery and coordination in response to a technical security breach. This is a testament to a large and growing concern about computer and data security across all industries in the U.S. Additional Viruses Ahead New viruses are introduced daily and spammers use worms to create "spam zombies," which clog inboxes, steal passwords and introduce Trojan Horses that allow for … [Read more...] about What Are You Doing to Stop Security Saboteurs?
Having your private information leaked is bad enough, but having it put on BitTorrent is really the final insult. It happened before with MySpace photos. By most accounts, the private images made available earlier this year via peer-to-peer networks consisted largely of poorly snapped photos of people you didn't know getting drunk at parties you weren't at. Then there was the incident with Harvard, which placed private information, including Social Security numbers (SSNs) from 6,600 of the world's brightest college applicants, in a place vulnerable to hackers. All that info somehow got seeded into BitTorrent too. When pro hackers steal your data, you can usually comfort yourself a little with the notion that your info is in the hands of professionals. Sure, they're professional crooks, but you can at least tell yourself that they probably have millions of peoples' info, it's shared only among customers who are willing to pay, and even though they're targeting your finances, at least … [Read more...] about Social Security, Social Anxiety
By John P. Mello Jr. Dec 17, 2012 8:41 AM PT The findings weren't very sweet when researchers tested Android 4.2 Jelly Bean's beefed-up security. Of the 1,260 malware samples the team at North Carolina State University tossed at the OS, only 15 percent of them were detected by Google's app verification service. By contrast, Android anti-malware programs from 10 third-party software makers had detection rates ranging from 51 to 100 percent, the researchers found. The blacklisting approach used by Google is an ineffective one, said Jerry Hoff, vice president for static code analysis at WhiteHat Security, told TechNewsWorld.. "The malware blacklist approach, which originated on the desktop and seems to be bleeding over to the mobile side, is outdated and will always be vulnerable to new forms of malware." Even though Google has tried to boost its security capabilities by purchasing Virus Total, it apparently hasn't improved the security picture, according to Alexandru Catalin Cosoi, … [Read more...] about Study: Nefarious Apps Easily Slip Past Jelly Bean Security
Organizations love false economies. It may not be an entirely conscious act on their part, but it's certainly the truth: Hang around any organization long enough, and you'll find at least one instance where it tries to save on doing A but winds up spending more on doing B in the process. Consider, for example, expense policies that require employees to stay one or more extra nights when traveling. Because airfare is lower when weekend travel is involved, organizations might be tempted to ask employees to do this to keep air costs down; however, very seldom do recouped airfare dollars come even close to combined dollars lost in extra hotel stays, extra meal expenses, lost productivity and reduced employee morale. The combination of hard and soft costs far outweighs possible savings in the area of airfare. This happens in information security the same way it happens in other areas. And in an environment where budgets continue to decline and where pressure to do more with less continues, … [Read more...] about The False Economies of the Info Security World
No longer the exclusive domain of computer loving teenagers and college students, social networking has become a tool to drive corporate innovation and facilitate communication from the boardroom on down. For instance, for AAR, a Wood Dale, Ill.-based aviation services company, communication oriented Web 2.0 tools like those found on popular consumer sites MySpace and Facebook, are playing a key role in their mission to go green. "We have identified new business development ideas and have helped AAR to become more environmentally friendly," said Shannon DuVaul, senior director of end user computing. "An example of this is our electricity cost savings initiative wherein AAR is replacing all building lighting fixtures with Fluorescent fixtures." Happier Employees The energy saving measure was suggested by an employee and the change was implemented throughout the company. When AAR Vice President of Strategy Development Ben Sandzer-Ball logged onto the new myAAR Discussion Forum and … [Read more...] about Bosses Warm Up to Social Networking on Company Time
Computer security, until now, was a matter of bolting on third-party hardware products or adding on software to screen out unauthorized users. Not so any more. Keyboard-bound passwords, smart cards and dongles are becoming a thing of the past. These staples of the old school of computer security are as archaic as the small, single-toothed lock and key that was once standard on pre-Windows IBM-style personal computers. The new age of computer security is fast becoming a matter of what is built into the box to give approved users access. Biometrics devices like fingerprint readers and voice scanning tests give consumers and enterprise IT managers new hope that data and networks are secure. Safer Atmosphere A new generation of security-minded desktop and laptop computers is giving new marketing life to the IBM Personal Computing Division. Add to this new line an innovative, out-of-the-box approach to user authentication, and computer security takes on a much safer atmosphere. A new … [Read more...] about Computer Security Comes of Age
With global organizations depending on the sharing of sensitive information to support everything from financial transactions to patient care records, many believe they are relying on secure methods to exchange data with trusted partners. However, there is often a significant and alarming gap between perceived security and real vulnerability. However, contrary to popular belief, the aforementioned most common methods used for file transfer are often not secure enough, and lack manageability and governance. Let's take FTP technology, for instance. A shortcoming with traditional FTP and even encrypted FTP sessions is that after the data stops moving (aka "data at rest"), it sits on the FTP or SFTP server in plain text. If that FTP or SFTP server is directly connected to the Internet -- as it most likely will be to allow business partners to connect to it -- the data is at risk of being accessed and shared. This is in violation of PCI and HIPAA standards. FTP technology can also slow … [Read more...] about Perceived Security vs. Real Vulnerability: Is Your Data at Risk?
WITH THE ADVENT of Web services, vendors that specialize in security are being asked to rise to new heights in terms of capabilities and performance. One of the companies that plans to answer that challenge is BindView, which is going to focus specifically on products for Microsoft .Net environments. In an interview with InfoWorld Editor in Chief Michael Vizard and Test Center Director Steve Gillmor, BindView CEO Eric Pulaski talks about Web services security and the crying need to deliver technology that mere mortals can use to make their organizations secure. InfoWorld: What exactly does BindView do? InfoWorld: Web services is certainly in the news these days and security, specifically, is seen as a limiting factor to its adoption. What is BindView doing in this space? [ Make threat intelligence meaningful: A 4-point plan. | Discover how to secure your systems with InfoWorld's Security Report newsletter. ] Pulaski: [Web services] is obviously new emerging technology that has … [Read more...] about BindView simplifies security
See correction at end of review Web-based applications have become vital pieces of business infrastructure. Along the way, they’ve also become major security risks for the organizations that rely on them. Large volumes of sensitive information exchanged through Web applications -- and stored in databases behind those applications -- hold an irresistible attraction for cyber thieves and vandals who know how to exploit structural and programmatic weaknesses. Low-profile, low-traffic sites, especially those that don’t host transactions, seldom elicit enough hacker interest to cause worry. On the other hand, high-visibility or high-traffic sites invite innovative attacks. [ Give yourself a technology career advantage with InfoWorld's Deep Dive technology reports and Computerworld's career trends reports. GET A 15% DISCOUNT through Jan. 15, 2017: Use code 8TIISZ4Z. ]The job of a dedicated Web application firewall is to guard against such sophisticated exploits. For this review, … [Read more...] about Are your Web apps secure?
Your organization’s Sarbanes-Oxley audit is scheduled for this summer. Will you be able to show who has access to financial records and what they’re doing with that data? Just as important, can you prove you’re equipped to take immediate action when policy violations occur? If regulatory incentives aren’t compelling enough to make you keep a tab on the data flowing within and from your network, consider this: Studies from the Computer Security Institute/FBI, U.S. Congress, Gartner, and others estimate that as much as 75 percent of the $200 billion in measured annual security losses comes from within organizations. Currently, IT security chiefs allocate the majority of their budgets to protecting network perimeters with firewalls, patch management, anti-virus applications, and intrusion-detection systems. But a new breed of security products guard intellectual property and protect organizations from the public humiliation of lawsuits, fines, and jail time for … [Read more...] about Clamp down on security leaks
In the world of comic books, every bad guy is an evil genius. On the Web, hackers, spammers, and phishers may be evil, but they're not required to be geniuses. They can make a healthy living just by exploiting known security holes that many users haven't bothered to patch. Or by relying on the propensity of millions of people to do things they've been told over and over not to do. The silver lining is that you don't have to be a genius to avoid these common attacks either. Implement a few simple fixes, and you'll avoid most of the bad stuff out there. [ Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ] [ Roger Grimes' free and almost foolproof way to check for malware. | Discover how to secure your systems with InfoWorld's Security Report newsletter. ]Fix 1: Patch over the software bull's-eyeHave you turned off automatic updates for Windows and other programs on the rationale that "if it ain't broke, don't fix it?" Then … [Read more...] about 10 quick fixes for the worst security nightmares
The Internet is a scary place. Criminal malware lurks on legitimate and illegitimate Web sites alike, looking to steal your money one way or the other. Vendors have been scratching their collective heads attempting to make more consumers safer, more often. One of the results has been a class of anti-malware software that I call sandbox protection products. These items encapsulate Internet browsers (and e-mail programs and sometimes any other program you can run) within a virtual, emulated cocoon designed to keep malware from reaching and modifying the underlying host computer. It used to be that you had to boot with an infected floppy diskette, run an infected executable, or double-click on an e-mail attachment to get exploited. Nowadays, all you have do is surf your browser across the wrong Web page, or the right Web page at the wrong time. Client-side, polymorphic, Internet browser-based exploits account for the large majority of malware infections. And although nearly ubiquitous in … [Read more...] about Test Center: Sandbox security versus the evil Web
With clients already skittish over the downturn in the financial markets, Benefit Consultants Group wanted to make sure its agents and brokers could be reached anytime without long waits. That included during a recent fire drill, when everyone had to leave the building. From the parking lot, staffers using VoIP phones were able to reprogram calls coming into the switchboard to go directly to their VoIP phones. As a result, during that half-hour, BCG employees continued to answer calls and clients were none the wiser. [ Frustrated by your PC support? You're not alone. Get answers from Christina Tynan-Wood in InfoWorld's Gripe Line blog and newsletter. ] [ Give yourself a technology career advantage with InfoWorld's Deep Dive technology reports and Computerworld's career trends reports. GET A 15% DISCOUNT through Jan. 15, 2017: Use code 8TIISZ4Z. ]BCG is amid a raft of new enterprise VoIP customers. In early February, the Social Security Administration's core VoIP network was completed. … [Read more...] about VoIP goes corporate — and saves users plenty
Just like employees in the private sector, government employees are reveling in the productivity gains of accessing their office apps and data from their smartphones and tablets. However, not unlike private companies, federal agencies are falling short on securing those devices, potentially increasing the ease with which malicious hackers and cyber criminals can get their hands on potentially sensitive Federal data, be it Social Security numbers, FBI files, and so forth. The good news, per the Telework Exchange's 2013 Digital Dilemma Report, is that federal employees are gaining, on average, nine more hours of productivity per week thanks to the adoption of work-connected mobile devices. The exchange equates that to an extra $28 billion worth of man-hours per year. Saving money and boosting productivity are obvious and well-documented benefits of mobile computing and BYOD, so those figures aren't necessarily surprising. However, digging deeper into the data reveals some points of … [Read more...] about Mobile security remains a BYOD hurdle at the federal level
The formal security programs at most companies include a finite number of managers and staffers. But the fact is, everyone within an organization should be responsible on some level for contributing to efforts to protect information, physical assets and other property. Indeed, many security executives have come to rely on a broad "team" within their enterprises to bolster cyber and physical security. But they're also increasingly looking outside for help, through threat information sharing and other collaborative efforts. For a growing number of enterprises, this all adds up to a security "crowdsourcing" strategy that enables them to have a better chance at stopping attacks and minimizing damage. [ Deep Dive: How to rethink security for the new world of IT. | Discover how to secure your systems with InfoWorld's Security newsletter. ]MORE ON CSO: The things end users do that drive security teams crazyPayroll services provider Automatic Data Processing (ADP) has been participating in … [Read more...] about Crowdsourcing your security InfoWorld
David Murphy serves as the practice manager for MongoDB at Percona, a provider of enterprise-class MySQL and MongoDB solutions and services. MongoDB security is in the news again. A recent spate of stories reveals how hackers have been seizing MongoDB databases and ransoming the data for bitcoins. Tens of thousands of MongoDB installations have been compromised, according to Rapid7.We all worry about security. If you run applications, networks, or databases, security is always a top-line issue. With more companies turning to open source software such as MongoDB to store important enterprise data, security becomes an even bigger question. Depending on your business, you might also have multiple government (such as the Health Insurance Portability and Accountability Act, or HIPAA) or business (Payment Card Industry Data Security Standard, or PCI DSS) network security regulatory standards with which you need to comply.[ Docker, Amazon, TensorFlow, Windows 10, and more: See InfoWorld's … [Read more...] about The essential guide to MongoDB security
I'd be a fool to include my Social Security number in this article: doing so would leave me vulnerable to all manner of credit fraud, scams, and even criminal arrest. All of this would surely happen because a few bad people would read the article, write down my SSN, and pretend to be me. We know a lot more about the use and abuse of SSNs today than we did back in 2002. That was the year the California state legislature passed SB 1386, the first U.S. law requiring that consumers be notified when computer systems holding their personal information are "breached" or that information is otherwise compromised. Because of SB 1386, we learned in 2005 that ChoicePoint-a company most Americans had never heard of-had somehow sold detailed credit histories on more than 163,000 consumers directly to identity thieves (more than 800 people suffered direct losses as a result). And in 2007, we learned that identity thieves had broken into the computer systems of the discount retailer TJX and stolen … [Read more...] about Privacy Requires Security, Not Abstinence
If you have a hunch your computer isn’t properly guarded against nasty programs such as viruses, worms, and so-called malware, Microsoft says you’re probably right. The company estimates that two out of three people with personal computers don’t have up-to-date antivirus software. Moreover, four out of five erroneously think they do. This is a problem in need of a solution. And Microsoft has proposed one: a “computer health” software package that includes antivirus programs, automatic updates, backup prompts, and live customer service. It can be installed on up to three computers in a home, for $49.95 a year. The software, called OneCare Live, is currently being tested and will be available in June. OneCare Live has been designed with the average home PC user in mind – someone who doesn’t perform regular “patch” updates, defragmenting runs, hard-drive backups, and the other tasks recommended for keeping a PC running smoothly. … [Read more...] about Microsoft’s Security Fix – MIT Technology Review