Secure File Sharing at the Local Government Strategy Forum

Secure File Sharing at the Local Government Strategy Forum

Heythrop Park, April 12th – 13th

This month I attended my second Local Government Strategy Forum, at the beautiful Heythrop Park Resort in Oxfordshire. Invited by our partner Maytech, I was the ‘independent industry expert’ and had the pleasure of spending two days in this lovely environment, talking with senior management and C-suite executives from councils all around the UK.

heythrop-park

Before attending these events I had, what I believe to be a commonly held opinion, that council workers were underworked and overpaid. I’d read all the stories in the local press about the six-figure salaries and the cancellation of services to ensure their lavish lifestyle. However I’d never stopped to think what they actually did. Listening intently at these events has given me a small insight into the workings of councils, and whilst I’m sure there is still more efficiencies to be realised, I couldn’t have more admiration for the wide range of services they provide and the challenges they have prioritising them to balance the books.

The financial challenges being faced by councils has lead to them adopting a more business-like approach. They are looking at every aspect of their business to drive out wastage and streamline operations, and that’s where my expertise came in.

John Lynch, CEO, Maytech – presenting Quatrix on day one

Over the duration of two days I spoke with in excess of 50 delegates about their data sharing, collaboration, secure file transfer and business process automation challenges. Our experience in this area, working with council’s such as Cambridgeshire County Council, North East Lincolnshire Council and most recently Mid-Sussex Council, ensured we already had a view on some of the challenges being faced for data sharing in the public sector.

As ever there’s not one technology, which addresses the wide range of data sharing requirements of councils, our council customers are using solutions from five of our suppliers. The service we provide is to help them to fully understand their requirements and then choose the right solutions for their needs and budget.

If your council or company needs to address its file sharing, collaboration and secure file transfer requirements why not download one of our free resources below:

What is Managed File Transfer?

Managed File Transfer Starter Pack

Comparison Guide

Building a Business Case for MFT

Globalscape Webinar | Simplify PCI Compliance

Globalscape Webinar | Simplify PCI Compliance

Payment Card Industry Data Security Standard (PCI DSS 3.0) Became Mandatory from January 1st 2015

Join Globalscape on this webinar to learn tips and best practices from Security Industry leading experts.

If credit card processing or payments touch your organisation, the time is now to make sure you are in total compliance with Payment Card Industry Data Security Standards (PCI DSS). Make sure your growing organisation is protected at every branch, facility, office, or online—wherever card data is transmitted, stored, or archived.

 

PCI-DSS

Webinar Agenda:

  • What is PCI?
  • Why do I need to worry about this?
  • What has changed in PCI-DSS Version 3.0
  • What are the best practices
  • How can I be sure that I’m compliant?
  • Q & A

Event Type: Live Webinar

Event Date: Thursday 22th January – 17.00 Hrs GMT

 

Review this Webinar
PCI-DSS-Compliance-e1421246845188

  • Payment Card Industry Data Security Standard version 3 (PCI DSS 3.0) became mandatory Jan. 1, 2015.
  • Prepare for PCI Qualified Security Assessors (QSA) using PCI 3.0 when it comes to merchant assessments and how well data security requirements are met.
  • Globalscape sits on the PCI Security Standards Council and was chosen for membership in the Participating Organisation program. Globalscape has active involvement in the advance review of standards and input into the direction of the PCI DSS.

 

  • Globalscape EFT comprises of a full suite of data protection tools that achieves or exceeds compliance and security practices by the most rigorous standards. EFT’s High Security module facilitates compliance with PCI DSS v3, exceeding security practices mandated by the most rigorous standards, including PCI DSS, FIPS 140-2, HIPAA, DPA, and Sarbanes-Oxley (SOX).
  • EFT also monitors, reports and provides key compliance alerts to keep your organisation up to date on compliance requirements.

Biggest UK Fines By The ICO in 2014

Biggest UK Fines By The ICO in 2014

fines
The Information Commissioners Office (ICO) is a government body set up to regulate those organisations which handle personally identifiable data. Retaining a register of companies and their nominated data handler ensures that the ICO can follow up on any reported data leaks or mishandling of data.

The ICO has the ability to serve a company with an undertaking, prosecution, enforcement notice or a monetary penalty. None of these are good for business or for the individual involved, especially as all details are available in the public domain. In the past 12 months, the ICO took action on 88 individuals or companies. Below is a list of the worst performing businesses and the fines levied.

 

British Pregnancy Advice Service £200,000 – 7 Marchico-logo-blue-grey
Kent Police £100,000 – 19 March
Amber Windows £50,000 – 3 April
Think W3 Limited £150,000 – 23 July
Reactiv Media Limited £50,000 – 28 July
Ministry of Justice £180,000 – 26 August
EMC Advisory Services Limited £70,000 – 1 October
Worldview Limited £7,500 – 5 November
Parklife Weekender £70,000 – 5 December
Kwik Fix Plumbers Ltd £90,000 – 22 December

 

Not all of these cases were data breaches, but data had been misused or not protected sufficiently to comply with current legislation by the company or individuals involved. Without the correct processes and policies in place or tools for the job, employees can easily make simple decisions that can put personally identifiable data at risk.

Implementing the right Managed File Transfer or Enterprise File Sync & Share solutions for your organisation need not be difficult and can be a key component of your data security plan. With our assistance we can help you move this up your priority stack assisting with needs analysis through to implementation, helping you comply with regulations such as the Data Protection Act or PCI DSS.

Pro2col’s friendly team of experts have over 15 years experience in keeping data secure in transit and at rest so why not give them a call on +44 (0) 333 123 1240 or contact us via our web site here.

managed-file-transfer-comparison-guide1

managed-file-transfer-audit

GDPR – What It Is & Why You Need To Be Prepared!

GDPR – What It Is & Why You Need To Be Prepared!

GDPR

As we all battle on with the day to day activities of our jobs, it can be challenging to ensure that we’re on top of changes to regulations that might affect us. This it seems is very much the case when it comes to the general awareness for the planned introduction of the General Data Protection Regulation (GDPR). Having been in the European Commission’s think tank for nearly three years, GDPR is due to replace the outdated and somewhat limited EU Data Protection Directive.

GDPR EuropeLast month our vendor partner, Ipswitch File Transfer, announced the results of a European survey of IT professionals attitudes to regulations and compliance. The results indicated a shocking lack of awareness of GDPR across the board, and with the regulation due to come into effect late this year or early next; the clock is ticking.

GDPR is meant to unify and simplify data protection across 28 countries within the European Union (EU). Why should we be concerned? The range of its penalties are a little more extensive than the ICO monetary penalty maximum of £500,000 currently the most prolific threat to enterprises careless with their data. Under the GDPR, financial penalties of up to €100million (approximately £80m) or up to five percent of worldwide turnover, whichever is greater, for organisations that breach its rules.

Ipswitch’s survey highlighted some interesting statistics:

COMPLIANCE CHALLENGES AHEAD FOR THOSE WHO DON’T KNOW GDPR OR ITS TIMING

  • 56% could not accurately identify what ‘GDPR’ means
  • 52% admitted they were not ready for GDPR
  • 35% confessed to not knowing whether their IT policies and process were up to the job
  • 12% percent of respondents felt ready for the change
  • 64% also conceded they had no idea when this regulation is due to come into effect
  • 14% could correctly identify that the GDPR is due to come into effect in late 2014/early 2015

 

SO, WHAT DOES IT MEAN TO YOU AND YOUR COMPANY?

The security of personally identifiable data has never been more important and you are accountable for it. Review your policies and procedures for data processing. How are you moving data? Who has access to it? Where is it stored and is it secure in transit and at rest? How long do you need to retain data for? Do you have strong audit and reporting capabilities for the lifetime of your data?

If your B2B, file based workflows are home-grown and lack the controls, security features, audit and reporting capabilities needed in light of changes to EU data protection changes, we can help. Our managed file transfer consultants can help you to review your data transfer requirements to ensure that your data is secure in transit and at rest, and that you have the right controls over your data. Call the team now on 0333 123 1240 for an initial no-obligation discussion to see how we can help you.

Globalscape teams with SMS PASSCODE® to Enhance Customer Security

Globalscape teams with SMS PASSCODE® to Enhance Customer Security

SMS PASSCODE’s multi-factor authentication platform now integrates with Globalscape’s Enhanced File Transfer (EFT) Server.

The importance of stepping up user authentication

sms-passcodeA username and password are no longer enough to authenticate the identity of employees accessing corporate networks and data. Research indicates that weak or stolen user credentials are the preferred weapons used by cybercriminals, and are behind approximately 76 percent of all network intrusions.

Traditional two-factor authentication requires something the user knows (usually a password) and something the user has (like a token, fingerprint or mobile phone). In the past, companies distributed hardware tokens to their employees to help validate their identity when logging in; however, over time, these types of solutions have proved cumbersome and expensive for IT to manage effectively, while offering little convenience for end-users.

SMS PASSCODE offers a balance between strong security and high user convenience, with features that include:

  • Leveraging the one thing users always carry with them – their mobile phone – and provides a superior user experience by taking full advantage of contextual information such as time, geo-location, and type of login system being accessed.
  • Intelligent authentication that sees whether users are logging in from trusted locations like home or the office, versus an airport lounge with public Wi-Fi (for example), and conveniently delivers the appropriate level of security for the users.

How SMS PASSCODE works with EFT

Globalscape EFT includes multi-factor authentication through the SMS PASSCODE platform. On a local or LDAP-authenticated site, the administrator can configure EFT to connect to SMS PASSCODE to deliver a one-time use passcode via text message (SMS), a voice call, through email, or via an app to the user’s mobile phone as part of the login process for HTTP, HTTPS or SFTP transfers. Codes are generated in real time when the user enters a correct username and password, and the codes are locked to the session ID of the device used to log in from for added security. Following the successful entry of the SMS code, the user has full access to their files and folders. Any user account that is configured to use SMS authentication must supply the correct user name, password and unique one-time passcode delivered to their mobile phone in order to log in.

The Benefits

  • Convenience: leverages the one thing users always carry with them – their mobile phone
  • Reduced cost: no hardware tokens to buy or maintain
  • Codes are never stored: real time, session-specific codes
  • Superior user experience: avoid burdensome passwords
  • Better security: intelligent authentication assesses the threat level and dynamically adjusts the level of user authentication needed
  • Easy to implement, manage and scale

Please get in touch with the Pro2col team if you have any queries regarding this or any other feature of Globalscape’s EFT Server.

“Today’s modern cybersecurity threats have overwhelmed passwords and tokens, and companies are seeking strong authentication that protects their employees and is easy to use. With the integration
between Globalscape and SMS PASSCODE, system administrators can easily add multi-factor authentication
to their secure file transfer via EFT without compromising the user experience.”
Says Torben Anderson, chief commercial officer at SMS PASSCODE,
“We are excited to partner with a visionary security company like Globalscape that shares our passion
for keeping corporate networks and data secure.”

“Technology integrations that can improve authentication security for our customers just make sense in our EFT solution.” says Greg Hoffer, senior director of engineering at Globalscape,
“We have been hearing about phone-based authentication as a second factor for many years; it has
significant usability and security improvements over the legacy token-based approach to two-factor
authentication. SMS PASSCODE has a well-designed, thoughtful implementation of phone-based multi-factor
authentication. Their platform ties seamlessly into our EFT solution to provide the most secure enterprise
class of secure file sharing on the market.”

Ipswitch Survey Reveals; Damage to Reputation Seen as Biggest Reason to Comply with Data Protection Laws.

Ipswitch Survey Reveals; Damage to Reputation Seen as Biggest Reason to Comply with Data Protection Laws.

Despite 71% believing UK data protection laws should be stronger, 53% still admit to sending sensitive documents by email and 19% have lost critical documents in transit.

A survey by Ipswitch, managed file transfer (MFT) solutions vendor, reveals that fear of reputational damage is the biggest driver for business professionals to comply with data security laws. Yet the majority are still failing to secure the transfer of critical files.

The survey, conducted at the end of April 2014, asked 415 business professionals working across the EU about attitudes, practices and technologies relating to data security and protection. The results also show that the UK is seen as having tighter data protection laws than Germany or France. However, the vast majority think the UK’s data protection laws need to be even stricter.

Key Conclusions:

  • 31 percent of business professionals say that financial censure is the biggest impetus for complying with data protection or staying in line with ICO guidelines, while nearly half (43 percent) cite fear of reputational damage to their brand as the major reason to fall in line
  • The survey also reveals that over half of respondents (53 percent) admit to sending business sensitive documents over unsecured email, while nearly a fifth (19 percent) also admit to losing critical business documents
  • 64 percent of respondents consider the UK to have the tightest data protection laws, 30 percent name Germany as having the strictest laws, while six percent of respondents say that France has the strictest data protection
  • Almost three-quarters (71 percent) of respondents believe UK data protection laws should be stronger to protect businesses and consumers
  • Over a quarter of respondents (27 percent) have never heard of the UK Information Commissioner’s Office (ICO), the public body which reports to UK Parliament and is sponsored by the Ministry of Justice to oversee data protection and privacy
  • More than half (57 percent) agree that the ICO should be more aggressive in its data protection responsibilities

Data-Protection-Image-300x198“It is clear that organisations need to take more responsibility for their own file transfer practices.  Our survey reveals that far too many still rely on unsecured procedures for transferring sensitive files to get work done,” said Loic Triger, VP International Sales for Ipswitch. “Businesses need to have systems in place to mitigate security breaches, and rigorously ensure those systems are appropriately used.”

“Enterprises have come to rely on a mix of DIY approaches for file movement, in the absence of well-defined policies and enterprise-supported alternatives. But it is entirely possible to untangle the web of file transfer applications available and talk about best practices to ensure visibility and control in an increasingly regulated market. We urge all organisations to re-evaluate their file transfer methodologies, before they end up paying the price, either in diminished brand reputation, customer losses, or financial penalties.”

“Business simply cannot afford – either in terms of cost or reputation – to deal with the potential fall-out from unsafe business practices such as unsecured file sharing, and they are clearly looking to the ICO to take the lead in implementing further, stricter regulation.”

 

About Ipswitch
Ipswitch helps solve complex IT problems with simple solutions. The company’s software is trusted by millions of people worldwide to transfer files between systems, business partners and customers; and to monitor networks, applications and servers. Ipswitch was founded in 1991 and is based in Lexington, Massachusetts with offices throughout the U.S., Europe and Asia. Pro2col are Ipswitch’s Elite Partner here in the UK, please do not hesitate to get in contact if you require any further information.