Endpoint Protector Appliance: Stop data theft on Windows and Mac

Mobile devices increase productivity but raise security concerns

February 24th, 2012 by Agent Smith (0) Data Theft & Loss,endpoint security,Research and Studies

The mobile industry is no longer thriving, as it has reached a critical point due to the security concerns raised by companies trying to integrate mobile computing into their overall security framework. A fresh survey on mobile security shows this type of devices represents a critical business tool, boosting creativity, but their malfunctions or security threats need to be avoided and carefully managed.

by Frank Gruber

73% of organizations reported visible efficiency increases due to integrating mobile computing into business operations and processes, according to the mobile industry study that queried over 6200 IT decision makers. Read more

Social networks and smartphone users, likely victims of identity fraud

February 23rd, 2012 by Agent Smith (0) Data Theft & Loss,Identity Theft

People who use social networks and smartphones can easily become victims of identity fraud, as shown in the 2012 identity fraud study carried out by Javelin Strategy & Research.

The US number of victims was 13% higher more than 11.6 million adults have fallen pray to identity fraud, yet the average dollar amount stolen in these incidents was about the same as the previous year. Consumers whose personal information has been compromised by corporate data breaches were the most likely victims. Persons who have received notifications of a data breach affecting their personal data are 9.5 times more likely to experience identity fraud than those who did not receive such a notification.

Javelin also tracked users’ online behavior to see its impact on identity fraud. “LinkedIn, Google+, Twitter and Facebook users had the highest incidence of fraud, although there is no proof of direct causation”. The survey also showed users ignore warnings about social networks being heavily used by fraudsters and are still sharing a significant amount of personal information that might be used to steal their identities. One of the examples quoted in the report was business social network LinkedIn where people connect with strangers without reading carefully or paying attention to of what they are really doing.

7% of smartphone users became victims of identity fraud last year, showing a 33% higher incidence rate compared to the general public. A good way to prevent such breaches for smartphone users is to have passwords on the home screen (the study shows 62% of mobile users fail to set one), to block access to information stored on the phone. Another safety measure to prevent identity fraud is to never tick the “remember password” button to save the information on their mobile device (32% users do this). Mobile users should also never accept the invitations of strangers or use the GPS tracking locations.

Nuclear Plant Safety Test Details Lost by Office of Nuclear Regulation Rep

February 21st, 2012 by Agent Smith (0) Data Theft & Loss,DLP,endpoint security,security breach

A data breach caused when an Office for Nuclear Regulation official lost an USB memory containing details about safety tests at the Hartleport power plant is currently being investigated by the authorities. While the memory stick was caring only safety “stress-test” not “significantly sensitive” data, none of the files stored had been encrypted. The stress tests the lost portable device stored are currently being carried out at European nuclear power plants in an attempt to prevent future disaster, like the nuclear disaster at Fukushima power plant caused by the Japan earthquake last year.

According to an official ONR statement, the reports contained by the memory stick would have been made public after their completion, yet the office completely forbids the use of unencrypted devices for transporting documents with security classification. This means that the official responsible for the breach has broken ONR security regulations. The Hartlepool plant, operated by EDF Energy, confirmed the lost USB stick did not have important data. They also mentioned that when they would have been published, the results of the tests would have been less detailed. Read more

Almost all small healthcare companies have suffered a data breach

February 17th, 2012 by Agent Smith (0) Data Theft & Loss,DLP,Identity Theft,Research and Studies

99% of small healthcare organizations in North America suffered a data breach in the past 12 months and more than 70% do not have enough budget to invest in risk management solutions to be able to comply with legal requirements and industry standards. These are the key findings of a new survey by the Ponemon Institute.

The Ponemon Institute surveyed more than 700 IT and administrative professionals in healthcare organizations that employ a maximum 250 people.

“Cybercriminals are hunting for medical records,” said Larry Ponemon, chairman and founder of Ponemon Institute. “The most serious issue is just the complacency small healthcare providers seem to exhibit with respect to securing patient records.” Read more

Skilled Security Professionals, Well Paid, but Hard to Find

February 16th, 2012 by Agent Smith (0) In the News,Research and Studies

Highly experienced professionals are very hard to find, as enterprises have to go through lengthy processes to hire security experts who, although very experienced, are rather rare. Organizations that work with more than 2000 members report increases in salary and number opportunities to grow and ascend for trained and experienced security professionals, despite the slow economic environment. These are the key findings of the (ISC)2 2012 Career Impact Survey.

According to the survey, 96% of security professinals are currently employed and only as low as 7% of information security professionals were unemployed at any point during the last year. Moreover, over 70% or respondents received a salary increase in 2011 and more than half expect to receive an increase in 2012. More than half of those who changed jobs said they did so because they had opportunities for advancement. Read more

Regional police offices fighting cybercrime established in the UK

February 10th, 2012 by Agent Smith (0) DLP,In the News

To improve British police abilities to prevent growing cybercrime, UK authorities established three regional e-crime fighting units in Yorkshire and the Humber, the Northwest and in East Midlands, each having a team of three dedicated police officers.

They will work side by side with the Metropolitan Police Central e-crime Unit. The establishment of regional offices is part of the UK government’s plan to spend 30 million ponds over four years to improve the country’s ability to investigate and diminish cybercrime. Read more

Law Enforcement Agencies Find New Ways to Fight Cybercrime

February 8th, 2012 by Agent Smith (0) DLP,Research and Studies

Law enforcement agencies worldwide are getting better at catching cybercriminals, scoring some big cybercrime busts and getting better at detecting and investigating data breaches. Officials worldwide detected five times as many breaches in 2011 as in 2010, according to new data in the Trustwave’s 2012 Global Security Report. About 33% of organizations with data breaches discovered the incidents when alerted by law enforcement, up from 7% in 2010. These good results for law enforcement are mostly powered by the work of the U.S. Secret Service, Interpol, the Australian Federal Police, and the U.K.’s Serious Organised Crime Agency (SOCA).

Only 16% of victim organizations detected hacking incidents on their own in 2011, while the other 84% only discovered them when alerted by outside entities, such as law enforcement, regulatory bodies, or a public venue. When analyzing the circumstances of the hacks discovered by third parties, it’s been discovered attackers had been active within the victim organization’s network for an average of 173.5 days before being detected. Read more

Three recently disclosed data breaches share common cause – stolen laptops

February 7th, 2012 by Agent Smith (0) Data Encryption,Data Theft & Loss,security breach

Stolen hardware, and particularly laptops, is still a very common cause for data breaches, especially when it comes to hospitals and other healthcare companies. Three recent incidents have all involved patient details being exposed to identity theft, fraud and other risks, after being taken together with laptops held in medical offices.

While in some cases the stolen portable computers happened to be password protected, none of them had been encrypted to better prevent access to stolen private records. Read more

Stolen Flash Drive Exposes Data of 1,200 University of Miami Patients

February 2nd, 2012 by Agent Smith (0) Data Theft & Loss,security breach

A security breach exposing the data of over 1,200 patients has recently been disclosed by the University of Miami. The Miller School of Medicine patient data was stolen back in November 2011, together with a flash drive, when someone broke into a pathologist’s car and took the briefcase where the portable device was stored.

The flash drive contained details such as age, sex, diagnosis and treatment information for patients treated from 2005 to 2011, the University of Miami disclosed in a press release. No financial information or Social Security numbers had been stored on the drive, according to the same press release. Read more

Stolen laptop and flash drive expose 7,000 to data theft

February 1st, 2012 by Agent Smith (0) Data Theft & Loss,Identity Theft

The Kansas Department on Aging has recently reported a hardware theft that caused a data breach affecting about 7,000 of its customers. A laptop, a flash drive and paper files were stolen out of an employee’s vehicle, putting thousands of senior customers at risk.

The stolen files contained personal and protected health information belonging mainly to customers located in Sedgwick, Harvey, and Butler counties. The theft was immediately reported to the Wichita Police Department. The Kansas Department on Aging says it is cooperating with the police, but the stolen hardware has not yet been recovered. Read more