Data Privacy Day is an initiative of the National Cyber Security Alliance started in 2008 in United States and Canada. Now it is celebrated also in Europe and its purpose is to raise awareness among Internet surfers, social media fans, online gamers, online shoppers…so pretty much all of those who use the Internet, about the importance of their personal information privacy.
We are big fans of data security, so we encourage you to do the following for at least one day OR starting from today:
1. Stop sharing so much personal information on your Facebook, Twitter, Google +, etc. account. Hackers can use that information and you might find out one day your online identity is robbed, your passwords don’t match anymore, or even worse, your bank account is empty. Not to mention the creepy stalkers outside your house, who, of course, found out where you live from Facebook…
2. Change your passwords and do not assume that using the same strong password on all your online accounts is enough. Use alphanumeric passwords, but not “pasword1234″.
3. Use a special card for online transactions. There are options like disposable cards, or weekly withdrawal limits you can set with your bank.
4. Encrypt your data on USB sticks or other portable storage devices. Losing such a small device where you surely have important data is very frustrating. At least no one will be able to access your data once they find your USB stick.
5. Don’t forget about your mobile devices: smartphones and tablets. They need protection as much as your laptop or desktop does. Don’t download suspicious apps and use AdBlock software to avoid annoying popup ads that could also carry malware.
This is it from us, but the guys from National Cyber Security Alliance have more advices and you can find them on:
New victims, same old story…. An unprotected USB stick containing private information of Canadian residents went missing from an office of Human Resources and Skills Development in Gatineau, Quebec.
The drive was storing the names, social insurance numbers, dates of birth and loan balances of 583000 students who had borrowed money between 2000 and 2006.
The internal investigation on the affair started only two months after the discovery of the loss of the stick (Nov. 5th) and a notification was sent to the victims only last Friday.
So the question remains: Are we ever going to learn from others’ mistakes? Especially now that Device Control, Data Loss Prevention and USB encryption software has been around for ages and it’s virtually in everybody’s reach.
This Sunday an incident of the most common happened at the Lyon train station in Paris: a thief disappeared an USB stick from a car. Nothing special here, this kind of things happen everyday!
What makes this incident so special is the info stored on the memory stick. The owner of the key is an entrepreneur involved in an installation of fiber optic at some important buildings in Paris. His USB stick contained the highly confidential plans of the Elysée palace, the Internal Affairs Ministry and the Paris Police. The worst is that the stick was not encrypted, so the thief has full access to all the documents!
The questions we need to ask now is: did the thief know beforehand what type of info was on the stick or did he steal that precise stick just by accident?
Endpoint Protector just announced the launch of the Content Aware Protection module as a Customer Preview. The new 4.1 version incorporates top of the line technology that enables you to eliminate risks of confidential data loss or data leakage to the Internet or the Cloud (services such as Google Drive, Dropbox, iCloud, etc.)
To read more on the new Endpoint Protector feature, visit: http://www.cososys.com/press_releases/Press_Release_Endpoint_Protector_adds_Content_Aware_Protection_to_prevent_data_leaks_to_the_cloud_15-May-2012_EN.html
What is Data Loss Prevention? Is it related to technology, processes or people? Is it limited to some administrative policies and IT restrictions? These are the questions discussed in a well-documented recent article on darkreading.com.
DLP is not just an information security concern, it is not just a technical issue. DLP involves the entire organization, establishing what data is sensitive, where the sensitive data is kept, how is it accessed and used, and only after understanding these key points will they be able to define and implement a strategy for protecting and securing such data, at a level of both administrative processes and IT limitations.
In short, DLP is a business issue and it concerns technology as well as processes and people.
With the rising number of attacks and unintentional data leakage, protecting sensitive information became an essential task for any organization, regardless of its size. This is why the implementation of security controls for preventing data loss is actually the foundation for a secure business performance.
You can read more on this hot topic on darkreading.com
Endpoint Protector just launched the new versions for Ubuntu and openSUSE of its Device Control and Data Loss Prevention solution, Endpoint Protector 4. With the new launched version, Endpoint Protector is virtually platfom-independent.
Endpoint Protector 4 is available as Hardware and Virtual Appliance, with support for Windows, Mac OS X and Linux Ubuntu 10.04 LTS and openSUSE 11.4. The data and device security solution ensures a complete and proactive protection against both inside and outside threats for organizations in an easy, but highly efficient manner with seamless integration and no operating system constraints. For more details, please visit: http://www.endpointprotector.com/en/index.php/products/endpoint_protector
Stolen hardware, and particularly laptops, is still a very common cause for data breaches, especially when it comes to hospitals and other healthcare companies. Three recent incidents have all involved patient details being exposed to identity theft, fraud and other risks, after being taken together with laptops held in medical offices.
While in some cases the stolen portable computers happened to be password protected, none of them had been encrypted to better prevent access to stolen private records. Read more
The biggest challenge of securing modern IT infrastructures is to protect networks that mix different platforms and operating systems. CoSoSys has always considered this challenge when releasing a new version of their endpoint security and data loss prevention solutions, making them available for Windows, Mac and Linux. The same holds true for the freshly released EasyLock version 2, the software developer’s portable data protection solution.
This enhanced new version offers full support for cross-platform data encryption between Windows, Mac OS X and Linux openSUSE and Ubuntu. EasyLock 2 comes with military-grade protection for data stored on USB flash drives and other portable storage devices through its 256bit AES encryption. It also allows cross platform mobility by enabling users to protect their files when in transit and to easily access them on different operating systems. Read more
The ICO conducted an investigation on a case of hardware loss in May at the Rochdale Metropolitan Borough Council. The incident consisted in the loss of an unencrypted memory stick by a Council’s finance department employee, stick which contained names, addresses and payment details for 18.000 residents. The missing hardware was not found to the date.
The investigation concluded that the Rochdale Council has breached the Data Protection Act by not providing employees with encrypted memory sticks (although it was a known fact that these devices would be used to transfer private information) and by not training their employees to properly use portable devices for work purposes.
Sally Anne Poole, ICO’s head of enforcement qualifies this mishap as ‘unacceptable’ and says ‘This incident could have been easily avoided if adequate security measures had been in place.’ in a quote by eWeek.
The measures taken by the ICO in this case consist of signing an undertaking of actions to take to implement data protection policies by 31st March 2012.
Let’s hope that more than one private data handling organization learns from this incident and encrypts their portable devices using proper solutions.
A whole lot was written on loss/theft of hardware (laptops, USB sticks, external hard drives, etc.) and we had thought that organizations would learn their lesson and encrypt sensitive data on such supports. Apparently, things aren’t quite like that and two recent incidents come to prove it.
A resident student at Vancouver Coastal Health lost a laptop and a USB stick (there is a high probability that the hardware was stolen) at the Toronto Airport. The information stored on the drives was password protected but it wasn’t encrypted.
A Vancouver Coastal Health official calls the incident ‘unfortunate’ and says that ‘This is the way physicians and other health care workers need to do their job. They need to use these devices.’ He admits that many professionals use laptops and that the agency has some issues handling mobile technologies.
Another mishap took place in the United Kingdom and the theft of a laptop that stored personal information of 100 young people who participated in inclusion programs. This laptop was in the house of a contractor of the Newcastle Youth Offending Team organization. The ICO (Information Commissioner’s Office) has established a fine for this organization for not encrypting the data. According to Sally-Anne Poole ‘Encryption is a basic procedure and an inexpensive way to ensure that information is kept secure.’ She underlines the fact that organizations working with contractors must make sure that the latter ones align to their security policies.
Let’s hope that at least legal constraints will force private data handlers to implement solutions and politics to maintain their data safe and secure.