EasyLock 2 – Cross-platform portable data encryption solution from CoSoSys
The biggest challenge of securing modern IT infrastructures is to protect networks that mix different platforms and operating systems. CoSoSys has always considered this challenge when releasing a new version of their endpoint security and data loss prevention solutions, making them available for Windows, Mac and Linux. The same holds true for the freshly released EasyLock version 2, the software developer’s portable data protection solution.
This enhanced new version offers full support for cross-platform data encryption between Windows, Mac OS X and Linux openSUSE and Ubuntu. EasyLock 2 comes with military-grade protection for data stored on USB flash drives and other portable storage devices through its 256bit AES encryption. It also allows cross platform mobility by enabling users to protect their files when in transit and to easily access them on different operating systems. Read more
UK’s ICO takes serious measures to enforce data protection
The ICO conducted an investigation on a case of hardware loss in May at the Rochdale Metropolitan Borough Council. The incident consisted in the loss of an unencrypted memory stick by a Council’s finance department employee, stick which contained names, addresses and payment details for 18.000 residents. The missing hardware was not found to the date.
The investigation concluded that the Rochdale Council has breached the Data Protection Act by not providing employees with encrypted memory sticks (although it was a known fact that these devices would be used to transfer private information) and by not training their employees to properly use portable devices for work purposes.
Sally Anne Poole, ICO’s head of enforcement qualifies this mishap as ‘unacceptable’ and says ‘This incident could have been easily avoided if adequate security measures had been in place.’ in a quote by eWeek.
The measures taken by the ICO in this case consist of signing an undertaking of actions to take to implement data protection policies by 31st March 2012.
Let’s hope that more than one private data handling organization learns from this incident and encrypts their portable devices using proper solutions.
The theft of laptops doesn’t stop, organizations don’t learn their lesson
A whole lot was written on loss/theft of hardware (laptops, USB sticks, external hard drives, etc.) and we had thought that organizations would learn their lesson and encrypt sensitive data on such supports. Apparently, things aren’t quite like that and two recent incidents come to prove it.
A resident student at Vancouver Coastal Health lost a laptop and a USB stick (there is a high probability that the hardware was stolen) at the Toronto Airport. The information stored on the drives was password protected but it wasn’t encrypted.
A Vancouver Coastal Health official calls the incident ‘unfortunate’ and says that ‘This is the way physicians and other health care workers need to do their job. They need to use these devices.’ He admits that many professionals use laptops and that the agency has some issues handling mobile technologies.
Another mishap took place in the United Kingdom and the theft of a laptop that stored personal information of 100 young people who participated in inclusion programs. This laptop was in the house of a contractor of the Newcastle Youth Offending Team organization. The ICO (Information Commissioner’s Office) has established a fine for this organization for not encrypting the data. According to Sally-Anne Poole ‘Encryption is a basic procedure and an inexpensive way to ensure that information is kept secure.’ She underlines the fact that organizations working with contractors must make sure that the latter ones align to their security policies.
It’s so simple and cheap to track the use of portable devices and encrypt sensitive data stored on them, that we really ask ourselves why don’t organizations do it?
Let’s hope that at least legal constraints will force private data handlers to implement solutions and politics to maintain their data safe and secure.
CoSoSys Releases Endpoint Protector 4 – New Device Control Hardware and Virtual Appliance
Endpoint security developer CoSoSys has released a new version of their data loss prevention, device control and endpoint security solution for Windows and Mac OS, Endpoint Protector. Offering enhanced protection, increased effectiveness and the fastest implementation time in its segment, the out-of-the-box Hardware and Virtual Appliance is now available for small, medium and large companies and organizations.
Coming with a long list of new features targeting better security, reliability, ease of use and better adapting to company structures and organization charts, Endpoint Protector 4 is designed to protect networks ranging from 20 computers (endpoints) to more than 5.000 endpoints.
Some of the top benefits of this latest Endpoint Protector solution are:
- Seamless integration in business processes
- Saving time and money when the solution is installed
- Increased security through enhanced protection
- Reducing allotted resources of the security staff
- Optimum security through enhanced stability
- Enhanced protection through complex, adaptable end efficient security
- Reliable security through enhanced monitoring and policy control
Hardware loss in a hospital endangers data of 1.6 million people
Nemours, an American organization for children’s health announces through a press release the loss of three unencrypted backup tapes that contained information such as the name, address, date of birth, social security number, insurance and medical treatment information and bank account information of 1.600.000 patients and employees.
The three backup tapes were stored in a cabinet that might have disappeared during a facility modernization project.
So far, there is no evidence that the tapes were stolen, accessed or used for fraudulent purposes.
Nemours offers free credit monitoring, identity theft protection and call center support.
Find their press release here: http://www.nemours.org/mediaroom/news/2011/missingtapes.html
University of Tennessee Medical Center data was improperly disposed of
8,000 patients of the University of Tennessee Medical Center are being alerted about a possible privacy breach risk as hospital reports that contained personal information were not properly disposed of.
According to UT Medical Center spokesman, Jim Ragonese, there is no actual proof that such information was disclosed, used or accessed inappropriately.
“We are providing letter recipients with information about how to receive free credit reports and are creating a toll-free telephone line specifically to answer questions pertaining to this incident,” Ragonese said via e-mail. Read more
Manchester Police Denies Ownership of lost USB stick with Classified Information
An USB stick belonging to the Manchester Police and containing over 2,000 pages of highly-sensitive and confidential information has made is way to the Daily Star news room, after apparently being dumped in the street close to the Stalybridge police station near Manchester. According to the Daily Star, the files stored on the memory stick contained anti-terrorism information, including strategies for acid and petrol bomb attacks, blast control training and the use of batons and shields.
“Describing its contents as “an essential reference for all officers”, it goes on to outline methods to combat football violence, riots, public disorder and how to deal with violent people when entering a room.
Produced by the National Police Improvement Agency, the files, bearing the title Manual On Guidance Of Keeping The Peace, cover all aspects of counter terrorism and “tactical deployment”.
The Greater Manchester Police replied the Daily Star accusation by refusing to confirm the ownership of the memory stick. Read more
Lost thumb drive leads to potential data breach
A thumb drive containing personal data of current and past graduate medical education residents and fellows at Cooper University Hospital has recently gone missing. Lost around July 8th, the incident has been reported to the proper authorites a few days later who are now looking into the potential security breach only two weeks later.
According to hospital sources, the lost data includes Social Security numbers, addresses, and phone numbers. As it always happens in such cases, the data was not in anyway encrypted or protected.
The University later released the following statement:
UK: Information Commissioner’s Office reports that the NHS has disclosed 305 security losses, as the amount of breaches tops 1,000
Over more than 1000 data losses for the NHS. This is a new record.
Of which alone 307 were as a result of stolen data or hardware and 233 due to lost data or hardware.
The Information Commissioner’s Office has warned organisations that they need to minimise the risk of mistakes, as the amount of losses reported tops 1,000.
The ICO claimed that staff need simple procedures on how to handle personal information with appropriate training to ensure the importance of securing it is fully understood. It also said that it is essential that the protection of people’s personal information is part of organisations’ culture and DNA.
An ICO report revealed that 254 breaches were as a result of information being disclosed in error, 307 were as a result of stolen data or hardware and 233 due to lost data or hardware.
A further 83 were due to a technical or procedural failure and 59 were lost in transit. A breakdown of companies revealed 305 incidents were recorded by the NHS, 288 in the private sector and 132 by local government. Only 81 incidents were the result of central government.
David Smith, deputy commissioner at the ICO, said: “We all know that mistakes can happen but, the fact is that human error is behind a high proportion of security breaches that have been reported to us. Extra vigilance is required so that people’s personal information does not end up in the wrong hands.
“Organisations should have clear security and disclosure procedures that staff can understand, properly implement these and ensure that they are being followed by staff. Staff must be adequately trained not just in the value of personal information, but in how to protect it.
“We are keen to work with organisations to prevent breaches happening in the first place and to help ensure that things are put right when they do go wrong.”
Source and full article: SC Magazine
Endpoint Security: Playing it smart
There have been so many news lately about stolen hardware with important data, server hacks, security threats embedded in any new gadget that gets launched (like the iPad), that it could make anyone think all security companies and experts care about is pointing warning fingers towards anything cool someone would think of using. With all these stories, some of which we’ve shared on our Twitter stream, security becomes this two-headed monster that’s there to kill the fun in technology.
But that’s far from being true! Effective security is about playing it smart: seeing what could happen and preventing it, while allowing people to still have their share of fun. We tend to forget that, but that is the purpose to security in general and endpoint and data security in particular. iPods, iPads, colorful USB sticks, netbooks, smartphones, cameras, you should use it all as long as they help you work better and make your life easier. You should use them at home, in the office, while commuting, the idea is to know what threats they pose and how to prevent them.
Security experts to concentrate on everything bad that’s happening. The reason is simple, if companies and individuals don’t fear the consequences, they tend to ignore the risks. The all present mantra “It can’t happen to me” is their shield against all attacks and breaches. So there is a reason and a purpose behind showing off all the bad stuff, but that should never cast a shadow over the real goal of security: making your life safer and better.
