The biggest challenge of securing modern IT infrastructures is to protect networks that mix different platforms and operating systems. CoSoSys has always considered this challenge when releasing a new version of their endpoint security and data loss prevention solutions, making them available for Windows, Mac and Linux. The same holds true for the freshly released EasyLock version 2, the software developer’s portable data protection solution.

This enhanced new version offers full support for cross-platform data encryption between Windows, Mac OS X and Linux openSUSE and Ubuntu. EasyLock 2 comes with military-grade protection for data stored on USB flash drives and other portable storage devices through its 256bit AES encryption. It also allows cross platform mobility by enabling users to protect their files when in transit and to easily access them on different operating systems. 

To make things simpler, everything is handled through an easy to use, intuitive interface. As the company CEO, Roman Foeckl explained, the main goal of this new version is to take a task that’s usually perceived as complicated and time consuming, data encryption, and turn it into a natural, seamless process. A big step into keeping confidential data safe is to integrate security policies into daily activities without burdening business or home users, and that’s exactly what EasyLock achieved with this new version.

The portable data encryption solution targets both home users that want to encrypt their private files, pictures or other personal information on a USB Flash Drive or external HDD and move them between a Windows PC in the office and a Mac at home, and  business users that need to ensure the privacy and protection of company and client confidential data.

EasyLock 2 can further enhance corporate data security when used with CoSoSys’  device control and data loss prevention solution Endpoint Protector, as it provides enforced encryption of data moved between endpoints of the corporate network. If you want to test it before you buy, EasyLock2 is available as a 30 day free trial at http://www.EndpointProtector.com.

The ICO conducted an investigation on a case of hardware loss in May at the Rochdale Metropolitan Borough Council. The incident consisted in the loss of an unencrypted memory stick by a Council’s finance department employee, stick which contained names, addresses and payment details for 18.000 residents. The missing hardware was not found to the date.

The investigation concluded that the Rochdale Council has breached the Data Protection Act by not providing employees with encrypted memory sticks (although it was a known fact that these devices would be used to transfer private information) and by not training their employees to properly use portable devices for work purposes.

Sally Anne Poole, ICO’s head of enforcement qualifies this mishap as ‘unacceptable’ and says ‘This incident could have been easily avoided if adequate security measures had been in place.’ in a quote by eWeek.

The measures taken by the ICO in this case consist of signing an undertaking of actions to take to implement data protection policies by 31^st March 2012.

Let’s hope that more than one private data handling organization learns from this incident and encrypts their portable devices using proper solutions.

A whole lot was written on loss/theft of hardware (laptops, USB sticks, external hard drives, etc.) and we had thought that organizations would learn their lesson and encrypt sensitive data on such supports. Apparently, things aren’t quite like that and two recent incidents come to prove it.

A resident student at Vancouver Coastal Health lost a laptop and a USB stick (there is a high probability that the hardware was stolen) at the Toronto Airport. The information stored on the drives was password protected but it wasn’t encrypted.

A Vancouver Coastal Health official calls the incident ‘unfortunate’ and says that ‘This is the way physicians and other health care workers need to do their job. They need to use these devices.’ He admits that many professionals use laptops and that the agency has some issues handling mobile technologies.

Another mishap took place in the United Kingdom and the theft of a laptop that stored personal information of 100 young people who participated in inclusion programs. This laptop was in the house of a contractor of the Newcastle Youth Offending Team organization. The ICO (Information Commissioner’s Office) has established a fine for this organization for not encrypting the data. According to Sally-Anne Poole ‘Encryption is a basic procedure and an inexpensive way to ensure that information is kept secure.’ She underlines the fact that organizations working with contractors must make sure that the latter ones align to their security policies.

It’s so simple and cheap to track the use of portable devices and encrypt sensitive data stored on them, that we really ask ourselves why don’t organizations do it?

Let’s hope that at least legal constraints will force private data handlers to implement solutions and politics to maintain their data safe and secure.

Endpoint security developer CoSoSys has released a new version of their data loss prevention, device control and endpoint security solution for Windows and Mac OS, Endpoint Protector. Offering enhanced protection, increased effectiveness and the fastest implementation time in its segment, the out-of-the-box Hardware and Virtual Appliance is now available for small, medium and large companies and organizations.

Coming with a long list of new features targeting better security, reliability, ease of use and better adapting to company structures and organization charts, Endpoint Protector 4 is designed to protect networks ranging from 20 computers (endpoints) to more than 5.000 endpoints.

Some of the top benefits of this latest Endpoint Protector solution are:

• Seamless integration in business processes
• Saving time and money when the solution is installed
• Increased security through enhanced protection
• Reducing allotted resources of the security staff
• Optimum security through enhanced stability
• Enhanced protection through complex, adaptable end efficient security
• Reliable security through enhanced monitoring and policy control

Nemours, an American organization for children’s health announces through a press release the loss of three unencrypted backup tapes that contained information such as the name, address, date of birth, social security number, insurance and medical treatment information and bank account information of 1.600.000 patients and employees.

The three backup tapes were stored in a cabinet that might have disappeared during a facility modernization project.

So far, there is no evidence that the tapes were stolen, accessed or used for fraudulent purposes.

Nemours offers free credit monitoring, identity theft protection and call center support.

Find their press release here: http://www.nemours.org/mediaroom/news/2011/missingtapes.html

8,000 patients of the University of Tennessee Medical Center are being alerted about a possible privacy breach risk as hospital reports that contained personal information were not properly disposed of.

According to UT Medical Center spokesman, Jim Ragonese, there is no actual proof that such information was disclosed, used or accessed inappropriately.

“We are providing letter recipients with information about how to receive free credit reports and are creating a toll-free telephone line specifically to answer questions pertaining to this incident,” Ragonese said via e-mail.

In his letter to affected patients, Gary Thomas, Health Insurance Portability and Accountability Act Privacy Officer for UT Medical Center explained that an administrative report was automatically printed to a secure location stored into a safe  location within the department for later access.

“Based upon departmental policy, the report was maintained for 45 days. The oldest report was discarded each day as a current report was added. Rather than being shredded per Hospital policy, the report was discarded in the Hospital’s waste stream,” Thomas stated in the letter. “There was no sensitive, personal or identifying information in view on the outside of the report; however, within the report was certain patient-related information, including the patient’s name and social security number.”

According to Thomas, the document disposal process was immediately corrected and an investigation was started.

“Please be assured that we have taken numerous steps in an attempt to mitigate any potential harm to you,” Thomas wrote to the patients. “As indicated previously, based on our investigation we do not believe any information was disclosed, used or accessed inappropriately.”

He also added that during the disposal process, all information was rendered unreadable and that involved staff members have been sanctioned.

Tennessee law requires state agencies and contractors to encrypt data by using passwords, while federal law requires notification of possibly affected consumers.

An USB stick belonging to the Manchester Police and containing over 2,000 pages of highly-sensitive and confidential information has made is way to the Daily Star news room, after apparently being dumped in the street close to the Stalybridge police station near Manchester. According to the Daily Star, the files stored on the memory stick contained anti-terrorism information, including strategies for acid and petrol bomb attacks, blast control training and the use of batons and shields.

“Describing its contents as “an essential reference for all officers”, it goes on to outline methods to combat football violence, riots, public disorder and how to deal with violent people when entering a room.
Produced by the National Police Improvement Agency, the files, bearing the title Manual On Guidance Of Keeping The Peace, cover all aspects of counter terrorism and “tactical deployment”.

The Greater Manchester Police replied the Daily Star accusation by refusing to confirm the ownership of the memory stick.

“We need to have a look at it first. Our efforts to trace it are ongoing,” said an officer, adding that he expected to have the drive by Wednesday.

We have a better solution for the Greater Manchester Police – instead of trying to deny ownership, or just delay it, they should make a point from evaluating the USB stick quickly and then doing a very smart security move: acquiring a security solution that would prevent such things from ever happening.

We recommend Easy Lock, a portable data solution providing file and folder encryption. Easy Lock provides all you need to keep your data safe and sound while it is stored on a portable device, any portable device including USB sticks if you’re wondering. Password protection, on the fly encryption, deletion of data in case of someone entering the wrong password too many times, no installation, no admin rights required. It’s a simple to use security solution that would come in handy to any member of the Manchester police force and to many other business representatives, government employees and home users and that can prevent the shame of such a big data breach!

A thumb drive containing personal data of current and past graduate medical education residents and fellows at Cooper University Hospital has recently gone missing. Lost around July 8th, the incident has been reported to the proper authorites a few days later who are now looking into the potential security breach only two weeks later.

According to hospital sources, the lost data includes Social Security numbers, addresses, and phone numbers. As it always happens in such cases, the data was not in anyway encrypted or protected.

The University later released the following statement:

“Cooper University Hospital is investigating the circumstances surrounding a missing thumb drive. The thumb drive contained information with personal data about graduate medical education residents and fellows for the current and prior academic years. We have advised the residents and fellows who were advised to contact their local police. No other employee information was compromised. Further, No patient information or records were compromised. The incident was reported to the New Jersey State Police Cyber Crimes Unit on Friday, July 23 as per the state notification procedure. The hospital is conducting a thorough investigation and has initiated an aggressive plan to protect any personnel who could be affected by this potential security breach.”

As of yet there are no information on the number of individuals affected by the breach.

Over more than 1000 data losses for the NHS. This is a new record.
Of which alone 307 were as a result of stolen data or hardware and 233 due to lost data or hardware.

The Information Commissioner’s Office has warned organisations that they need to minimise the risk of mistakes, as the amount of losses reported tops 1,000.

The ICO claimed that staff need simple procedures on how to handle personal information with appropriate training to ensure the importance of securing it is fully understood. It also said that it is essential that the protection of people’s personal information is part of organisations’ culture and DNA.

An ICO report revealed that 254 breaches were as a result of information being disclosed in error, 307 were as a result of stolen data or hardware and 233 due to lost data or hardware.

A further 83 were due to a technical or procedural failure and 59 were lost in transit. A breakdown of companies revealed 305 incidents were recorded by the NHS, 288 in the private sector and 132 by local government. Only 81 incidents were the result of central government.

David Smith, deputy commissioner at the ICO, said: “We all know that mistakes can happen but, the fact is that human error is behind a high proportion of security breaches that have been reported to us. Extra vigilance is required so that people’s personal information does not end up in the wrong hands.

“Organisations should have clear security and disclosure procedures that staff can understand, properly implement these and ensure that they are being followed by staff. Staff must be adequately trained not just in the value of personal information, but in how to protect it.

“We are keen to work with organisations to prevent breaches happening in the first place and to help ensure that things are put right when they do go wrong.”

Source and full article: SC Magazine

There have been so many news lately about stolen hardware with important data, server hacks, security threats embedded in any new gadget that gets launched (like the iPad), that it could make anyone think all security companies and experts care about is pointing warning fingers towards anything cool someone would think of using. With all these stories, some of which we’ve shared on our Twitter stream, security becomes this two-headed monster that’s there to kill the fun in technology.

But that’s far from being true! Effective security is about playing it smart: seeing what could happen and preventing it, while allowing people to still have their share of fun. We tend to forget that, but that is the purpose to security in general and endpoint and data security in particular. iPods, iPads, colorful USB sticks, netbooks, smartphones, cameras, you should use it all as long as they help you work better and make your life easier. You should use them at home, in the office, while commuting, the idea is to know what threats they pose and how to prevent them.

Security experts to concentrate on everything bad that’s happening. The reason is simple, if companies and individuals don’t fear the consequences, they tend to ignore the risks. The all present mantra “It can’t happen to me” is their shield against all attacks and breaches. So there is a reason and a purpose behind showing off all the bad stuff, but that should never cast a shadow over the real goal of security: making your life safer and better.