Endpoint Security Info » Data Encryption

Lost thumb drive leads to potential data breach

Agent Smith — Thu, 29 Jul 2010 19:55:21 +0000

A thumb drive containing personal data of current and past graduate medical education residents and fellows at Cooper University Hospital has recently gone missing. Lost around July 8th, the incident has been reported to the proper authorites a few days later who are now looking into the potential security breach only two weeks later.

According to hospital sources, the lost data includes Social Security numbers, addresses, and phone numbers. As it always happens in such cases, the data was not in anyway encrypted or protected.

The University later released the following statement:

“Cooper University Hospital is investigating the circumstances surrounding a missing thumb drive. The thumb drive contained information with personal data about graduate medical education residents and fellows for the current and prior academic years. We have advised the residents and fellows who were advised to contact their local police. No other employee information was compromised. Further, No patient information or records were compromised. The incident was reported to the New Jersey State Police Cyber Crimes Unit on Friday, July 23 as per the state notification procedure. The hospital is conducting a thorough investigation and has initiated an aggressive plan to protect any personnel who could be affected by this potential security breach.”

As of yet there are no information on the number of individuals affected by the breach.

UK: Information Commissioner’s Office reports that the NHS has disclosed 305 security losses, as the amount of breaches tops 1,000

Robert — Sat, 29 May 2010 09:40:14 +0000

Over more than 1000 data losses for the NHS. This is a new record.
Of which alone 307 were as a result of stolen data or hardware and 233 due to lost data or hardware.

The Information Commissioner’s Office has warned organisations that they need to minimise the risk of mistakes, as the amount of losses reported tops 1,000.

The ICO claimed that staff need simple procedures on how to handle personal information with appropriate training to ensure the importance of securing it is fully understood. It also said that it is essential that the protection of people’s personal information is part of organisations’ culture and DNA.

An ICO report revealed that 254 breaches were as a result of information being disclosed in error, 307 were as a result of stolen data or hardware and 233 due to lost data or hardware.

A further 83 were due to a technical or procedural failure and 59 were lost in transit. A breakdown of companies revealed 305 incidents were recorded by the NHS, 288 in the private sector and 132 by local government. Only 81 incidents were the result of central government.

David Smith, deputy commissioner at the ICO, said: “We all know that mistakes can happen but, the fact is that human error is behind a high proportion of security breaches that have been reported to us. Extra vigilance is required so that people’s personal information does not end up in the wrong hands.

“Organisations should have clear security and disclosure procedures that staff can understand, properly implement these and ensure that they are being followed by staff. Staff must be adequately trained not just in the value of personal information, but in how to protect it.

“We are keen to work with organisations to prevent breaches happening in the first place and to help ensure that things are put right when they do go wrong.”

Source and full article: SC Magazine

Endpoint Security: Playing it smart

Agent Smith — Tue, 02 Feb 2010 11:16:46 +0000

There have been so many news lately about stolen hardware with important data, server hacks, security threats embedded in any new gadget that gets launched (like the iPad), that it could make anyone think all security companies and experts care about is pointing warning fingers towards anything cool someone would think of using. With all these stories, some of which we’ve shared on our Twitter stream, security becomes this two-headed monster that’s there to kill the fun in technology.

But that’s far from being true! Effective security is about playing it smart: seeing what could happen and preventing it, while allowing people to still have their share of fun. We tend to forget that, but that is the purpose to security in general and endpoint and data security in particular. iPods, iPads, colorful USB sticks, netbooks, smartphones, cameras, you should use it all as long as they help you work better and make your life easier. You should use them at home, in the office, while commuting, the idea is to know what threats they pose and how to prevent them.

Security experts to concentrate on everything bad that’s happening. The reason is simple, if companies and individuals don’t fear the consequences, they tend to ignore the risks. The all present mantra “It can’t happen to me” is their shield against all attacks and breaches. So there is a reason and a purpose behind showing off all the bad stuff, but that should never cast a shadow over the real goal of security: making your life safer and better.

How to control device use the easiest way possible?

Robert — Fri, 10 Jul 2009 09:54:36 +0000

Take it to the could. See how it works explaind in plain english.
Device Control and DLP taken to the cloud to help you reduce cost and deploy much faster.

Device Control and DLP can with My Endpoint Protector be deployed in minutes at a fraction of costs from other solutions.

Months later, consequensces knocking on breached door

Agent Smith — Wed, 01 Apr 2009 10:13:39 +0000

One might think that if several months have passed since an embarrsing data breach and nothing has happened, it’s all cool. One can relax, mind their own business and forget all about security.

That’s not the case if we’re talking UK health authority. Namely, London-based Camden Primary Care Trust. They thought, sometime last August, that dumping PCs containing 2,500 patients’ names, addresses and medical histories beside a skip inside the grounds of St Pancras Hospital was a good idea. They might reconsider now, as the Information Commissioner’s Office has given Camden Primary Care Trust until the end of the month to improve security, consequence of its breaching the Data Protection Act.

According to the Register, “data on the obsolete computers was left unencrypted. The machines were subsequently swiped without authorisation and never recovered”. Given such gross negligence and obvious proof of being completely irresponsible, I cannot help being extremely happy they are forced to do something about their security!

Air France tries out biometric boarding cards

Agent Smith — Mon, 30 Mar 2009 05:06:56 +0000

Biometric security is on the rise, as new possibilities to use it come into shape, from entrance access and USB card security to the lastest trick: biometric boarding cards, a new usage thought up by Air France. What are they testing? RFID-equipped smartcards which store passenger fingerprints to allow automated boarding, according to the Register.

How does the card do the trick? It is said to contain an encrypted version of forefinger and thumb prints for each passenger. It would be used dedicated gate, which checks the card, compares it to the passenger’s finger or thumb print and if it matches, it opens the gate. No clerk, no time wasted, all simple and easy.

This little baby can be re-used up to 500 times. It also has a barcode inserted into it, containing all the information a traditional paper boarding pass. Said passenger can check in online, insert their card into a dedicated machine withing the airport, get the flight info and seat number printed onto the card. According to Air France, getting such a card takes only a couple of minutes.The also claim once the information is transmitted to the card, it isn’t stored elsewhere, so your data is safe.

If you’re as impressed as I am and want a similar gadget, you have until the end of the year to become and AF frequent flier to be eligible for one. For a first hand experience, you’ll have to fly between Paris and Amsterdam. I think I’ll wait until they extend the program though!

US 2008 data breach growth blamed on insiders

Agent Smith — Mon, 19 Jan 2009 07:48:52 +0000

Apart from the economic downturn, the year 2008 brought another critical issue to US companies: a nearly 50% increase in data breaches, leading them to lose considerably more sensitive data. According to an Identity Theft Resources Center (ITRC) study quoted by the Register, last year 35 million data records were exposed in 656 admitted incidents, amounting to a 47% increase compared to the 446 data loss incidents reported in 2007.

ITRC also states that about 40% of security breaches are never reported, thus the true number of exposed confidential records is most likely to be far greater than the study suggests.

Computer malware, hacking, and insider theft accounted for 29.6 per cent of recorded breaches, where the root cause of the attack is known. One in six breaches (15.7 per cent) were blamed to insider theft, a figure that’s more then doubled between 2007 and 2008.

The good news is that as education regarding data loss prevention reached more companies, the number of incidents caused by human errors has decreased. But that is a very small light in a highly untrained corporate world, where most reported data breaches involved data unprotected by either encryption or the simplest password protection. Let’s hope for a better protected 2009!

Self-encrypting laptop from Dell

Agent Smith — Thu, 13 Nov 2008 10:55:10 +0000

One of the most common causes of security breaches is stolen hardware. And I’m sure you’ve all heard of the thousands and thousands of laptops stolen in airports, from parking lots and other public places. And as most companies fail to implement a comprehensive endpoint security solution, a stolen laptop means trouble. For the end users, a laptop sometimes stores most of their documents, personal and business, memories from trips and other important events and everything that is private and dear to them. Picturing everything lost to a stranger’s hand is hard to cope it.

Dell states there’s a new way to prevent such bad things from happening: a self-encrypting laptop. Your data is still lost, but at least no one can acess it. The drives with self-encryption features are produced by Seagate and embedded in the new Dell product. And apparently, the Seagate hardware will soon be shipped by IBM and LSI as well. Let’s hope no one breaks the encryption system!

Deloitte Lost Hundreds of Thousands of Pension Details

Agent Smith — Mon, 20 Oct 2008 07:33:31 +0000

Deloitte has recently admitted it had lost a laptop containing pension details on hundreds of thousands of individuals. What is different though is that finally this laptop contained encrypted information, was password-protected and no misuse of the stored information has been discovered. While losing laptops is not something to take lightly, I am happy to report those having it won’t be able to easily access the stored information.

So what did the laptop contain? According to the Register, 150,000 railway workers’ details, details on all UK Vodafone staff with pensions and as well as records of other unnamed pension funds were stored on the said laptop. No addresses or bank information though. How it was stolen? From a handbag of a Deloitte employee. Vodafone Staffers, as well as the railway workers have received letters letting them know what has happened soon after the theft. We’re now looking forward to see where the “thorough investigation” takes Deloitte.

US Federal Agencies Welcome Data Theft

Agent Smith — Wed, 30 Jul 2008 07:38:51 +0000

After 15 months of investigation into 24 major US federal agencies, the Government Accountability Office (GAO) has release a report showing that key US Departments still don’t take data security seriously. Given the list of breaches we’ve been covering affecting everyone from colleges and hospitals to the US Army, I’d say it’s high time they started!

According to the report quoted by Vnunet.com, around 70 percent of laptops and handhelds used by agency failed to comply with Office of Management and Budget (OMB) rules and didn’t use encryption making the data available to anyone intending to steal it. The OMB rules are not even close to being new, as they decided all federal laptops should be encrypted back in 2007.

“We are recommending that OMB clarify governmentwide encryption policy to address agency efforts to plan for and implement encryption technologies,” said the report.

“We are also making recommendations to selected agencies to properly install and configure FIPS-compliant encryption technologies, to develop policies and procedures to manage encryption, and to provide encryption training to personnel.”

Other practices of extremely low levels of security (or should we say non-existent security) include Nasa employees refusing to deploy encryption software on their laptops and members of the Department of Education who weren’t told encryption software was installed so they of course weren’t using it. From what I know if they’re using Windows, whenever a new program is installed, you have a quite nagging message in your Startup Menu. How patient must one be to simply ignore it over and over again

Endpoint Security Info » Data Encryption

Lost thumb drive leads to potential data breach

Related Posts:

UK: Information Commissioner’s Office reports that the NHS has disclosed 305 security losses, as the amount of breaches tops 1,000

Related Posts:

Endpoint Security: Playing it smart

Related Posts:

How to control device use the easiest way possible?

Related Posts:

Months later, consequensces knocking on breached door

Related Posts:

Air France tries out biometric boarding cards

Related Posts:

US 2008 data breach growth blamed on insiders

Related Posts:

Self-encrypting laptop from Dell

Related Posts:

Deloitte Lost Hundreds of Thousands of Pension Details

Related Posts:

US Federal Agencies Welcome Data Theft

Related Posts: