Endpoint Protector Appliance: Stop data theft on Windows and Mac

Don’t trust call centers with your private details!

October 28th, 2009 by Agent Smith (0) In The Spotlight,Research and Studies,security breach

Man and woman wearing headsetsThat is the natural conclusion one reaches after seeing the results of a new survey on how call centers handle private details of customers. According to the survey conducted by Veritape, more than 95% of call centers kept customers’ credit card information on phone call recordings, practice that overtly breaches current industry security standards.

Of the 133 call center managers surveyed, only 39% were aware of in place industry rules against storing such information and only 3% actually wiped credit card details from recorded conversations.

“The routine practice of storing unedited audio recordings of calls is creating a vast reservoir of sensitive data on the servers of call centers across the UK, in direct breach of global industry standards drawn up by the Payment Card Industry Data Security Council,” said a Veritape statement.

When you need to actually contact a call center, make sure you think twice before giving them the information they ask of you!

New US healthcare rules criticized by encryption experts

September 21st, 2009 by Agent Smith (1) Laws & Standards

The data breach rules that become effective on September 23rd have been harshly criticized by a security firm specializing in encryption. According to the Health Information Technology for Economic and Clinical Health (HITECH) Act, US health organization using encryption will no longer be required to    notify their clients of data breaches, regardless of how ineffective the encryption system is.

According to the act, only healthcare providers and plans that have implemented the HIPAA standards but fail to encrypt the sensitive data they keep on their clients will have to let individuals know their private details have been breached. Even in such a case, explains The Register, it will be up to each organization to decide if there is a real risk for those affected and only afterward issue data breach notices.

“The protection law should address everyone – including those who have already implemented encryption, since most encryption systems are point-to-point even when they say otherwise,” said Mark Bower, director of information protection solutions at Voltage Security.

In its present form, the HITECH Act provides a quick and often inefficient fix to make ammends with data security rules.

How to Prevent Social Networking Threats on Private Data?

August 11th, 2009 by Agent Smith (0) DLP,In The Spotlight,Research and Studies

Facebook, LinkedIn, Twitter, they’re all making their way into day to day corporate life. Users share information, sometimes too much, with others. While denying the value of online networking or its potential of driving new business your way is not our goal – we do use this blog, Twitter and Facebook! – the threat is very real and it’s there. As in all things data security related, it’s either an external threat or an inside one. It’s either malware targeting social media sites, or it’s your employees who, out of lack of proper training or attention, or worse, knowingly and willingly, post classified information on such sites.

Social Media ROI

Photo credit.

How to prevent it? The see no evil, hear no evil, speak no evil method is the first one you should stop thinking about. You can’t shut this door, we’ve stated this before, it might be crucial to growing your business. Restrict access through limited time and limited networks? Highly irrelevant. It takes a couple of seconds to post, and no matter how restrictive you are, information can spread through other users.

I was reading a Dark Reading article on the matter the other day. They quoted a survey conducted in February by Sophos showing that 62.8% of companies were concerned that employees were sharing too much information on social networks, while 66% believed employees using social networking sites endanger corporate security.

Very true! And what can you do? The solution is threefold. First, take care of the files your employees show. Make sure you restrict access to them. A white listing system would probably help you. This is only a temporary fix. Then, educate your staff. Tell them what’s fair game and what isn’t. And then, you should really start monitoring their moves. There’s a fourth solution: pray for the best outcome :)

Employees Couldn’t Care Less about Data Security

June 16th, 2009 by Agent Smith (1) DLP,Research and Studies

More and more employees chose to overlook data security policies put in place by the companies they work for and engage in activities that could easily lead to data breaches, according to the findings of a new Ponemon Institute survey. The risky activities include taking private records with them on unsecured storage devices, downloading personal software on company systems, turning off security settings and networking on social media sites.

Most members of a company’s staff copy classified data to USB drives or turn off security settings on their work laptops. Compared to the Institute’s 2007 findings, the numbers of those ignoring company policies has increased.

Here are some highlights of the survey findings, as presented by PC World:

  • 69 percent of the 967 IT professionals surveyed copied confidential company data to USB sticks
  • those who lost said USB sticks with confidential corporate data on them failed to report it immediately
  • almost 31 percent of respondents engaged in social-networking practices on the Web from work PCs
  • around 53 percent said they downloaded personal software on corporate PCs
Next Entries »
© Endpoint Security Info 2012. Wordpress Theme by Arcsin

blogarama - the blog directory Technology Blogs - BlogCatalog Blog Directory Blog Directory Find Blogs in the Blog Directory
valid CSS valid XHTML