More and more employees chose to overlook data security policies put in place by the companies they work for and engage in activities that could easily lead to data breaches, according to the findings of a new Ponemon Institute survey. The risky activities include taking private records with them on unsecured storage devices, downloading personal software on company systems, turning off security settings and networking on social media sites.

Most members of a company’s staff copy classified data to USB drives or turn off security settings on their work laptops. Compared to the Institute’s 2007 findings, the numbers of those ignoring company policies has increased.

Here are some highlights of the survey findings, as presented by PC World:

• 69 percent of the 967 IT professionals surveyed copied confidential company data to USB sticks
• those who lost said USB sticks with confidential corporate data on them failed to report it immediately
• almost 31 percent of respondents engaged in social-networking practices on the Web from work PCs
• around 53 percent said they downloaded personal software on corporate PCs

Facial recognition is one of the very well known methods employed by biometric security systems. It’s used in different complicated security systems, but also on more day-to-day devices, such as laptops.

A group of white hat security researchers have recently managed to bypass the facial recognition systems employed by several laptops. According to the Register, the laptops that have had their biometric security breached are developed by Lenovo, Asus and Toshiba. The researchers’ team includes and they have also detailed their findings in a presentation called Your Face is NOT your Password during the Blackhat security conference in Washington.

You might wonder if it was hard to breach the facial recognition systems. The team responsible for this breaches used images of laptop owners or photoshopped images:

Nguyen and his team created a large number of images to run what they described a “fake face bruteforce” attack to fool the systems, which in fairness are still in their infancy, into allowing a log-on. The approach can be compared to trying out a huge number of possible text passwords until the right combination is stumbled upon as part of a conventional brute-force dictionary attack.

While trying to find a practical security use for biometric traits, the developers at Lenovo, Asus and Toshiba should reconsider the efficiency of their facial recognition software. We admire the fact that they lead research and implementation in the field, but we’d appreciate safer systems more

According to a  recent Ponemon Institute study, the costs of data breaches rose in the USA to $6.6 million per incident in 2008, although companies put increased efforts in better handling such incidents.

The study, funded by data security firm PGP Corp. and quoted by Security Focus, analyzed data breaches experienced by 43 US-based companies from 17 different industry sectors. The breaches involved a number of records ranging from about 4,200 to more than 113,000. The findings showed the average costs of data breaches are about 2.5 percent higher in 2008, amounting to $202 per record, up from $197 per record in 2007 and $182 per record in 2006. An average breach would require a company to spend $6.6 million in 2008, up from $6.3 million in 2007 and $4.7 million in 20006.

To calculate the total cost of a data breach, the institute added the costs of detecting and responding to the loss of data, legal and administrative expenses, customer defections and opportunity loss. The response costs decrease was a result of businesses learning how to cost effectively handle such incidents:

While legal fees and customer losses moved breach costs higher, companies reduced the costs of dealing with breaches, signaling that firms and their third-party providers are becoming more cost effective in responding to data breaches, the Ponemon Institute stated in the report.