From a recent article at TechNewsWorld
While most would directly attribute penalties and fines per record involved in data breaches, there are additional consequences, some of which are:
- Loss of sales
- Investigation and notification costs
- Fines and litigation
- The cost of credit monitoring services for each customer
- Interruption of operations
- Last, but definitely not least: brand erosion (reputation, customer trust, etc.)
As the author mentions, an ounce of prevention is worth a pound of cure.
Data Security
The new Kanguru e-Flash (eSATA Flash Drive) has been featured in several recent reviews including a rigorous inspection by Maximum CPU. The staff at Maximum CPU performed speed tests and even ran the drive through the washing machine. Conclusion:
Until USB 3.0 hardware starts to become more common place, the Kanguru e-Flash is an excellent solution for people wanting the portability of a USB flash drive but the increased performance of the eSATA interface. When connected via eSATA the e-Flash was 2 – 3 times faster than USB.
My only disagreement would be with the description of Kanguru as “small and rather unknown”, since we have been around for 16 years and are available through all major IT solution providers. Otherwise, it was a very thorough review.
Everything USB has also done extensive performance testing and benchmarked the e-Flash against the competition.
Data Backup
From cnet:
Of about 950 people who said they had lost or left their jobs during the last 12 months, nearly 60 percent admitted to taking confidential company information with them, including customer contact lists and other data that could potentially end up in the hands of a competitor for the employee’s next job stint.
One of the most common ways to make off with data? USB Drives.
A simple solution:
A) Use port control to allow only company-authorized USB drives on your network.
B) Centrally manage your USB devices so that drives can be remotely disabled or deleted when an employee is terminated.
Data Security
CVS settles with FTC and HHS Civil Rights office for $2.25 million.
Workers at the drugstore chain were dumping personal medical data into unsecured trash bins, a violation of the privacy requirements in HIPAA.
The HIPAA privacy rule also applies to electronic storage devices like USB flash drives. The rule states that portable devices should be password-protected and use encryption technology.
Data Security, Healthcare
Kessler International purchased hard drives from the popular auction site over a six month period and found that many of the drives were not properly wiped. Computerworld has the story:
A New York computer forensics firm said that 40 of 100 hard disk drives it recently purchased in bulk orders on eBay contained personal information, including corporate financial data, DNS server information, and personal e-mail and photos.
As mentioned in a previous post, the new Kanguru Hard Drive Duplicator SATA can securely wipe multiple hard drives with a single push of the button.
Data Security
Massachusetts recently announced that it is extending the compliance deadline for its new data security law. This will give businesses a little extra time to comply with the law, which requires “any business that collects personal information of state residents to encrypt all portable devices, wireless transmissions and public networks.”
The Massachusetts law goes beyond most state data breach notification legislation by actually including encryption requirements. The Mass law could become a model for other states.
Data Security
In case you missed the press release last month…
Kanguru has updated the KClone product line with the new Kanguru Hard Drive Duplicator SATA. Read the full story at our website (pdf).
For the security-minded professional (this should be everyone), the Hard Drive Duplicator SATA will sanitize old hard drives with the DoD-approved data wipe algorithm. The product is also great for rolling out new computers with identical hard drive image, one-touch backup including the OS, and upgrading older hard drives to larger models with no data loss.
Data Backup, Data Security, Duplication
GCN’s William Jackson discusses the ethical aspects of the breach at credit card-processor Heartland Payment Systems.
The Privacy Watch blog at PC World points out that the public notification was probably due to state data breach notification laws. Similar laws now exist in 44 states. Associate Editor Erik Larkin does not believe these laws are effective enough and would like tougher penalties:
No matter how careful we are in protecting our identities, the vast majority of our sensitive data is held by companies over which we have no control. Those companies need the right incentive–or threat–to care about our data as much as we do.
On the other hand, a class-action lawsuit was filed just one week after the public notification - probably only the beginning of Heartland’s legal troubles.
Data Security, Financial
A new survey by the Ponemon Institute shows an average cost of $6.6 million per breach and over $200 for each record that is compromised.
The report, sponsored by PGP Corp., examined the costs incurred by 43 organizations that experienced a data breach. Breaches ranged as high as 113,000 records and the average total cost per company ranged from more than $613,000 per breach to nearly $32 million.
Added cost is often cited as a reason to delay security measures like data encryption. This survey highlights the even higher costs of doing nothing.
Data Security
Follow us on Twitter