Smaller companies often ignore or put off security concerns because their organization is not regulated by SOX or GLBA (regulations for large publicly-traded corporations). You should be aware that even smaller companies are included in state data breach notice laws. There’s only a handful of states left without regulations.
Former DOT Chief Information Officer, Dan Mintz discusses the new Consensus Audit Guidelines and how they relate to FISMA. The CAG contains recommendations on portable storage:
Data stored on removable, easily transported storage media, such as USB tokens (i.e., “thumb drives”), USB portable hard drives, and CDs/DVDs, should be encrypted.
Meanwhile, the new administration is in the midst of a review of federal cyber-security initiatives.
More information on how to prevent or recover from auto-run malware on USB flash drives:
Kanguru will soon be releasing a new multi-function high capacity storage device. Kanguru QSX will be capable of JBOD, RAID 0 and RAID 1 modes for a variety of storage and backup needs. Available up to 2TB in size (or 1TB in RAID 1 mode “mirrored”). The Kanguru QSX is an ideal solution for both the professional and private user who wants massive capacity or a backup solution at an affordable price.
The Kanguru e-Flash was recently featured on an episode of ComputerTV:
See our previous post for independent reviews of the world’s first e-SATA flash drive.
You may have heard about the Agent.btz virus that prompted the US Dept of Defense to temporarily ban USB flash drives.
Another worm targeting the auto-run on flash drives is the Conficker worm, and it seems this virus keeps getting nastier.
You can read Kanguru’s statement (pdf) on auto-run viruses at our website: http://www.kanguru.com/press/pressreleases.html
As previously noted, Massachusetts has one of the most comprehensive data breach laws and may become a model for other states (or the Federal Government). The law requires encryption for all USB Flash Drives that may contain any personal information of residents of the Commonwealth.
SearchCompliance.com recently interviewed Mass officials about implementation of the new regulations. Podcast is available here.
Forty-four states currently have data breach notification laws.
Just a reminder that you never know where your employees are going to leave their flash drives.
From The Tech Herald
Encrypt your data!!
Kanguru Solutions will be exhibiting at FOSE 2009 in Washington, DC from March 10-12. Visit us at Booth 2407. Featured products will include:
Also, don’t miss a sneak previews of the new Kanguru RAID solution, as well as the long-awaited successor to the original KanguruDisk (CNET, 1998).
Healthcare provisions in the recently-passed spending bill add a data breach notification requirement for organizations covered by HIPAA. HHS has 60 days to issue guidance on how to secure health information. This is sure to include encryption for portable devices like USB Flash Drives. If a breach is discovered and the data was not secured, the organization must notify anyone affected as well as the local media.
Public notification is not required if the data is shown to have been secure. There are several ways to prove that the device was secured:
Remote management gives added protection when being audited. Administrators can demonstrate that the missing device was remotely wiped at a precise date, time and location (by IP Address, Hostname and Domain). The Kanguru Remote Management Console was reviewed last year by Tom’s Hardware. Visit our webpage to learn about the features that have been added since that review.
Follow us on Twitter