A recent article published in the Chicago Tribune brings up some great points regarding information security and outsourcing. The article, titled “Rise of outsourcing poses new cybersecurity problems” details how, with outsourcing, companies are giving up a measure of control over their security.
It also describes the rise of security audits and how recent data breaches have been a boon for IT security consultants.
“Performing security audits is now a specialty within information technology consulting,” said Isaac Cheifetz, an IT recruiter with Open Technologies Consulting Co. Security “is no longer simply about making sure the network firewall is up.”
For the full story, click here.
Data Security
Thanks to all that joined us for last weeks webinar on “How to Minimize the Risks of a Data Breach/Cyber Attack.” For those that were unable to attend, we’ve created a video of the webinar you can view.
Check it out.
How to Minimize the Risks of a Data Breach/Cyber Attack
Data Security
An excellent article was recently posted on Security Week regarding the use of encryption to prevent data breaches. As we’ve pointed out in the past, encryption should be mandatory in any instances where sensitive data is being handled. By requiring the use of encryption, IT and Infosec professionals can save their organizations time and money in the long term.
The Security Week article, entitled “The Encryption Advantage: Simple Steps to Protect your Valuable Information” does an excellent job of illustrating how using encryption can prevent costly fines.
Here is an excerpt: Read more…
Data Security
Free Cyber Security Webinar:
How to Minimize the Risks of a Data Breach/Cyber Attack
Kanguru Solutions has teamed up with Cyber Data Risk Managers LLC to host a FREE webinar on cyber security and infosec entitled “How to Minimize the Risks of a Data Breach/Cyber Attack.”
This free educational webinar will be presented on 10/25 to discuss data security, privacy and measures to take in the event of a data breach.
Details:
Date: Tuesday, October 25, 2011
Time: 10:00am to 11:00am Eastern Time
Presenters: Kevin Landt and Christine Marciano
Topics:
- Methods to protect your sensitive data.
- Why you need to protect your sensitive data.
- How to minimize the severity of security incidents.
- A look at recent security and data breach incidents.
- How to contain damage and minimize risks.
- Define an incident response plan.
- Q&A
To register for this event, click here.
Hope to see you there!
Data Security
Thousands of confidential medical records were loaded on a USB flash drive, which subsequently was stolen during a car break-in. Sound familiar? An increase in data breach notification laws throughout the US has brought to light hundreds of incidents that would have been glossed over in the past. In this case, the protected health information is covered under new regulations in HIPAA and the HiTECH Act of 2009.
According to the MetroWest Daily News, it’s unclear whether the incident will result in direct monetary damages but it certainly hasn’t been a public relations success:
Smith declined to say whether the loss of the records would be considered a violation of the Health Insurance Portability and Accountability Act - known as HIPAA - or whether the company could face penalties.
Under the Health Information Technology for Economic and Clinical Health Act of 2009, companies that experience a breach of health information covered by HIPAA for more than 500 patients are required to inform the patients and the media.
Data Security, Healthcare
According to TechEye, another NHS Trust has exposed confidential patient information by storing it on an unencrypted USB drive, which promptly disappeared. This is a continuing issue for NHS.
The Surrey and Sussex Healthcare NHS Trust patient records were lost in September 2010. Shockingly, the details were on an unencrypted memory stick and worse, the 800 affected patients were never told. Leaked details include full name, date of birth and operation details.
Kanguru strongly recommends that all healthcare organizations protect patient data by using mandatory hardware encryption on all portable devices. The Kanguru Defender Elite secure flash drive is completing Common Criteria certification and is now available in the UK and throughout Europe. It’s an ideal solution for healthcare data protection.
Data Security, Healthcare
Flash drives have revolutionized the business world with their convenience and portability; however, for infosec professionals, flash drives are a dual edged sword. Their tiny size often makes them easy to lose and their storage capacity allows massive amounts of potentially sensitive data to be stored and transported on them.
If lost or stolen, a single unencrypted flash drive has the potential to cause a massive data breach.
So how can infosec professionals deal with flash drives? Read more…
Data Security
Businesses take note: Data breaches have a far greater impact than just potential fines.
With several high profile data breaches this year, federal regulators have been quick to propose data breach notification bills and heavy fines for organizations that fail to keep sensitive and confidential information safe.
The real concern for organizations that have experienced a data breach, however, should be customer confidence.
A recent article in the Tech Journal (techjournalsouth.com) delves into the effects of data breaches, using survey information to demonstrate how they affect customer loyalty and confidence. Read more…
Data Security
A recent article on Infosec Island outlined the new Personal Data Protection and Breach Accountability Act of 2011, S.1535 (the “PDPBA Act”) as proposed by Senator Richard Blumenthal (D-CT). The Bill is the latest to address data security and privacy of personally identifiable information.
Some of the key elements from this article include the “enforcement by the United State Attorney General, by State Attorneys General, and by individuals via a private right of action that allows for civil penalties of up to $10,000 per violation per day per individual up to a maximum of $20,000,000 per violation.”
These are some hefty fines should the bill be passed. The bill also contained some notable exceptions, namely organizations already covered by the Gramm-Leach-Bliley Act (“GLBA”) and Health Insurance Portability and Accountability Act (”HIPAA”).
For the full article from Infosec Island, click here.
To view the proposed bill, click here. (PDF)
Data Security
Co-Authored by Matthew Losanno and Emmett Jorgensen
I’ve stressed the importance of encryption in the past and, if you are an avid InfoSec follower, you will probably agree that encryption is important. Is it the most important aspect of data security though? I’d say it ranks high, very high even; however, often encryption alone simply isn’t enough. A lot more should go into the security of your confidential data than just encryption.
There are variables at work that often require security measures above and beyond encryption. The confidentiality of the data you are working with, state, federal and industry regulations, user habits, platforms and more all factor into the security measures needed to safeguard your data. Read more…
Data Security
Follow us on Twitter