A new study from the Digital Forensics Association, called The Leaking Vault 2011, covers 3,765 publicly disclosed data breach incidents over the past six years.  The estimated cost of these data breaches totaled more than $156 Billion.  “Hacking” exposed the largest number of records, while “Drive/Media” exposures were the second leading cause.

The study also shows the breakdown of incidents among business, education, government and medical sectors.  It clearly shows that data breaches can happen to a wide variety of institutions, not just those that handle “classified” information.  State data breach laws and industry regulations like HIPAA have increased the spotlight on data security outside of traditional national security organizations.  In fact, medical data breaches were the fastest growing segment from 2005-2010.

Read the full report for conclusions and recommendations.

Data Security, Financial, Government, Healthcare, Malware, Portable Storage

Electronic medical records are the future, and the government is encouraging their adoption through the HITECH act.  InfoSecurity.com has analysis of the first phase of HITECH:

Phase I implementation (2011–2014) provides a graduated series of financial incentives to physicians and hospitals. At the same time, certain information security measures must be implemented along with the expanded use of electronic health records and information exchanges.

For healthcare facilities, these security measures include implementation of access control; data integrity; emergency management; encryption of data at rest, in motion, and removable media; identity proofing; log analysis and management; and system timeout.

Healthcare organizations are advised to use an encryption algorithm that meets FIPS 197 standards or better.  It’s important to ask your vendor about their encryption certifications, as not all password-protected devices are truly secure.

Data Security, Healthcare

Convenience or Security? It’s a dilemma encountered by IT professionals every day.

Smart phones, flash drives, and other personal mobile devices have become the norm within business environments today.  Each brings unique features that contribute to business productivity and many professionals will tell you they are indispensable in their everyday activities.

So how can infosec professionals deal with the plethora of devices out there?

Ban them altogether and there is a very real risk that productivity will suffer.  Allow them without having some sort of management plan in place and a costly data breach could be in your future.  So, can mobile devices be managed without severely limiting their functionality and convenience? Read more…

Data Security

USB Flash drives: Petite, portable storage devices capable of storing gigabytes of data.  They’ve revolutionized the business world with their convenience and portability; however, there is a darker side to the revered little flash drive.

Their tiny size often makes them easy to lose and their storage capacity allows huge amounts of potentially sensitive data to be stored on them. If lost or stolen a single, tiny, insecure flash drive has the potential to cause a massive data breach.

As state, federal and business regulations tighten on information security and impose fines and sanctions for data breaches, the question arises:  Should flash drives be banned from work environments, as the Department of Defense did in the fall of 2008[i]?  Or can they be used in a safe manner without limiting the very attributes that make them so popular?

The answer to this will vary greatly depending on your organizational policies and security standards; however, there are options for using flash drives securely.

A good starting point is encrypted flash drives.  While encryption is important, there are many more factors to take into consideration in the overall security of flash drives.

In order to cover some of the new security developments surrounding flash drives and to figure out the best solutions for your needs I’ve come up with 11 basic questions to ask when buying a secure flash drive.

Question #1: What is the overall level of security and has it been certified by an independent, accredited entity?

Why it is important: Generally, the higher the encryption level (128-bit, 256-bit), the more difficult it is for a hacker to break.  However, it is also very important that the device be tested for other relevant factors such as encryption tunnels, a true random number generator, physical security features, hashing, and the security of the device’s firmware. Read more…

Data Security, Financial, Government, Healthcare, Malware

Kanguru is pleased to announce that we have been chosen to provide a major healthcare provider in Maryland with secure flash drives and remote management software.  Our encrypted flash drives will help keep their patient data safe and secure, and also help them meet HIPAA regulations relating to data security and privacy. 

This is the latest of several secure flash standardizations Kanguru has recently been involved with across the government, healthcare, and financial industries.  Healthcare providers have been under increasing scrutiny lately as the Dept of Health & Human Services has stepped up enforcement of HIPAA privacy rules.  Kanguru’s remote management platform provides security against data breaches as well as audit logs for proof of compliance.

Data Security, Healthcare, Portable Storage

Dark Reading summarizes the annual threat report from PandaLabs.  Virus writers were hard at work in 2010 and many of them were focused stealing banking and financial data.

Banker Trojans still dominate the ranking of new malware that appeared in 2010 (56 percent of all samples), followed by viruses and worms. A relative newcomer to the malware landscape, rogueware (fake antivirus software) now comprises 11.6 percent of all the malware gathered and has been given its own category.

Find out more about how Kanguru can protect your organization from USB-borne viruses and malware.

Data Security, Portable Storage

A recent survey of office workers revealed that USB sticks are frequently used to store company information regardless of corporate policy.

Delving into the research reveals that more than half of the respondents said their USB sticks were not encrypted, leaving the corporate information on them completely vulnerable if they are borrowed, lost or stolen.

This ComputerWorld article makes the link between this type of weak security and the vulnerability of governments and corporations to data breaches that end up on Wikileaks.

Data Security

Check out the new cartoon “Bad Luck, Good Luck” starring the Kanguru Defender Elite. No chance for data thieves!

Data Security

IT Governance Blog has an update on the latest incident involving an NHS Trust, and a possible solution to the problem of unsecured USB sticks.

Healthcare, Portable Storage

Computer Weekly reports on a poll taken at Infosecurity Europe 2010 conference, where over half of the IT professionals surveyed do not encrypt USB sticks used for company data.  This is a concerning result, given that these attendees focus their careers on information security.  Imagine how the general population handles sensitive data.

The UK Information Commisioners Office is cracking down, but will that be enough?

The ICO has warned that it will not hesitate to impose fines of up to £500,000 on organisations found guilty of serious breaches of personal data.

But privacy and legal experts have said the bigger fines introduced in April may still not be big enough to be taken seriously by big business.

Data Security, Portable Storage