Computer Weekly reports on a poll taken at Infosecurity Europe 2010 conference, where over half of the IT professionals surveyed do not encrypt USB sticks used for company data. This is a concerning result, given that these attendees focus their careers on information security. Imagine how the general population handles sensitive data.
The UK Information Commisioners Office is cracking down, but will that be enough?
The ICO has warned that it will not hesitate to impose fines of up to £500,000 on organisations found guilty of serious breaches of personal data.
But privacy and legal experts have said the bigger fines introduced in April may still not be big enough to be taken seriously by big business.
Data Security, Portable Storage
The Kanguru Remote Management Console (KRMC) for USB Flash Drives is now available as a Cloud-based subscription service.
KRMC is a powerful tool for managing Secure USB Drives throughout your organization. Lost drives can be remotely terminated, the help desk can remotely assist users, and all actions can be logged and audited for compliance. KRMC Enterprise Edition is currently being used by hospitals, banks, government agencies, and other large organizations to protect sensitive information. Now KRMC Cloud Edition is available for smaller organizations to get the same protection without investing in infrastructure.
Read the full announcement here.
Data Security, Portable Storage
Two hospitals in Kentucky have been forced to notify the public of data breaches under the new HITECH legislation. Both breaches involved the loss of unencrypted portable drives. According to the story in Health Data Management, one flash drive contained protected health information for 24,600 individuals admitted to the hospital since 2002.
The HITECH Act is changing the way that healthcare providers think about data security. Small devices can store massive amounts of data and should be considered high risk if they are not properly secured.
Data Security, Healthcare, Portable Storage
According to the Toronto Star, the private data of 8600 Toronto teachers is now in the hands of thieves after unencrypted laptops were stolen from the Ontario Teachers’ Insurance Plan.
The theft has served as call to action for OTIP:
OTIP spokesperson Julie Millard said the company is racing to finish a process it had started last fall to encrypt all data it holds on some 160,000 policy-holders.
“Because of what’s happened we’re working faster to encrypt all our communication devices by March—laptops, BlackBerries, even USB keys,” Millard said of the non-profit company owned by the province’s teachers’ unions.
Data Security, Portable Storage
The Ponemon Institute released their annual “U.S. Cost of Data Breach Study”, which found the average data breach cost rising from $6.65 Million in 2008 to $6.75 Million last year. From Network World:
In tallying the cost of a data breach, Ponemon Institute looks at several factors including: the cost of lost business because of an incident; legal fees; disclosure expenses related to customer contact and public response; consulting help; and remediation expenses such as technology and training.
The study found that companies that have a CISO or similar position did much better at managing data breach costs.
Network World also has the 2009 Data Breach Hall of Shame.
Data Security
A recent NY Times story on the Google – China confrontation mentions an increasingly common attack using USB flash drives to load malware.
Often, malware infections are a result of high-tech twists on old-fashioned cons. One scam, for example, involves small U.S.B. flash drives, left in a company parking lot, adorned with the company logo. Curious employees pick them up, put them in their computers and open what looks like an innocuous document. In fact, once run, it is software that collects passwords and other confidential information on a user’s computer and sends it to the attackers.
USB malware is a serious problem and Kanguru highly recommends using endpoint security to defend against these types of attacks. Portable flash drives may cause security concerns, but blocking them altogether can reduce worker productivity and cause major inconveniences. Endpoint security is an easy way to allow limited flash drive usage and still keep out unauthorized devices. That is why Kanguru has built USB Device Control directly into its Remote Management Console. Now organizations can remotely manage their secure devices and lockdown all others from one integrated console.
Data Security, Malware, Portable Storage
Via Axcess News:
A survey released today reveals that in the last year, 4,500 memory sticks have been forgotten in people’s pockets as they take their clothes to be washed at the local dry cleaners. From 6th April onwards if data is lost and it causes a major security breach, this could now cost a company up to £500k with new powers given to the Information Commissioner’s office (ICO) to fine companies who have not sufficiently protected customers details under the Data Protection Act.
This is actually an improvement compared to last year’s survey, which hopefully means that security awareness is improving. It’s still an awfully large number of flash drives, though, and there is no telling what kind of data is on them. Given today’s large storage capacities, a memory stick could contain an entire database. Wouldn’t you want the power to remotely delete a lost drive before it turns up at the dry cleaner?
Data Security, Portable Storage
A new report from Microsoft highlights the threat from malware that automatically loads from USB flash drives.
The Washington Post Security Fix has a good summary:
In its latest “Security Intelligence Report,” Microsoft counted the number of threats detected by its anti-malware desktop products, and found that the Conficker worm, along with a Trojan horse program called Taterf which steals passwords and license keys for popular computer games, were detected on 5.21 million and 4.91 million Windows computers, respectively.
Kanguru takes the autorun threat very seriously and is designing its secure flash drives to counter the risk. The Defender Elite encrypted flash drive features a secure vault that launches Kanguru’s encryption application. The vault cannot be altered by hackers or used to launch autorun attacks. In addition, Defender Elite will soon feature an onboard anti-virus/anti-malware scanner that will check all files that are stored on the device.
Data Security, Portable Storage
Dr. John Halamka, CIO of CareGroup Health System, shares his privacy and security lessons learned. Dr. Halamka serves as Vice-Chairman of the federal Health Information Technology Standards Committee.
The workgroup’s recommendations include:
All data at rest on mobile devices must be encrypted. Encrypting all databases and storage systems within an organization’s data center would create a burden. But ensuring that devices such as laptops and USB drives, which can be stolen, encrypt patient-identified data makes sense and is part of new regulations such as Massachusetts’ data protection law.
See the full article for Dr. Halamka’s top five security lessons.
Data Security, Healthcare, Portable Storage
London Evening Standard: A computer virus crippled a London council for weeks after a worker accidentally plugged an infected memory stick into a computer. The emergency recovery has cost £501,000 (~ $820,000) thus far.
Lib-Dem councillor Gary Malcolm, who is also an IT specialist, said: “I will be calling for heads to roll. Half a million pounds is a hell of a lot of money to throw away at a time the council says it is strapped for cash. If this had happened in a private company, people would be sacked.”
USB flash drives are a popular vehicle for delivering malware onto computer networks and the threat needs to be taken seriously. This incident is similar in nature to last week’s mysterious laptops that the FBI is now investigating.
Defender Elite, the next generation secure drive from Kanguru, will feature onboard anti-virus scanning to prevent malware from getting anywhere near your USB ports.
Data Security, Government, Malware, Portable Storage
Follow us on Twitter