You might not know the answer to that question until it’s too late.  Unfortunately, the most common response to finding a USB drive is to plug it in.  Virus-writers count on that response when they design the latest malware threats.

Network World discusses the way the Stuxnet worm has exploited this vulnerability.

Many companies have focused on the worm’s ability to spread via USB flash drives. Malicious programs spreading through infected such devices have become a major problem for corporations, because of employee curiosity. In penetration tests conducted by Leviathan Security, 8 out of 10 employees that found a USB drive plugged it into a computer. All of those workers then went on to open up a spreadsheet labeled “LayoffNotice.xls,” says Frank Heidt, CEO of Leviathan.

“You can tell your people, ‘Hey, don’t plug in USB sticks into your network,’ but that is antithetical to human nature,” Heidt says.

One way to combat this problem is to restrict unknown USB devices from your network and only allow devices with built-in antivirus protection.  Kanguru includes integrated malware protection as a standard feature on all new secure flash drives.  The network restrictions can be easily managed with Group Policy or one of the many Endpoint Security products now on the market.

Data Security, Malware, Portable Storage

Here at Kanguru we frequently talk about encrypting and securing your mobile data, but sometimes don’t stress enough the importance of tracking and monitoring data usage.  As important as it is to secure your data, it is equally important to know where it is going. 

When an employee leaves the office for the day, taking his work with him on a flash drive, where is that data going?  A quick stop by the local coffee shop and opened up on one of their unsecure wireless networks?  To an unsecure home computer? 

These possibilities along with the risks associated with them are why Kanguru emphasizes a total security solution.  This can be especially advantageous to organizations that are required to meet security regulations like HIPAA, the Hitech Act or any one of the many state-level data breach laws. 

Tracking and monitoring can be done via Kanguru’s Remote Management Console and USB Device Control, a tandem of products designed specifically to allow organizations to keep tabs on and secure their portable data. 

It’s time to look beyond encryption and recognize the importance of end point security as a key element to the overall big picture of securing your data.  Some options to look for in endpoint security and remote management:

1.) Device Control – Control what, when and how USB devices are allowed to access your computers

2.) IP and Domain Control – Manage which IP addresses and/or domains are allowable for devices to access via whitelist and blacklist methodology.

3.) Auditing and Reporting – Get a full audit trail with detailed graphical reporting and the ability to export both customizable audit logs and graphs for external analysis to ensure proper compliance.

4.) Remote Provisioning – Remotely manage security policy changes from a single location. Control password complexity, password expiration, software updates, patches, A/V definitions, online and offline access, and more.

Data Security

Much has made recently of the “insider threat” and how it can affect an organization’s data security.  But which is really a bigger threat to your organization?  A hacker or a disgruntled employee with access to the company’s confidential data? 

The answer might surprise you.  Although the intent of a hacker is generally more insidious (stealing your banking log-in, for example), the insider threat is actually more costly simply due to an employee’s access to company data.

A recent survey, “2011 CyberSecurity Watch Survey” found that, although there are more instances of cyber threats, their overall cost is less than that of an insider-caused data breach.  The survey concluded that more attacks (58%) are caused by outsiders (those without authorized access to network systems and data) versus 21% of attacks caused by insiders (employees or contractors with authorized access)… however 33% view the insider attacks to be more costly.

Click  here for the full story at SecurityWeek.

Data Security

Don’t let an unsecure flash drive cause business disruption, productivity loss, revenue loss, and fines.

Recent events in the news have demonstrated the ease with which portable devices can be used to steal confidential data.

Avoid your own personal Wikileaks by securing your USB flash drives.  Kanguru’s secure flash drives and remote management capabilities provide excellent protection against data leaks.

The Kanguru Defender Elite coupled with Kanguru Remote Management Console (KRMC) give CIO’s and CISO’s an unprecedented level of control over their flash drives.  Data breaches can be prevented with features such as:

Remote Disable/Delete – Remotely disable or delete devices compromised by rogue employees to protect sensitive information and prevent data breaches.

Domain/IP Control – Restrict drive usage to approved domains & IP ranges and prevent unauthorized use in external networks.

Offline Restrictions – Control whether devices can be used offline. Prevent unauthorized use in external networks.

Auditing and Reporting – KRMC enforces a full audit trail with detailed graphical reporting and the ability to export both customizable audit logs and graphs for external analysis to ensure proper compliance.

Data Security, Financial, Government, Portable Storage

Which is more costly to a business?  Spending the money to become compliant with federally mandated security regulations or remaining noncompliant? 

A recent study by the Ponemon Institute compared the cost of complying with state and federal security regulations vs. the cost of potential business disruption, productivity loss, revenue loss, and fines.   Read more about it here.

Data Security

Dark Reading summarizes the annual threat report from PandaLabs.  Virus writers were hard at work in 2010 and many of them were focused stealing banking and financial data.

Banker Trojans still dominate the ranking of new malware that appeared in 2010 (56 percent of all samples), followed by viruses and worms. A relative newcomer to the malware landscape, rogueware (fake antivirus software) now comprises 11.6 percent of all the malware gathered and has been given its own category.

Find out more about how Kanguru can protect your organization from USB-borne viruses and malware.

Data Security, Portable Storage

A recent survey of office workers revealed that USB sticks are frequently used to store company information regardless of corporate policy.

Delving into the research reveals that more than half of the respondents said their USB sticks were not encrypted, leaving the corporate information on them completely vulnerable if they are borrowed, lost or stolen.

This ComputerWorld article makes the link between this type of weak security and the vulnerability of governments and corporations to data breaches that end up on Wikileaks.

Data Security

The loss of portable devices is gaining more attention as companies strive to balance security concerns with user productivity.  Last week, a group of experts gathered to discuss laptops in particular.

Intel on Thursday brought together a panel of technology security experts to discuss the findings of a recent survey it sponsored, entitled, “The Billion Dollar Lost Laptop Problem.” Conducted by Ponemon Institute, the survey gathered data from 329 organizations that have lost a total of more than 86,000 laptops worth a combined $2.1 billion in the past year. Forty-six percent of these systems contained confidential data, but 70 percent lacked basic precautions including encryption, back-up and anti-theft technology.

The numbers are similarly scary for portable storage devices like USB flash drives.  While these drives are extremely convenient for employees, the data stored on the drives needs to be protected.

Members of the panel pointed out two key areas for improving security.  One was implementing security controls that don’t require user intervention.  When implementing encryption, it should be seamless and automatically enforced.  Another method of improving security is to include a remote kill or disable technology, so that lost devices can be locked down and secure from leaking data.  Making these features standard in portable devices will go a long way toward preventing future data breaches.

Data Security, Portable Storage

Check out the new cartoon “Bad Luck, Good Luck” starring the Kanguru Defender Elite. No chance for data thieves!

Data Security

Many entities use your Social Security Number to identify you.  Are they doing everything they can to protect that information?

Robert Siciliano, on behalf of McAfee, analyzed data breaches published by the Identity Theft Resource Center, Privacy Rights Clearinghouse and the Open Security Foundation that involved Social Security number breaches from January 2009 – October 2010 to reveal the riskiest places to lose your ID.

The top 10 most dangerous places to give out your Social Security number are:

#1 – Universities/Colleges (108)

#2 – Banking/Financial Institutions (96)

#3 – Hospitals (71)

#4 – State Governments (57)

#5 – Local Governments (44)

#6 – Federal Governments (33)

#7 – Medical Businesses (27) (Please note: These are businesses that concentrate on services and products for the medical field such as distributers of diabetes or dialysis supplies, medical billing services, pharmaceutical companies, etc.)

#8 – Non-Profit Organizations (23)

#9 – Technology Companies (22)

#10 (tied) – Medical Insurance and Medical Offices/Clinics (21)

Read the full article for tips on when and when not to provide your Social Security Number.

Data Security