InformationWeek highlights a new study showing that malware on USB sticks is wreaking havoc on information security.  The new survey by the Ponemon Institute found:

In the past two years, 70% of businesses have traced the loss of sensitive or confidential information to USB flash memory sticks. While such losses can obviously occur when the devices get lost or stolen, 55% of those incidents are likely related to malware-infected devices that introduced malicious code onto corporate networks.

Most of the respondents do not have any form of endpoint security in place, or don’t enforce their own USB security policies.  Cost may be an important factor as “75% of respondents said they wouldn’t pay a premium to ensure that USB drives are safe and secure.”

Setting aside the fact that this is short-sighted given the cost of a data breach, you don’t need to break the bank to secure your USB drives.  The Kanguru Defender Basic features automatically enforced military-grade encryption, plus an onboard anti-virus scanner to prevent malicious code from entering your network.  Best of all, it’s available at a mainstream price.

Data Security

The Boston Herald has details on a bank executive who resigned and then left with thousands of documents belonging to his former employer, Boston Private Bank & Trust Co.

In a suit filed in U.S. District Court on Monday, Boston Private Bank & Trust accuses former lending executive Todd Rassiger of stealing proprietary information that benefits his new employer, First Republic Bank.

The 24-page lawsuit alleges that before his resignation from Boston Private Bank & Trust Co., Rassiger attached personal USB flash drives to his bank-issued computer and downloaded more than 1,500 documents, many of which included highly confidential and proprietary information.

These days, companies need to be concerned with both external cyberattacks as well as the threat posed by insiders who have access to sensitive data.  Our recent post highlights the need for endpoint security, which can block personal flash drives and keep an audit log of which files are downloaded. 

We also highly recommend remote management capabilities for all portable devices like smartphones and storage devices.  Kanguru’s Remote Management Console can be used to instantly revoke device access from employees who are leaving the organization.  Their company-issued USB drive will be remotely disabled or deleted the next time it’s plugged in.

Data Security, Financial, Portable Storage

A recent article in Security Week outlined a dramatic increase in malware sent via e-mail.  This after the takedown of the Rustock Botnet.  Methods of spreading the malware included fake “parcel tracking information” mimicking those from UPS and DHL, PDF file attachments with script malware, explicit PowerPoint presentations and more. 

The take away from this report is to maintain a regularly updated anti-virus on your computer, scan e-mail documents before opening them, and be wary of any suspicious attachments/e-mails. 

If you work on computers that do not have anti-virus installed, you can carry a mobile anti-virus program on your Kanguru Defender Elite, Defender V2 or Defender Basic which allows you to scan any files you transfer between the unprotected computer and your flash drive.  It’s a great added layer of security, protecting your mobile documents from becoming a carrier of malicious programs.

Malware, Portable Storage

According to a new study by the Ponemon Institute, 75% of the energy and utility companies that were surveyed experienced a data breach within the last year.

“We were surprised that utility companies didn’t put a higher priority on issues like smart grid and smart meters, where there’s been a lot of concern about cyberthreats,” says Larry Ponemon, chairman and founder of Ponemon Institute. “Many of the people we talked to are still more focused on physical security than on cybersecurity.”

One possible attack vector being used against power companies is unsecured USB flash drives.  This was reported to be a big factor in the spread of Stuxnet last year.  Energy, utility and manufacturing companies should be taking extra measures to be sure only secure devices are plugging into industrial control equipment.

Malware, Portable Storage

Dark Reading highlights the growing number of cyber-attacks against law firms.  The law firms themselves may not always be the primary target in these attacks.  Rather, the thieves are often going after all the data pertaining to the firm’s corporate clients.  A law firm may collect massive amounts of data during the e-discovery process and the data is not always well protected.

Firms sometimes use thumb drives to gather this information. “I attended a program on e-discovery where someone from a law firm was talking about … how [people] were collecting information on thumb drives and then taking it back to the law firm. It was very insecure … a very informal kind of ad hoc process, with really no security built in,” Thomson says.

Kanguru has first-hand experience securing flash drives for legal firms.  Our encrypted devices and remote management software ensure that all data stored on thumb drives is locked down automatically, both within the firm’s network and out at client sites.  In addition, Kanguru’s USB Device Control software prevents users from bringing in unsecure flash drives and using them on the network.  Built-in Anti-virus scanners protect each thumb drive in real-time so that no trojans or other malware can infiltrate the firm’s database.

Find out more at: https://www.kanguru.com/index.php/flash-management/krmc

Data Security

A recent security study shows just how much time administrators spend removing malware from K-12 School computers.  21% of respondents are doing this task daily!

Research shows that much of today’s common malware is spread on USB memory sticks.  That’s why Kanguru has added BitDefender antivirus protection into every Kanguru Defender Basic, V2 and Elite secure flash drive.  We know that K-12 Schools have been hit with shrinking budgets in recent years, so we have a discount program specifically for Educational organizations.  Contact us today to find out more.  Email defender (at) kanguru.com.

Data Security

You might not know the answer to that question until it’s too late.  Unfortunately, the most common response to finding a USB drive is to plug it in.  Virus-writers count on that response when they design the latest malware threats.

Network World discusses the way the Stuxnet worm has exploited this vulnerability.

Many companies have focused on the worm’s ability to spread via USB flash drives. Malicious programs spreading through infected such devices have become a major problem for corporations, because of employee curiosity. In penetration tests conducted by Leviathan Security, 8 out of 10 employees that found a USB drive plugged it into a computer. All of those workers then went on to open up a spreadsheet labeled “LayoffNotice.xls,” says Frank Heidt, CEO of Leviathan.

“You can tell your people, ‘Hey, don’t plug in USB sticks into your network,’ but that is antithetical to human nature,” Heidt says.

One way to combat this problem is to restrict unknown USB devices from your network and only allow devices with built-in antivirus protection.  Kanguru includes integrated malware protection as a standard feature on all new secure flash drives.  The network restrictions can be easily managed with Group Policy or one of the many Endpoint Security products now on the market.

Data Security, Malware, Portable Storage

Here at Kanguru we frequently talk about encrypting and securing your mobile data, but sometimes don’t stress enough the importance of tracking and monitoring data usage.  As important as it is to secure your data, it is equally important to know where it is going. 

When an employee leaves the office for the day, taking his work with him on a flash drive, where is that data going?  A quick stop by the local coffee shop and opened up on one of their unsecure wireless networks?  To an unsecure home computer? 

These possibilities along with the risks associated with them are why Kanguru emphasizes a total security solution.  This can be especially advantageous to organizations that are required to meet security regulations like HIPAA, the Hitech Act or any one of the many state-level data breach laws. 

Tracking and monitoring can be done via Kanguru’s Remote Management Console and USB Device Control, a tandem of products designed specifically to allow organizations to keep tabs on and secure their portable data. 

It’s time to look beyond encryption and recognize the importance of end point security as a key element to the overall big picture of securing your data.  Some options to look for in endpoint security and remote management:

1.) Device Control - Control what, when and how USB devices are allowed to access your computers

2.) IP and Domain Control - Manage which IP addresses and/or domains are allowable for devices to access via whitelist and blacklist methodology.

3.) Auditing and Reporting - Get a full audit trail with detailed graphical reporting and the ability to export both customizable audit logs and graphs for external analysis to ensure proper compliance.

4.) Remote Provisioning - Remotely manage security policy changes from a single location. Control password complexity, password expiration, software updates, patches, A/V definitions, online and offline access, and more.

Data Security

Dark Reading summarizes the annual threat report from PandaLabs.  Virus writers were hard at work in 2010 and many of them were focused stealing banking and financial data.

Banker Trojans still dominate the ranking of new malware that appeared in 2010 (56 percent of all samples), followed by viruses and worms. A relative newcomer to the malware landscape, rogueware (fake antivirus software) now comprises 11.6 percent of all the malware gathered and has been given its own category.

Find out more about how Kanguru can protect your organization from USB-borne viruses and malware.

Data Security, Portable Storage

A recent survey of office workers revealed that USB sticks are frequently used to store company information regardless of corporate policy.

Delving into the research reveals that more than half of the respondents said their USB sticks were not encrypted, leaving the corporate information on them completely vulnerable if they are borrowed, lost or stolen.

This ComputerWorld article makes the link between this type of weak security and the vulnerability of governments and corporations to data breaches that end up on Wikileaks.

Data Security