Securing USB Drives
By Arieanna on July 8th, 20090 Comments
Mobile computing these days is not just restricted to laptops, but also to mobile phones and to USB memory devices, or thumb drives as they're often known. IT data security policies may be slow to catch up with the increased use of these memory devices, and thus slow to offer security solutions to protect sensitive data.
"Thumb drives are a revolutionary technology because of their small size, large capacity, low cost and universal plug and play. But they also present two primary security problems: they are easily lost or stolen, and they serve as a vector to transmit malware," said Jonathan Gossels, president and CEO of SystemExperts Corp.
SearchSMBStorage recently put together a great article entitled "Keeping thumb drive storage secure through encryption and policies." The article discusses such topics as:- Pros and Cons: Disabling USB port access to block thumb drive use
- Thumb drive encryption (only available on some USB devices, such as this one from IronKey)
- Updating security policies
- Monitoring employee use of USB devices
- The importance of employee education
Read the full discussion here.
Canadians Concerned About Identity Theft
By Arieanna on July 7th, 20090 Comments
A survey conducted by Canada's Office of the Privacy Commissioner indicates that 83% of the 2,028 Canadians who were a part of the telephone survey have not been a victim of identity theft in the past. However, 16% of Canadians have been a victim, with those earning over $100k being more likely to say they've been victims of this crime.
The Canadians and Privacy Report, conducted in March of 2009 by Ekos Research, indicates that, while the crime rate was low, the concern about identity theft was still high. 49% of Canadians indicate they are "very concerned" about identity theft, with only 6% indicating a complete lack of concern for the issue.
According to another survey, by Benoît Dupont, 1.7 million Canadians were affected by identity theft in 2008. The survey, based on this, is likely skewed a little higher towards those affected by identity theft. However, if you're interested in reading more about Canadians and identity theft, check out what Canada's Privacy Commissioner has to say about these surveys. And don't forget to check out Computrace LoJack for Laptops by Absolute Software to help secure your personal information on your home or small business computer!
New Breach Notification Laws in 2 States
By Arieanna on July 6th, 20090 Comments
Two new data breach notification laws will take effect this July in the US States of Alaska and South Carolina. Each law will require that individuals affected by a data breach be notified of said breach.
Alaska's consumer notification law, which was passed in 2008, requires that individuals be notified of a breach if their computerized personal information was breached and if that data was unencrypted. Notification must be made without unreasonable delay.
South Carolina's consumer notification law, also passed in 2008, individuals will be required to be notified of a breach if data was accessed, said data was unencrypted, and is "reasonably likely" to result in illegal use. This notification law perhaps has a few more loopholes, due to its definition of what a data breach is.
Learn more about the 2 new laws here:
With the addition of these 2 new state laws, 44 states in the US (plus the District of Columbia, Puerto Rico and the U.S. Virgin Islands), will have data breach notification laws in place. The only states without laws for notification, as of now, are: Alabama, Kentucky, Mississippi, Missouri, New Mexico and South Dakota.
Via hunton privacy ; Image: clip art
Absolute Uncovers Stolen Computer, Drugs, Fraud, and Then Some…
By Kaley on June 30th, 20090 Comments
After overseeing thousands of computer theft recoveries, Absolute has learned that computer theft is but the tip of the iceberg for many cases. Indeed, as a result of Computrace technology, many criminals have been apprehended, from cat burglars, to ex-cons, to drug dealers, to frauders. A recent Absolute recovery managed to encompass all four.
A home burglary left a Computrace LoJack for Laptops customer without his laptop – although within two days of theft, the laptop made contact with the Absolute Monitoring Center. Upon receiving the customer’s theft report, the Absolute Theft Recovery Team was able to gather evidence on the computer’s user and location, which they passed on to police.
The user who Absolute had identified was well-known to authorities – to the extent that police executed a search warrant on his residence. The stolen laptop was recovered from the scene. False checks and currency, a large quantity of drugs, and drug paraphernalia was also confiscated; particularly incriminating evidence given the suspect was then on probation from previous drug charges.
On account of the laptop, the user faced charges for breaking and entering, and possession of stolen property. Topping off his list of crimes, he also faced new drug charges, fraud charges, and – of course – violation of probation.
The laptop has since been returned to its happy owner, and the multi-talented criminal remains behind bars.
Learn more about the Absolute Theft Recovery process
Please note that indictments and criminal complaints are merely unproven accusations and the accused in all cases are presumed innocent until proven guilty
2009 School Safety Index
By Arieanna on June 25th, 20090 Comments
The 2009 School Safety Index indicates that security breaches at K-12 schools are on the rise.
The School Safety Index is conducted by CDW-G, this being the third year the index report has been published. The aim of the survey is to create a national benchmark to gauge the current state of school safety issues, looking at both IT and physical security in public school districts. This year, the survey includes data from 400 K-12 district IT and security directors across the US.
According to the 2009 report, the National Average for both Physical Security and Cyber Security was "below the bell curve," with the Index is much lower. For Cyber Security, the index was 22.2, lower the 38.6 reported in last year's survey. 55% of the districts reported experiencing an IT breach (unauthorized user access, hacking or virus) in the last year. Of those, 41% originated from students, with another 22% from staff or employees. On the physical side, 67% reported an unauthorized person in the school building or vandalism.
The explanation for the Index decline was given as:
"Continued threats, such as breaches and lack of end-user compliance, coupled with budget and staffing challenges make progress difficult"
Though many positive steps were taken to improve security (with 92% of districts with wireless networks using encryption), budget is seen as the top impediment to improving security. Read more in the press release.
Via eschoolnews
US Cyber Command to be Created
By Arieanna on June 25th, 20090 Comments
In addition to the new Cybersecurity Coordinator position created by Obama at the White House, more changes are afoot for National Cybersecurity. The US Secretary of Defense, Robert Gates, announced that the military will be creating a central hub, the US Cyber Command (Cybercom), to protect military networks from cyber threats.Gates will recommend to the President that Cybercom be led by the director of the National Security Agency (NSA), Lt. Gen. Keith Alexander. Cybercom's responsibilities will be to co-ordinate the operation and protection of military and Pentagon computer networks. The Defense Department operates 15,000 separate computer networks and more than 7 million individual data devices. This new command will help streamline efforts and capabilities under a single command.
Plans for Cybercom, including mission, roles and responsibilities, and accountability measures, are due to be submitted on September 1st. It's expected that the new command will reach full operating capacity by October, 2010.
Also, InformIT has put together a list of the Top 10 Social Engineering Tactics that is well worth a read!
FTC Publishes 'Red Flag' Guide for ID Theft Prevention
By Arieanna on June 25th, 20090 Comments
The Federal Trade Commission (FTC) has put together a new Guide titled "Fighting Fraud with the Red Flags Rule: A How-to Guide for Business."The "Red Flags" Rule, which went into effect on January 1, 2008, requires many businesses and organizations to implement a written Identity Theft Prevention Program. This program should detect early warning signs (red flags) of identity theft, take steps to prevent the crime, and mitigate damage that could be caused by it. The Red Flags Rule applies to "financial institutions" and "creditors," though those terms apply more broadly than in typical use.
The guide comes out just in time for enforcement to begin. The FTC says they began enforcement of the Red Flags Rule on May 1, 2009.
Head on over to the FTC site to determine if the Red Flags Rule applies to your organization, get practical tips on spotting identity theft, and to learn how to put your ID Theft Prevention program into place.
Evidence Goes up in Smoke – Laptop Spared
By Kaley on June 24th, 20090 Comments
In early June, Absolute received a theft report from a Computrace LoJack for Laptops customer after his laptop was stolen from the back seat of his car. Using a series of forensic tools, the Absolute Theft Recovery Team was able to quickly identify the laptop’s new user – an individual well known to police.
Because of the user’s criminal past – which, of no surprise, included a number of petty thefts - police were swift to prepare a search warrant for his home address. Yet the user was not keen to open his door to authorities; after all, he claimed – the door was jammed. Skeptical officers attempted to force entry, although the door appeared to be bolted to the ground (almost as though our suspect has faced this situation before…). With police stuck outside, the standoff continued.
In the meantime, a dense black smoke emerged from the house’s chimney. As police continued to coax the user into opening the door, the smoke thickened, and omitted the familiar smell of burning plastic. When the user finally relented and let police inside, this odor was explained.
In a last ditch effort to destroy any evidence, the user had created a criminal bonfire of sorts. Stolen iPods, gaming systems, and home electronics burned in his fireplace as police looked on. Luckily – the customer’s laptop had been spared.
By mid-June, this laptop was returned to its rightful owner, unscathed. The pyrotechnic suspect has been arrested, and is currently cooling off in jail.
Learn more about the Absolute Theft Recovery process
Please note that indictments and criminal complaints are merely unproven accusations and the accused in all cases are presumed innocent until proven guilty.
Maine Sets Deadline on Breach Notification
By Arieanna on June 24th, 20090 Comments
The state of Maine has modified their data breach notification law to require that individuals affected by a data breach be notified no later than 7 days after a law enforcement agency determines the notification will not compromise the investigation.Maine Governor John E. Baldacci signed Public Law 161-1 in May, making this change, and a few others, to the existing data breach notification law. Most states do not specify a time period for notification to go out, instead putting something to the effect of "without unreasonable delay."
You can read the full amendment to the law here [PDF]. The changes will go into effect on September 15, 2009.
LoJack for Laptops Now in Europe
By Arieanna on June 24th, 20090 Comments
Absolute Software announced this week that its consumer data protection and laptop recover tool, LoJack for Laptops, will now be available in Europe!
LoJack for Laptops, popular for home and small business laptop owners, can now be purchased online (for Mac or PC), with a one-year license for £45.99 in the U.K. and €52.89 throughout Europe.
Absolute Software has been serving European corporate customers with its Computrace product and service for some time, but this is the first launch of the product and service for consumers.
Over one million subscribers in North America have used LoJack for Laptops to protect their personal computers and its information. The Absolute Software Recovery Team recovers an average of 85 stolen computers each week - is your computer protected by Absolute?
1-10 of 572 | Next