After overseeing thousands of computer theft recoveries, Absolute has learned that computer theft is but the tip of the iceberg for many cases. Indeed, as a result of Computrace technology, many criminals have been apprehended, from cat burglars, to ex-cons, to drug dealers, to frauders. A recent Absolute recovery managed to encompass all four.

The 2009 School Safety Index indicates that security breaches at K-12 schools are on the rise.

The School Safety Index is conducted by CDW-G, this being the third year the index report has been published. The aim of the survey is to create a national benchmark to gauge the current state of school safety issues, looking at both IT and physical security in public school districts. This year, the survey includes data from 400 K-12 district IT and security directors across the US.

According to the 2009 report, the National Average for both Physical Security and Cyber Security was "below the bell curve," with the Index is much lower. For Cyber Security, the index was 22.2, lower the 38.6 reported in last year's survey. 55% of the districts reported experiencing an IT breach (unauthorized user access, hacking or virus) in the last year. Of those, 41% originated from students, with another 22% from staff or employees. On the physical side, 67% reported an unauthorized person in the school building or vandalism.

The explanation for the Index decline was given as:

"Continued threats, such as breaches and lack of end-user compliance, coupled with budget and staffing challenges make progress difficult"

Via eschoolnews

In addition to the new Cybersecurity Coordinator position created by Obama at the White House, more changes are afoot for National Cybersecurity. The US Secretary of Defense, Robert Gates, announced that the military will be creating a central hub, the US Cyber Command (Cybercom), to protect military networks from cyber threats.

Gates will recommend to the President that Cybercom be led by the director of the National Security Agency (NSA), Lt. Gen. Keith Alexander. Cybercom's responsibilities will be to co-ordinate the operation and protection of military and Pentagon computer networks. The Defense Department operates 15,000 separate computer networks and more than 7 million individual data devices. This new command will help streamline efforts and capabilities under a single command.

Plans for Cybercom, including mission, roles and responsibilities, and accountability measures, are due to be submitted on September 1st. It's expected that the new command will reach full operating capacity by October, 2010.

Also, InformIT has put together a list of the Top 10 Social Engineering Tactics that is well worth a read!

Via securityfocus, computerworld

The Federal Trade Commission (FTC) has put together a new Guide titled "Fighting Fraud with the Red Flags Rule: A How-to Guide for Business."

The "Red Flags" Rule, which went into effect on January 1, 2008, requires many businesses and organizations to implement a written Identity Theft Prevention Program. This program should detect early warning signs (red flags) of identity theft, take steps to prevent the crime, and mitigate damage that could be caused by it. The Red Flags Rule applies to "financial institutions" and "creditors," though those terms apply more broadly than in typical use.

The guide comes out just in time for enforcement to begin. The FTC says they began enforcement of the Red Flags Rule on May 1, 2009.

Head on over to the FTC site to determine if the Red Flags Rule applies to your organization, get practical tips on spotting identity theft, and to learn how to put your ID Theft Prevention program into place.

Please note that indictments and criminal complaints are merely unproven accusations and the accused in all cases are presumed innocent until proven guilty.

The state of Maine has modified their data breach notification law to require that individuals affected by a data breach be notified no later than 7 days after a law enforcement agency determines the notification will not compromise the investigation.

Maine Governor John E. Baldacci signed Public Law 161-1 in May, making this change, and a few others, to the existing data breach notification law. Most states do not specify a time period for notification to go out, instead putting something to the effect of "without unreasonable delay."

You can read the full amendment to the law here [PDF]. The changes will go into effect on September 15, 2009.

Via sonnenschein, privacy law blog, huntonprivacyblog

Absolute Software announced this week that its consumer data protection and laptop recover tool, LoJack for Laptops, will now be available in Europe!

LoJack for Laptops, popular for home and small business laptop owners, can now be purchased online (for Mac or PC), with a one-year license for £45.99 in the U.K. and €52.89 throughout Europe.

Absolute Software has been serving European corporate customers with its Computrace product and service for some time, but this is the first launch of the product and service for consumers.

Over one million subscribers in North America have used LoJack for Laptops to protect their personal computers and its information. The Absolute Software Recovery Team recovers an average of 85 stolen computers each week - is your computer protected by Absolute?

Absolute also announced this week that Computrace will be built into the firmware for new Acer TravelMate 6493 and 6593 notebooks. For a list of all laptops with Computrace at the firmware level, read here.

According to the public breach records, as recorded on DataLossDB, there have been 234 breach incidents so far in 2009 (as of June 18, 2009). So far, this is less than half the breach incidents for 2008 (642), a good sign. Of those breaches, 19% can be attributed to stolen laptops or computers.

It should be noted that these records are of recorded breach incidents and that they cover the number of incidents, not the number of records breached per incident. For example, the most recent data breach involving a stolen laptop was reported this week and affects 75,000 people.

Based on the 2009 statistics available, stolen computers account for the highest number of breaches this year. 16% of breaches can be attributed to stolen laptops while an additional 3% can be attributed to stolen computers. Another 5% can be attributed to lost media (which could include mobile phones or USB devices, for example). It's clear, from this, that mobile computers and devices are a huge threat to data security.

To protect your data security assets, why not call Absolute? Learn how Computrace can help you manage your computers and smartphone, with features that include geolocation tracking, remote data delete and theft recovery. Learn more here.

Graph provided by Datalossdb.org

Absolute Software has revealed a new website design! Absolute.com is now the home for both its business and consumer laptop security product lines, Computrace and LoJack for Laptops.

You'll find that Absolute.com is a portal to lot of fantastic information. Take a moment to browse around, being sure to stop over at the Resource Library, as well as our Services and Products sections. And let us know what you think!

According to an audit by the state of Illinois, 52 computers are currently missing from a State agency, some of which may contain sensitive information.

The Department of Financial and Professional Regulation, which regulates banking, insurance and licensed professions in Illinois, was found to be missing 35 laptops and 17 desktops. It is unclear what information was held on these missing computers. The Department believes the missing computers were transferred to the Department of Central Management Services, but as yet no record of that transfer has been found.

The audit criticizes both the Agency and the Department for not adequately planning, co-ordinating or verifying the transfer of equipment. It is recommended that both the Department and the Agency perform a detailed inventory of computer equipment in an effort to reconcile any missing items. As of yet, these lost devices may or may not lead to a data breach incident. I would also criticize the Agency for not having records that indicate what data was held on the missing computers - an important factor to determine if a breach has occurred or not.

Via SJ-R, Chicago Tribune