Behind the Scenes: A Look at Our Laptop Encryption Protection

March 6th, 2010 by Sharma No comments »
Icon from Nuvola icon theme for KDE 3.x.
Image via Wikipedia

Today we’re going to to do a little bit of self-introspection and try to demonstrate why we think Encryption is necessary in fast paced world and why it makes sense to use Alertsec’s encryption protection.

In a recent report yet again, McAfee which is a leading maker of Internet security software had given strong warning that there are many hackers who are targeting the intellectual property systems being used by the hackers. They also believe that it is time that the security focus is increased. This is the latest addition to the attacks on Google which revealed where they originated in China and resulted in theft of its intellectual property.

Infact, we always believe that the single most important asset for an organization is the information itself.  With transition from Web1.0 to Web2.0 the deskops are being increasingly replaced the laptops and have become the major computational source.

The majority of the data loss occurs to due the loss or theft of the equipment. However, it can be easily controlled with the installation of a laptop encryption system. Essentially what it does is ensure that there is no loss or damage to the information or credentials.

According to the FBI, losses due to laptop theft totaled more than $6.7 million dollars in 2005. The Computer Security Institute/FBI Computer Crime & Security Survey found the average theft of a laptop to cost a company $89,000. Depending on the information kept on a laptop, lack of proper security precautions allows a thief to easily acquire such information as personal bookkeeping files, documents containing passwords, addresses, as well as employee and customer information stored on company laptops.

Nevertheless, statistics tips it is quite evident that there is big loss of laptops due to theft. Infact, we’ve also found out that as many as 1 in 10 laptops will be stolen during its lifetime.

We at Alertsec Xpress offer full disk encryption which is superior to other encryption methods when comparing security, performance, robustness and ease-of-use for both administrators and users.

  1. Secure and Reliable
  2. Secure disposal of old laptops
  3. Transferable subscriptions
  4. Convenient (24/7 Helpdesk)

Do check the technical specifications about our laptop encrpytion service here, we would be glad to hear from you.

Related articles by Zemanta
Reblog this post [with Zemanta]
Share and Enjoy
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • LinkedIn
  • Live
  • MySpace
  • Reddit
  • Slashdot
  • StumbleUpon

No comments »

Posted in Encryption, Lawsuits and settlements

Hackers bypass Captcha

March 2nd, 2010 by Sharma No comments »

Do you remember those numbers that you enter for verification while signing up for a new yahoo account? Yes, we are talking about a CAPTCHA (pronounced /ˈkæptʃə/) which is a type of challenge-response test used in computing to ensure that the response is not generated by a computer.

Early CAPTCHAs such as these, generated by the...

Image via Wikipedia

While Captcha ensures security of critical data on the internet, 4 notorious miscreants from California had other ideas. The culprits who were identified as Kenneth Lowson, 40; Kristofer Kirsch, 37; and Joel Stevenson, 37, Faisal Nahdi, 36, were charged in the indictment.

What they did ?

These men who worked for Wiseguy Ticket Inc. hacked into the system of popular ticket sellers such as Ticketmaster, Tickets.com, MLB.com and MusicToday. They bought and resold over 1.5 million tickets to brokers in the New Jersey area. The equivalent value of fraud is estimated at $25 million.  These were tickets of popular shows including Bruce Springsteen and Kenny Chesney concerts, also included were 2007 Major League Baseball playoff games at Yankee Stadium and Broadway productions of Wicked and The Producers.

How they did it ?

To provide un-biased access of tickets to popular events, the vendors such as Ticketmaster have put a limitations on the number of tickets that can be bought by an individual or a company. To execute this concept, online vendors have set up necessary software to which detects and prevents automated systems from dispensing bulk tickets in one go.

According to the government the employees at Wiseguy also worked with computer programmers in Bulgaria and developed a network of strong desktops which could be used to impersonate human beings. Evenutllay this lead to bombardment of tickets at the vendor’s place. Apparently, the culprits also had access to fake domain accounts & passworrds.

The Wiseguy team earned profited from the scheme by selling the tickets at a markup to the by charging its ticket brokers a percentage mark-up over the face value.

U.S. Attorney Paul Fishman said the tickets cost consumers an average of $30 a piece, with some premium seats going for more than $1,000, before they were turned over to a regular ticket broker at inflated prices. He also said, ‘Today’s indictment represents a significant step forward in the fight against those who use fraud to disrupt e-commerce and evade computer security’.

Infact this is not the first case were these guys have been caught. The charges also cites references to 42 additional counts of wire fraud; where unauthorized access to computer system has been gained resulting in damage to computers in the local commerce.

About Alertsec

Alertsec is the frontrunner in offering hard disk encryption as a fully managed service. We provide protection for all information stored on laptops and PCs in an easy, convenient, and cost-effective way. Check out our convenient and cost-effective computer security software for Windows 2000, XP, Vista and 7.


Related articles by Zemanta
Reblog this post [with Zemanta]
Share and Enjoy
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • LinkedIn
  • Live
  • MySpace
  • Reddit
  • Slashdot
  • StumbleUpon

No comments »

Posted in Security Flaw

Tags:

Banks Distribute Free Security Software to Customers

February 28th, 2010 by Bogdan No comments »

HSBC has recently started providing its online banking customers with free Rapport software, a service from Trustee that helps protect Internet browsers. The bank joined several other financial organizations, such as Bank of America and Barclays, which offer complementary or low cost security software to their clients. This move by HSBC highlights the importance of online safety in the current environment. If companies are willing to dedicate resources to protect their customers, they should equally invest in protecting company information and data.

Businesses like HSBC are doing the right thing by looking out for their customers’ safety. Additionally, the move has generated lots of free positive press and helped put the bank in a positive light. The promotion is also low cost and affordable, making it a smart business decision. HSBC’s actions are commendable, however, it’s unclear whether the organization is fully protecting itself. Security experts are questioning some of the bank’s website features and the choice of Rapport as the security provider. The criticisms serve as a reminder- it’s crucial for businesses to defend themselves in every way possible to be fully prepared for the future. When it comes to a business’s security, there’s no such thing as being over-prepared when dealing with the Internet.

Spreading Your Resources

A company like HSBC usually has several separate budgets to cover expenses. These range from amounts allocated for administrative costs to figures backing the latest marketing campaign. HSBC’s move showed an in-depth understanding for business strategy. It’s important for companies to work on promoting a fully integrated message- one which shows how all of its different areas work together to create a great product. HSBC spent money to provide customers with free security software and the purchase helped decrease the need for spending in marketing, advertising, public relations, and even recruiting! After the media picked up the story, HSBC can sit back and enjoy its investment.

However, it appears the company standpoint on security fell short- an analyst at a rival firm crictized HSBC in an interview with eWeek Europe:

Cluley …questioned HSBC’s decision to allow banking customers to save their user ID on their browser. Rather than entering the ID every time they access the site, user’s can choose to have their browser remember the code.

“Certainly I wouldn’t feel comfortable if my online banking password was being remembered for me in this fashion,” he told eWEEK Europe UK. “A home computer may not be ‘public’ or ’shared’, but it can still be stolen or a dodgy workman might have access to it. My suspicion is that security and usability have once again had a wrestling match, with those who want less support calls from forgetful consumers winning.”

It’s unclear whether Cluley’s claims are well-founded; a representative of HSBC explained that the ID saved requires an additional password and exists as added convenience. Nonetheless, organizations need to evaluate how their budgets are being spent and make sure that security is well funded. A firm protected by Alertsec Xpress would be able to use advertisements to promote its business’s high level of security and market itself as a safe organization which uses encryption to protect customers. Companies should explore how their security spending is connected and find the strings which can be cut.

Share and Enjoy
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • LinkedIn
  • Live
  • MySpace
  • Reddit
  • Slashdot
  • StumbleUpon

No comments »

Posted in Uncategorized

Tags:

Security Breach at Shell Reveals Personal Employee Information

February 27th, 2010 by Bogdan No comments »

Security breaches can happen anytime, anywhere, and can affect practically anyone in an organization. In the past, we’ve covered several examples where breaches revealed customer’s passwords and social security numbers. Today, we explore a different type of breach- one which leaked the personal details of 170,000 employees and contractors of Royal Dutch Shell. This incident is important because it provides a perfect example of how storing unencrypted data on company computers can be dangerous and have serious consequences that can strike a company from the inside.

The situation is particularly difficult for the infamous oil corporation- the database of names and personal contact details has been e-mailed to several non-governmental organizations, including Greenpeace, Friends of Earth, and Shell Guilty. Shell has attempted to prevent the NGOs from publishing the information, explaining that in doing so, they would be breaking the law. Additionally, Shell is launching a full scale investigation in an effort to figure out how their employee information ended up accessible to third-parties. While it’s difficult to guess at the techniques used by the hackers involved, one thing is clear- Shell computers aren’t protected by full disc encryption services and, as a result, are much more vulnerable to online threats.

Shell’s Information is a Serious Problem

Understandably, Shell is trying to prevent the security breach from being seen as a serious problem. An article from TimesOnline included a statement from the company:

Yesterday Shell sought to play down the leak. A statement said: ‘Certain data concerning Shell employees and other individuals on our internal address list has been disclosed to some external parties. The data is mainly business-related.’

While there may be some truth in the statement’s claims about much of the information being publicly available and not damaging the company, it’s likely that Shell’s employees feel differently. According to a report by the BBC, some of Shell’s workers had their private home telephone numbers leaked. Even if no personal telephone numbers were leaked, the breach brings attention to the poor status of computer security at Shell. Employees can’t work well knowing that their personal details aren’t well-protected. This last complication is troublesome, at least for Shell, which will need to improve the way it does business in order to reassure its employees that their private information is safe. Dealing with the aftermath of a crisis, such as Shell’s security breach, can be extremely costly and in many cases, a damaged reputation can’t ever truly be recovered, regardless of how much money is spent.

Lessons to Learn

Ironically, Shell’s security breach came at a convenient time- had Shell discovered the breach in April, a new set of laws (covered here and here) would have allowed the company to be charged fines of up to £500,000. However, even without the monetary cost, Shell lost something extremely valuable: the trust of its employees. Shell workers are much less likely to remain loyal to a company which isn’t proactive about protecting its internal information.

In order to earn and maintain the trust of its workers, a company needs to employ solutions which are easy to use and keep data secure. Had Shell been using our Alsertsec Xpress computer security software, the company may have avoided the embarrassing security breach and kept its positive reputation among employees. Our software is specifically designed to keep all business parties happy and secure- it encrypts data, making it much more challenging for the others to access it.

Further Reading
 Shell investigates posting of personal data [TimesOnline]
Shell security breach reveals employee details [BBC]

Reblog this post [with Zemanta]
Share and Enjoy
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • LinkedIn
  • Live
  • MySpace
  • Reddit
  • Slashdot
  • StumbleUpon

No comments »

Posted in Data Protection, Encryption, Lawsuits and settlements

Tags:

Massachusetts Enforces New Security Laws for Consumer Protection

February 26th, 2010 by Bogdan No comments »

As we predicted earlier this month, more legislation is being passed by governments to hold companies accountable for data breaches and increase overall security of businesses. Massachusetts is the latest to join this trend- starting March 1st, businesses in the Commonwealth will be held to a much higher standard when dealing with protecting their customer’s personal data. Organizations which fail to comply with the new law before the start of next month can face fines and be liable for civil lawsuits.

The new legislation is extremely important because, even though it only applies to companies in a specific state, it have many global implications. The main one is that governments are taking note of security breaches and considering them a serious threat. The new laws demonstrate that businesses which fail to protect their internal data will face punishment. Data encryption needs to be a part of every corporation’s security strategy- the law specifically mentions that personal customer information has to be encrypted!

A Look at the New Laws

Massachusetts Privacy Law – 201 CMR 17 Compliance [PDF] was created to protect customers from identity theft and other troubles that result from a company revealing personal information to outside parties. The law outline the measures businesses need to take to keep customer data secure. An article from Bank Info Security summarizes the new rules:

The new law, Massachusetts identity theft regulations, 201 Code of Massachusetts Regulations 17.00, applies to any individual, company or organization that handles personal information in connection with employment or the sale of goods or services. Under the law, Massachusetts will require any entity that stores or transmits residents’ personal information to encrypt the data when it’s stored on portable devices or transmitted via the Internet. The personal information is a combination of customers’ or employees’ names and their Social Security, bank account or credit card numbers. The Massachusetts Office of Consumer Affairs and Business Regulation (OCABR) says it is trying to create a culture of security around personal information.

The articles points out that the law may be difficult to enforce- in fact, the original deadline for compliance was pushed back from August 2009. However, Massachusetts businesses shouldn’t rest easy- those found in violation of the law can face severe penalties under Regulation of Trade, chapter 93A, section 4, including:

  • Civil penalty of $5,000 per violation
  • Payment of the costs of investigation and litigation of such violation (including attorney’s fees)
  • Payment to victims of security breach

How to Respond

Businesses, particularly those in Massachusetts, need to develop comprehensive longterm security plans for protecting their company’s customers. The new laws aren’t meant to penalize companies for experiencing data breaches; rather, they’re supposed to encourage companies to practice smart security protocol. Organizations worldwide can follow the laws voluntary and enjoy a higher level of security and, ultimately, better relations with customers.

In order to avoid unnecessary costs associated with data breaches, companies need the right technology. Our Alertsec Xpress full disk encryption service helps businesses comply with new laws by securing customer data. We offer encryption software that’s extremely easy to use and a must-have for any company which wants to be protected from online threats.

Further Reading
Mass. Data Privacy Law: Are You Compliant? [Bank Info Security]
Massachusetts raises the bar for personal data protection, globally [Ovum]

Reblog this post [with Zemanta]
Share and Enjoy
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • LinkedIn
  • Live
  • MySpace
  • Reddit
  • Slashdot
  • StumbleUpon

No comments »

Posted in Data Protection, Encryption, Lawsuits and settlements

Tags: