Archive for April, 2010

« Older Entries

Data Breach incidents in U.S. are hurting organizations

April 28th, 2010
Data security
Image by elmindreda via Flickr

While data breach incidents are not acceptable at the first place, what is even more surprising is the level of expenditure made on them once an incident on these matters is reported. According to a study conducted by the Ponemon Institute and PGP Corp. on an average it costs organizations in the U.S. about $204 per data record. This number is more than double for the figures reported from U.K. where the cost of a lost record is $98 per record. Infact, United Kingdom’s statistics are the lowest in the list of studied countries.

The survey was conducted among more than 133 companies spread over five countries.

Overall, the following were the results from the studied countries:

  1. US was $204
  2. Germany at $177
  3. France at $119
  4. Australia at $114
  5. UK being the lowest with an average cost of a stolen record at $98.

The cause for costs

According to the reports, the reason for high costs was the existence of legislation. Apparently, the involvement of processes and procedures lead to rise in costs. Infact, in US it is now only that 46 states have introduced new laws for public disclosure of data breach incidents. The costs in U.S. were 43% higher than the global benchmark.  Germany, where the laws have been recently introduced is also higher than the global average by 25%. In Australia, France and the UK, where data breach notification laws have not yet been introduced, costs were all below the average. This is why UK is at the bottom of the list with figures 45% below global average, since it does not have public disclosure procedures. That said, in the UK are required to notify the Information Commissioner’s Office when a data breach occurs.

According to Dr. Larry Ponemon, chairman and founder of The Ponemon Institute, “The over-arching conclusion from this study is the staggering impact that regulation has on escalating the cost of a data breach”. “The U.S. figures are testament to this and it’s clear that, as and when breach notification laws are introduced across the rest of the world, other countries will follow the same pattern and costs will rise.”

The impact of data breach

The after-effects of a data breach incident are hughe with ‘decrease in customer trust’ being the biggest threat. The bulk of these incurred data loss expenses (44%) were attributed to the cost of lost business which reflects the added expense of consumer churn. It also creates difficulty of attracting new customers in the wake of negative publicity. E.g. in the US the percentage caused by lost businesses was 66%.

Organisations which suffered a data loss incident due to malicious & criminal activities also incurred higher costs. The organization in France witnessed the the greatest negative impact. The report advises the organization to take a more proactive approach to protecting their data from theft in order to reduce costs.

Secure your organization with Alertsec

Alertsec Xpress is used in all organisations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to large multinational companies with offices around the globe. By using industry leading Check Point Full Disk Encryption (former Pointsec) software, Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption

For security and technology observations, consider following us on Twitter.

Related articles by Zemanta
Reblog this post [with Zemanta]

No comments »

Posted in Computer security, Data Protection, data breach

Tags:

Data Breach Issues with Copy Machines

April 26th, 2010

Do you ever think that the copy machines which you use for xerox and photocopies can every cause a security risk? A few days back CBS had reported in a video the story about the data security inside digital photocopiers.


Watch CBS News Videos Online

However, in a flip turn according to reports by Healthcare Info Security the Affinity Health Plan has notified more than 409,000 customers of a personal information breach which has led to leakage of information stored on hard drives of leased copy machines.

According to Abenaa Abboa-Offei, senior vice president of customer and community connections at Affinity, “Like many organizations across the country, we were not aware copy machines contained hard drives that need to be wiped”.

Apparently, it is the digital photocopiers which are affected by the problem and it is caused due to their working mechanism.

Nearly every digital copier built since 2002 contains a hard drive – like the one on your personal computer – storing an image of every document copied, scanned, or emailed by the machine.

They scan a page, then store the image on a hard disk and then make copies off that image. This results in reduced failure and improved efficiency. The only catch is that digital photocopier can be breached in the same way just like a normal laptop.

Although there hasn’t been any compromise on the information, incidents like these need to be treaded with caution.

Stay Protected and Secure with Alertsec

Alertsec Xpress is used in all organisations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to large multinational companies with offices around the globe. By using industry leading Check Point Full Disk Encryption (former Pointsec) software, Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption

Related articles by Zemanta
Reblog this post [with Zemanta]

No comments »

Posted in Alertsec Express, Data Protection, data breach

Tags:

Data Breach Incident at Gwent Police

April 25th, 2010
Microsoft Excel (Windows)
Image via Wikipedia

The cops at Gwent are studying a case where the information about people subject to criminal record checks was unknowingly emailed to a reporter. Apparently, the email was sent due to a blunder caused by one of the department employees.

The data was stored in a Microsoft Excel spreadsheet, which didn’t have any encryption and password protection mechanisms. It contained the details of full name and date of birth etc. It is believed that the sheet had info of over 10,000 people and out of that the results indicated 863 people as the ones having a criminal record.

The Register contacted Gwent Police which visited the site’s offices in London where the file was deleted in front of the force’s professional standards department officers.

How did the mistake happen

It was the auto-complete function which resulted in the inclusion of journalist’s email address. The email sender was using the Novell email client had also marked the email to five Gwent Police officials in the ‘CC’ field of the message.

The staff member has been suspended due to inquiry.

Deputy Chief Constable Carmel Napier said that she added the force has strict policies and procedures in place relating to data security and blamed human error for the mistake. Napier said, “We are very sorry that we have on this occasion failed to meet our own high standards,”

The police force has formed an established group to protect the interest of people who could be affected by this incident. The team is comprising of the IPCC has and regulatory bodies – Information Commissioner, Criminal Records Bureau, Home Office and Gwent Police Authority – have been notified.

According to a spokesperson, “Gwent Police is satisfied that the public and their personal data are not at risk, however, in view of any concerns members of the public may continue to have, we have set up a dedicated helpline to offer further reassurance”. Mrs Cilla Davies, Chair of Gwent Police Authority mentioned, “The Police Authority has been kept fully informed throughout and is satisfied that the chief constable’s immediate and decisive action is dealing with this unfortunate situation appropriately.”

About Alertsec Xpress

Alertsec Xpress is used in all organisations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to large multinational companies with offices around the globe. By using industry leading Check Point Full Disk Encryption (former Pointsec) software, Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption

Related articles by Zemanta
Reblog this post [with Zemanta]

No comments »

Posted in Data Protection

“SEEN or HEARD anything?” about the Laptop

April 21st, 2010
Locator map of Korea.
Image via Wikipedia

While delivering his talk in South Korea, Dr. Robert Levine would have got little idea that his laptop would be stolen. A couple of months ago, Dr. Levin, a nuerologist specializing in ears, was conducting a lecture and he later discovered that his laptop containing vital information for over 22 years was stolen from the premises.

According to the analysis done by Mass. Eye and Ear it was determined that Dr. Levine’s laptop contained critical demographic and health information of around 3,526 patients all of whom were treated by Dr. Levine at Mass. Eye and Ear during February 3, 1988 and February 16, 2010. Additionally, the laptop also included info of a small number of participants in research conducted by Dr. Levine at Mass. Eye and Ear who were not also Dr. Levine’s patients, as follows:

  • 67 participants in somatic tinnitus modulation research
  • One participant in pulsatile tinnitus research.

As per the new rules defined by the legislation, the responsible authority has to inform the affected individuals. Following the regulations, Mass Eye and Ear is informing the patients and research participants about the loss of information.

What kind of information was present?

It is typically believed, that Dr. Lveine’s laptop contained the following types of information:

Name, Address, Telephone numbers, E-mail, Date of birth and age, Sex, Medical record numbers, Dates of service, Medical information, including diagnoses, symptoms, test results, and prescriptions, Name and contact information for patient pharmacies and Research participant status.

The light at the end of this news is that critical information like Social Security numbers, financial account numbers, and credit or debit card numbers were not present on the laptop. Due credit needs to be given to the hospital for taking all the necessary action from their side. Letters have been dispatched to the affected individuals and also a notice has been posted on the website to inform all the individuals whose contact data is out of date.

Individuals who fit into one of the categories above, and who do not receive a letter directly from Mass. Eye and Ear, may contact the Mass. Eye and Ear Breach Response Center at 877-313-1395 to determine if they are affected.

According to the hospital, the computer was password protected and contained a tracking device called as “LoJack.” The hospital contacted contacted LoJack and they discovered the installation of a new operating system on the computer following the theft. It was also discovered that the software through which information about the affected Mass. Eye and Ear individuals was not installed again.

On April 9 it was determined that it was unlikely that continued monitoring of the computer would lead to its retrieval, and a command was sent by LoJack to the computer permanently disabling the hard drive and rendering any information, including information about affected Mass. Eye and Ear individuals contained on the hard drive, permanently unreadable.

Although there is no risk of exposure of financial information, it is believed that the information of the patients could be used to obtain medical care or medications in their name.

John Fernandez, Mass. Eye and Ear president and CEO said, “Mass. Eye and Ear apologizes to those affected for any concern, inconvenience, or risk that this incident may cause,”. “We regret that this incident occurred and are taking appropriate steps to protect individuals associated with Mass. Eye and Ear who may have been affected by this breach and to limit or prevent where possible such breaches in the future.”

About Alertsec Xpress

Alertsec Xpress offers computer security software from Check Point as a fully customizable and pre-packaged data encryption software solution.For more information visit us at www.alertsec.com

Reblog this post [with Zemanta]

2 comments »

Posted in Data Protection, Encryption

Tags:

A look at Alertsec’s Encryption protection

April 19th, 2010

Alertsec Xpress uses a 256-bit key as standard. This offers 2 256 (or 115 800 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000) possible keys, which is considered very strong. Even if a computer can try 1 Billion keys per second, it would still take 3.5 x 1060 years (or 3 500 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000) to try all different possibilities.

  1. Full disk encryption: Is used in order to encrypt all data stored on a hard drive. This includes installed programs, files and system settings, which makes it impossible for an unathorized person to read your files. When using Alertsec Xpress, you will not even notice the software since it is encrypting and decrypting data on the fly.
  2. File encryption: Alertsec Xpress encrypts the entire disk sector by sector, including the system files, temporary and deleted files. Therefore no questions can be raised as to whether the information was adequately protected when auditing.
  3. Boot Protection/Encryption: While controlling access to the computer is important, this does not by itself protect the data stored on the disk. For example, a simple boot floppy disk could be used to bypass boot protection. Alternatively, removing the drive and placing it in another computer will make the files accessible if they are not encrypted. This is why information on used hard drives, bought over the internet, is free to examine by the buyer.

Want to stay protected?

To see for yourself, subscribe for your personal 30-day free trial of Alertsec Xpress.

1 comment »

Posted in Alertsec Express