Archive for January, 2011

Cost of Identity Theft (Graphic)

January 30th, 2011

In their latest blog-post, Mashable has talked about the infographic created by Sam Franada of Lines & Moodswings for KGBPeople which is based on data from Wikipedia, the I.D. Theft Center and other sources.

According to the info-graphic it is mentioned that 10% of Americans have had their identities stolen, and on average lost around $5,000.

The average cost for businesses worldwide leads to a staggering $221 billion each year.

Identity Theft

Enhanced by Zemanta

Two Unencrypted Laptops and an iPad of NFL Employees stolen

January 30th, 2011
The new NFL logo went into use at the 2008 draft.
National Football League

National Football League Employee’s Laptop Stolen

If an encryption software had been used to protect the data, there would be minimal chances of Identity theft from the stolen devices. In a fresh incident, two more National Football League (NFL) employee’s laptops have been stolen at the Dallas Convention Center on Sunday.

The stolen laptops belonged to a private investigator and a security consultant based in California. Both employees were preparing the Dallas Convention Center for the NFL Experience. The convention center is hosting the NFL Experience, an interactive theme park with games, displays, autograph sessions and a memorabilia show. These laptops not only stored sensitive information but also not protected with encryption software.

Similar Incident Happened just two weeks ago

A similar incident happened earlier this month in Arlington, a laptop containing NFL and Super Bowl XLV credential information was stolen from a car parked outside a restaurant. According to Arlington police, several thumb drives and security credential artwork were also stolen with the laptop. These devices belonged to a NFL employee working on Super Bowl XLV.

In this case police arrested three people, but was not able to recover the laptop. In the current case Police do not have any suspects but believe that the above two incidents are not related.

NFL Employees left Devices Unattended

Dallas police Sr. Cpl. Kevin Janse said, “Someone stole two laptops and an Apple iPad that had been left unattended for about 25 minutes inside a ballroom at the location. The property belonged to two employees hired by the NFL. None of the devices contained information that would compromise or jeopardize the security of any Super Bowl-related events”, he added.

According to Janse “The devices contained no important security or otherwise sensitive information relating to the Super Bowl” and there was no security concerns related to the theft. The stolen devices were left unattended at a Starbucks kiosk for 25 minutes inside a ballroom.

Janes further said, “The laptop theft was nothing more than a crime of opportunity and that the suspects probably didn’t even realize who the owners of the property were”.

This is just a case of carelessness of NFL employees. It’s a dumb activity to leave important devices at an unfamiliar coffee shop for Twenty Five Minutes. The NFL said that theft didn’t compromise security and only artwork for credentials that was subsequently changed after the theft. We can only hope that NFL would be more active towards securing the data as this was the second laptop theft case in one month.

How Alertsec Xpress Would Have Helped

The above mention situation shows how much Full Disk  Encryption is necessary to stay secure and protect your data from the laptop thefts. In an incident which highlights the need of a data security and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

Enhanced by Zemanta

Department of Health and Human Services Announced an Internal Data Breach

January 28th, 2011
The Department of Health and Human Services he...
Health and Human Services Headquarter

Every week we post  news about data breach incidents, some of which also involves the identity theft and activities around financial security. Data breach news, may be not the best way to remind you of the need for security but through this we make you aware that don’t just read or watch the news. To stop such cases you need to act and take immediate action like using data protection and data encryption software like Alertsec Xpress.

Department of Health and Human Services

The latest news of data breach is of the North Carolina Department of Health and Human Services. DHHS has announced an internal data breach that computer disks belonging to the Division of Services for the Deaf and the Hard of Hearing are missing. DHHS claims that the missing disks accidentally fallen in the landfill as there a renovation process was going on in the North Carolina DHHS office.

According The DHHS press release, “a set of computer disks belonging to the Division of Services for the Deaf and the Hard of Hearing (DSDHH) may have been accidentally discarded and likely taken to a landfill”.

This statement makes it clear that they were also not sure about the disk taken to a landfill. Might be, the disks were stolen while offices were being renovated. Although the breach is not clear but according to the NC Senate Bill 1048, it is a case of data breach and DHHS has to inform the victims of the breach.

Disks were Locked Under a Secret Code

The disks contained personal information of clients who had applied for services from the Equipment Distribution Service within DSDHH from January 2005 through December 2008. For the security measure disks were encrypted since 2008.  Although disks were locked under a secret code but that code was very easy to crack.

For precautionary measures DSDHH is sending the letters to each person whose information was stored on the missing disk. This letter included the information related to the incident and guidance how they can protect themselves from identity theft. DHHS also notified the Consumer Protection Section about the breach and contacted the State Bureau of Investigation.

Concerned or Affected Citizens can Contact DSDHH

DSDHH has added a link to consumer protection information on the division’s website at www.ncdhhs.gov/dsdhh and prepared staff to answer questions from concerned citizens who may have been affected.
Clients with questions or concerns should call (800) 662-7030 (English/Espanol) or TTY for the hearing impaired at (877) 452-2514 between 8 a.m. and 5 p.m. weekdays. In the Triangle, call (919) 855-4400 or (919) 733-4851 (TTY for the hearing impaired). Questions or concerns can also be e-mailed to care.line@dhhs.nc.gov.

How Alertsec Xpress Would Have Helped

In an incident which highlights the need of a data security and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data.  Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

Enhanced by Zemanta

University of Sydney Failed to Secure Student’s Private Information

January 23rd, 2011

Data Breach at University of Sydney

University of Sydney is the Another victim of Data Breach

A security flaw in managing web data caused another data breach and this time the victim is University of Sydney. In this data breach the detailed records of the thousands of University students were leaked. The past and present student’s vulnerable data were stored online where they could be easily accessible and down-loadable. The lost record of the students contained student full name, home address, email address as well as the courses they studied and the cost of that course.

A security expert said that it took less than five minutes to access the records of around 55 students. To access the any student’s information you need only that student’s ID number, but just by entering the numbers in the internet browser’s address bar brings students’ private information randomly.

New South Wales Investigation Report

New South Wales is Australia’s most populous state and located in the south east of the country. The office of NSW Privacy Commissioner is investigating this data breach incident. NSW acting privacy commissioner, John McAteer said in a statement that judging from the information; it appeared the university might have violated section 12(c) of the NSW Privacy and Personal Information Protection Act 1998.

According to this act, “a public sector agency that holds personal information must ensure that the information is protected, by taking such security safeguards as are reasonable in the circumstances, against loss, unauthorised access, use, modification or disclosure, and against all other misuse”.

Vice-chancellor Sent Email to Inform the Students

This website was made aware of the breach after it revealed that the website of University of Sydney was sabotaged and altered by a hacker. After this website informed the University of the Breach, it blocked the access to the vulnerable part of the website.

The vice-chancellor and principal Michael Spence, sent an email related to data breach to all students. In the mail he said that unfortunately a malicious hacker managed to access the university’s home page and some high level corporate web pages, last week. So the university had engaged two of Australia’s leading web security organizations to investigate this matter.

Law enforcement authorities were not informed about Breach

A spokesperson said that the incident had not yet been reported to any law enforcement authority. According to newspaper information, the university was told about this security threat in February 2007, but did not take any action to secure the information.

Michael Spence, declined to comment on the possibility of an earlier report, but said that he was “appalled to be notified that some records could be accessed in this manner”. He said that the university would take action immediately to close it.

As threats of data security are growing nowadays, it must for the organizations to do proactive assessment and mitigation of threats. By taking the proper measures and by using the data encryption software companies can secure their customers confidential data. It’s crucial for the organizations to safeguard websites from the security breaches.

How Alertsec Xpress Would Have Helped

To stay secure, and protect your data from breach incidents, it is vital to use a data security/recovery software. In an incident which highlights the need of a data security and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

Enhanced by Zemanta

Unencrypted Laptop is lost by Doctor, Employed at Hull and East Yorkshire Hospital

January 22nd, 2011

Laptop thefts are the most common ways of security breach. Laptops get stolen from homes, vehicles and other common places are just a plain lost of security breach.

Stolen Laptop Contained Confidential Patient Data

An unencrypted laptop containing confidential patient data was stolen from the house of a junior doctor employed by the Hull and East Yorkshire Hospitals NHS Trust. Laptop contained the information of over one thousand patients including names, dates of birth, hospital numbers, as well as details about treatment received by 1,147 orthopedic patients.  The doctor loaded this information onto his personal laptop.

The laptop was stolen in November but the doctor waited for two weeks before informing his superiors about the theft. The reason of this, it is illegal to carry official data and he was not authorized to take the data on his personal system.

Apology Letter Sent to All Affected Individuals

An apology letter was sent to all affected individuals, which was signed by its chief executive Phil Morley. The letter said “I am writing this letter to inform you of the incident and also to apologise unreservedly for the loss of your confidential data. The doctor acted outside trust and NHS regulations in taking unencrypted patient data away from the trust and installing it on his personal computer.I can advise that the trust treats these matters very seriously and the doctor concerned is being managed in accordance with the trust’s policies and procedures”.
According to Hull & East Riding report, the trust temporarily suspended the doctor and scheduled a disciplinary hearing. But now he returned back to work because the result of a disciplinary hearing is pending.

Chris McIntosh, chief exec of encryption tools firm Stonewood, said “This doctor should never have had the opportunity to take unencrypted data home with him. Hull and East Yorkshire Trust needs to have more than regulations in place that simply shift the blame to employees”.

Hull and East Yorkshire Hospitals NHS Trust

The Hull and East Yorkshire Hospitals NHS Trust operates the Hull Royal Infirmary and Castle Hill Hospital in Cottingham. This breach is the third incident of data breach to affect Hull residents in less than a year. The first case is the theft of sensitive data from A4e and the other one is unauthorized access of sensitive data by an NHS staffer.
McIntosh, said hospital bosses were partly to blame for the latest incident. “It is all very well organisations having regulations on data protection, yet if they can be easily broken by employees, whether knowingly or not, they become meaningless” he added.

Need of Data Protection

There are so many reasons why you should take precaution and encrypt all of your company laptops and USB devices. Just give a look on the recent data breach cases which caused financial loss and identity theft for the customer and caused loss of reputation and legal litigation cases for companies. Encryption can also avoid the necessity to send out data security breach notices. Employer should provide an encrypted and secure system to their employees.

Alertsec is the frontrunner in offering data security, pointsec, encryption, encryption software, data encryption software, computer security software, hard drive encryption, laptop encryption, full disk encryption and computer protection software.

Enhanced by Zemanta

European Data Breach Law is a Worry for Telecom Companies

January 21st, 2011
European Network and Information Security Agency
ENISA

Time and again, we have been educating you about the stringent data breach laws that are being brought into practice by governments of various countries. Our goal is to create awareness about the changes in the IT security system and the precautionary measures that you need to take in-order to control them. Talking about laws, United States has been a key driver for such laws and is followed closely by UK. This time our discussion spans across the whole of Europe, where the organizations in Telecom sector are apparently worried about a soon to be implemented law involving data breach notification.

What is ENISA?

Getting started, let us first of all try to understand what ENISA is? ENISA stands for European Network and Information Security Agency. ENISA is primarily the cyber security agency of European Union. Its mission is to achieve a high and effective level of Network and Information Security within the European Union.

ENISA’s Report about Data Breach Notifications

On 14th of January 2011 i.e. exactly a week ago, ENISA has released a new report about data breach notifications in Europe. The report is bi-folded and addresses the following aspects:

1. The key concerns of the telecom operators (via a representative sample of companies)
2. Issues raised by data protection authorities (via interviews of DPAs)

In the wake of recent breach incidents in Europe, the law is absolutely critical to reassure citizens that their data is protected by e-communications operators.

What is the Data Breach Law then?

This security breach notification law forces companies, which have lost customers’ or employees’ personal data to announce the data loss across Europe.

Eduardo Ustaran, head of the privacy and information law group at law firm Field Fisher Waterhouse (FFW), said “the law will be introduced under an amendment to the 1995 EU Data Protection Directive, which is currently being reviewed by the EU Commission”. Ustaran, further added, “All of the European data protection regulators have made very strong calls for this mandatory breach notification”.

The Executive Director of the Agency, Prof. Udo Helmbrecht commented: “Gaining and maintaining the trust of citizens of that their data is secure and protected is an important factor in the future development and take-up of innovative technologies and online services across Europe.

Back-tracking the Data Breach Notification Law

In the UK, the data-protection regulator is the Information Commissioner’s Office. The data breach notification laws started in California, have spread over most of the USA and in Europe, with national data protection laws already in place since 1973. The data security remains just one element of their comprehensive coverage.  In the United Kingdom, the data-protection regulator has the power to fine organisations for breaching data protection laws and has first fined the Hertfordshire County Council and employment services company A4e.

The Part 11 of the Anti-Terrorism, Crime and Security Act 2001 contains a number of sections which deal with the retention of communications data by fixed line and mobile telephone service providers and internet service providers.

Data Breach History in EU

More than 1,000 security breaches involving the loss of confidential customer data have been reported in UK till now. According to the Information Commissioner’s Office’s figure, this list is topped by the NHS which has reported 305 breaches since November 2007.

Enisa data-breach expert Sławomir Górniak said “Every day there seems to be headlines that personal data has been leaked, that someone has found a laptop on a train”. Measures such as encryption can mitigate the risk, “If you lose a laptop, and it’s encrypted, and you have the keys, then this is not a data breach,” he added.

Organisations must provide a clear assurance to customer that the private data will not be leaked in the software and security functions used in privacy is at up-to-date level.

How Alertsec Xpress Would Have Helped

To stay secure, and protect your data from breach incidents, it is vital to use a data security/recovery software. In an incident which highlights the need of a data security and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

Related articles

Enhanced by Zemanta

Fine Gael website has been Hacked and Personal Data of 2,000 Supporters were Breached

January 18th, 2011

When you are talking about data in IT organizations hacking attacks will continue to thrive. Again in any professional organization, the tendency of such kinds of attacks happening in real-time is very common. Through the medium of this blog, we’ve been highlighting several breach incidents which present strong warnings for organizations to enhance their mechanisms for the protection against data loss incidents. One such way of ensuring the data security is through the use of data encryption software.

Today we are going to talk about Fine Gael, a political party portal and how it became the latest victim of data breach incident.

Fine Gael website Hacked by an “Anonymous” Group

Enda Kenny

Fine Gael party leader Enda Kenny

As we mentioned above, Fine Gael is the new website of an Irish political party. It has been hacked by “Anonymous”, an online hacking group. The website was launched last week and the reason of launching was to invite members of the public to share their views on policy and the future of Ireland.

Fine Gael has been formed in 1933 and considered as the moderate political party. On Tuesday Party replaced its old website finegael.ie with the new website finegael2011.com. This site has been hosted by the American internet firm ElectionMall Technologies which is a US firm.

Personal Data of Around 2000 Supporters were Revealed

So how does it feel to be among those whose data is revealed? Exactly this is what happened to the supporters of Fine Gael. The hacking incident had an impact on the personal data of around 2000 supporters. Irish Central reported that the number of affected is believed to increase to 4,000. This attack took place on Sunday and immediately after the attack website was forced offline. The hacker was forwarded the personal details file to media organizations. This file was containing the IP addresses, phone numbers and e-mail addresses of approximate 2000 people.

Why the New Hosted Website was Hacked

According to the attackers, the site was hacked because comments submitted to the site by users were being censored and forwarded around 2,000 members’ details with the claim that the party was censoring comments from the public. Hackers posted a message on the Fine Gael website after removing the message posted by them. The posted message was “Nothing is safe, you put your faith in this political party and they take no measures to protect you. They offer you free speech yet they censor your voice. Wake up!”

A spokesperson for Fine Gael said the attack was “assumed to be by Anonymous”, but “the link is yet to be proven”.

This online “Anonymous” Group is best known for its attack on websites and has been also tried to bring down several payment sites including Mastercard.com and Visa recently to block the payments to Wikileaks.

Action Taken By the Party

As a follow-up activity, party has informed the people, whose data has been compromised by an email about the breach. Also warned them that the hacked data was included their personal details like names, email addresses, constituency details and phone numbers. Fine Gael contacted to the data protection commissioner “Billy Hawkes” who is investigating this case and also contacted the Garda Computer Crime Unit in relation to the attack. The FBI has also involved in this case after ElectionMall contacted the US police.

According to Hawkes, party suspects that the personal data of those who posted comments or registered their details has been compromised. In a statement party said the website will be offline “while we follow-up with the appropriate authorities to resolve the matter.”

How Alertsec Xpress Would Have Helped

In an incident which highlights the need of a data security and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data.  Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

Enhanced by Zemanta

Government Data Breach Caused by Bogus White House Holiday eCard

January 17th, 2011
The White House
The White House

All that Glitters is not Gold :)

A clever hacker had sent an innocent looking bogus greeting card to a number of top level government employees and contractors which appeared to be a holiday greeting from the White House. But there was a hidden Trojan virus in those greetings, named card.zip which stole data like PDF, Word and Excel files. The information stolen was sent to a server in Belarus, reported by Network World. The hacker sent those cards through email two days before Christmas.

Malware short for malicious software, is an intrusive software made to secretly grab the information on a computer system and that to without the knowledge of the user of the node. Malware includes computer viruses, worms, trojan horses, and other malicious and unwanted software.

Used White House as cover for the hacking

This was a very sensitive case of official data breach, which was using the White House as cover for the hacking. It was very obvious for everyone to get excited on receiving a holiday e-card from the Obama Administration via whitehouse.gov. There were hidden malware that uses existing known hacking methods and stole data from the targeted computers. This was a breach which is directly attacking on the nation’s cyber infrastructure.

In the breach hacker is stolen more than 2 gigabytes of data from a number of victim’s computers. According to a blog, the targeted computers in the hacking were National Science Foundation’s Office, the Financial Action Task Force, the Massachusetts State Police, and the Moroccan government’s Ministry of Industry, Commerce and New Technologies.

It might be work of Zeus malware gang

According to the Computer security expert Brian Krebs, it was the work of a hacker who infected 75,000 machines recently known as the ‘kneber’ compromise. He has given this report after tracking the holiday hack. This seems the work of the Zeus malware gang of hackers who usually target the banking information for hacking. Because a similar attack using the same Zeus malware happened about a year ago. This is the same gang which already had compromised over 74000 FTP accounts on the network of huge companies such as the Bank of America, NASA,Monster,Cisco and many more.

According to the Alex Cox, principal research analyst at Net Witness “It is not clear who is behind the attack and exactly what was his motivation”. He said, it might be an intelligence gathering mission to improve the chances of success in the future attack.

How Alertsec Xpress Would Have Helped

In an incident which highlights the need of a data security and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data.  Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

Enhanced by Zemanta

Privacy Breach at Vodafone, SMEs Need to be More Active

January 15th, 2011
Vodafone Logo
Vodafone Logo

Protection of its customer data must be the most important issue for any company and Vodafone is no exception. Ovum senior consultant Craig Skinner said,  the Vodafone incident provides a critical lesson for the small and medium enterprises. This major issue can affect the whole company and also its brand image. According to the reports Vodafone was not properly handling its customer data and private information including billing information and was easily accessible to the outsiders.

Vodafone Terminated Unspecified Number of Employees

Vodafone has terminated some of its employees in New South Wales because the passwords and other personal data were accessible through an internal portal. It is still not clear that how many employees have been involved in this breach and what was the actual extent of their actions.

According to the reports these employees distributed passwords which were used for gaining access to an internal database and Vodafone had no idea about all this. This incident took place when some staff of Vodafone disclosed the passwords that allowed access into a secure portal. That portal contained some private information like billing details, credit card details and some other sensitive information.

Password of the company database was shared by internal person

Vodafone chief executive Nigel Dews, confirmed that probably the incident took place when someone shared the password of the company database.

Dews said in a statement “We take data security and the storage of our customers’ information extremely seriously; we are conducting a thorough investigation of the incident and of our own security systems and processes and have taken immediate action”.

A spokeswoman said “Vodafone will change those passwords every 24 hours until it finds the persons who are responsible for the breach” to keep a tighter grip on security.

But this is not the proper security measures taken by the Vodafone. Data encryption software and computer security software are more reliable than changing the password.

Businesses should not give access to sensitive data with single password

According to the Skinner all the business data must be separate from each other and employer must know which data can be accessed by which employee. This will be very helpful in finding out the responsible person when a breach occur and can start an investigation.

Skinner said in a statement, “I’m unsure of Vodafone’s operational requirements, but other businesses shouldn’t have a situation where you are able to share a singled password and then gain access to the full amount of information for every customer.”

According to Skinner, it’s important for every company to conduct a security audit. In the audit the board brings in professionals to look at the data within the business and how it is protected. Board also checks where they are lacking in protecting data and where it could be leaked.

Importance of Data Encryption Software

If companies do not have internal system checks and will not use data encryption software, they will miss such type of mistakes and cannot protect their customer’s data properly. This breach has initiated the security experts for small and medium businesses to review their security procedures and make sure that confidential data is properly protected.

How Alertsec Xpress Would Have Helped

In an incident which highlights the need of a data security and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data.  Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

Enhanced by Zemanta

Better Business: How Data Breaches can lead to Identity Theft

January 12th, 2011
identity theft
Image by Rosie O’Beirne via Flickr

Data breaches continue to plague businesses and there are likely thousands of data breaches that go undetected or unreported. People have been victimized by security breaches multiple times, for example, by their schools, local, state or federal government, financial institution or many other organizations. Sometimes organizations have had multiple breaches. Maximum reported breaches by organizations could not clearly state that how much data was accessed or stolen.

What Counts as a Data Breach?

A data breach is the release of secure information to untrusted environment weather intentionally or unintentionally. It is a security incident in which confidential or protected data is stolen, transmitted or used by an individual who is unauthorized to do so. An incident of data breach may involve financial information like personally identifiable information (PII), personal health information (PHI), credit card details or bank details. It may also include trade secrets of corporations or intellectual property.

Reported Data Breaches Every Year

Approximately 10 million people are the victims of identity theft every year. The Identity Theft Resource Center in 2010 recorded 662 data breaches in the United States, which was nearly 33 percent increase from 2009 and at least 498 data breaches reported in 2009, which was actually an improvement from 657 the year before. According to the lists maintained by private groups that track reports of breaches, from January 2005 through December 2006 more than 570 cases of data breach were reported.

Big Companies are also not Safe

Well established popular hospitals, government agencies and other organizations have also been the victims of data breaches. Recently some big companies like fast food giant McDonald’s and Japanese Automaker Honda also get affected by the data breach. So it’s not the case of how big a company is but how much it is aware about the data security software and encryption software. There are only 46 states and three territories, which have enacted data breach laws, since 2005.

Companies must be Proactive in Notifying Consumer

According to the state and federal laws, companies must be proactive in notifying consumers in the case of data breach. If you are a business owner or executive, you have a responsibility to minimize the damage from a data breach. As soon as you become aware of a potential data breach, seek assistance from an attorney or risk-consulting company. They can help identify what state or federal laws require you to do, including alerting consumers or government agencies. Most companies will set up a hotline for the consumers to address their concerns and questions.

Consumers can File a Fraud Alert

If consumers receive a notification about a breach that they don’t thoroughly understand, they can call the company. They can also call their financial institution and get their advice on what to do. Check their statements as soon as they receive them and notify the financial institution immediately if there are fraudulent charges. They can file a fraud alert with all three credit reporting agencies (Equifax, Experian and TransUnion). These financial institutions are required to flag their credit report for 90 days and notify them if someone tries to open a new account using their information.

It is a very big responsibility for the organizations to secure sensitive consumer information. Organizations need to do a much better job in the case of handling and storing the sensitive digital data. They will have to increase their awareness and reaction towards the data and security breaches. Securing personal data is a very difficult task and is must for the organizations to use encryption programs. This is the only secure way to safeguard the data.

How Alertsec Xpress Would Have Helped

In an incident which highlights the need of a data security and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data.  Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

Enhanced by Zemanta