Archive for November, 2013

In last three years 1,500 laptops stolen in Oxford

November 29th, 2013

Increasing number of laptop theft cases are being reported in Oxford, as a result laptop owners have been urged to download tracking programmes and register their devices.

Police figures show that more than 1,500 laptops have been snatched in the city in less than three years.

The statistics, obtained by the Oxford Mail under the Freedom of Information Act, also show thieves took laptops from car parks, hospitals, churches and camp sites.

Last year 625 of the portable computers were taken in 479 thefts. In 2011 638 laptops were stolen during 491 thefts. Before the end of August this year, 387 laptops had been stolen in 290 thefts.

“Software can be downloaded to track computers and mobile phones. There has been variable success with them. It relies quite heavily on signal strength in the area so they are rather hit and miss.” said Former Thames Valley Police crime reduction advisor – Nick Gilbert.

Mr Gilbert, who now runs his own security consultancy in Witney, also said property – anything from cars to jewellery – can be registered for free at immobilise.com.

“If anything goes missing, providing you have all the information they need, there is a reasonable chance if it turns up anywhere in the county, it will be easy to find and recover” said Mr Gilbert.

But he said it was most important to take a note of the serial number because without it police cannot track the owner if they find the computer.

A brand new laptop worth £1,000 belonging to entrepreneur and former lawyer John Moore was stolen in Blackwell’s Bookshop cafe in September but it has not been recovered. The American lost details of a business scheme.

The Oxford resident said he wished he had known about tracking software before the theft, adding: “If I had downloaded it I definitely would have had the computer back.”

But he also said laptops should be better security protected so they were only accessible to the owner, adding: “If thieves understood that stealing a laptop is going to get them nowhere they are not going to steal them.”

Chauffeur Richard Arrandale lost photographs and a family history project when his laptop was stolen from his Kidlington home earlier this month.

He said thieves who take laptops also take sentimental information, adding: “A lot of people keep their personal stuff on their computers.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

After 7 months Maricopa Colleges informs 2.4 million students of data breach

November 27th, 2013

It took The Maricopa County Community College District seven months to notify 2.4 million current and former students and employees that their academic or personal data were compromised in a security breach.

The district’s governing board has already approved several million dollars for repairs, and agreed to spend up to $7 million more to notify everyone who is potentially affected, said spokesman Tom Gariepy.

Gariepy said that letters will be sent to current and former students, employees and vendors of the district’s 10 colleges going back at least several years to alert them that their information could have been seen.

Among the vulnerable data were employees’ Social Security numbers, driver’s-license numbers and bank-account information, he said. Students’ academic information also may have been exposed, but not their personal information. However there is no evidence that any information actually was looked at or stolen.

Gariepy also told that the FBI notified the district that it found a website advertising personal data from the district’s information-technology system for sale. The district’s website was taken down that day and stayed down for several days before being restored in stages.

Gariepy said the district didn’t release information about the event at the time because it was investigating the extent of the exposure.

“There was a tremendous amount of data, and the forensics investigation around this was very complex. They had to look at a number of different systems and servers and databases. It would have been nice to say something earlier, but we couldn’t give anyone information until we could say it with certainty, even if it’s not conclusive” Gariepy said.

At the same time, the district was repairing its information-technology system and didn’t want to publicize that it could be vulnerable. The district has installed more firewalls and security procedures. He also said some employees in the information-technology department face disciplinary action.

“We started immediate steps to make the system secure, and it’s become progressively more secure as time has gone on,” he said.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Data breach at Kaiser Foundation Hospital

November 25th, 2013

There is not a single week which goes without a healthcare data breach incident, in which a laptop or USB flash drive is stolen. The latest data breach victim in this league is the Kaiser Foundation Hospital Orange County – Anaheim Medical Center, alerting patients that their data had been compromised when a flash drive with their information on it went missing.

The California Attorney General did not reveal the number of patients affected, but Kaiser’s letter were released to patients and explained that patients’ names, medical record numbers, and dates of birth were included on the flash drive, however Social Security numbers were not.

Patients were not even offered the usual year of credit monitoring by Kaiser, which may be considered trite at this point but should be interpreted as a good-faith effort. Instead, it stated that it respects patients’ rights to file a complaint both with Kaiser and with the Office for Civil Rights. For an organization that still isn’t done with its ongoing, extremely-public legal battle with Surefile, it would be reasonable to expect the organization to do more than say it respects patients’ abilities to complain about their privacy being breached.

Moreover, its notification letter has very little transparency. It addition to not knowing how many patients were impacted, Kaiser is not coming up with information such as whether the data was encrypted and whether it was lost or stolen from inside or outside the organization. Kaiser isn’t a “mom and pop” shop that isn’t aware of HIPAA and the degree to which patient data safety is federally-regulated. Even if its Anaheim Medical Center is just part of the organization, in comparison to other breached organizations’ responses, some may argue that Kaiser should be able to make a better effort in notifying patients from both risk mitigation and informational standpoints.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

healthcare Organizations: Security a major concern

November 22nd, 2013

2014 IT audit survey results released by Protiviti, a consulting firm, provided some perspective on where some healthcare organizations are at the moment in IT auditing, including security, and strengthening governance and controls, and the level in which they’re managing IT risk.

The vendor’s third-annual IT audit benchmarking study, titled From Cyber security to IT Governance – Preparing Your 2014 Audit Plan, more than 460 IT audit executives and professionals were surveyed, including 6 percent of healthcare providers and 3 percent payers. Some of the top technology challenges identified include IT security, IT governance, vendor management, big data analytics and cloud computing, among others. IT security, including data security, cyber security and mobile security, was the number one challenge for the second consecutive year.

Following are the key findings from the report:

  • Organizations should be looking to expand IT audits as one component of a broadening net of assurance to evaluate the design and operating effectiveness of management’s security risk assessment, system of controls and monitoring of the environment.
  • Organizations do not have adequate IT audit resources, and these resources are not always a formal part of the audit group.
  • Not enough companies are performing IT audit risk assessments on a regular basis, nor are they updating these assessments as frequently as they should. As a result, IT components aren’t being sufficiently reviewed.
  • Strong IT governance and controls are a priority across all industries.

Brian Christensen, Protiviti executive vice president of global internal audit in the press release said “In today’s organizations, virtually every function is technology-dependent, which means companies face a greater number of challenges to ensure an efficient, secure IT environment. Based on the study, it’s apparent that there is a tremendous gap between where most companies are and where they should be in terms of managing IT risk and strengthening governance and controls. As audit plans are developed, these technology challenges should also be top-of-mind for internal audit.”

Some of the numbers suggest that there needs to be improvement in the different industries. According to the report, 42 percent of organizations reported that they rely on outside resources to augment their IT audit departments because they lack the appropriate internal resources to fully assess potential risks. And one-third of companies with less than $100 million in revenue do not conduct any type of IT audit risk assessment.

David Brand, a Protiviti managing director and leader of the firm’s IT Audit practice said “Although there are areas that clearly need attention, it’s a good sign that more companies are working to implement IT governance policies and procedures. We have seen an uptick in the number of companies that are evaluating IT governance as part of their audit process”.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Facebook alert its users following Adobe data breach

November 19th, 2013

Back in October, approximately 150,000,000 Adobe customer’s user information was compromised in a stupendous data breach. After such a massive damage to Adobe during security breach, Facebook users who use the same credentials as that of Adobe were asked by Facebook to take precaution so as to protect their information. Facebook’s security team is mining the data leaked from the Adobe breach to find users who are currently using the same password that they used for Adobe.

Facebook has locked the accounts of these users and the only way to unlock their account is by answering a few security questions and changing the compromised password. Facebook is telling such users that for their own sake, “No one can see you on Facebook until you finish.”

You may be wondering how Facebook is able to pinpoint which users are committing the security mistake of reusing passwords. The researchers at the social media website pass an Adobe

user’s recovered password through their hashing function, allowing them to see if the result matches what they have on record for that user. These actions show how the website is being proactive and responsible when it comes to users’ security and privacy.

This alertness by Facebook perfectly illustrates the importance of having multiple passwords and not reusing passwords on different sites, especially those which may have been compromised or leaked in the past. It is also critical to create strong and unique passwords that hackers will not be able to guess easily. Following these quick and easy password precautions will ensure your security and privacy on all of your favorite websites.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

388 council-owned laptops lost

November 17th, 2013

The loss of hundreds of council laptops potentially containing council taxpayers’ confidential information has been termed as ‘not a big security breach’.

The Observer exclusively reported an Interim Progress report from the Royal Borough’s internal Audit and Investigation Unit revealed 388 council-owned laptops were unaccounted for in a survey of council IT assets.

The missing laptops range from devices owned and used in council-maintained schools to assets kept in council buildings.

The report, which outlines risks arising from procedures and policies and any countermeasures being taken, was scrutinized at an audit and performance review panel meeting at the Town Hall, in St Ives Road, Maidenhead, on Thursday last week.

Councilor Duncan McBride, chairman of the panel, said: “I think this has come up before. It is not the first time it has come before us. It is clear from the previous meeting that this is not a major security breach.

“It is terrible that we might have lost these things but… I do not think it is a big security breach.”

However, Councilor Simon Dudley, deputy leader of the council, said: “I’m concerned about these figures, I mean you can see the headlines about the council losing 388 laptops and potentially important information being on them. I would want security processes clearly written down for staff.”

Questioning how many laptops had gone missing in the past year, Liberal Democrat Councilor George Fussey, said: “If we are losing laptops quite regularly, that would be a huge issue. It would be useful to know if we are still losing them or if this is 388 over five years or something.”

Catherine Hickman, head of audit and investigation at the Royal Borough and report author, said the missing laptops date back to 2005 and only a handful, most likely in single figures, had been lost in the 2012/13 financial year.

Mrs. Hickman added; “It could be for a variety of reasons. They may not have been stolen, they could be left in cupboards and forgotten about. We are trying to assess this.”

Councilor McBride added the fact the lost computers may have been older than five years would negate the importance of the lost information and steps have since been taken to reduce the chance of laptops with confidential information on them going missing.

However, speaking after the meeting, councilor John Fido said: “That represents a quite lackadaisical attitude. 388 laptops missing not only represents an awful lot of taxpayers’ money – you would expect a couple of hundred of pounds for each laptop – but also the information on them it puts at risk. These matters have to be treated respectfully.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

Data Breach: 7100 patients notified by University Hospitals

November 15th, 2013

After a third-party vendor performed updates on the computer systems of University Hospitals of Cleveland, Ohio, UH were informed of an alleged hard drive theft.

The not-for-profit medical center has been trying to find the exact nature of the information contained on the drive, since the hard drive disappeared.  According to Fox 8 Cleveland, the drives must have contained information such as names, dates of birth, home addresses, insurance provider information, medical record numbers, health information about specific patient treatment and Social Security numbers for 33 patients. The missing data was compiled from 19 computers within doctors’ offices and the hard drive had not been encrypted.

“There’s no evidence that would lead us to believe that the thief knew what was on the hard drive or could even get into it” stated hospital spokeswoman Janice Guhl. letters have been sent to patients informing them of the potential security breach. The letters contained information on fraud alert and free credit reports, and statement from the hospital stating they are, “actively engaged with an independent IT security consulting firm to strengthen [its] protocols.”

Fox 8 Cleveland stated that UH is collaborating with law enforcement for investigation on the theft at University Hospitals. UH is also working to heighten its technical safeguards and ensure that all devices are encrypted before use. UH has provided a year of free identity theft protection and credit monitoring to 33 individuals whose Social Security numbers may have been compromised because of the theft.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

1.5 million affected in Co Clare-based Company data breach

November 12th, 2013

Co Clare-based Company which manages customer loyalty schemes across Europe had a major security breach in which more than 1.5 million people’s personal information was compromised.

A Garda investigation has been launched into what is fast becoming one of the worst data breaches in the history of the State.

Credit card details of nearly 400,000 people in Europe – including almost 70,000 in Ireland – have been compromised after criminals successfully targeted the Loyaltybuild rewards company and exposed various weaknesses in its security systems.

Moreover, credit card details of more than 150,000 people was compromised while the names, addresses, telephone numbers and emails of more than 1.1 million customers of companies who were doing business with the company across Europe were also taken in this data breach incident.

The company has lodged a formal complaint to the Garda and two investigators from the office of the Data Protection Commissioner Billy Hawkes were sent to the company.

Mr Hawkes confirmed that the financial information had been stored in unencrypted form, along with the three-digit security code printed on customers’ cards.

The commissioner’s office said this evening that it had been able to establish the attack was carried out by external sources but stressed that it was too early to say where it had originated.

Loyaltybuild said “We are working around the clock with our security experts to get to the bottom of this and to further enhance our security in order to protect our valued customers, who are of paramount importance to us”.

Around 70,000 of Supervalu customers are at a “high risk” of having their payment details accessed by an unauthorised third party with those affected having paid for Supervalu Getaway Breaks.

The company managing the rewards programme has informed the Data Protection Commissioner of the potential breach and it stressed that all payment card information it holds is encrypted.

“We immediately engaged the services of a firm of leading, international, online security experts. They are conducting a forensic investigation to help us identify whether any of our stored data was compromised, and, if so, to what extent” a spokeswoman said.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Health data breach complaint filed by Milwaukee

November 10th, 2013

Dynacare, a clinical laboratory services company lost a USB flash drive with unencrypted patient data during data breach incident. Milwaukee handed the data over to Froedtert Health’s Workforce Health, a public health organization that had contracted with and has an ownership interest in Dynacare.

The lost flash drive contained 6,000 Milwaukee employees’ data such as names, addresses, dates of birth, Social Security numbers and gender. And it stored the names of 3,000 spouses and domestic partners as well, so there was a great amount of Milwaukee patients affected. The city’s complaint may be redundant in light of Dynacare previously reporting the breach to the Department of Health and Human Services (HHS). But here’s the statement from Milwaukee City Attorney Grant Langley.

After consultation with members of the Common Council and the Mayor, the Office of the City Attorney has decided to file a formal complaint with the federal Office of Civil Rights against Dynacare Laboratories for its admitted breach of HIPAA security requirements regarding the private information of more than 9,000 City of Milwaukee employees, their spouses and their domestic partners.

I will be taking this action on behalf of the city and its employees based on Dynacare’s recent filing of a notice of breach of unsecured protected health information, its apparent unwillingness to communicate or cooperate with city representatives or to release details of its investigation, its failure to provide information to the city in order to protect our employees and the misleading comments Dynacare provided to the media.

It is important to note that the city’s contract for its wellness program is with Froedtert Community Health/Workforce Health. That is the entity to which the city provided employee information in a secured and password-protected manner, not Dynacare. The city continues to investigate the matter, and at this time has not ruled out further litigation.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

23% Organizations faced a Security Breach in 2013

November 8th, 2013

Modern technology has its positive as well as negative effect on individuals and businesses. On a positive side, it is designed to make life easier for individuals and businesses alike and the multiple ways in which it benefits all aspects of business are undeniable. But it also presents firms with challenges and data protection is one of the most serious ones.

A survey was conducted among 3,200 business executives and IT leaders from 16 countries, including the UK. According to this survey, data breaches are the most expensive IT problem that organizations can face. The poll, carried out by data management company EMC, found that on average organisations lose more than $860,000 (£530,000) per year as a result of data breaches. By comparison, any other IT problem that may occur in companies’ day-to-day business costs several hundred thousand less, EMC stated.

In today’s time, no organization is free from the risk of a Data loss incident. The survey showed that 29% of respondents reported experiencing data loss and 23% said they had faced a security breach. The most commonly listed consequences for businesses following these incidents included loss of employee productivity, cited by almost half of those polled, and loss of revenue, mentioned by 39%. In addition, one in three experienced loss of customer confidence or loyalty, while more than one in four reported loss of incremental business opportunity.

The poll conducted by EMC revealed that just 27% of all organizations reported that, in the event of incidents, data could be recovered within minutes or less. This highlights the fact that many organizations are unprepared to deal with data breaches.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta