Archive for the ‘Hard Disk’ category

Human behaviour and Security Threat

January 2nd, 2016

In-depth interviews were conducted with 28 corporate security officials. According to the survey,  93 percent of respondents said human behavior presents the biggest threat to their organizations’ security.

“Defending Data: Turning Cybersecurity Inside Out With Corporate Leadership Perspectives on Reshaping Our Information Protection Practices,” was written by Ari Kaplan Advisors and sponsored by Nuix.

The report states that -

  •   Seventy-one percent of respondents said their organization has an insider threat program policy
  •   Fourteen percent said they allocate 40 percent or more of their budget to insider threats
  •   Ninety three percent of respondents said they were able to identify their critical value data
  •   Sixty nine percent said they knew what people did with that data after accessing it
  •   Ninety percent have designated a senior official to provide oversight
  •   Seventy percent offer their employees training to minimize risk

“There’s been a shift in allocation toward looking internally, rather than at the perimeter,” one respondent said.

“We’re seeing a lot more hands-on training, employee monitoring, and testing to address the issue,” report author Ari Kaplan said in a statement.

According to other survey conducted by Cybrary of 435 senior level technology professionals, 68 percent of respondents believes that there’s a global shortage of skilled cyber security professionals.

  • Eighty percent of respondents said they always or sometimes have trouble recruiting skilled cyber security professionals
  • Forty Seven percent of respondents said their company plans to hire between one and 10 cyber security
    Human behaviour and Security Threat

    Human behaviour and Security Threat

    employees in 2016

“Companies with pressing cyber security needs are finding that there’s a major lack of qualified professionals to fill their positions, which makes them vulnerable to cyber attacks,” Cybrary co-founder Ryan Corey said in a statement.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

 

MaineGeneral Health suffers data breach

December 6th, 2015

MaineGeneral Health suffered healthcare data breach recently. It is now sending notification letters to individuals who fell victim to the cyberattack.FBI notified that much of MaineGeneral Health data was on a website not affiliated with the system.

MaineGeneral and a third-party forensics team found that personal information had been breached for patients who were referred by a treating physician to radiology. Some MaineGeneral employee information was also breached along with personal information for potential donors.

Affected information includes names, addresses, and telephone numbers. MaineGeneral confirmed that no Social Security numbers, patient medical or health information, health records, driver’s license numbers, or financial information had been disclosed.

Data breach

MaineGeneral Health suffers data breach

MaineGeneral Health suffers data breach

could include patients at all of MaineGeneral’s subsidiary clinics, including MaineGeneral Medical Center, MaineGeneral Rehabilitation and Long Term Care, MaineGeneral Retirement Community, and MaineGeneral Community Care.

Fraud Prevention Tips

MaineGeneral encourages everyone to remain vigilant against incidents of identity theft, especially this time of year. 

  • Reviewing account statements, medical bills, and health insurance statements regularly for suspicious activity, to ensure that no one has submitted fraudulent medical claims using your name and address. Report all suspicious or fraudulent charges to your account and insurance providers.  If you do not receive regular Explanation of Benefits statements, you can contact your health plan and request them to send such statements following the provision of services.
  • Contacting the IRS at www.irs.gov to request a PIN to file your taxes, so that no one can use your information to submit a fraudulent tax return. The IRS will begin offering PINs in mid-January 2016.

Ordering and monitoring your credit reports for suspicious activity. Under U.S. law, everyone is entitled to one free credit report annually from each of the three major credit bureaus.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Health Care CyberSecurity

November 14th, 2015

The Institute for Critical Infrastructure Technology (ICIT) Co-founder and Senior Fellow Parham Eftekhari had the discussion with HealthITSecurity about Cybersecurity

Health Care CyberSecurity

Health Care CyberSecurity

Awareness.

According to Eftekhari, its currently imperative for organizations to understand that theyll never be able to prevent breaches from happening.

The best way to protect their organization is to focus on detect and response strategies, and create as many roadblocks and obstacles as possible so network administrators can quickly identify unauthorized access or suspicious activity on the network,he explained. [It will] slow down the attackers ability to successfully exfiltrate data and really give the network administrator time to stop the attack.

According to Eftekhari, behavior analytics, dual-factor authentication, and encryption are critical pieces when it comes to creating a virtual tar pitenvironment within the network to slow down the attacker.  

The other key takeaway for Cybersecurity Awareness is the human factor, he explained.

[ICIT] acts as an educator for the legislative community, federal agencies and critical infrastructure sector stakeholders because they need access to cutting edge research and knowledge of cyber trends.Eftekhari said. In that same context, we also need to guide our children and our families, and of course consumers and employees, in cybersecurity best practices without being Orwellian about it. Thats how were going to become a more cyber conscious nation and ultimately improve security.

Montana Williams, Senior Manager, Cybersecurity Practices, ISACA mentioned that it is important that everybody in an organization understand their role in increasing the resiliency of that organization.

Cybersecurity has evolved slowly because technology has outpaced the security aspect of cybersecurity,Williams stated. So it has struggled to keep up with the newest technical advances. The security aspect has struggled to keep up with the threat vectors, and then also it has struggled from an awareness perspective because I believe people are still very naive about the threat of cybersecurity.

Employee training as a whole is the most critical thing for organizations, according to Williams.

The technologies exist out there that can do a great job against a threat, but that training component doesnt exist because the professionals who are managing those technologies dont know how to integrate them the most effective way on their enterprises against that threat thats out there,Williams said.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Unencrypted email and data breach

November 10th, 2015

An unencrypted email resulted in potential health information data breach for over 500 patients in North Carolina. The North Carolina Department of Health and Human Services (DHHS) has experienced a health data breach second time due to an unencrypted email. Earlier, the incident involved the health data breach of 524 state Medicaid patients.

DHHS mentioned that the email that compromised the information was sent to the correct recipient but was unencrypted which is against the policy. Affected information includes Medicaid patients, including patient names, addresses, Medicaid recipient ID numbers, genders, ethnicity, race, insurance information, provider names, Social Security numbers, and dates of birth.

Unencrypted email and data breach

Unencrypted email and data breach

DHHS has plans to overhaul the email encryption process by updating email software. The said software will block any email containing patient information from being sent until the information has been encrypted. DHHS believes that software eliminates the risk of human error.

We take very seriously our responsibility to secure the personal information entrusted to us,said Dave Richard, DHHS deputy secretary in charge of Medicaid. This technology adds a safety net and a layer of protection that goes beyond the human element. This is an important, necessary addition to our workflow.

DHHS also suffered health data security issues back in 2014. DHHS officials believes that it was the agencys responsibility to protect patient information.

I deeply apologize for the impact that this has caused to the citizens of the state,DHHS secretary Aldona Wos explained at the time. First and foremost, I firmly believe as secretary, that it is my obligation to ensure that the children and families we serve receive their health care in a protected and secure environment.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

OU Medicine Suffers Data Breach

October 17th, 2015

As per the reports, OU Medicine suffered data breach when a laptop potentially storing a spreadsheet containing limited patient information was stolen from a former OU physician. The spreadsheet  in the laptop contained limited information for approximately 9,300 pediatric patients.

Affected Health information includes patient name, diagnosis, treatment code, date of treatment, date of birth, description of urologic medical treatment or procedure, medical record number, and physician name. According to OU Medicine, no addresses, Social Security numbers

OU Medicine Suffers Data Breach

OU Medicine Suffers Data Breach

, or other billing information was included.

The hospital took precautionary steps by notifying the 9,300 potentially affected individuals via data breach notification letters even though it was not sure whether spreadsheet was present on the laptop. OU Medicine stated that it will provide one year of free credit monitoring to potentially affected individuals.

The physician who owned the stolen laptop had left the department prior to the laptop being stolen. The hospital also mentioned that it does not allow physicians to take medical documents with them after leaving the facility.

The University has policies that generally prohibit the removal of documents that contain patient information from its premises and that require employees to protect patient information on laptops at all times, including by storing it securely,OU Medicine said in its statement.

Facility also expressed regret for the situation.

The University of Oklahoma takes patient privacy seriously,OU said in its statement. The Department is taking additional steps to help prevent similar incidents from occurring and is providing additional training to employees on the importance of securing patient information.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.