Archive for the ‘mobile security’ category

Phishing Scam and Data Breach

February 22nd, 2016

Saint Joseph’s Healthcare System in New Jersey suffered data breach when it was attacked by phishing scam. According to the statement, more than 5,000 employees at some of its facilities may have affected by identity theft.

According to St. Joseph’s Vice President of External Affairs Kenneth Morris Jr., facilities in Paterson, Wayne and Cedar Grove locations were affected. Patient data and medical information are safe, but employees’ names, social-security numbers and employee earnings for 2015 and 2016 were potentially accessed. However, dates of birth, home addresses, and banking information were not affected.

According to the Morris, there was no indication that the phishing scam was an internal crime. Attack came from external source. He added that the scam included a named company executive using an internal email.

“There was no intrusion or breach of our internal IT system,” he explained. “None of that data was compromised.”

HealthCare system mentioned that affected employees will be receiving free credit monitoring. Local and federal authorities were notified along with system’s insurance carrier.

“Our primary focus is really protecting our employees and their credit health,”he said. “In addition, we’re putting the proper protocols in place so that this doesn’t happen again.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

————————————————————————————————–

Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Mobile Authentication and System

February 16th, 2016

Biometrics and multi-factor screen authentication are two ways to access sensitive enterprise systems via mobile devices. Security plays a larger role in the mobile devices used in our daily lives. Todays authentication is evolving tech with more and more security layers being added.

Biometric Authentication

Biometric authentication is a system that relies on the unique biological characteristics which includes retina, voice, fingerprint, signature of individuals to verify identity for secure access to mobile systems.

Advantages:

  • With biometrics for authentication, user never has problem of forgotten password.
  • It is easy to use
  • It is reliable

Disadvantages:

  • It includes high level of dependencies in your organization
  • It is expensive and inconvenient, as initial provisioning of users requires a tamper-proof process to link identity and biometric data
  • Employees may no longer be able to login from devices other than their company-issued devices

Multi-factor Authentication

Adaptive multi-factor authentication (MFA) in the mobile device uses a systems like user name, password.

Advantage:

  • It limits the hacker’s possibilities to compromise the system
  • Employees can always carry their device with them

Disadvantages:

  • It has painful enrollment process

It has still some level of dependency, with users relying on a modem or Web dispatch service to function and send codes.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

 

Apps for Iphone Security

February 14th, 2016

Apple blocks full anti-virus apps from its App Store. According to the company, “Every iOS device combines software, hardware and services designed to work together for maximum security and a transparent user experience”. But still there are Apps which can improve security.

Iphone

Find My iPhone (free) within iCloud is crucial to ensuring the security of your iOS device. You can activate it on your device at Settings -> iCloud -> Find My iPhone.

McAfee Mobile Security

McAfee Mobile Security (free) let users to back up and restore contacts, locate a lost or stolen iOS device on a map, wipe contacts remotely on a lost or stolen device and trigger a loud alarm on a lost or stolen device.

iDiscrete

iDiscrete (Paid) is a digital safe which enables iPhone users to secure a wide variety of file types so that an unauthorized user sees fake “loading” screen.

Spam Arrest

Spam Arrest (Paid) requires everyone who sends you an email to respond to a query to confirm their identity.

SplashID Safe

SplashID Safe (free) enables secure storage of online passwords, credit card data, account numbers, registration codes etc.

Private Internet Access

Private Internet Access (free) provides an encrypted VPN service to protect user privacy and security at Wi-Fi hotspots.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

————————————————————————————————————————————————————-

Alertsec is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec’s Check Point Full Disk Encryption.

Employee Theft and Data Breach

December 16th, 2015

Oregon-based Northwest Primary Care (NWPC) sent data breach notification to approximately 5,300 patients. As per the report, personal information was inappropriately accessed by a former employee. Former NWPC employee stole patient names, dates of birth, Social Security numbers, and credit card numbers.

“Northwest Primary Care will not tolerate any violation of our patients’ privacy,” NWPC Administrator Michael Whitbeck said in the press release.  “The former employee in connection to this violation deliberately and criminally chose to violate established clinic policies, the trust of our patients and the law.  We deeply regret that this crime has occurred and for any burden that this incident may cause.

Whitbeck added that this type of data security breach “is unacceptable,” and that NWPC will support the law enforcement investigation into the incident.

The organization mentioned that additional changes will be made to NWPC’s approach to security. It will expand its technology monitoring capabilities and employee training. Specifically, employee training “on safeguarding and accessing patient records to further bolster privacy safeguards.” Moreover, technical precautions will also be added, in an effort to better ensure patient privacy.

As per the statement:

NWPC is an Oregon Family Practice medical clinic that serves the Milwaukie, Clackamas, Sellwood, and Oregon City area. The practice performs reference checks on all employees.  Additional background checks are performed for highly sensitive positions, including positions with access to financial data. NWPC has comprehensive policies and procedures, as well as a Code of Conduct, which prohibit employees from accessing patient records when there is not a work-related reason to do so.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Centegra Health System Data Breach

December 14th, 2015

Centegra Health System sent data breach notification to 2,929 patients. According to the reports, mailing error may have exposed some of their personal information.

Medical bills detailing “limited” personal information of 3,000 Centegra Health System patients recently were sent to the wrong addresses because of a mail room error at a third-party contractor, a Centegra spokeswoman said.

At the vendor MedAssets, automatic mail filing equipment was accidentally changed.

This led to two Centegra billing statements to be put in one envelope.

“Centegra Health System and MedAssets apologize for this error and are committed to fully protecting patient privacy,” Green said. “Centegra is working closely with MedAssets to ensure it has taken every step necessary to address the incident.”

Affected information included patient names, addresses, account numbers, original account balance, third-party payment, billing discounts and adjustments, and the amount owed. Hospital service dates, a summary of services provided and related charges were also included.

Green mentioned that even though 6,000 Centegra patients were affected by the error, half received two billing statements – One for  their own hospital service and the second for detailed another patient’s service.

There is no reason to believe that the exposed information was inappropriately used, she said.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Security Tech Procurement Tips

December 12th, 2015

Ricardo Lafosse, CISO for Cook County, Ill said that procuring enterprise security technology is an involved process that requires numerous steps to ensure it goes smoothly. He also offered below tips for CISOs.

Ask Yourself Why

Lafosse  mentioned that before purchase, identify why you need the technology and how you came to that conclusion.

“You always want to buy the shiny new toy,” he said. “They look cool, but you don’t just go out and buy it.”

Ask Peers

“What’s really key are your peers,” he said. “I cannot stress this enough. Everyone deals with these [security] issues. In the Chicago area, we have a lot of great resources. We have our CISO group and a multi-state group. It is key to be a part of it because you can bounce ideas off everyone in an informal process. You get that actual first-hand experience from your peers.”

Analysis

Start with a needs analysis before going out to the market, Lafosse said.

Consider Staff, Integration Requirements

Ensure that the new technology provides a good operational fit, he said.

Budget

“Unfortunately, we have a lot of examples,” he said. “Use those to your benefit as much as you can from a budgetary perspective. Demonstrate operational efficiency when looking for a new product. For example, if you are going to implement product X, you will reduce the help desk time to re-mediate by 20 percent. Having those rough numbers goes a long way.”

Business Case

“Re-emphasize why you are making this purchase,” he added. “For us, we used the figure from Ponemon of $154 per breach. The network access control was also going to allow people to self-service.”

The self-service capability was critical because Lafosse has only three people in his department.

“One of the key attributes for any new procurement is automation,” he said. “The security controls need to share information with each other. The more automation, the easier us for us to protect our network.”

Guidelines

“Be candid with vendors. If you don’t like the solution, tell them,” Lafosse said. “Don’t waste your time, don’t waste their time. Offer clear-cut guidelines. It’s not fair if you don’t set rules of engagement upfront. If you are seeing everything move south, let the vendor  know right away.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Five Tips for Stronger Encryption

December 10th, 2015

The recent example of NSA whistle-blower Edward Snowden’s revelations has put security of many encryption products into doubt.

Please find the below methods to safeguard your data.

Encryption Ciphers

Robert Former, senior security consultant for Neohapsis, an Illinois-based security services company, says that organizations should stop using older encryption algorithms like the deprecated DES (Data Encryption Standard), and even its relative Triple DES, which is simply DES applied three times to each data block.

“In the last 30 years, no one can prove that the NSA did more than influence minor changes in their development. The bottom line is that in most cases the NSA appears to have actually improved the math.”

Longest Encryption Keys

Use the maximum key lengths possible to make it difficult for those who don’t have access to a back door to crack your encryption. “Today AES 128 is strong, but I say go to 512 or the highest key strength you can implement using what you have today,” Former says.

External Factors

External factors over which companies have very little control can compromise the security of encryption systems.

Encrypt in Layers

“I say if there is a way to encrypt, then encrypt. That means in your database encrypt each field, each table, then the whole database. You have to make it so hard for an attacker that it is not worth the effort,” he advises.

Encryption Keys

“If you can implement an encryption system where you control the keys to the data stored in the cloud, then that is going to be much more secure,” says Dave Frymier, chief security officer at IT services company Unisys. Devices such as cloud encryption gateways that handle the encryption to and from the cloud automatically can help companies achieve this sort of security.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

PHI Sharing and Cloud Security

December 8th, 2015

CloudLock investigated a total of eight IT security industries and numerous case studies. It found out that personally identifiable information (PII) and a surplus of data sharing are vital concerns to the industry.

  • Around 72 percent of practices concentrate most heavily on preventing excessive sharing in the cloud
  • Around 38 percent of organizations concentrate on protecting PII
  • Other concerns for organizations include diagnosis, financial information, medical condition, Social Security number, and diagnosis.

CloudLock suggested below steps to further secure the information.

  1. Organizations should monitor and identify cybersecurity issues, taking care in selecting who is in charge of these tasks.
  2. Organizations should intervene on potential hacks immediately. Following remediation efforts, healthcare organizations should reeducate their users. According to CloudLock, reeducation is key in ensuring adverse cyber security events do not occur in the future.
  3. Organizations should schedule routine checkups to ensure security efforts are continuing smoothly. During these checkups, IT workers should readjust certain strategies and fine tune cyber security efforts.

“Healthcare organizations take special care in assessing the compliance controls of cloud services, but employees can also introduce cloud services into the workplace, creating ‘shadow IT,’ which are services not known by the IT department,” the report’s authors explained.

According to another study conducted by Netskope, healthcare industry has the highest rate of cloud data loss prevention violations of any other tested industry.

“By better understanding where and how policy violations commonly occur, enterprises have a detailed picture of cloud app ecosystems and their respective industries to better mitigate risk,”said Netskope CEO and co-founder Sanjay Beri.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

MaineGeneral Health suffers data breach

December 6th, 2015

MaineGeneral Health suffered healthcare data breach recently. It is now sending notification letters to individuals who fell victim to the cyberattack.FBI notified that much of MaineGeneral Health data was on a website not affiliated with the system.

MaineGeneral and a third-party forensics team found that personal information had been breached for patients who were referred by a treating physician to radiology. Some MaineGeneral employee information was also breached along with personal information for potential donors.

Affected information includes names, addresses, and telephone numbers. MaineGeneral confirmed that no Social Security numbers, patient medical or health information, health records, driver’s license numbers, or financial information had been disclosed.

Data breach could include patients at all of MaineGeneral’s subsidiary clinics, including MaineGeneral Medical Center, MaineGeneral Rehabilitation and Long Term Care, MaineGeneral Retirement Community, and MaineGeneral Community Care.

Fraud Prevention Tips

MaineGeneral encourages everyone to remain vigilant against incidents of identity theft, especially this time of year. 

  • Reviewing account statements, medical bills, and health insurance statements regularly for suspicious activity, to ensure that no one has submitted fraudulent medical claims using your name and address. Report all suspicious or fraudulent charges to your account and insurance providers.  If you do not receive regular Explanation of Benefits statements, you can contact your health plan and request them to send such statements following the provision of services.
  • Contacting the IRS at www.irs.gov to request a PIN to file your taxes, so that no one can use your information to submit a fraudulent tax return. The IRS will begin offering PINs in mid-January 2016.

Ordering and monitoring your credit reports for suspicious activity. Under U.S. law, everyone is entitled to one free credit report annually from each of the three major credit bureaus.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

UCHealth and Data Breach

December 4th, 2015

UCHealth, Colorado is notifying approximately 800 patients of an internal healthcare data breach. According to the reports, an employee inappropriately accessed electronic patient files. The incident was discovered during one of the hospitals precautionary HIPAA audits.

The auditors discovered the breach and determined that the employee was accessing electronic patient records out of personal curiosity. There is no reason to believe that the employee has shared the accessed information with anyone else.

Affected information includes patient names, addresses, phone numbers, dates of birth, insurance information, and descriptions of care and treatment plans received during visits. The employee did not access Social Security numbers or other financial and billing information.

According to the statement:

UCHealth takes its obligations to protect healthcare information very seriously. This staff members employment with UCHealth has been terminated. Re-training has been given to all employees to re-emphasize that staff can only view health records of patients for whom they are actively providing care.  All employees also will continue to receive annual training on how to properly access healthcare information.

About UCHealth

UCHealth is a Front Range health system that delivers the highest quality patient care with the highest quality patient experience.  UCHealth combines Memorial Hospital, Poudre Valley Hospital, Medical Center of the Rockies, Colorado Health Medical Group, and University of Colorado Hospital into an organization dedicated to health and providing unmatched patient care in the Rocky Mountain West.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.