Archive for the ‘mobile security’ category

Five Tips for Stronger Encryption

December 10th, 2015

The recent example of NSA whistle-blower Edward Snowden’s revelations has put security of many encryption products into doubt.

Please find the below methods to safeguard your data.

Encryption Ciphers

Robert Former, senior security consultant for Neohapsis, an Illinois-based security services company, says that organizations should stop using older encryption algorithms like the deprecated DES (Data Encryption Standard), and even its relative Triple DES, which is simply DES applied three times to each data block.

“In the last 30 years, no one can prove that the NSA did more than influence minor changes in their development. The bottom line is that in most cases the NSA appears to have actually improved the math.”

Longest Encryption Keys

Use the maximum key lengths possible to make it difficult for those who don’t have access to a back door to crack your encryption. “Today AES 128 is strong, but I say go to 512 or the highest key strength you can implement using what you have today,” Former says.

External Factors

External factors over which companies have very little control can compromise the security of encryption systems.

Encrypt in Layers

“I say if there is a way to encrypt, then encrypt. That means in your database encrypt each field, each table, then the whole database. You have to make it so hard for an attacker that it is not worth the effort,” he advises.

Encryption Keys

“If you can implement an encryption system where you control the keys to the data stored in the cloud, then that is going to be much more secure,” says Dave Frymier, chief security officer at IT services company Unisys. Devices such as cloud encryption gateways that handle the encryption to and from the cloud automatically can help companies achieve this sort of security.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

PHI Sharing and Cloud Security

December 8th, 2015

CloudLock investigated a total of eight IT security industries and numerous case studies. It found out that personally identifiable information (PII) and a surplus of data sharing are vital concerns to the industry.

  • Around 72 percent of practices concentrate most heavily on preventing excessive sharing in the cloud
  • Around 38 percent of organizations concentrate on protecting PII
  • Other concerns for organizations include diagnosis, financial information, medical condition, Social Security number, and diagnosis.

CloudLock suggested below steps to further secure the information.

  1. Organizations should monitor and identify cybersecurity issues, taking care in selecting who is in charge of these tasks.
  2. Organizations should intervene on potential hacks immediately. Following remediation efforts, healthcare organizations should reeducate their users. According to CloudLock, reeducation is key in ensuring adverse cyber security events do not occur in the future.
  3. Organizations should schedule routine checkups to ensure security efforts are continuing smoothly. During these checkups, IT workers should readjust certain strategies and fine tune cyber security efforts.

“Healthcare organizations take special care in assessing the compliance controls of cloud services, but employees can also introduce cloud services into the workplace, creating ‘shadow IT,’ which are services not known by the IT department,” the report’s authors explained.

According to another study conducted by Netskope, healthcare industry has the highest rate of cloud data loss prevention violations of any other tested industry.

“By better understanding where and how policy violations commonly occur, enterprises have a detailed picture of cloud app ecosystems and their respective industries to better mitigate risk,”said Netskope CEO and co-founder Sanjay Beri.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

MaineGeneral Health suffers data breach

December 6th, 2015

MaineGeneral Health suffered healthcare data breach recently. It is now sending notification letters to individuals who fell victim to the cyberattack.FBI notified that much of MaineGeneral Health data was on a website not affiliated with the system.

MaineGeneral and a third-party forensics team found that personal information had been breached for patients who were referred by a treating physician to radiology. Some MaineGeneral employee information was also breached along with personal information for potential donors.

Affected information includes names, addresses, and telephone numbers. MaineGeneral confirmed that no Social Security numbers, patient medical or health information, health records, driver’s license numbers, or financial information had been disclosed.

Data breach could include patients at all of MaineGeneral’s subsidiary clinics, including MaineGeneral Medical Center, MaineGeneral Rehabilitation and Long Term Care, MaineGeneral Retirement Community, and MaineGeneral Community Care.

Fraud Prevention Tips

MaineGeneral encourages everyone to remain vigilant against incidents of identity theft, especially this time of year. 

  • Reviewing account statements, medical bills, and health insurance statements regularly for suspicious activity, to ensure that no one has submitted fraudulent medical claims using your name and address. Report all suspicious or fraudulent charges to your account and insurance providers.  If you do not receive regular Explanation of Benefits statements, you can contact your health plan and request them to send such statements following the provision of services.
  • Contacting the IRS at www.irs.gov to request a PIN to file your taxes, so that no one can use your information to submit a fraudulent tax return. The IRS will begin offering PINs in mid-January 2016.

Ordering and monitoring your credit reports for suspicious activity. Under U.S. law, everyone is entitled to one free credit report annually from each of the three major credit bureaus.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

UCHealth and Data Breach

December 4th, 2015

UCHealth, Colorado is notifying approximately 800 patients of an internal healthcare data breach. According to the reports, an employee inappropriately accessed electronic patient files. The incident was discovered during one of the hospitals precautionary HIPAA audits.

The auditors discovered the breach and determined that the employee was accessing electronic patient records out of personal curiosity. There is no reason to believe that the employee has shared the accessed information with anyone else.

Affected information includes patient names, addresses, phone numbers, dates of birth, insurance information, and descriptions of care and treatment plans received during visits. The employee did not access Social Security numbers or other financial and billing information.

According to the statement:

UCHealth takes its obligations to protect healthcare information very seriously. This staff members employment with UCHealth has been terminated. Re-training has been given to all employees to re-emphasize that staff can only view health records of patients for whom they are actively providing care.  All employees also will continue to receive annual training on how to properly access healthcare information.

About UCHealth

UCHealth is a Front Range health system that delivers the highest quality patient care with the highest quality patient experience.  UCHealth combines Memorial Hospital, Poudre Valley Hospital, Medical Center of the Rockies, Colorado Health Medical Group, and University of Colorado Hospital into an organization dedicated to health and providing unmatched patient care in the Rocky Mountain West.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Malicious spyware in Google Play

May 11th, 2013

New malicious spyware spreading around in Google Play, threatening millions of Android users. The good news is that you’re only infected if you downloaded a funny Russian app, intended to transcribe other common applications. The bad news is it’s probably popular applications since millions of users have already been infected.

The spyware received the non-surprising name ‘bad news’, and is currently detected in 32 different applications, created by four different developers. We can’t tell exactly how many devices got infected, because Google Play is not showing exact number of downloads, but only a relatively wide range, so all we can say now is that between two million to nine million, not bad for relatively new spyware.

The great wisdom inherent in this particular spyware is that it is installed in the form of advertisements server that alerts users later on, thus it does not look dangerous at the initial stage, or when it is placed in the apps store, because there is no initial spyware expression as it “wakes up” only after some time.

Please note that it is unknown if all the infected app developers intended to harm. May be that they were just planning to develop a user-friendly application, but unfortunately bought a tainted platform. One of the recommendations to Android app developers: Observe carefully third-party libraries listed in your application. Even if you meant for the best, you may be putting users at risk.

So what does this spyware do? Two things you would not be very happy to happen to your device. First, it sends false alerts encourage you to download other infected apps, including ‘AlphaSMS’ that in turn sign your name without your approval to premium SMS services that cost money.

Second, it sends your phone number and your device identification number to the Spyware developers – two pieces of data that when are in the wrong hands, the sky’s the limit.

You obviously assume Google is doing something about this. You are right. The company operates the ‘Bouncer’ service that scans the applications for traces of spyware, but it is among the ongoing anthology in which no society cannot always win. Not even Google. As of today, Google removed all known infected apps from its store. On the other hand, it is only those that are known, it is unclear how many more unknown still out there in the market.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta