Log in

Posts Tagged ‘Check Point’

Data breach affects University of Tampa

March 19th, 2012

Students data compromised at the University of Tampa

Every University has a data security policy in place and tries its best to secure confidential information of its students, alumni, staff and faculty. In spite of this, student data is getting compromised and private data getting misused. The recent data breaches at Missouri State University, University of South Carolina and Midland Tech shows that educational and student data is vulnerable and susceptible to compromise.

The University of Tampa breach

Private data of about 30,000 students and staff at the University of Tampa remained open on the Interne for anyone to see. The information was seen in the form of an file indexed by Google and displayed name and long string of numbers — social security number, student ID number and date of birth.

On Mar 13 some students were practicing advanced search techniques and that’s when they bumped on to this data. They immediately informed about this accident to the information technology department. This happened because the file got created as a back-up a new server was installed in July 2011 and in turn the file accidentally got indexed by the search engine.

Post-incident, Google has taken down this file and removed it from the cache.

What is UT doing post-breach?

The University plans to send a letter to students and staff regarding the breach. At the same time the students may contact the IT department to find out if they were on the list of those affected.

According to the University officials there is no evidence of the information being misused till date. Nevertheless, the University has offered to pay for fraud alert services for anyone who requires them.

Data breach history at the University of Tampa

Two other breaches were reported in January 2000 and July 2011 that had affected about 30,000 records related to faculty, students and staff.

As this is the third data breach in the University’s history, it is needless to say students at the downtown university are concerned about their data and authorities are having a hard time convincing students about data security policies.

Statements

According to Cpl. Bruce Crumpler, economic crimes division of the Hillsborough County Sheriff’s Office, “I’m not sure I can find words to express how worried they should be,”. “I think they should be very concerned.”

Paul Stephens, director of policy and advocacy for the Privacy Rights Clearinghouse in San Diego, adds further “This would be categorized as a major and critical breach because of the nature of the information,” he said. “Anytime Social Security numbers are involved, particularly in connection with dates of birth, those are the keys to the kingdom for an identity theft.”

Donna Alexander’s, vice president of information technology, take on the matter

“We took immediate action to take the files down so they would not be accessible any longer,” Alexander said. “We know the exposure is somewhat limited, but we are certainly concerned about any exposure whatsoever.” In this case there was a situation where the protective measures for that particular directory were not as tight as they should have been,” Alexander said.

Encrypt your data with Alertsec’s help and stay safe

Universities and educational institutes are now made aware about their data security and are implementing data encryption techniques. Alertsec uses encryption software to protect data from breaches and theft.

Alertsec Xpress is backed up by Check Point Full Disk Encryption and is used by over 4 million users worldwide, with single deployments exceeding 150,000 laptops and PCs. This is the most deployed software of its kind and is seen as today’s market leader.

No comments »

Posted in Bkis, Computer security, Data Protection, computer security software, data breach, data encryption

Tags: Check Point Confidentiality data breach data security disk encryption Google Information privacy Missouri State University Personal computer Social Security number South Carolina University of South Carolina University of Tampa

New EU data regime slammed by IBM security chief

March 14th, 2012

Image representing IBM as depicted in CrunchBase

IBM security chief not happy with new EU security laws

It is not true when it is said that only giant corporations become a victim of data breach as they deal in large amount of data. The real picture is worse. The reality is that small and medium-sized businesses are not spared either when it comes to getting hacked. Their data is equally insecure and they need to strengthen their security policies otherwise one day they can be in big trouble. Giants like Google, Facebook and Microsoft as well as thousands of midsized companies will be affected due to new laws by European Union.

Today’s data breach story

Today’s story throws light on the vulnerability of small and medium sized businesses. Latest reforms of European Union protection law have been slammed by the IBM security chief, Joe Anthony. Joe Anthony is the director of security, risk and compliance product management at IBM. According to the new law, the data breach should be reported within 24 hours and any organisation failing to comply will be charged heavy fines. The companies who break the law will have penalty of up to 2 percent global turnover. IBM chief criticized this law as according to him it is difficult for any company to report the breach in 24 hours. He said the time period is too short to take any specific actions. To detect a data breach it is very important to have sufficient time as the breach may have taken place in more than one application. In small and medium sized businesses tracking the breach in 24 hours is a matter of concern.

Thus, organisations need to adapt automated security systems which will track data breaches faster than manual processes. The automated security systems will have checks on database access issues. So that whenever a data breach takes place, the automated system will show a list of people who had access to that particular database and for what reason. Only then the short period of 24 hours can be achieved to report the data breach. A data breach is very important and it needs to be examined rightly.

Changes made to European Union protection laws are in developing stage and need to be approved. The proposed changes will be approved by European Union member states and European Parliament. Twenty Seven member states need to implement it when it gets approved. European Union member states will have to follow these new regulation laws. Their aim is to ensure high data protection for personal data. It will give users assurance of their personal data. The approval and implementation will take a period of two years. Till then let’s wait and watch the implementation of these new laws.

How will Alertsec help big and small organizations?

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organisations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption

No comments »

Posted in Computer security, Data Protection, Hackers, Hard Disk, computer security software, data breach, data encryption, identity theft

Tags: alertsec AlertSec Xpress Check Point data breach European Parliament European Union Facebook Google IBM microsoft security

Scottish charity reprimanded for USB data breach by ICO

March 13th, 2012

2 USB sticks containing mental health data stolen from Enable Scotland

Data sticks or USB drives look so small but carry so much of weight, don’t they? They carry a lot of data and if lost, are difficult to recover due to their size. Thus storing data on a USB drive and carrying it around is very easy, a perfect example of ‘advanced technology’ but what if they get stolen? What if data on a USB drive is compromised?

Today’s post deals with data breach at a Scottish charity wherein their 2 USB drives (memory sticks) were stolen.

The story

A Scottish charity has been admonished for not encrypting the USB device (memory sticks) by ICO (Information Commissioner’s Office). These data sticks belonged to Enable Scotland and contained data of people with mental health issues, their addresses, and date of births which has now been stolen by thieves. The device was stolen from employee’s home that contained information of 101 people. According to the Data Protection Act rule the data should be erased after it has been uploaded on servers to avoid such data breach. It should also be in practice to knowledge the home workers how to handle such secured information in the form of memory sticks that are not routinely encrypted. Enable Scotland has admitted that the data stolen was not explicit yet it contained names of people who are connected with this charity for mental health issues. They had failed to delete it after their use. During an investigation, it was also found that mobile devices were not encrypted too that are used for storing sensitive information.

Penalty in form of money is charged for such loss of data by any organisation but this being a charity we are not confirmed as it charities are not charged penalty in form of money. However, Enable has started working on improving their agreements and policies with Data Protection Act. They will also educate their workers on data protection procedures and ensure that their mobiles are encrypted. It is pleasing that Enable reported the breach as early as they could but the information once lost cannot be regained though.

Enable has taken a good step towards data breaches to protect their customer information. However, it should be a learning for all other charities out there to safeguard their people’s sensitive information. ICO recently handed out a fine to Cheshire East Council for emailing sensitive information to wrong recipients.

Data breaches are really a matter of great concern nowadays. The amount of data loss that is taking place is worrying and many organisations do not have hundred percent protection policies towards their employees data. It is very important that sensitive information must be secured. Routine Encryption of devices must be made mandatory to avoid such losses of data otherwise there will be no end to cases like these in near future. So that even if the data is stolen encrypted devices will ensure protection of information. Businesses should have this obligation towards their society to avoid such thefts as majority of them take place outside the corporate environment.

Your system needs Alertsec!

There are no short cuts to data security in any organization. This news stresses the need for data protection applications. In an incident which highlights the need of Data encryption software and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model.

No comments »

Posted in Computer security, Data Protection, Encryption, Hackers, Hard Disk, Identity and Information loss, computer security software, data breach, data encryption, identity theft, laptop encryption, laptop theft

Tags: AlertSec Xpress Check Point data breach Data Protection Act 1998 Encryption Hardware ICO Information Commissioners Office Information sensitivity Office Storage USB USB flash drive

Canadian businesses vulnerable to data breaches: Security needs tightening

February 29th, 2012

The cloud-computing stack: Cloud computing is the answer to data security

It is a myth that only giant corporations become a victim of data breach as they deal in large amount of data. The reality is small and medium-sized businesses are not exception when it comes to getting hacked. Their data is equally insecure and unless they strengthen their security policies, they are looking for trouble with a capital T.

Today’s story throws light on the vulnerability of small and medium sized businesses. The focus today is on Canadian companies.

What the survey says?

According to the survey conducted by Primus Business Services 60 per cent of the small and medium business owners admitted that they invest less than 10 per cent of their budgets in data. It is true that they are aware of the risks they are taking but are unable to act on it.

Half of the company-owners said that they were concerned with cloud computing security, 40 per cent of them were of the opinion that they would feel more secure if cloud services had full unified threat management/firewall protection or if the cloud was a single-tenant environment. Around 48 per cent agreed that having proper company security polices will solve the data breach problems.

Cloud-computing is a relatively new phenomenon and hence companies are wary of switching to this technology. As of now only 14 per cent companies are taking advantage of this technology. Somehow it is still felt that cloud-computing is insecure as compared to having your own servers.

According to AJ Byers, Executive Vice President of Primus Business Services “Our public and private cloud computing platforms have been designed with enterprise grade security, failover, and disaster recovery technologies that are far more advanced than the standard firewall and server protection that most small and mid-market companies are investing in to protect both their own, and customer, data.”

What does cloud-computing exactly do?

A cloud firewall protects cloud servers and offers a fully unified threat management approach to securing the

customer’s environment.

Cloud computing key features:

Network security: A configurable firewall combined with an Intrusion Protection system, Denial of Service protection, traffic forwarding, VPN support and other

security tools.

Application security: includes email and web security – Protects users from receiving malicious spyware and spam emails.

What does cloud-computing exactly do?

A cloud firewall protects cloud servers and offers a fully unified threat management approach to securing thecustomer’s environment.

Cloud computing key features:

Network security: A configurable firewall combined with an Intrusion Protection system, Denial of Service protection, traffic forwarding, VPN support and othersecurity tools. Application security: includes email and web security – Protects users from receiving malicious spyware and spam emails.

The above makes it all the more clear why data security is important. Data encryption via cloud computing is the way to keep data breaches at bay. Companies like Alertsec take care of security needs for big as well as medium-sized and small companies.

Let us peek into the key features of Alertsec:

256-bit Full Disk Encryption

Web-based management

Comprehensive 24/7 support

Logging & Reporting

HIPAA, PCI and SOX compliant

Alertsec’s cloud-based, hard disk encryption service provides an easy and convenient way to protect all information stored on your organisation’s laptops and PCs.

No comments »

Posted in Computer security, Data Protection, Encryption, Identity and Information loss, Security Flaw, computer security software

Tags: alertsec business Check Point Cloud computing Cryptography data breach Data Protection Act 1998 data security disk encryption Information privacy security Social Security number Theft

Tracking software helps catch laptop thief in Altadena, Los Angeles

February 25th, 2012

Tracking software helps recover stolen laptop

We cannot stress how important it is to get your laptop encrypted. Dozens of cases very month are related to laptop thefts.

What is scary is that 97% of stolen laptops are never recovered! Intellectual property theft is on the rise and we need stricter laws to keep laptop thieves at bay. It is just not the physical thing that you lose but you lose sensitive and valuable data. If you own a laptop, today’s post is for you. In case you ever loose your laptop but have encryption software loaded, you stand a good chance of getting your laptop back.

Today’s article not only helped the detectives to recover a stolen laptop but also other items that the thief stole like rifles and iPhones!

Read on

In January, Los Angeles County sheriff’s detectives marched into the home of Raymond Jackson, 57, and found stolen goods that included a laptop which was protected by a encryption software. The laptop was stolen from an Altadena residence in May 2011. The detectives were on to this case for last 9 months.

They kept monitoring the laptop’s use through the tracking software. What they actually did was that they captured the keystrokes and screen images in November 2011. That helped them to zero in on Raymond. Prior to that Raymond did use the laptop but the data was not much to go for for the detectives.

With the help of the search warrant the detectives managed to recover not only the laptop but items like a legally banned, unregistered assault rifle; a pair of loaded rifle magazines; a .32-caliber revolver with a scratched-off serial number; and six stolen iPhones. 2 of the iPhones have been confirmed as stolen.

Jackson was arrested at his home and later released after posting $50,000 bail. He is scheduled to appear again in court March 12.

Sheriff’s Detective David Gaisford comments

“The use of tracking software for one crime, led to the solving of multiple crimes,” said.

“My partner and I have recovered several laptops over the last year alone through laptop tracking. They often lead us to property stolen in other crimes.’”

Some do’s and don’ts for laptop users

Do’s
• Choose a password which is hard to decipher.
• Create a different password for every website that you use.
• Use anti-virus software on your laptop.
• During the coffee break, lock your keyboard or log off.
Don’ts
• Use an easy password like your birth date, car or phone number.
• Do not give your password to anyone however close to you.
• Open attachments or emails that look dicey or are from an unknown source.

Cyber-security with Alertsec

Alertsec Xpress is a very easy and convenient service which enables securing valuable information on laptops.

Alertsec Xpress is powered by Check Point, the market leader in the field of mobile data protection. The software was launched 16 years ago and is the most robust software on the market today.

Alertsec Xpress provides: