computer security software

Securing data from departing employees

July 14th, 2016

Employees after leaving a company can take sensitive data with them intentionally or unintentionally. The harm caused by such incidents are huge. Consider example of an employee of the FDIC who exposed 44,000 FDIC customers’ personal information. She had downloaded the data to her personal storage device. More such data breaches can be found across the industry.

According to the survey by Veriato, a provider of employee monitoring software, third of participants believe they own or share ownership of the corporate data they work on and more than half feel it’s fine to take corporate data with them when they leave a job.

“The potential damage from even one employee taking confidential and proprietary customer data, software code or login credentials with them to a new job, especially with a competitor, is astronomical,” Veriato COO Mike Tierney said at the time.

Companies can potentially defuse such data threats.

It’s crucial to focus on what really matters in protecting sensitive data, said AvePoint product analyst Ben Oster. “You can have all these policies in place, but if HR lets somebody walk over and plug in a USB drive after they’ve been let go, it doesn’t matter,” he said.

Oster provided the example. “She plugged her drive in and just copied a folder that she thought was her information, and it turns out it wasn’t. The issue is not that she was able to copy that data; the issue is that that data existed outside of anyone’s knowledge of where it was.”

“If we can’t actually break down how to discover it or classify it, we can’t start to put things in place that say, ‘You can’t take this document,’ because we don’t know what’s in it.”

“You really need to get in there and figure out what that is, because if you don’t, you’re going to see things get even fuzzier,” he said.

Companies can take holistic approach to data loss prevention. Michela Menting, research director at ABI Research mentioned that the good data loss prevention (DLP) solution can be key to protecting your data.

“DLP systems act as enforcers of data security policies by performing deep content inspection and a contextual security analysis of transactions,” Menting said. “They provide a centralized management framework designed to detect and prevent the unauthorized use and transmission of confidential information.”

AvePoint’s Oster mentioned that the strong security awareness training program can help to great extent.

“As consumers and employees, we need to be more aware of what we’re doing with data, what that content actually means, and what the privacy and compliance implications are of everything we touch on a daily basis,” he said.

Encryption is the key to the problem. One can start encrypting the content with relevant softwares.

“If you’re encrypting every single piece of information everywhere, the workload becomes larger, it becomes harder for your end users to use that data, and you’re actually more likely to drive them onto a system that’s not under your control,” Oster said.

And once employees start saving corporate data to their own Dropbox or OneDrive, you’ve lost track of it. “So while encryption can protect the data when it’s in motion or at rest, anything that makes it harder for your end users to get their jobs done likely pushes them toward a solution that you don’t want,” Oster said.

“We saw a case once where a company terminated an employee, and then HR walked them back and let them plug in a USB drive — and they promptly took 20 GB worth of information,” Oster said. “It doesn’t matter how good your information security is if HR is letting them do that.”

____________________________________________________________________________________________

Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Oncology database and data breach

March 12th, 2016

21st Century Oncology database was inappropriately accessed by an unauthorized third party. According to the reports, Oncology immediately hired a leading forensics firm to support the investigation, assess its systems and bolster security. Affected information includes patient names, Social Security numbers, physicians’ names, diagnosis and treatment information, and insurance information. There is no indication that medical records were accessed.

According to the FBI, there may be a delay in data breach notification. There is no indication that information was potentially misused. Affected patients are offered one year credit monitoring services.

“We continue to work closely with the FBI on its investigation of the intrusion into our system” 21st Century stated. “In addition to security measures already in place, we have also taken additional steps to enhance internal security protocols to help prevent a similar incident in the future.”

The facility asked their patients to closely monitor their explanation of benefits that they receive from their health insurer to make sure that they have received all of the services listed.

“We deeply regret any concern this may cause our patients, and we want to emphasize that patient care will not be affected by this incident.”

————————————————————————————————————————————————————-

Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Review of Chinese Cyber Security Threat

March 19th, 2013

In a recent study revealed by New York Times, a leading International Security Consulting Firm, Incident Management Group, Inc. (IMG) will be reviewing a corporate security policy in China. It is due to the fact that a computer security threat has been found, posed by Chinese hackers.

This had led IMG to examine Chinese cyber security and computer security for global corp. The New York based news agency, highlighted a report released by Mandiant, another cyber security firm, which focussed on the attempts by the Chinese military to conduct such cyber attacks on The States (US) and some western companies. It has been suspected that these Chinese hackers, especially those associated with military, targeting western firms in order to obtain intellectual property and technology, for years. Despite this article, added weight to the growing suspicion and drawn attention to all the hacking groups around the world, including China. In response to this, IMG is looking for ways to enhance the computer security, cyber security posture as well as to monitor data theft protection of its client partners by enforcing effective data security policies and ensuring full disk encryption for the computer protection.

In light of the news article about western organisations being the target of the Chinese hackers, IMG is planning to conduct a cyber security review to see how full disk encryption can be done and cyber security posture can be increased to implement data security policy. However, for IMG computer protection for data security must be overlooked as an element of institution’s computer security and cyber security framework. Given that the hacking groups have military as well as state support, it is critical for organisation to take a 360 degree view of data security. By doing so, they will ease threats, that are posed by Chinese hackers.

It is possible that either to take advantage of China’s position as a leading global manufacturing base or their growing  business economy, many large corporations are eager to be present, as a target for sales and marketing efforts in the Chinese market. in either cases, Companies need to have a robust encryption software or data security program who are carrying their business with/ in China. n this growing digital technology world, it is paramount to have an active computer security software protection for companies and that should be based on an active evaluation of all data security risks. Physical data security, such as employee access can be a gateway to cyber attacks, hacking and crime; as well as vice-versa.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta