Log in

Posts Tagged ‘Cryptography’

The European Union to revamp data-protection rules that will control information flow

January 24th, 2012

Europe has been struggling for stricter data breach laws for a long time. The recent data thefts have pushed the EU to make tough rules as regards data breaches and data security. This certainly is the need of the hour, not only in Europe but all over the world as data breaches are on the rise and hackers are taking advantage of the loopholes in the system.

EU Justice Commissioner Viviane Reding talks about introducing new data protection regulations

The European Union is in the process of proposing new regulations regarding how companies use the personal information of Internet users this week. The new regulations are going to have a major impact on companies like Google and Facebook. This is going to put stricter limits on how they use the information of the people that use their services. According to Viciane Reading, vice president of the European Commission, a branch of the EU, these new regulations are absolutely required to protect personal data of the users and rebuild a sense of confidence in them.

The current state of security laws in Europe:

At present there are conflicting laws from various countries that form the Union. These laws force the companies to collect data on consumers from the Internet. Companies who do not follow any regulations are becoming a victiom of data breach and are always at loggerheads with the governments. For e.g. Facebook, has been in the limelight as it was targeted by both U.S. and European regulators for the wayt they use user data. The company underwent 20 years of independent audits after the U.S. Federal Trade Commission proved that the company’s use of customer information was illegal.

What data privacy means for consumers?

Privacy is a major concern for today’s insurance industry. The more transactions we carry out online, the more we stand to risk of becoming a target of cyber crime. Data Breaches puts information of millions of consumers at risk and that means monetary losses for companies and insurance groups.

What will the new rules exactly do?

The new rules will make it compulsory for financial services firms and credit card processors to report incidents of lost or stolen data within 24 hours of a breach. These rules are set to come into effect today. The companies must, as per new rules, appoint a data protection officer to preside over the protection of personal data stored and processed by individual businesses.

EU Justice Commissioner Viviane Reding’s comment

“I want to explicitly clarify that people shall have the right – and not only the ‘possibility’ – to withdraw their consent to the processing of the personal data they have given out themselves,” says Reding. “If an individual no longer wants his personal data to be processed or stored by a data controller, and if there is no legitimate reason for keeping it, the data should be removed from their system.” ”Companies that suffer a data leak must inform the data protection authorities and the individuals concerned, and they must do so without undue delay,” adds Reding. “As a general rule, without undue delay means for me ‘within 24 hours’.”

Data security with Alertsec

Following the essential guidelines is very necessary for data security in any organization. This news exemplifies the need for data protection applications. In an incident which highlights the need of Data encryption software and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security. There are no short cuts to Data security in any organization. Alertsec offers ervice that includes more than the traditional software licensing model.

No comments »

Posted in Computer security, Data Protection, computer security software, data breach, data encryption

Tags: AlertSec Xpress Cryptography data breach data security Encryption European Union Facebook Federal Trade Commission Information privacy Internaut laptop Personal computer Personally identifiable information Theft Viviane Reding

Health care data breaches on the rise – Get serious about the HIPPA

December 15th, 2011

Image via Wikipedia

How many healthcare organizations today are following the HIPPA (Healthcare Insurance Portability Act and Accountability Act of 1996)? Looking at the increase in health care data breaches, one know how much security laws are being followed.

The US healthcare system has always been the best choice for hackers. Every other data breach news item talks about health-care data thefts. According to the Ponemon Institute’s data security survey 96% of US healthcare organisations have been a victiom of at least one data breach in the last two years. Medical data handling practices are very sloppy and a disturbing reality check for patients. Data breach risks are very high especially related to identity theft and medical identity theft. Obviously patient’s privacy is affected. Every time a breach takes place, hospitals lose an average of $2.24 million. Annually it would come around $6.5 billion.

What is the exact reason for this severe problem? – Silly mistakes on the employee’s part is the main culprit here. Although the mistakes are ’silly’, the consequences are disastrous. In addition t0 the employees, third parties and sub-contractors are to be blamed for data breaches. Needless to say, lost or stolen devices add to the reasons.

The survery also showed that the use of unsecured mobile devices contributed to data theft. Most of the providers do not do much to protect the data on these devices. These devices are used for gathering, transmitting, and storing patient information but obviously they are not secured enough. According to the report “An area that needs to become more of a priority is privileged user and access governance, with only 29 per cent agreeing that the prevention of unauthorised access to patient data and loss or theft of such data is a priority,”. “Hospitals and healthcare providers suffered an average of four data breaches in the past year, according to the report.”

The worst part of these data breaches is that once discovered they are notified to the customers only after a couple of months.

HIPPA needs to step in and enforce security laws. Every hospital has a data security policy but how many actually follow them? Very few, it is clear from the upsurge of data breaches. An HIPPA audit is a must for very organization. But that’s not enough. What is required is data encryption, virtual or dedicated firewalls, offsite backup and antivirus to meet HIPAA/HITECH standards and keep data secure.

Following are the consequences of a data breach that healthcare organizations suffer from:

81% Diminished productivity and lost time

78% Brand or reputation diminishment

75% Loss of patient goodwill

Result of these conseqences: dissatisfied patient,an average loss of $113,400 per customer/patient.

Data breaches are discovered through:

51% Employees

43% Audit/Assessment

35% Patient compliant

Following are the consequences of a data breach that healthcare organizations suffer from:

81% Diminished productivity and lost time78% Brand or reputation diminishment75% Loss of patient goodwillResult of these conseqences: dissatisfied patient,an average loss of $113,400 per customer/patient.
Data breaches are discovered through:
51% Employees43% Audit/Assessment35% Patient compliant

Alertsec is into the data encryption business

You cannot afford to wait any longer. Alertsec Xpress, the market leader in data encryption, is the need of the hour. Alertsec Xpress offers full disk encryption and is therefore superior to other encryption providers in security, performance, strength and ease-of-use for administrators and users. Alertsec also offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model.

No comments »

Posted in Computer security, Data Protection, computer security software, data breach, data encryption

Tags: Cryptography data breach data security Health Insurance Portability and Accountability Act Hospital identity theft Patient Ponemon Institute Theft

Unencrypted laptop stolen from Ruth Crawford QC during Holiday

November 21st, 2011

We have mentioned before about laptop theft cases going unreported. In the following case laptop was stolen in 2009 but the incident came to light only now, after 2 years! To top it all, this laptop belonged to a Scottish lawyer who we expect should have been diligent enough to guard client’s data.

Ruth Crawford QC was on a holiday when her laptop went missing. The laptop contained personal information related to clients who were a part of Ms Crawford’s eight court cases. This data was specifically about the mental and physical health of the clients.

Ms Crawford was lucky that the incident took place in 2009. Had it taken place seven months later, she would have been fined for breaching the data protection Act as that was when the ICO was given new powers to impose fines of up to £500,000.

As of today Ms Crawford has signed an undertaking that says she is going to encrypt all her portable devices and secure them properly. These are the exact words of the undertaking ”The theft occurred while the data controller (Ms Crawford) was on holiday, having left plumbers to fit a new boiler at her home. The data controller provided the plumbers with keys and the code to her alarm. She highlighted the importance of keeping her front door locked and of activating the alarm when leaving the house.

“Upon returning from holiday on September 3 2009, the data controller discovered that the laptop and a purse were missing from her study. She subsequently reported the matter to the police. The commissioner has noted that physical security measures were in place at the time of the incident but that there was insufficient technical security employed on the laptop to protect the data.”

According to Ken Macdonald, Assistant Commissioner for Scotland: “The legal profession holds some of the most sensitive information available. It is therefore vital that adequate security measures are in place to keep information secure.”

“As this incident took place before the 6 April 2010, the ICO is unable to serve a financial penalty in this instance. But this case should act as a warning to other legal professionals that their failure to protect personal information is not just about potentially being served with a penalty of up to £500,000, it could affect their careers too. If confidential information is made public, it could also jeopardise the important work they do in court.

“The ICO would also like to assure the legal profession that any information reported to this office will not be disclosed unless there is specific legal authority for us to do so. Therefore all breaches should be reported to our office as soon as practically possible.”

Alertsec is a data encryption service company. Organisations, be it big or small, must have encryption in place. If you are an individual works independently or is not covered by the organisation can also use self-encrypted drives. Alertsec helps with the installation, the cost of this encryption service is negligible compared with the hassle, cost and embarrassment.

Safeguard your data with Alertsec Encryption Service

No comments »

Posted in Identity and Information loss, identity theft, laptop encryption, laptop theft

Tags: Crawford Cryptography Data Protection Act 1998 Encryption Hardware ICO Ken Macdonald laptop Mental health Notebooks and Laptops Personally identifiable information Ruth Crawford QC Scotland Theft

Computer backup tapes reported missing from Nemours Children’s Health System

October 27th, 2011

Backup tapes containing patient billing data stolen

Data thieves somehow love stealing patient data or better they somehow know that stealing patient data is a lot easier than any other data. Recent cases of hospital data missing are a clear indication of the above.

The following is yet another case of missing patient billing data. This time thieves have managed to steal three unencrypted computer backup tapes containing patient billing and employee payroll data from a Nemours facility in Wilmington, Delaware. The tapes were supposed to be ’safely’ locked and there was another cabinet containing a computer systems conversion that was completed in 2004. The thieves cleverly stole the tapes and locked cabinet on September 8, 2011 during a facility remodeling project.

As yet there is no indication that the tapes were misused. Fortunately there was no medical data on the tapes. Thieves are going to have a hard time accessing data on these tapes and will need special equipment and knowledge if they want to break this code.

The data in these tapes includes info like name, address, date of birth, Social Security number, insurance information, medical treatment information, and direct deposit bank account information related to 1.6 million patients and their guarantors, vendors, and employees at Nemours facilities in Delaware, Pennsylvania, New Jersey and Florida.

According to David J. Bailey, M.D., President and Chief Executive Officer “This is an isolated incident unrelated to patient care and safety,”. “The privacy of our patients, their families, and our employees and business partners is a high priority to all of us at Nemours.”

Affected individuals are being notified and one year of free credit monitoring and identity theft protection as well as call center support has been offered to them.

In a special press release, patients were told the following:

Nemours has provided high quality and compassionate paediatric care for over 70 years, and the privacy and confidentiality of the information we maintain for our patients has always been an important part of the fundamental trust that we share with our patients and their families.

Needless to say, Nemours is revamping its data security policies. The policy includes data encryption and moving computer backup tapes to a another secure facility.

In a similar incident that we reported last week, backup tapes at TRICARE were lost. TRICARE is a provider of health care services to active and retired military personnel. These are careless and easily preventable mistakes that organizations must take into account.

Alertsec is helping organizations with their data security issues

Alertsec, a reliable name in the world of data security is guiding organizations in their data protection policy. Alertsec Xpress is powered by Check Point Full Disk Encryption – the global leader in data encryption software with millions of users worldwide! For years, Check Point has been protecting more PCs, laptops, PDAs, smart phones and removable storage devices than anyone else in the world.

Alertsec is the frontrunner in offering data encryption software as a fully managed service, and as such, Alertsec is a Check Point Managed Security Service Provider and Global Silver partner. We´re an experienced security organization with well-trained and Check Point certified experts.

No comments »

Posted in Computer security, Data Protection, Identity and Information loss, Uncategorized, computer security software, data encryption, identity theft

Tags: Backup Cryptography data data security David Jackson Bailey Delaware Nemours New Jersey Patient Pennsylvania September 8 2011 Social Security number Theft Wilmington Wilmington Delaware

A spear phishing attack on IMF

June 15th, 2011

IMF Headquarters - Image via Wikipedia

Hackers are not only getting into gaming sites; they are eyeing the monetary world as well. It is the International Monetary Fund (IMF) this time. This happened just after a day Citibank faced cyber attack and names, account numbers and email addresses of more than 200,000 North Americans Citibank account holders were compromised.

Before we move ahead and discuss the story in detail, let us try to understand the difference between phishing and spear phishing. While phishing floods millions of email inboxes and relies on mass attack, spear phishing is more about selectively targeting individuals who have been identified previously. That means spear phishing can potentially attack a small bunch of people working in the same organization.

It appears that some foreign government was behind the data breach. According to IMF spokesman David Hawley the incident was under investigation and the fund was completely functional. Fox News reported that the IMF’s computers had been hacked into similar to the latest incident in November 2008 via malicious software.

The World Bank deactivated a cyberlink it has with the IMF as one of IMF’s desktop was compromised and large quantity of data was obtained. The hackers had deliberately infected a computer at the IMF with malware trained to steal information. This is a new kind of malware, one that gave hackers broad access toIMF’s systems – helping to gain ‘hot market’ information. Email warnings about “increased phishing activity”were received on June 1 and employees were warned against opening emails from unknown senders, access suspicious video links or click on attachments . IMF had sent an internal memo on June 8 about the actual cyber-attacks to its board members and employees.

Political foes, especially China, could be behind the attack as data related to monetary policies is of utmost value. The IMF studies the economic stability of its 187 members and analyzes each nation’s financial risk. It supervises the global financial system and recently played a major role in the economic bailout of Greece, Ireland and Portugal. This came as a rude shock when the country was just grappling with IMF chief Dominique Strauss-Kahn’s sexual asasult scandal.

Unless the IMF reveals more information about what data was compromised and how it happened, it is difficult to figure out who was behind the attack and the extent of the loss. The Federal Bureau of Investigation is in charge of this investigation.

Contact Alertsec for your data security needs

It is clear that the security of world’s large corporations is at risk. In the absence of full disk encryption, valuable files can be accessed. To keep your sensitive data safe from thefts and hacking, it is vital to use Data encryption software. Data loss prevention systems can also reduce the loss of information. Investing $13/month gives an organization peace of mind. A very small price to pay compared to losing high-quality or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial