Posts Tagged ‘data encryption’

« Older Entries

Laptop Encryption & Alertsec Xpress

May 9th, 2010
IBM ThinkPad R51
Image via Wikipedia

In today’s competitive business environment organizations are making increasing investments on IT infrastructure, devices and software. Needless to say, laptops are an inherent part of your organization’s growing business plan.

Today, laptops hold critical business data including sensitive customer information and this is where encryption is constantly considered to the best method to ensure data security.

Organizations must deploy encryption as a part of their overall security protection methods. One thing that needs to be considered is the pitfalls of encryption. Today, many of the encryption softwares come security flaws and loopholes which allow attackers easy ways leading to compromise in the organization’s data. Some of the common issues are Algorithm Management, Key Length, Key Recovery, Scope of Protection.

A stolen laptop without encryption is often the first step towards identity theft and fraud. 80% of information theft results from lost or stolen equipment. 50% of network intrusions take place using credentials from lost or stolen equipment. With laptop security, none of the information or credentials would have been lost.

Goal of laptop encryption/disk encryption

Assuming the unthinkable happens and one of your laptop is stolen, what would you do? That missing laptop contained intellectual property and critical data which included the information of customers, their financial records and information on future business strategy and product roadmaps.

Let us say you’re caught in a similar situation, you would want the data on your computer hard-drive to be nullified or in other words you would want your hard-drive to be encrypted.

To protect information stored on a desktop or laptop is by using encryption. Alertsec Xpress offers full disk encryption and offers stronger options to other encryption methods when comparing security, performance, robustness.

Why Alertsec Xpress is different?

  1. Strong Support: Users who forget their password simply call the Alertsec helpdesk. No matter when or where you are, our helpdesk can always assist legitimate users regain access to their information, using the Alertsec Xpress Authentication Method.
  2. Secure disposal of old laptops: You can easily move away from your old laptop. When it is time to decommission your laptop or PC, you can simply reformat the disk and it will be impossible for anyone to ever recreate the information.
  3. Secure & Trusted: The Check Point Full Disk Encryption software solution is trusted by companies, governments, military organizations, and individuals around the globe and its secure design has been approved through independent security tests and certifications.
  4. Built in security measures: Alertsec Xpress will detect boot viruses or debugging programs and prevent these from interfering with the authentication process.

For features and benefits of our computer protection software please visit our website.

For round of updates, news and latest bits from the computer security world, follow us on our Twitter handle.

Reblog this post [with Zemanta]

No comments »

Posted in Alertsec Express, full disk encryption, laptop encryption

Tags:

The Ghost of the Laptop Thief Strikes Again

February 12th, 2010

Who is he? Is he the mysterious man who breaks walls and steals data or is he A.J. Raffles. Whatever be the case, the data thief is striking quite regularly & making it big everytime. This time his victim was the corporate office of AvMed Health Plans in Gainesville. The objective was to to steal the two company laptops. But as mentioned in Ceridian’s case, the loss was not just the cost of physical devices. It also meant that the personal information of more than 200,000 current and former subscribers, their dependents was compromised.

Once again the exposure of data was a common set of objects:

  1. The personal information includes names, addresses, phone numbers
  2. Social Security numbers
  3. Protected health information.

While we believe that any aspect of data loss needs to be treated with a high degree of seriousness, in this case the company admitted that the data was structured randomly & the losses amounting from the theft are very low as well.

How did the invisible ghost strike?

It is a bit surprising to know & difficult to understand that the laptops were stolen from the closed doors. According to the security employees, the doors of conference room were properly locked in the evening but when they came the next day, the laptops were found to be stolen. Apparently, the only people to have the keys with them are the security staff & the cleaning crew. So do this mean that we should zero down on them as the invisible ghosts?

But rightly so, Cochita Ruiz Topinka, the spokeswoman of AvMed mentioned that they didn’t want to jump to any conclusions.

Why the delay in announcement?

If you notice carefully, there has been a decent delay in the security breach announcement. While the incident was determined in December, the public announcement of breach was only made on 5th February. According to the authorities, the delay in announcement was caused to avoid problems in investigation and for setting up the identity protection services.

The magnitude of the loss

As mentioned, it is believed that there is no major loss since the data was completely unstructured. However, things will become clear when the members being the identity protection registration process.

Ed Hannum, President & COO mentioned in a press release, “We will do all we can to work with our members whose personal information may have been compromised and help them work through the process”. “We regret that this incident has occurred, and we are committed to prevent future occurrences.”

Data Theft Humour:: Via I've Been Mugged

What you can do

In the meantime, if you are an affected subscriber this is what you can do. Register yourself with Debix Identity Protection Network, which would tell you if your information was potentially exposed. You can call Debix at 877-263-7998 (TTY 877-442-8633).

Be it Ceridian, Hitech or AvMed the sequence of events is quite similar. There is a physical device that is stolen for e.g. a laptop or portable disk. The loss is reported by the authorities, there is an initial silence and after a period of weeks/months it is made public. While we can understand the delay by the authorities, what certainly don’t augur well are the methods of encrpytion. If the organizations can use the right type of data security software and laptop encryption methods, it would ensure that the data remains protected if a physical device theft is reported.

1 comment »

Posted in Data Protection, Encryption

Tags:

Data Security Breach Incident at Ceridian

February 9th, 2010

In an absolutely shocking incident at Minnesota based Ceridian Corporation, a data security hack attack lead to exposure of Social security numbers, bank account numbers and birth date of 27,000 people. These are people who are working world wide in 1,900 companies.

The issue was primarily discovered by the company officials during the end of 2009 and was immediately reported to Federal Bureau of Investigation and the local government authorities. A letter was then issued on Jan. 29 by Ceridian authorities to the affected workers and was obtained by a leading news site.

Kevin Peterson on behalf of the authorities said, “We took immediate preventive steps to ensure no further incident of this type would occur,” “While the total number of employees affected is small, in our minds one is too many, and we are handling this incident according to our established protocol.” “We wanted to make sure we knew exactly what records had been taken,” Peterson said. “It’s somewhat complicated to understand what the hacker had done, so we worked with authorities to basically recreate what the hacker had done.”

Luckily for the authorities there are no indications of illegal financial transactions being made after this incident was reported. Overall the employees affected by this accident are less than 1%. But that said, according to Avivah Litan, a financial services analyst with Gartner, this incident is potentially more serious than other highly publicized security lapses in the financial industry that revealed millions of credit card numbers.

As a prevention mechanism, the company has also changed the passwords using encryption software for all its Powerpay payroll system customers, which includes all the 1,900 companies that were affected. Initially all the employees were not contacted because the authorities were trying to determine the cause of the data security breach and the cause of the attack. Ceridian has also offered a year of free credit or identity theft monitoring through Equifax Credit Watch. In addition, they have also outlined preventive steps for those who were affected and what they should do to monitor their credit and make sure new accounts aren’t opened in their names.

As far as Ceridian is concerned, this is for the second time that such an incident is happening in three years. Something similar had also happened in 2007 and it involved the theft of financial information from a former employee.

What the victims felt?

However, the letter appeared to confuse some consumers as it didn’t clearly identify the victimized company (which could be a current or former employer) or the bank of the employee that was involved.

Todd Ashton, a Lakeville resident said, “My information never should have been in their computer system”. He also said that it’s been a decade since he left the employer who used Ceridian’s payroll service.

Phil Martin who is a retired employee based in Gainesville, said he had never heard of Ceridian’s Powerpay service and was worried at first that his Social Security check was at risk. Finally after calls to Ceridian it was confirmed that his Social Security account wasn’t involved.

There were some employees who even felt that the letter was like a scam and it didn’t really talk about the admission of a payroll breach. There are companies who just simply disclose the security breaches to those who are directly affected. Then there are those involved, who offer loss resolution services that help recover money or insurance against losses suffered as a result of the breach, she said.

5 comments »

Posted in Data Protection, Encryption

Tags:

Antivirus + Encryption = Total Security

January 17th, 2010

It’s important to understand that encryption software is very different from antivirus software. Many companies consider the two security solutions to be the same and fail to realize that they complement one another. While antivirus software is a perfect way to ensure that your computer is safe from the trojans, viruses, and rootkits, it only goes so far. Antivirus software doesn’t add an extra level of data security by encoding your hard drive. If an outsider gets their hands on a company notebook, antivirus won’t be able to prevent them from directly accessing the information stored.

A recent post from ComputerWeekly brings up a great point:

“…for as little money as it costs to install anti-virus software on your laptop, you can install encryption software, and protect your organisation not only from a data breach but also against any backlash…”‘

Companies need to understand the differences between antivirus and encryption and accept both as standards in their company’s defense. Most, if not all, data breaches or hacking attempts can be prevented and avoided by the right combination of security software.

Protecting your business is in your best interests and that’s where we step in- we provide a powerful and effective encryption method which works alongside all antivirus protection to ensure that your computer is secure. Using industry standard encryption, our software prevents unauthorized users from accessing private company information. Best of all, our software is affordable and manageable for pretty much any business. To learn more about our encryption solution, click here.

If you have any questions about how antivirus and encryption work together or would like to share an experience, leave a comment.

Further Reading
Data encryption is simple safeguard against data breaches [ComputerWeekly]

1 comment »

Posted in Data Protection, Encryption

Tags:

You need more than a blue shield to secure data

October 30th, 2009

Earlier this month we wrote about breaches of medical data in the United Kingdom, but in these past few weeks the US medical community has been stunned by two major security breaches related to Blue Cross Blue Shield.

The Blue Cross and Blue Shield brands are the United State’s oldest and largest family of health benefits companies and are among the most recognized brands in the health insurance industry.  They are the largest health benefits provider in America, serving 100 million people, or approximately one-in-three Americans.

However, a great brand and a long history did not do anything to protect Blue Cross and Blue Shield from these two security breaches.

Information on 850,000 Physicians was stolen

A file containing identifying information for every physician in the country contracted with a Blues-affiliated insurance plan was on a laptop computer stolen from a BlueCross BlueShield Association employee.  The file included the name, address, tax identification number and national provider identifier number for about 850,000 doctors.  Some 16% to 22% of those physicians listed — as many as 187,000 — used their Social Security numbers as a tax ID or NPI number, Smokler said.

Jeff Smokler, national Blue Cross-Blue Shield spokesman, said the insurance giant encrypts all the information on company computers, but an employee who was authorized to have the information violated company rules by downloading an unencrypted version onto a personal laptop. The employee’s personal laptop was stolen after the employee left headquarters with it.

Smokler said corrective action has been taken, but declined to elaborate. This ties directly to our earlier article on security of healthcare data where we noted:

It’s interesting to note that “a unit of hospital purchasing alliance Premier Inc. has begun offering insurance designed to protect members against the cost of data breaches” which highlights why the government regulation is so important.  Unless the fines and implications are severe - this industry, which is accustomed to using insurance to alleviate risks is likely to continue to be a data security black hole.

It’s for this reason that Blue Cross Blue Shield should publicize the steps taken against this employee.  Other employees in the healthcare industry and beyond need to see that there are repercussions of violating data security procedures.  The powerful American Medical Association which represents most of the 850,000 impacted doctors has 6 asked the BlueCross BlueShield Association to meet regarding the data breach – so this story is far from over.

68 Blue Cross Blue Shield Hard Drives Stolen

In addition to reports of the missing laptop with from the national headquarters Blue Cross Blue Shield of Tennessee has announced the theft of 68 computer hard drives.  Over the weekend of Oct. 2nd, unauthorized persons entered a data closet in a remote location that BlueCross BlueShield of Tennessee leases for training purposes and removed 68 hard drives. The stolen hard drives contained voice recordings of eligibility and coordination-of-benefit calls.

While BCBS has not specifically stated whether the drives were encrypted, they commented that “the retrieval of member data from these drives would require highly-specialized expertise and software.”   The other term that was used was “encoded.”  This tells us that while some of the files might have been secured and the data might be hard to retrieve, the drives were not protected by hard drive encryption.

One has to wonder – how many times will records have to be stolen, before companies in the healthcare industry step up and encrypt.  Sure, we all know the economy is tough and money is tight – but today encryption is quite affordable.

2 comments »

Posted in Data Protection, Encryption

Tags: