Log in

Posts Tagged ‘disk encryption’

Gaming Website ‘RockYou’ to pay $250k over Data Breach

March 31st, 2012

Rockyou reaches settlement with FTC over data breach

RockYou, a social gaming website, settled the pending charges of $250,000 towards the U.S Federal Trade Commission (FTC). The data breach that happened in 2009 where ‘RockYou’ exposed personal information of thirty two million users to the hackers rocked the data world. The pending charges included the civil penalty and other concessions. Violation of Children’s Online Privacy Protection Act (COPPA), not engaging in deceptive claims regarding privacy and data security and maintaining a data security program are included in the other concessions charged.

What did RockYou do?

The FTC suspected that RockYou collected information from 179,000 children. According to the federal law, collection, use or exposing the personal information of children below 13 years of age is not allowed. They need to take their parent’s consent. The information collected by RockYou contained date of birth of children. FTC in an agency’s wider campaign took action against Rock You. This campaign was to ensure that companies live up to their promises on data security of their customers. Along with FTC, there was an Indiana man, Alan Claridge who also filed suit against Rock You for the massive data breach in November 2009. However, the case got settled out of the court for $2000 and legal fees which amounted to $290,000.

Rock You proved to be a good example for weak passwords. A study showed that RockYou members had bad password practices like RockYou, 12345,123456 and so on.

A study indicated that passwords like names, slang words dictionary words are very popular. If a hacker tries to guess the first 5000 words from the dictionary, it is very obvious that he would likely have access to many accounts. At this rate, a hacker will gain access to 1000 accounts in less than 17 minutes.

To avoid data theft

RockYou should have had a strong data security policy and they should encourage people to keep strong passwords when they sign in. Companies like gaming sites or social networking sites should educate people on the importance of having strong passwords. There should be a set of password policies. Encryption is necessary for the confidentiality and security of the customers. FTC has a new publication to help the teens in navigating internet safely known as Living Life Online. A regular data security program should be implemented by organisations like RockYou and audited by third party. RockYou will also need to delete the information collected from children under 13 years of age as stated by FTC and will need to pay $250,000 as a penalty towards COPPA violations.

Alertsec Rocks

Organisations and individuals are being trained to handle their data security in a better way. Names like Sarbanes-Oxley, PCI Data Security Standard, HIPAA, and the Data protect Act are all examples of guides for different industries and sectors. Companies are expected to have an information security policy in place to safeguard the information.

With Alertsec, your data can remain safe. It uses encryption software to protect your data from breaches and theft.

Alertsec Xpress is backed up by Check Point Full Disk Encryption and is used by over 4 million users worldwide, with single deployments exceeding 150,000 laptops and PCs. This is the most deployed software of its kind and is seen as today’s market leader.

No comments »

Posted in Computer security, Data Protection, Encryption, Hackers, Identity and Information loss, Lawsuits and settlements, computer security software, data breach, data encryption, full disk encryption, identity theft

NASA employee’s laptop stolen, sensitive data at stake

March 21st, 2012

Kennedy Space Center experiences laptop theft

Where and how was the laptop stolen?

The laptop theft of NASA’s employee took place outside the home of the employee’s car where he had left his laptop. This theft has caused 2300 employees of Kennedy space centre to suffer. The laptop contained personal information like employee names, race, and national origin, and gender, date of birth, contact information, college affiliation and grade-point average. It also included their Social Security numbers which obviously are at stake. A human resources office reported on March 5 and the theft took place at Orange County where the employee is residing. Officials said that there is low probability of exploitation of personal information of Kennedy space centre employees.

NASA is providing affected employees with one year’s worth of free cyber, identity, and credit monitoring and recovery services whose personal information was in the stolen laptop. Kennedy Space Centre spokesman Allard Beutel said initially the numbers of affected employees was predicted much lower than in real. Even though lots of data was stored on the agency servers, the employee’s laptop also contained more sensitive information and security numbers.

This theft has definitely opened eyes of all IT security systems and they are taking additional efforts towards data protection, encryption of devices. Officials said that they will be reviewing all IT security policies and practices to avoid such incidents in future. All the laptops including sensitive and general data at KSC will be encrypted by September 2012. However, this was planned and was going to be implemented before the theft took place.

NASA officials had a hard time ‘cleaning their act’. Any data has the possibility of being hacked if not encrypted properly. Lost laptops or loss of any electronic system that contains sensitive information could prove as the huge loss for any business. There are many methods to protect data on laptops such as alarms, locks or visual deterrents. It is always advisable to have a backup of data on servers, and to delete the sensitive information on laptops when the work is over.

We all are aware about the benefits of encrypting devices. Encryption can be done to a specific file or a whole disk. It ensures us peace of mind. We feel relaxed as our sensitive information is secured. Encryption also provides unauthorised access protection to our data. Encryption may be useless if authentication is not there. Some corporations need to pay huge fines if the laptops stolen are not encrypted. If the data stolen is very sensitive and related to business, it will cost you a lot for your business. Encryption will ensure that even if your laptop gets stolen, the data cannot be hacked by the best hackers also. After all, confidentiality is what we all need.

Try Alertsec

Alertsec, a reliable name in the world of data security is guiding organizations in their data protection policy. Alertsec Xpress is powered by Check Point Full Disk Encryption – the global leader in data encryption software with millions of users worldwide! For years, Check Point has been protecting more PCs, laptops, PDAs, smart phones and removable storage devices than anyone else in the world.

No comments »

Posted in Computer security, Data Protection, Encryption, Hackers, Identity and Information loss, Security Flaw, computer security software, data breach, data encryption, full disk encryption, identity theft, laptop encryption, laptop theft

Tags: AlertSec Xpress Check Point Computer security disk encryption Encryption Information sensitivity Kennedy Space Center laptop theft NASA Social Security number

Data breach affects University of Tampa

March 19th, 2012

Students data compromised at the University of Tampa

Every University has a data security policy in place and tries its best to secure confidential information of its students, alumni, staff and faculty. In spite of this, student data is getting compromised and private data getting misused. The recent data breaches at Missouri State University, University of South Carolina and Midland Tech shows that educational and student data is vulnerable and susceptible to compromise.

The University of Tampa breach

Private data of about 30,000 students and staff at the University of Tampa remained open on the Interne for anyone to see. The information was seen in the form of an file indexed by Google and displayed name and long string of numbers — social security number, student ID number and date of birth.

On Mar 13 some students were practicing advanced search techniques and that’s when they bumped on to this data. They immediately informed about this accident to the information technology department. This happened because the file got created as a back-up a new server was installed in July 2011 and in turn the file accidentally got indexed by the search engine.

Post-incident, Google has taken down this file and removed it from the cache.

What is UT doing post-breach?

The University plans to send a letter to students and staff regarding the breach. At the same time the students may contact the IT department to find out if they were on the list of those affected.

According to the University officials there is no evidence of the information being misused till date. Nevertheless, the University has offered to pay for fraud alert services for anyone who requires them.

Data breach history at the University of Tampa

Two other breaches were reported in January 2000 and July 2011 that had affected about 30,000 records related to faculty, students and staff.

As this is the third data breach in the University’s history, it is needless to say students at the downtown university are concerned about their data and authorities are having a hard time convincing students about data security policies.

Statements

According to Cpl. Bruce Crumpler, economic crimes division of the Hillsborough County Sheriff’s Office, “I’m not sure I can find words to express how worried they should be,”. “I think they should be very concerned.”

Paul Stephens, director of policy and advocacy for the Privacy Rights Clearinghouse in San Diego, adds further “This would be categorized as a major and critical breach because of the nature of the information,” he said. “Anytime Social Security numbers are involved, particularly in connection with dates of birth, those are the keys to the kingdom for an identity theft.”

Donna Alexander’s, vice president of information technology, take on the matter

“We took immediate action to take the files down so they would not be accessible any longer,” Alexander said. “We know the exposure is somewhat limited, but we are certainly concerned about any exposure whatsoever.” In this case there was a situation where the protective measures for that particular directory were not as tight as they should have been,” Alexander said.

Encrypt your data with Alertsec’s help and stay safe

Universities and educational institutes are now made aware about their data security and are implementing data encryption techniques. Alertsec uses encryption software to protect data from breaches and theft.

Alertsec Xpress is backed up by Check Point Full Disk Encryption and is used by over 4 million users worldwide, with single deployments exceeding 150,000 laptops and PCs. This is the most deployed software of its kind and is seen as today’s market leader.

No comments »

Posted in Bkis, Computer security, Data Protection, computer security software, data breach, data encryption

Tags: Check Point Confidentiality data breach data security disk encryption Google Information privacy Missouri State University Personal computer Social Security number South Carolina University of South Carolina University of Tampa

Canadian businesses vulnerable to data breaches: Security needs tightening

February 29th, 2012

The cloud-computing stack: Cloud computing is the answer to data security

It is a myth that only giant corporations become a victim of data breach as they deal in large amount of data. The reality is small and medium-sized businesses are not exception when it comes to getting hacked. Their data is equally insecure and unless they strengthen their security policies, they are looking for trouble with a capital T.

Today’s story throws light on the vulnerability of small and medium sized businesses. The focus today is on Canadian companies.

What the survey says?

According to the survey conducted by Primus Business Services 60 per cent of the small and medium business owners admitted that they invest less than 10 per cent of their budgets in data. It is true that they are aware of the risks they are taking but are unable to act on it.

Half of the company-owners said that they were concerned with cloud computing security, 40 per cent of them were of the opinion that they would feel more secure if cloud services had full unified threat management/firewall protection or if the cloud was a single-tenant environment. Around 48 per cent agreed that having proper company security polices will solve the data breach problems.

Cloud-computing is a relatively new phenomenon and hence companies are wary of switching to this technology. As of now only 14 per cent companies are taking advantage of this technology. Somehow it is still felt that cloud-computing is insecure as compared to having your own servers.

According to AJ Byers, Executive Vice President of Primus Business Services “Our public and private cloud computing platforms have been designed with enterprise grade security, failover, and disaster recovery technologies that are far more advanced than the standard firewall and server protection that most small and mid-market companies are investing in to protect both their own, and customer, data.”

What does cloud-computing exactly do?

A cloud firewall protects cloud servers and offers a fully unified threat management approach to securing the

customer’s environment.

Cloud computing key features:

Network security: A configurable firewall combined with an Intrusion Protection system, Denial of Service protection, traffic forwarding, VPN support and other

security tools.

Application security: includes email and web security – Protects users from receiving malicious spyware and spam emails.

What does cloud-computing exactly do?

A cloud firewall protects cloud servers and offers a fully unified threat management approach to securing thecustomer’s environment.

Cloud computing key features:

Network security: A configurable firewall combined with an Intrusion Protection system, Denial of Service protection, traffic forwarding, VPN support and othersecurity tools. Application security: includes email and web security – Protects users from receiving malicious spyware and spam emails.

The above makes it all the more clear why data security is important. Data encryption via cloud computing is the way to keep data breaches at bay. Companies like Alertsec take care of security needs for big as well as medium-sized and small companies.

Let us peek into the key features of Alertsec:

256-bit Full Disk Encryption

Web-based management

Comprehensive 24/7 support

Logging & Reporting

HIPAA, PCI and SOX compliant

Alertsec’s cloud-based, hard disk encryption service provides an easy and convenient way to protect all information stored on your organisation’s laptops and PCs.

No comments »

Posted in Computer security, Data Protection, Encryption, Identity and Information loss, Security Flaw, computer security software

Tags: alertsec business Check Point Cloud computing Cryptography data breach Data Protection Act 1998 data security disk encryption Information privacy security Social Security number Theft

Tracking software helps catch laptop thief in Altadena, Los Angeles

February 25th, 2012

Tracking software helps recover stolen laptop

We cannot stress how important it is to get your laptop encrypted. Dozens of cases very month are related to laptop thefts.

What is scary is that 97% of stolen laptops are never recovered! Intellectual property theft is on the rise and we need stricter laws to keep laptop thieves at bay. It is just not the physical thing that you lose but you lose sensitive and valuable data. If you own a laptop, today’s post is for you. In case you ever loose your laptop but have encryption software loaded, you stand a good chance of getting your laptop back.

Today’s article not only helped the detectives to recover a stolen laptop but also other items that the thief stole like rifles and iPhones!

Read on

In January, Los Angeles County sheriff’s detectives marched into the home of Raymond Jackson, 57, and found stolen goods that included a laptop which was protected by a encryption software. The laptop was stolen from an Altadena residence in May 2011. The detectives were on to this case for last 9 months.

They kept monitoring the laptop’s use through the tracking software. What they actually did was that they captured the keystrokes and screen images in November 2011. That helped them to zero in on Raymond. Prior to that Raymond did use the laptop but the data was not much to go for for the detectives.

With the help of the search warrant the detectives managed to recover not only the laptop but items like a legally banned, unregistered assault rifle; a pair of loaded rifle magazines; a .32-caliber revolver with a scratched-off serial number; and six stolen iPhones. 2 of the iPhones have been confirmed as stolen.

Jackson was arrested at his home and later released after posting $50,000 bail. He is scheduled to appear again in court March 12.

Sheriff’s Detective David Gaisford comments

“The use of tracking software for one crime, led to the solving of multiple crimes,” said.

“My partner and I have recovered several laptops over the last year alone through laptop tracking. They often lead us to property stolen in other crimes.’”

Some do’s and don’ts for laptop users

Do’s
• Choose a password which is hard to decipher.
• Create a different password for every website that you use.
• Use anti-virus software on your laptop.
• During the coffee break, lock your keyboard or log off.
Don’ts
• Use an easy password like your birth date, car or phone number.
• Do not give your password to anyone however close to you.
• Open attachments or emails that look dicey or are from an unknown source.

Cyber-security with Alertsec

Alertsec Xpress is a very easy and convenient service which enables securing valuable information on laptops.

Alertsec Xpress is powered by Check Point, the market leader in the field of mobile data protection. The software was launched 16 years ago and is the most robust software on the market today.

Alertsec Xpress provides: