Log in

Posts Tagged ‘Encryption’

Scottish charity reprimanded for USB data breach by ICO

March 13th, 2012

2 USB sticks containing mental health data stolen from Enable Scotland

Data sticks or USB drives look so small but carry so much of weight, don’t they? They carry a lot of data and if lost, are difficult to recover due to their size. Thus storing data on a USB drive and carrying it around is very easy, a perfect example of ‘advanced technology’ but what if they get stolen? What if data on a USB drive is compromised?

Today’s post deals with data breach at a Scottish charity wherein their 2 USB drives (memory sticks) were stolen.

The story

A Scottish charity has been admonished for not encrypting the USB device (memory sticks) by ICO (Information Commissioner’s Office). These data sticks belonged to Enable Scotland and contained data of people with mental health issues, their addresses, and date of births which has now been stolen by thieves. The device was stolen from employee’s home that contained information of 101 people. According to the Data Protection Act rule the data should be erased after it has been uploaded on servers to avoid such data breach. It should also be in practice to knowledge the home workers how to handle such secured information in the form of memory sticks that are not routinely encrypted. Enable Scotland has admitted that the data stolen was not explicit yet it contained names of people who are connected with this charity for mental health issues. They had failed to delete it after their use. During an investigation, it was also found that mobile devices were not encrypted too that are used for storing sensitive information.

Penalty in form of money is charged for such loss of data by any organisation but this being a charity we are not confirmed as it charities are not charged penalty in form of money. However, Enable has started working on improving their agreements and policies with Data Protection Act. They will also educate their workers on data protection procedures and ensure that their mobiles are encrypted. It is pleasing that Enable reported the breach as early as they could but the information once lost cannot be regained though.

Enable has taken a good step towards data breaches to protect their customer information. However, it should be a learning for all other charities out there to safeguard their people’s sensitive information. ICO recently handed out a fine to Cheshire East Council for emailing sensitive information to wrong recipients.

Data breaches are really a matter of great concern nowadays. The amount of data loss that is taking place is worrying and many organisations do not have hundred percent protection policies towards their employees data. It is very important that sensitive information must be secured. Routine Encryption of devices must be made mandatory to avoid such losses of data otherwise there will be no end to cases like these in near future. So that even if the data is stolen encrypted devices will ensure protection of information. Businesses should have this obligation towards their society to avoid such thefts as majority of them take place outside the corporate environment.

Your system needs Alertsec!

There are no short cuts to data security in any organization. This news stresses the need for data protection applications. In an incident which highlights the need of Data encryption software and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model.

No comments »

Posted in Computer security, Data Protection, Encryption, Hackers, Hard Disk, Identity and Information loss, computer security software, data breach, data encryption, identity theft, laptop encryption, laptop theft

Tags: AlertSec Xpress Check Point data breach Data Protection Act 1998 Encryption Hardware ICO Information Commissioners Office Information sensitivity Office Storage USB USB flash drive

Tracking software helps catch laptop thief in Altadena, Los Angeles

February 25th, 2012

Tracking software helps recover stolen laptop

We cannot stress how important it is to get your laptop encrypted. Dozens of cases very month are related to laptop thefts.

What is scary is that 97% of stolen laptops are never recovered! Intellectual property theft is on the rise and we need stricter laws to keep laptop thieves at bay. It is just not the physical thing that you lose but you lose sensitive and valuable data. If you own a laptop, today’s post is for you. In case you ever loose your laptop but have encryption software loaded, you stand a good chance of getting your laptop back.

Today’s article not only helped the detectives to recover a stolen laptop but also other items that the thief stole like rifles and iPhones!

Read on

In January, Los Angeles County sheriff’s detectives marched into the home of Raymond Jackson, 57, and found stolen goods that included a laptop which was protected by a encryption software. The laptop was stolen from an Altadena residence in May 2011. The detectives were on to this case for last 9 months.

They kept monitoring the laptop’s use through the tracking software. What they actually did was that they captured the keystrokes and screen images in November 2011. That helped them to zero in on Raymond. Prior to that Raymond did use the laptop but the data was not much to go for for the detectives.

With the help of the search warrant the detectives managed to recover not only the laptop but items like a legally banned, unregistered assault rifle; a pair of loaded rifle magazines; a .32-caliber revolver with a scratched-off serial number; and six stolen iPhones. 2 of the iPhones have been confirmed as stolen.

Jackson was arrested at his home and later released after posting $50,000 bail. He is scheduled to appear again in court March 12.

Sheriff’s Detective David Gaisford comments

“The use of tracking software for one crime, led to the solving of multiple crimes,” said.

“My partner and I have recovered several laptops over the last year alone through laptop tracking. They often lead us to property stolen in other crimes.’”

Some do’s and don’ts for laptop users

Do’s
• Choose a password which is hard to decipher.
• Create a different password for every website that you use.
• Use anti-virus software on your laptop.
• During the coffee break, lock your keyboard or log off.
Don’ts
• Use an easy password like your birth date, car or phone number.
• Do not give your password to anyone however close to you.
• Open attachments or emails that look dicey or are from an unknown source.

Cyber-security with Alertsec

Alertsec Xpress is a very easy and convenient service which enables securing valuable information on laptops.

Alertsec Xpress is powered by Check Point, the market leader in the field of mobile data protection. The software was launched 16 years ago and is the most robust software on the market today.

Alertsec Xpress provides:

Fully managed service for your convenience.
Very cost effective service.
Market leading laptop protection service.
Quick and easy implementation.
Easy to use protection.
Transparent solution.
Global 24/7 helpdesk.

100% secure and reliable encryption.

No comments »

Posted in Identity and Information loss, identity theft, laptop encryption, laptop theft

Tags: AlertSec Xpress Altadena California Check Point Computer security Computer surveillance data security Detective disk encryption Encryption Hardware IPhone laptop LoJack Los Angeles County Sheriff's Department Notebooks and Laptops Possession of stolen goods Theft

ICO fines Croydon Council for negligence – Children data stolen from Pub

February 13th, 2012

Croydon council has to pay a heft fine for data breach

Data related to children is the most sensitive one, especially when it is about sex abuse victims. This data ought to be ‘heavily’ guarded in the sense that it must be encrypted so that it does not get into the hands of hackers. Misuse of such data can lead to dire consequences. Today’s story talks about negligence shown by the Croydon Council wherein children data was stolen.

As the story unfolds

The ICO (Information Commissioner’s Office) fined CROYDON Council n amount of £100,000 after a bag carrying papers related to child sex abuse victim was taken from a pub.

According to the ICO CROYDON Council had breached the Data Protection Act because it did not encrypt the data and failed to follow security measures.

Well, obviously the council is not happy about it and is considering appealing the verdict. It feels this fine is a bit too heavy.

Apparently a social worker, an employee of the council, had taken this bag along to a pub that he was visiting. Needless to say the bag was unlocked. A perfect opportunity for a thief and he made the most of it! This happened in April 2011. The worst part is that these documents were related to a child abuse case and 6 other people who were a part of it.

ICO head Stephen Eckersley’s comments:

“We appreciate that people working in roles where they handle sensitive information will – like all of us – sometimes have their bags stolen.

“However, this highly personal information needn’t have been compromised at all if Croydon Council had appropriate security measures in place.

“One of the most basic rules when disclosing highly sensitive information is to check and then double check that it is going to the right recipient.

“Norfolk County Council failed to have a system for this and also did not monitor whether staff had completed data protection training.”

The council did inform the concerned parties immediately but that cannot be given as an excuse for leaving vulnerable data unattended. The bag has not been found till date.

CROYDON’s comment:

“The council is perplexed and frustrated by the commissioner’s general criticism of our data protection and information handling guidance, as many of our internal measures and policies appear to have been disregarded in reaching this judgment.

“The council also believes, having taken advice, that the level of fine is wholly disproportionate to the breach.”

Time to implement security measures and quality assurance technology

The above story shows we are living in a volatile world where anything and everything can go wrong in a jiffy. We have to be prepared for the worst, especially this information world of Internet. Information is flowing at an immeasurable speed hence all the more need to secure it from falling into the hands of the wrong people. The above report is a wake-up call for all the council and Information companies. In short check and double check.

As of now it is not mandatory for private bodies to disclose data breaches. But sooner than later, that law will come into effect and hopefully the common-man will breathe a sigh of relief.

Bring in Alertsec

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software. There are no short cuts to Data security in any organization. This news stresses the need for data protection applications. In an incident which highlights the need of Data encryption software and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model.

No comments »

Posted in Computer security, Data Protection, Encryption, computer security software, data breach, data encryption

Tags: AlertSec Xpress breach notification breach notification laws Check Point Computer security Council Tax Croydon Croydon College Croydon Council Data Protection Act 1998 Encryption ICO identity theft Information Commissioners Office Information privacy Information sensitivity London London Borough of Croydon Needless Norfolk security Sexual abuse

The Eircom Group admits to a major data breach – records of 7000 customers stolen

February 12th, 2012

In one of the recent posts we talked about the lurking dangers behind using laptops. This post is another example of how vulnerable mobile devices like laptops, smart phones are. There’s always a chance of them getting stolen especially when you are traveling or leave them unattended.

The Eircom Group Laptop Theft Story

The company admitted on Friday that 3 of its laptops were stolen. 2 from Eircom’s offices at Parkwest in Dublin between December 28, 2011 to January 2, 2012. The third was stolen from an employee’s residence on December 19. It goes without saying that data on all these machines was not encrypted.

More than 6,845 eMobile and Meteor customers, as well as 686 employees have lost their data.

EIRCOM’s statement

“The data at risk for the vast majority of customers is personal data including names, addresses and telephone numbers. There is a small group of approximately 146 customers where financial data including bank account details may be at risk.

“Separately, there is also a risk to data held within 404 Meteor customers. The data specifically concerns post-pay customers who applied online between January and July 2011.

“The personal data at risk includes details such as an applicant’s name, address, and telephone numbers as well as a range of documentation used to support a customer application such as passport and drivers licence details, various photo ids or utility bills which all may have been used to establish proof of identity.

“In some cases financial data such as bank account, laser or credit card details is also at risk.”

Due to this theft, the company’s policy is under the scanner. As of now it is not known if the stolen data has been misused in any way. According to Data Commissioner Billy Hawkes this is one of the most serious breaches so far. The other concern expressed by the commissioner is that Eircom was late in informing its customers about the breach. “Encryption of laptops where you do permit personal data to be stored on them is bog-standard security so it’s extremely surprising that in two separate incidents Eircom laptops were not encrypted,” Mr Hawkes said.

Precautionary steps being taken by Eircom

“More than 20 customer care agents and account managers have initiated a contact programme to telephone all 550 customers whose financial data may be at risk.

“The agents will notify the customers of the risk and inform them of the specific data involved. They will also answer any questions or concerns they may have. In addition, all impacted customers will be notified by letter.

“As a precautionary step, we have contacted the Irish Banking Federation, who has notified their members of the potential risk to data for affected eMobile and Meteor customers.”

The number 1 laptop encryption service – Alertsec

3 easy steps to encrypt your data

a. Register for your subscription or 30-day free trial of our encryption software

b. Download and activate Alertsec Xpress online

c. Your laptop is now Powered by Check Point Full Disk Encryption

No comments »

Posted in Computer security, Data Protection, Identity and Information loss, computer security software, data breach, data encryption, identity theft, laptop encryption, laptop theft

Tags: AlertSec Xpress Check Point Customer data breach disk encryption Dublin Eircom Encryption Friday Irish Banking Federation laptop Personally identifiable information Theft

The European Union to revamp data-protection rules that will control information flow

January 24th, 2012

Europe has been struggling for stricter data breach laws for a long time. The recent data thefts have pushed the EU to make tough rules as regards data breaches and data security. This certainly is the need of the hour, not only in Europe but all over the world as data breaches are on the rise and hackers are taking advantage of the loopholes in the system.

EU Justice Commissioner Viviane Reding talks about introducing new data protection regulations

The European Union is in the process of proposing new regulations regarding how companies use the personal information of Internet users this week. The new regulations are going to have a major impact on companies like Google and Facebook. This is going to put stricter limits on how they use the information of the people that use their services. According to Viciane Reading, vice president of the European Commission, a branch of the EU, these new regulations are absolutely required to protect personal data of the users and rebuild a sense of confidence in them.

The current state of security laws in Europe:

At present there are conflicting laws from various countries that form the Union. These laws force the companies to collect data on consumers from the Internet. Companies who do not follow any regulations are becoming a victiom of data breach and are always at loggerheads with the governments. For e.g. Facebook, has been in the limelight as it was targeted by both U.S. and European regulators for the wayt they use user data. The company underwent 20 years of independent audits after the U.S. Federal Trade Commission proved that the company’s use of customer information was illegal.

What data privacy means for consumers?

Privacy is a major concern for today’s insurance industry. The more transactions we carry out online, the more we stand to risk of becoming a target of cyber crime. Data Breaches puts information of millions of consumers at risk and that means monetary losses for companies and insurance groups.

What will the new rules exactly do?

The new rules will make it compulsory for financial services firms and credit card processors to report incidents of lost or stolen data within 24 hours of a breach. These rules are set to come into effect today. The companies must, as per new rules, appoint a data protection officer to preside over the protection of personal data stored and processed by individual businesses.

EU Justice Commissioner Viviane Reding’s comment

“I want to explicitly clarify that people shall have the right – and not only the ‘possibility’ – to withdraw their consent to the processing of the personal data they have given out themselves,” says Reding. “If an individual no longer wants his personal data to be processed or stored by a data controller, and if there is no legitimate reason for keeping it, the data should be removed from their system.” ”Companies that suffer a data leak must inform the data protection authorities and the individuals concerned, and they must do so without undue delay,” adds Reding. “As a general rule, without undue delay means for me ‘within 24 hours’.”

Data security with Alertsec

Following the essential guidelines is very necessary for data security in any organization. This news exemplifies the need for data protection applications. In an incident which highlights the need of Data encryption software and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security. There are no short cuts to Data security in any organization. Alertsec offers ervice that includes more than the traditional software licensing model.