Posts Tagged ‘file encryption’

Data Breach: Popular Recruitment Website “RecruitIreland.com” data Breach

February 11th, 2011

To compromise customer sensitive details in a breach is quite embarrassing for a well known, user driven website. Especially, it becomes very tough if there are bunch of users logging in day and night to your website. Something similar has happened to the popular Irish recruitment website RecruitIreland.com which has been hit with a potential data breach and was temporarily disabled. The site is a member of the Thomas Crosbie Media (TCM) group of companies. RecruitIreland.com could have escaped from this situation, if it had used the laptop encryption software from trusted companies like Alertsec Xpress.

The website RecruitIreland.com has been forced to close temporarily as overall the 400,000 registered users’ email addresses have been compromised. As we talk about this incident, the site is now back online although it was offline after the company had learnt of the breach through several spam emails similar to the one below.

External Security Consultants

To identify and solve this problem, company has hired the services of an external security consultant. Tom Crosbie, the website’s managing director said, “The gardaí are investigating and the Data Protection Commissioner has been made aware of the breach”.

Officials of Recruitireland.com said in a statement, the website was shut down immediately at 2pm on 8th February 2011 after the breach was identified. Post that the concerned authorities including Gardai and Data Protection Commissioner were notified.

The Reason of Data Breach was Spamming

According to the reports database of company may have been harvested for spamming purposes. Users were receiving spam emails and advised not to reply, or comply with any requests for information such as bank account details. No other data, including CVs, usernames or passwords had been compromised, according to the website.

The company’s spokesperson said, “We take this incident and any attempted breach of our database extremely seriously” He also added that investigation is being done both internally and externally.

How Alertsec Xpress Would Have Helped

Although organizations world over are waking up to security issues, there is still a lot of work that needs to be done. Our idea at Alertsec has always been to create awareness about the massive impact of breach issues. We can only hope that after such cases of data breach, data security will become the key agenda for companies. They will start securing their organizational data by bringing in policies, using new software and improving their current practices.

This news exemplifies the need for data protection applications like Data encryption software and Laptop encryption. In an incident which highlights the need of a data security and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

Related articles
Enhanced by Zemanta

No comments »

Posted in data breach

Tags:

Key findings from the Computer Theft survey

August 6th, 2010
Category:WikiProject Cryptography participants
Image via Wikipedia

The main concern while running a business is keeping your computing devices like desktops, laptops etc. and their data secure. The portability offered by laptops, increases their chance of being stolen as people are constantly leaving them unattended at public places. Many a times these devices are left behind at restaurants, subways, coffee shops, airports etc. Although the insurance company may cover the hardware, the files and data on the machine may eventually be untraceable and forever lost.

Recently BSI carried out their 8th Annual Computer Theft Survey in the United States. Here are the key findings from that survey:

  • More than 5.5 Million computers were stolen in the United States in the last 3 years.
  • More than half (58.7%) of the respondents have been a victim of computer theft in the last year.
  • According to FBI, 97% of unprotected computers (i.e. computers that do not use any data encryption software or computer security software) are never recovered.
  • 68% of the devices stolen were laptops, followed by desktops (10%) & others like PDA’s, iphone etc. (22%)
  • 67%  of computer theft occurred while respondent was mobile (moving about),
  • 91% of respondents did not use data encryption software to encrypt the proprietary data on their stolen device.
  • Average total replacement cost of each stolen computing device was $43,264.66.
  • 71% of respondents reported downtime due to computer theft ranging from several days to more than a month.
  • Only 21% of those surveyed used extensive data protection like dedicated data encryption software, but about 70% did not use any safeguard or security protection at all.

These numbers are very similar to the numbers in the surveys done earlier on this issue, clearly indicating that people are not doing anything more to protect their data than they were doing earlier.

If you carefully analyze the survey data, you will notice that only 3% of stolen computing devices are recovered; even then only 9% people are using data encryption software to protect their data.

Encrypt your Data for peace of mind!

We spend huge sums to protect our internal networks, but forget that there are people carrying laptops that are connected to these internal networks. These laptops are equally vulnerable to theft & hacking. This fact has been highlighted in the survey, according to which 67% of computer thefts occurred when the respondent was outdoors.

By using laptop encryption software, we could have greatly enhanced the laptop security as there is no way that the information is compromised if the laptop is lost or stolen. A theft would simply be reduced to an insurance matter and cost of the hardware plus time to rebuild the laptop.

Secure your data using Alertsec

Alertsec Xpress offers computer security software from Check Point as a fully customizable and pre-packaged data encryption software solution. The AES encryption algorithm and extensive 3rd party certifications offer you security that is used by millions. Try it for free today.

Related articles by Zemanta
Enhanced by Zemanta

3 comments »

Posted in AlertSec Xpress, Data Protection

Tags:

Around the World in 80 Unencrypted Days

July 27th, 2009

disk-encryptionFrom the capital city of the United Kingdom to the capital city of California.  It doesn’t matter if you are in London or Sacramento – you need to encrypt your disk drives.  At one level it seems so obvious. But as these stories show – it’s much easier said than done!  They are both not only examples of the need for encryption but the need for just outright deleting and destroying old information.

In London, the Jubilee Managing Agency which is part of Lloyds and the parent of automobile insurance provider Jubilee Motor Policies, breached the Data Protection Act (DPA) by misplacing an unencrypted disk containing the personal details of around 2,100 UK policyholders.  The Information Commissioners Office (ICO) is the UK’s independent authority set up to promote access to official information and to protect personal information.  The have required that Jubilee agree to complete a formal undertaking in which it promises to take reasonable measures to keep personal information secure in the future.

The ICO said that Jubilee suffered from a lack of detailed data security procedures and policies, and insufficient staff training.  Insurance companies are particularly vulnerable to data theft because they have to keep information for many years to help them calculate their insurance charges.  But the need to keep the data and the need to keep the data unencrypted on personal computers should be two different things.

Sally-Anne Poole, head of enforcement and investigations at the Information Commissioner’s Office (ICO), said that since November 2007, 161 data security breaches have been reported to the ICO in the private sector. Poole notes “We urge all CEOs and their senior management teams to ensure data protection is treated as a corporate governance issue affecting the whole organisation. All organisations need to make sure that safeguarding the personal information of customers and staff is embedded in their organisational culture.”

Meanwhile, thousands of miles away, 6,000 current and former employees at Sutter Health in Sacramento, California are being notified that they should keep an eye on their credit reports.  This breach is a clear example where had a data security measure like laptop encryption software been used; the entire incident could have been avoided.

This leak was discovered by a computer repair shop which found the data on an old laptop that had been brought in for repair. Until they were contacted by the computer repair shop, Sutter Health’s records had shown that the computer was in the possession of a Sutter employee since 2007.  Fortunately for Sutter, when a computer repair shop employee realized that sensitive information on the computer, the company immediately contacted Sutter.

The solution seems so obvious – but only in hindsight was it obvious to this company. Sutter is quite belatedly starting to use encryption software on all its laptop computers.  Furthermore, training has been established so all employees know not to save files locally, on hard drives, but to save them instead on network drives that can be monitored and secured by the company.

While full details were not released in the London case – both instances appear to be dealing with disk drives that quite simply had fallen off the active inventorying by the company.  It’s just another reason for laptop encryption software- even when mistakes happen, this software will keep an “organization” or an “organisation” covered around the world.

2 comments »

Posted in Data Protection, Identity and Information loss

Tags:

Classified SHOULD equal Encryption

July 17th, 2009

Locked Mobile ComputerFrom the “you think you have problems” file comes news that The United States State Department does not have an accurate accounting of its laptop computers, including laptops with classified data, and has failed to encrypt machines as it is supposed to do by July 2008 in order to protect sensitive information. This is from a new report by the department’s inspector general.

State Department Laptops Not Encrypted

According to this report released by the Inspector General for the Department of State, half of the laptops issued at the State Department are not encrypted.  To add insult to injury, eight percent of the laptops cannot even be located!  More problematic is that the State Department had issued its own mandate to have all of their laptops secured with laptop encryption software by July 1, 2008 – a goal they clearly missed!

This data was collected by a study of a sample of laptops – so the real numbers could be even higher! A study of a sampling of 334 State Department laptops revealed that 27 laptops were missing (8%), and that 172 of them were not encrypted.  Included in the unencrypted group were 14 classified laptops, of which 9 were actually identified as potentially containing “secret” data!

The report notes that it’s not possible to tell whether the missing 27 laptops were protected via hard disk encryption or not, since there is no system in place to track which computers were protected.  Officials, of course, claim that there was no sensitive information on these missing computers – but there is no actual documentation or tracking to be sure.

Administering Encryption – Alertsec Xpress Value

The State Department is no different than most large organizations.  They have so many computers – especially mobile computers – that it is just hard to track everything!  They have systems designed to track static equipment and with today’s technology it is easily movable.  They have over 30,000 employees and so that means even more computers (labs, training rooms etc) and probably half of those are portables or netbooks.

Keeping track of 15,000 of laptops is not an easy task managing encryption keys could well be nothing short of impossible. An encryption solution like Alertsec Xpress offers a great solution to companies and organizations with laptops galore – especially those with staff in multiple locations.

With encryption over the Internet, Alertsec Xpress makes it easy to distribute the encryption software.  The laptop user/owner can simply download the Alertsec Xpress software while connected to the internet, and with just a few clicks ensure that their computer is encrypted.  This distributed installation model means IT staff do not need to actually visit the computers to install the encryption software.

Alertsec is then your centralized hub for controlling the encryption status of machines.  Alertsec and your staff with administrative access can identify whether a machine has been encrypted.  When you subscribe to Alertsec Xpress, a customer account is created on the Alertsec Xpress website through which the coordinator will deploy and manage his users. The coordinator will also be able to uninstall the security software on specific users through this account

Encryption Lessons

In 2000, disciplinary action was recommended against six State Department employees in connection with the disappearance of a classified computer from the department’s Bureau of Intelligence and Research.  Clearly the State Department has not learned its lessons when it comes to laptop security.

Meanwhile thousands of users at businesses worldwide are being safely and easily protected with Alertsec Xpress.  The solutions are available and affordable for those organizations that are ready to step up and make security a priority.

4 comments »

Posted in Data Protection, Encryption

Tags: