Log in

Posts Tagged ‘full disk encryption’

NATO could be the next victim of a data breach

June 27th, 2011

NATO's e-Bookshop attacked

Data breach and its definition

Data breach incidents range from planned attacks of organized crime on a national government website to carelessly selling of used computer equipment or data storage media. Definition “A data breach is a security incident in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so.”

What do data breaches include?

Data breaches include financial information such as credit card or bank details, personal health information (PHI), personally identifiable information (PII), trade secrets of corporations or intellectual property

What happened at NATO?

NATO was recently notified of a possible data breach from a NATO-related website run by an external company

The North Atlantic Treaty Organization (NATO) has issued a statement

“Police dealing with digital crimes have notified NATO of a probable data breach from a NATO-related website operated by an external company. NATO’s e-Bookshop is a separate service for the public for the release of NATO information and does not contain any classified data. Access to the site has been blocked and subscribers have been notified.”

In detail

The e-Bookshop site offers free access for the general public to NATO publications and multimedia products in both electronic and print format s and does not contain classified documents.

The site has been closed down and users have been informed. The virtual bookstore is reachable though, through the NATO web address.

NATO has not disclosed as to what data was lost or how the attackers hit the server. It has just informed about a data breach and confirmed that no confidential data was compromised.

Speculation about the attack being related to NATO’s recent clash with the online group Anonymous is very high. The global organization had warned member nations about the rising threat of “hacktivism,” or carrying out cyberattacks for political purposes.

But “Anonymous” has completely defended this crime saying “NATO fears the group not because it’s a “threat to society,” but because it’s a “threat to the established hierarchy.” It further added “This is no longer your world. It is our world – the people’s world.
”
NATO’s strategy

NATO’s Strategic Concept, identifies cyber defence as one of the critical tasks to be carried out develop to prevent, detect, defend against and recover from cyber-attacks. NATO defence ministers agreed this month on a cyber defence action plan to limit these attacks. This action plan is already being implemented.

LulzSec group attacks at the same time

The LulzSec hacker group has broken into official computers used by the State of Arizona. The accessed data which includes personal emails, names, addresses and passwords of officials, along with confidential document has been made public online.

The number 1 laptop encryption service – Alertsec

3 easy steps to encrypt your data

a. Register for your subscription or 30-day free trial of our encryption software

b. Download and activate Alertsec Xpress online

c. Your laptop is now powered by Check Point Full Disk Encryption

No comments »

Posted in Data Protection, data breach, data encryption

Tags: alertsec Arizona Bookselling breach notification Check Point computer encryption software Computer security Credit card data breach data theft prevention disk encryption full disk encryption NATO Personally identifiable information

Full Disk Encryption – An Executive’s Introduction To How It Works And Other Issues

May 2nd, 2011

Icon from Nuvola icon theme for KDE 3.x.

Encryption

File encryption or Full disk encryption?? That is the most important question for most of the organizations now a day. Because some of the organizations encrypted their important files but still failed to prevent data lose, and file encryption does not allow encryption on in and out moving data. So the organizations are not finding any profit in adopting data encryption. Full disk encryption is the only solution of their anxiety.

Now the organizations are not sure whether they will apply the full disk encryption on each and every system of their organization or just on those systems which contain sensitive data. According to PCI and ICO the answer is an organization should apply the full disk encryption to all the system. Because only a few stuffs of the organization can access the sensitive data but still there is a chance that due to some emergency an ordinary stuff can also get access to sensitive data. So, be ready before the mistake has been done.

Full disk encryption not only save your sensitive data but also assures you the protection of each and every single data of your organization. But some people do not want to apply encryption because of some drawbacks and those drawbacks can cause data loss or computer malfunction, because the following things can happen due to encryption:-

Password forgotten.
Problem in the hardware.
Data corruption due to the encryption of data.
Normally people like to make some common as well as weak password just because they can remember it. Those passwords are known as weak keys password.
Sometimes we write down our passwords because we do not have the confidence that we can remember them.
Data corrupted by the encryption process.
The encryption algorithm can be cracked sometimes.

But we have to keep in mind before applying full disk encryption that encryption does not enhance or reduce risks, it just provides protection to your data from data loss. So it depends on us that how we are applying the full disk encryption process to our system. Before the implementation of full disk encryption we have to be very careful about the following factors:-

The encryption process is approved by the Advanced Encryption Standard (AES) or not.
Due to presence of scratch pad the modern day’s computers cannot protect the hard disk and full memory. And the dangerous thing is that through these scratch pads the hackers can easily access your data.

Another problem with encryption is that there is a chance of potential data loss, but in case of full disk encryption as full disk encryption works in the hardware level not on the software level, so the chances of interaction between the encryption and other applications automatically reduces and as a result of it the probability of data loss also reduces.

So, if your system has sensitive data and you do not want to lose those data, and then apply full disk encryption to your system because it does not drop the speed of your system but it makes your system fully protected.

About ALERTSEC:-

Alertsec Xpress is the No.1 encryption service provider for hundreds of banks and financial institutions worldwide. They are providing 24*7 customer service system. By offering computer protection software, encryption with lowest TCO (Total Cost of Operation), Checkpoint and Pointec they are assuring to make data secure. For more details about Alertsec log on to: http://www.alertsec.com

No comments »

Posted in Alertsec Express, Computer security, Data Protection, Encryption, Hard Disk, full disk encryption

Tags: data encryption disk encryption drive encryption Encryption full disk encryption

Henry Ford Health System didn’t Learn from its Previous Mistake

February 28th, 2011

Lost Flash USB Drive

This is the second news of data breach within the Henry Ford Health System in less than a year. On 31st January 2011 an employee of Henry Ford Health System in Detroit lost an official flash drive. In the previous incident, a Henry Ford employee’s laptop was stolen from an unlocked office. Laptop encryption software was not used in the stolen laptop. This was the second case of data breach occurring within the hospital which took place just before three months of the latest incident in September but this time again the stolen drive was not encrypted.

Personal Data of 2,777 Patients is on Risk

The drive was containing the personal information of 2,777 patients and the security lapse within the Henry Ford put their information on huge risk. The lost information included names, address, e-mail address, phone number and date of birth, medical record numbers, type of treatment, test information and results of the patients. The drive contained information of only those patients who tested for urinary tract infections between July and October 2010.

An investigation of the breach started on 8th February 2011 but it is still not clear as to how, the device was lost. Henry Ford’s Chief Privacy Officer Meredith Phillips said in a statement there is no evidence the flash-drive data was misused.

Federal Health Information Privacy Law

According to the federal health-information privacy law, health care organizations are required to notify patients within 60 days of such a breach and health systems also must pay for identity monitoring for a year to help guard against identity theft.
In such case of data breach HIPAA require Henry Ford Health System to notify the affected patients, local media and the Department of Health and Human Services. Henry Ford has not placed a prominent notice of the breach on its Web site but it is notifying affected patients individually and offering one year of free credit monitoring services. Patients seeking information on activating ID monitoring may call 877-835-0549 between 9 AM to 9 PM on weekdays.

Security Flaw because of Unencrypted Devices

Everyday there are cases of security and identity breaches in the news and most of them occurred because of the unencrypted portable devices. What an organization should do in such case of data security? I will say the idea is to become a little more proactive. A simple solution like Data encryption software has a special option to encrypt the data. Which keeps your documents safe and protect your sensitive data against un-authorized users by utilizing the latest data encryption technologies.

Keep your Sensitive Data Safe with Alertsec

Above incident shows that in the absence of full disk encryption, privacy of such a huge number of people can get affected. To keep your sensitive data safe from thefts and hacking, it is vital to use Data encryption software. There are many incidents taking place across global organizations which highlight the need of a data security and recovery software. By a mere investment of $13/month, the information can be secured with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

800,000 patient records missing? (medicineandtechnology.com)
US works to secure networks as hackers advance (boston.com)
America’s Most Dangerous Computer Security Breach Was Caused By a Flash Drive [Security] (gizmodo.com)
US works to secure networks as hackers advance – The Associated Press (news.google.com)

1 comment »

Posted in full disk encryption

Tags: data breach data encryption data security full disk encryption hard drive encryption Health Henry Ford Henry Ford Hospital Patient United States

Huge Data Breach at NYC Hospital, Backup Tapes were not Encrypted

February 18th, 2011

New York City Health and Hospitals Corporation

Huge Data Breach at NYC Hospital

Very Huge and Rare Case of Data Breach

A huge data breach took place in New York City Hospital and affected an enormous amount of people. The Security of over 1.7 million people could be in danger this time as per the current situation. Some thieves robbed a van and stole the backup tapes containing the personal health records of about 1.7 million New Yorkers. These backup tapes of the New York based North Bronx Healthcare were stolen on 23rd December 2010.

Backup tapes held the sensitive healthcare information of people including patients, employees, contractors and vendors. The stolen tapes had patient history like patient’s full names, addresses, birth dates, telephone numbers, Social Security numbers and electronic protected health information (EPHI) dating back 20 years like health insurance information, admission/discharge dates and medical record numbers.

Backup Tapes were not Encrypted

This is really unacceptable that the backup tapes of such a big organization were not encrypted. This is striking even more when people know that encryption is not a tough procedure, it’s very cheap and easy to do. When the information is not encrypted, it means if somebody wants to access the data he/she can do it without the permission of owner. There was only one data security measure used in the backup files that the data was not stored in plain text. A person needs specialized technical expertise to access the files and also data mining tools to be able to access it.

Alan D. Aviles, HHC’s president said “It is unfortunate that such things have to occur before something is done about it. As far there is no evidence that the data in the tapes had been misused but the corporation will ensure that future backup tapes are encrypted”.

HIPAA Security Rules were not followed

Hospital took a long time to report this data breach and ignored the HIPAA security rules. The hospital started to inform the victims about the breach on the 9th of February. It may seem that it took a long period of time while it took HHC nearly two months before reporting the data breach. New York state law stipulates that any data breach has to be reported in 60 days after the incident happens.

Alan said in a statement that “Letters in 17 languages have begun to be mailed to patients and affected individuals this week, advising them of the theft and informing them of protective services that have been made available”.

Why Data Breaches Occur in Health Care Industry

Ponemon Institute conducted a study on the reasons “why data breaches occur in the health care industry”. According to its reports, it outlined the lack of encryption software, poor management of data access, theft or loss of devices containing important data and the failure of shredding important documents as the main causes. HHC said that it would provide anti-fraud services and credit monitoring through Debix to those who were affected by the incident. Hospital opened a customer care centers to deal with the inquiries and affected people can call on this number 1-877-412-7148. Victims of the data breach can register for the extra protection within 120 days of the incident on the same number.

Keep your Sensitive Data Safe with Alertsec

Above incident shows that in the absence of full disk encryption, privacy of such a huge number of people can get affected. To keep your sensitive data safe from thefts and hacking, it is vital to use Data encryption software. There are many incidents taking place across global organizations which highlight the need of a data security and recovery software. By a mere investment of $13/month, the information can be secured with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

New York City Health and Hospital System Files Lawsuit Against Data and Transport Vendor Relative to Data Breach (ducknetweb.blogspot.com)
City Room: 1.7 Million Medical Records From Bronx Hospitals Are Stolen (cityroom.blogs.nytimes.com)
News 2/18/11 (histalk2.com)
EU study frowns over data breach notification rules (go.theregister.com)
threatpost: How to Respond to a Data Breach (boxofmeat.net)

2 comments »

Posted in data breach, full disk encryption

Tags: data breach data encryption data security disk encryption Encryption full disk encryption Medical record New York City Health and Hospitals Corporation

Two Unencrypted Laptops and an iPad of NFL Employees stolen

January 30th, 2011

: National Football League

National Football League Employee’s Laptop Stolen

If an encryption software had been used to protect the data, there would be minimal chances of Identity theft from the stolen devices. In a fresh incident, two more National Football League (NFL) employee’s laptops have been stolen at the Dallas Convention Center on Sunday.

The stolen laptops belonged to a private investigator and a security consultant based in California. Both employees were preparing the Dallas Convention Center for the NFL Experience. The convention center is hosting the NFL Experience, an interactive theme park with games, displays, autograph sessions and a memorabilia show. These laptops not only stored sensitive information but also not protected with encryption software.

Similar Incident Happened just two weeks ago

A similar incident happened earlier this month in Arlington, a laptop containing NFL and Super Bowl XLV credential information was stolen from a car parked outside a restaurant. According to Arlington police, several thumb drives and security credential artwork were also stolen with the laptop. These devices belonged to a NFL employee working on Super Bowl XLV.

In this case police arrested three people, but was not able to recover the laptop. In the current case Police do not have any suspects but believe that the above two incidents are not related.

NFL Employees left Devices Unattended

Dallas police Sr. Cpl. Kevin Janse said, “Someone stole two laptops and an Apple iPad that had been left unattended for about 25 minutes inside a ballroom at the location. The property belonged to two employees hired by the NFL. None of the devices contained information that would compromise or jeopardize the security of any Super Bowl-related events”, he added.

According to Janse “The devices contained no important security or otherwise sensitive information relating to the Super Bowl” and there was no security concerns related to the theft. The stolen devices were left unattended at a Starbucks kiosk for 25 minutes inside a ballroom.

Janes further said, “The laptop theft was nothing more than a crime of opportunity and that the suspects probably didn’t even realize who the owners of the property were”.

This is just a case of carelessness of NFL employees. It’s a dumb activity to leave important devices at an unfamiliar coffee shop for Twenty Five Minutes. The NFL said that theft didn’t compromise security and only artwork for credentials that was subsequently changed after the theft. We can only hope that NFL would be more active towards securing the data as this was the second laptop theft case in one month.

How Alertsec Xpress Would Have Helped

The above mention situation shows how much Full Disk Encryption is necessary to stay secure and protect your data from the laptop thefts. In an incident which highlights the need of a data security and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.