NATO's e-Bookshop attacked

Data breach and its definition

Data breach incidents range from planned attacks of organized crime on a national government website to carelessly selling of used computer equipment or data storage media. Definition “A data breach is a security incident in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so.”

What do data breaches include?

Data breaches include financial information such as credit card or bank details, personal health information (PHI), personally identifiable information (PII), trade secrets of corporations or intellectual property

What happened at NATO?

NATO was recently notified of a possible data breach from a NATO-related website run by an external company

The North Atlantic Treaty Organization (NATO) has issued a statement

“Police dealing with digital crimes have notified NATO of a probable data breach from a NATO-related website operated by an external company. NATO’s e-Bookshop is a separate service for the public for the release of NATO information and does not contain any classified data. Access to the site has been blocked and subscribers have been notified.”

In detail

The e-Bookshop site offers free access for the general public to NATO publications and multimedia products in both electronic and print format s and does not contain classified documents.

The site has been closed down and users have been informed. The virtual bookstore is reachable though, through the NATO web address.

NATO has not disclosed as to what data was lost or how the attackers hit the server. It has just informed about a data breach and confirmed that no confidential data was compromised.

Speculation about the attack being related to NATO’s recent clash with the online group Anonymous is very high. The global organization had warned member nations about the rising threat of “hacktivism,” or carrying out cyberattacks for political purposes.

But “Anonymous” has completely defended this crime saying “NATO fears the group not because it’s a “threat to society,” but because it’s a “threat to the established hierarchy.” It further added “This is no longer your world. It is our world – the people’s world.
”
NATO’s strategy

NATO’s Strategic Concept,  identifies cyber defence as one of the critical tasks to be carried out develop to prevent, detect, defend against and recover from cyber-attacks. NATO defence ministers agreed this month on a cyber defence action plan to limit these attacks. This action plan is already being implemented.

LulzSec group attacks at the same time

The LulzSec hacker group has broken into official computers used by the State of Arizona. The accessed data which includes personal emails, names, addresses and passwords of officials, along with confidential document has been made public online.

The number 1 laptop encryption service – Alertsec

3 easy steps to encrypt your data

a. Register for your subscription or 30-day free trial of our encryption software

b. Download and activate Alertsec Xpress online

c. Your laptop is now powered by Check Point Full Disk Encryption

Encryption

File encryption or Full disk encryption?? That is the most important question for most of the organizations now a day. Because some of the organizations encrypted their important files but still failed to prevent data lose, and file encryption does not allow encryption on in and out moving data. So the organizations are not finding any profit in adopting data encryption. Full disk encryption is the only solution of their anxiety.

Now the organizations are not sure whether they will apply the full disk encryption on each and every system of their organization or just on those systems which contain sensitive data. According to PCI and ICO the answer is an organization should apply the full disk encryption to all the system. Because only a few stuffs of the organization can access the sensitive data but still there is a chance that due to some emergency an ordinary stuff can also get access to sensitive data. So, be ready before the mistake has been done.

Full disk encryption not only save your sensitive data but also assures you the protection of each and every single data of your organization. But some people do not want to apply encryption because of some drawbacks and those drawbacks can cause data loss or computer malfunction, because the following things can happen due to encryption:-

1. Password forgotten.
2. Problem in the hardware.
3. Data corruption due to the encryption of data.
4. Normally people like to make some common as well as weak password just because they can remember it. Those passwords are known as weak keys password.
5. Sometimes we write down our passwords because we do not have the confidence that we can remember them.
6. Data corrupted by the encryption process.
7. The encryption algorithm can be cracked sometimes.

But we have to keep in mind before applying full disk encryption that encryption does not enhance or reduce risks, it just provides protection to your data from data loss.  So it depends on us that how we are applying the full disk encryption process to our system. Before the implementation of full disk encryption we have to be very careful about the following factors:-

1. The encryption process is approved by the Advanced Encryption Standard (AES) or not.
2. Due to presence of scratch pad the modern day’s computers cannot protect the hard disk and full memory. And the dangerous thing is that through these scratch pads the hackers can easily access your data.

Another problem with encryption is that there is a chance of potential data loss, but in case of full disk encryption as full disk encryption works in the hardware level not on the software level, so the chances of interaction between the encryption and other applications automatically reduces and as a result of it the probability of data loss also reduces.

So, if your system has sensitive data and you do not want to lose those data, and then apply full disk encryption to your system because it does not drop the speed of your system but it makes your system fully protected.

About ALERTSEC:-

Alertsec Xpress is the No.1 encryption service provider for hundreds of banks and financial institutions worldwide. They are providing 24*7 customer service system. By offering computer protection software, encryption with lowest TCO (Total Cost of Operation), Checkpoint and Pointec they are assuring to make data secure. For more details about Alertsec log on to: http://www.alertsec.com

Lost Flash USB Drive

This is the second news of data breach within the Henry Ford Health System in less than a year. On 31st January 2011 an employee of Henry Ford Health System in Detroit lost an official flash drive. In the previous incident, a Henry Ford employee’s laptop was stolen from an unlocked office. Laptop encryption software was not used in the stolen laptop. This was the second case of data breach occurring within the hospital which took place just before three months of the latest incident in September but this time again the stolen drive was not encrypted.

Personal Data of 2,777 Patients is on Risk

The drive was containing the personal information of 2,777 patients and the security lapse within the Henry Ford put their information on huge risk. The lost information included names, address, e-mail address, phone number and date of birth, medical record numbers, type of treatment, test information and results of the patients. The drive contained information of only those patients who tested for urinary tract infections between July and October 2010.

An investigation of the breach started on 8th February 2011 but it is still not clear as to how, the device was lost. Henry Ford’s Chief Privacy Officer Meredith Phillips said in a statement there is no evidence the flash-drive data was misused.

Federal Health Information Privacy Law

According to the federal health-information privacy law, health care organizations are required to notify patients within 60 days of such a breach and health systems also must pay for identity monitoring for a year to help guard against identity theft.
In such case of data breach HIPAA require Henry Ford Health System to notify the affected patients, local media and the Department of Health and Human Services. Henry Ford has not placed a prominent notice of the breach on its Web site but it is notifying affected patients individually and offering one year of free credit monitoring services. Patients seeking information on activating ID monitoring may call 877-835-0549 between 9 AM to 9 PM on weekdays.

Security Flaw because of Unencrypted Devices

Everyday there are cases of security and identity breaches in the news and most of them occurred because of the unencrypted portable devices. What an organization should do in such case of data security? I will say the idea is to become a little more proactive. A simple solution like Data encryption software has a special option to encrypt the data. Which keeps your documents safe and protect your sensitive data against un-authorized users by utilizing the latest data encryption technologies.

Keep your Sensitive Data Safe with Alertsec

Above incident shows that in the absence of full disk encryption, privacy of such a huge number of people can get affected. To keep your sensitive data safe from thefts and hacking, it is vital to use Data encryption software. There are many incidents taking place across global organizations which highlight the need of a data security and recovery software. By a mere investment of $13/month, the information can be secured with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

Related articles

• 800,000 patient records missing? (medicineandtechnology.com)
• US works to secure networks as hackers advance (boston.com)
• America’s Most Dangerous Computer Security Breach Was Caused By a Flash Drive [Security] (gizmodo.com)
• US works to secure networks as hackers advance – The Associated Press (news.google.com)

Huge Data Breach at NYC Hospital

Very Huge and Rare Case of Data Breach

A huge data breach took place in New York City Hospital and affected an enormous amount of people. The Security of over 1.7 million people could be in danger this time as per the current situation. Some thieves robbed a van and stole the backup tapes containing the personal health records of about 1.7 million New Yorkers. These backup tapes of the New York based North Bronx Healthcare were stolen on 23rd December 2010.

Backup tapes held the sensitive healthcare information of people including patients, employees, contractors and vendors. The stolen tapes had patient history like patient’s full names, addresses, birth dates, telephone numbers, Social Security numbers and electronic protected health information (EPHI) dating back 20 years like health insurance information, admission/discharge dates and medical record numbers.

Backup Tapes were not Encrypted

This is really unacceptable that the backup tapes of such a big organization were not encrypted. This is striking even more when people know that encryption is not a tough procedure, it’s very cheap and easy to do. When the information is not encrypted, it means if somebody wants to access the data he/she can do it without the permission of owner. There was only one data security measure used in the backup files that the data was not stored in plain text. A person needs specialized technical expertise to access the files and also data mining tools to be able to access it.

Alan D. Aviles, HHC’s president said “It is unfortunate that such things have to occur before something is done about it. As far there is no evidence that the data in the tapes had been misused but the corporation will ensure that future backup tapes are encrypted”.

HIPAA Security Rules were not followed

Hospital took a long time to report this data breach and ignored the HIPAA security rules. The hospital started to inform the victims about the breach on the 9th of February. It may seem that it took a long period of time while it took HHC nearly two months before reporting the data breach. New York state law stipulates that any data breach has to be reported in 60 days after the incident happens.

Alan said in a statement that “Letters in 17 languages have begun to be mailed to patients and affected individuals this week, advising them of the theft and informing them of protective services that have been made available”.

Why Data Breaches Occur in Health Care Industry

Ponemon Institute conducted a study on the reasons “why data breaches occur in the health care industry”. According to its reports, it outlined the lack of encryption software, poor management of data access, theft or loss of devices containing important data and the failure of shredding important documents as the main causes. HHC said that it would provide anti-fraud services and credit monitoring through Debix to those who were affected by the incident. Hospital opened a customer care centers to deal with the inquiries and affected people can call on this number 1-877-412-7148. Victims of the data breach can register for the extra protection within 120 days of the incident on the same number.

Keep your Sensitive Data Safe with Alertsec

Above incident shows that in the absence of full disk encryption, privacy of such a huge number of people can get affected. To keep your sensitive data safe from thefts and hacking, it is vital to use Data encryption software. There are many incidents taking place across global organizations which highlight the need of a data security and recovery software. By a mere investment of $13/month, the information can be secured with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

Related articles

• New York City Health and Hospital System Files Lawsuit Against Data and Transport Vendor Relative to Data Breach (ducknetweb.blogspot.com)
• City Room: 1.7 Million Medical Records From Bronx Hospitals Are Stolen (cityroom.blogs.nytimes.com)
• News 2/18/11 (histalk2.com)
• EU study frowns over data breach notification rules (go.theregister.com)
• threatpost: How to Respond to a Data Breach (boxofmeat.net)

National Football League Employee’s Laptop Stolen

If an encryption software had been used to protect the data, there would be minimal chances of Identity theft from the stolen devices. In a fresh incident, two more National Football League (NFL) employee’s laptops have been stolen at the Dallas Convention Center on Sunday.

The stolen laptops belonged to a private investigator and a security consultant based in California. Both employees were preparing the Dallas Convention Center for the NFL Experience. The convention center is hosting the NFL Experience, an interactive theme park with games, displays, autograph sessions and a memorabilia show. These laptops not only stored sensitive information but also not protected with encryption software.

Similar Incident Happened just two weeks ago

A similar incident happened earlier this month in Arlington, a laptop containing NFL and Super Bowl XLV credential information was stolen from a car parked outside a restaurant. According to Arlington police, several thumb drives and security credential artwork were also stolen with the laptop. These devices belonged to a NFL employee working on Super Bowl XLV.

In this case police arrested three people, but was not able to recover the laptop. In the current case Police do not have any suspects but believe that the above two incidents are not related.

NFL Employees left Devices Unattended

Dallas police Sr. Cpl. Kevin Janse said, “Someone stole two laptops and an Apple iPad that had been left unattended for about 25 minutes inside a ballroom at the location. The property belonged to two employees hired by the NFL. None of the devices contained information that would compromise or jeopardize the security of any Super Bowl-related events”, he added.

According to Janse “The devices contained no important security or otherwise sensitive information relating to the Super Bowl” and there was no security concerns related to the theft. The stolen devices were left unattended at a Starbucks kiosk for 25 minutes inside a ballroom.

Janes further said, “The laptop theft was nothing more than a crime of opportunity and that the suspects probably didn’t even realize who the owners of the property were”.

This is just a case of carelessness of NFL employees. It’s a dumb activity to leave important devices at an unfamiliar coffee shop for Twenty Five Minutes. The NFL said that theft didn’t compromise security and only artwork for credentials that was subsequently changed after the theft. We can only hope that NFL would be more active towards securing the data as this was the second laptop theft case in one month.

How Alertsec Xpress Would Have Helped

The above mention situation shows how much Full Disk  Encryption is necessary to stay secure and protect your data from the laptop thefts. In an incident which highlights the need of a data security and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

Related articles

• Laptop Security – Are You Following Good Security Practices When Traveling? (lockergnome.com)
• Equipment stolen from Bremerton nightclub (kitsapsun.com)
• How to: protect against data and hardware loss (thenextweb.com)
• More on data security and communication (translucid.ca)
• Security Recommendations for Laptop Theft Prevention (brighthub.com)

The campus authorities believe that the culprit has to surface somewhere because someone must be selling the stolen items. The stolen parking passes are the obvious starting point as they can be used only on Campus. An eight-month parking pass for students costs $81, and if a pass is lost or stolen students have to pay full replacement value. The campus security has reiterated to the students not to underestimate the value of an article to a thief.

The higher the alert for safety within the community, higher the probability to catch the thief before they move on to a smaller, less detectable area. The Staff & Students on campus have been encouraged to keep an eye out for suspicious people. Usage of cell phones to capture and report footage of criminal activity has been also been suggested as a countermeasure.

“Don’t underestimate value of an article to a thief.” – Bruce Rogerson, Director of Security and Traffic at UNB.

The Campus officials are taking further actions to prevent such thefts in future. They can use some type of data security software or data encryption software so next time their data will be safe even after theft. Some of the IT security companies provide laptop encryption, Full disk encryption or hard drive encryption for the safety of your precious and sensitive data.

“Alertsec is an IT company which provides products on data security & data encryption”

How Alertsec Xpress Would Have Helped

In an incident which highlights the need of a data security and recovery software.The threat could have simply be reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

Related articles by Zemanta

• WinMagic’s SecureDoc Full-Disk Encryption Solution to Fully Support Intel Advanced Encryption Standard New Instructions (AES-NI) (eon.businesswire.com)
• Symantec adds security support for Android and Apple devices (v3.co.uk)
• Prevent Identity Theft – Smartphones Pose Higher Risks Than Computers (socyberty.com)

The information like patient’s social security numbers and personal health information was there in the laptop and it could be risky for the patients if the information would be misused.

The hospital officials are taking further actions to prevent such activities in future. To take a total control on these incidents they can go for a couple of ways. They can use some type of data security software or data encryption software so next time their data will be safe even after theft. Some of the IT security companies provide laptop encryption, Full disk encryption or hard drive encryption for the safety of your precious and sensitive data.

“Alertsec is an IT company which provides products on data security & data encryption”

How Alertsec Xpress Would Have Helped

The above threat could have simply be reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

Related articles by Zemanta

• I know what the law says. Or do I? (uncommonsensesecurity.com)
• 6 Tips For Great IT Security Policies (itexpertvoice.com)
• Leading Analyst Firm Recognizes WinMagic as a Visionary in Its Mobile Data Protection Magic Quadrant for 2010 (eon.businesswire.com)

The computer was password protected but it did not have any encryption software installed. Till now there has been no update if the information on the computer has been accesses or misused in any way.

Bianca Arroyo got a letter on Saturday from CCNY, where her son is a junior. “I called my son right away and told him something is wrong, something happened in the school, someone stole someone’s computer with a database with the personal information,” Arroyo said.

“I’m worried, you know, because the situation with things happening nowadays with identity theft that later on that something could happen to my son, and now he’d have to be the one responsible for it,” she added.

The potential victims of the theft are worried and concerned about the security arrangements at the college.

“I’ve gone to the school for the past two years, I don’t want anyone looking at my information,” said one student.

“Why was that all on one computer? It’s a good question right?” said another student.

“This time it’s the computer, but who knows what’s next,” another student said.

A spokesperson for the college said that the college is making all possible efforts so that such incidents are not repeated in the future.

Want to prevent breach?

Have you been affected by data breach? Do you think that your organization is susceptible to a potential security breach? For further information visit our website where you will learn about our encryption software and other security protection methods.

A trusted way to protect information stored on a PC or laptop is by using encryption. Alertsec Xpress offers full disk encryption and is therefore superior to other encryption methods when comparing security, performance, robustness and ease-of-use for both administrators and users. To find out more, see Tech Specs.

Related articles by Zemanta

• Seagate’s Groundbreaking Self-Encrypting Laptop Hard Drive First to Win Key U.S. Government Certification (eon.businesswire.com)
• WinMagic’s SecureDoc Full-Disk Encryption Solution to Fully Support Intel Advanced Encryption Standard New Instructions (AES-NI) (eon.businesswire.com)
• Do You Know Where Your Laptops Are? (itexpertvoice.com)

Installing Alertsec Xpress Encryption software is fairly simple and all you need is just three easy steps:

1. Register for your subscription or 30-day free trial of our encryption software
   Register your personal Alertsec Xpress subscription or 30-day free trial.
   Receive an email from Alertsec Xpress with a link to your Alertsec Xpress subscription or 30-day free trial.
2. Download and activate Alertsec Xpress online
   Follow the simple guidelines in the mail and click on the link.
   Download your Alertsec Xpress subscription or 30-day free trial.
   Alertsec Xpress will initiate and install the encryption software automatically on your command.
   Set your username and password to personalize your installation.
3. Your laptop is now fully protected by Alertsec Xpress
   Powered by Check Point Full Disk Encryption – the world’s most trusted encryption software.

Here’s a tutorial video which explains how to install Alertsec Xpress

Choose Alertsec and Secure your Laptop

A trusted way to protect information stored on a PC or laptop is by using encryption. Alertsec Xpress offers full disk encryption and is therefore superior to other encryption methods when comparing security, performance, robustness and ease-of-use for both administrators and users. To find out more, see Tech Specs.

In today’s competitive business environment organizations are making increasing investments on IT infrastructure, devices and software. Needless to say, laptops are an inherent part of your organization’s growing business plan.

Today, laptops hold critical business data including sensitive customer information and this is where encryption is constantly considered to the best method to ensure data security.

Organizations must deploy encryption as a part of their overall security protection methods. One thing that needs to be considered is the pitfalls of encryption. Today, many of the encryption softwares come security flaws and loopholes which allow attackers easy ways leading to compromise in the organization’s data. Some of the common issues are Algorithm Management, Key Length, Key Recovery, Scope of Protection.

A stolen laptop without encryption is often the first step towards identity theft and fraud. 80% of information theft results from lost or stolen equipment. 50% of network intrusions take place using credentials from lost or stolen equipment. With laptop security, none of the information or credentials would have been lost.

Goal of laptop encryption/disk encryption

Assuming the unthinkable happens and one of your laptop is stolen, what would you do? That missing laptop contained intellectual property and critical data which included the information of customers, their financial records and information on future business strategy and product roadmaps.

Let us say you’re caught in a similar situation, you would want the data on your computer hard-drive to be nullified or in other words you would want your hard-drive to be encrypted.

To protect information stored on a desktop or laptop is by using encryption. Alertsec Xpress offers full disk encryption and offers stronger options to other encryption methods when comparing security, performance, robustness.

Why Alertsec Xpress is different?

1. Strong Support: Users who forget their password simply call the Alertsec helpdesk. No matter when or where you are, our helpdesk can always assist legitimate users regain access to their information, using the Alertsec Xpress Authentication Method.
2. Secure disposal of old laptops: You can easily move away from your old laptop. When it is time to decommission your laptop or PC, you can simply reformat the disk and it will be impossible for anyone to ever recreate the information.
3. Secure & Trusted: The Check Point Full Disk Encryption software solution is trusted by companies, governments, military organizations, and individuals around the globe and its secure design has been approved through independent security tests and certifications.
4. Built in security measures: Alertsec Xpress will detect boot viruses or debugging programs and prevent these from interfering with the authentication process.

For features and benefits of our computer protection software please visit our website.

For round of updates, news and latest bits from the computer security world, follow us on our Twitter handle.