Posts Tagged ‘full disk encryption’

« Older Entries
Newer Entries »

St. Louis Police Bugged By Hackers

March 13th, 2010

The hackers have not spared even the police. Well atleast this is what you can say from the recent incident at St. Louis ! After the attack the information of about ‘24′ people has been compromised.

While the attack was targeted at several computers, in a sense the victims were lucky as only of the computers were impacted by its severity. This news was confirmed by the police department a couple of days back.

After the attack the following data of the victims has been reveraled:

  1. Names
  2. Addresses
  3. Social security numbers of residents

The data of people involved in criminal incidents has been revealed. These are either witnesses, property owners or witnesses. The victims are being contacted by the investigators with an offer to pay for credit monitoring services along with advises to additional measures to protect their credit.

Investigators are contacting the victims, offering to pay for credit monitoring services and advising them of additional measures to protect their credit. No fraudulent activity has been reported.

There is no real confirmation as to when the attack happened, the department learned of the attack earlier this week, but investigators believe it occurred on Feb. 4 or 5. Now the team is working on improving computer security.

Get Protected Alertsec

Alertsec is the frontrunner in offering hard disk encryption as a fully managed service. We provide protection for all information stored on laptops and PCs in an easy, convenient, and cost-effective way. Check out our convenient and cost-effective computer security software for Windows 2000, XP, Vista and 7.


No comments »

Posted in Encryption

Tags:

Computer Security Demands Tech Savvy Employees

February 25th, 2010

You have probably noticed a common theme in all our posts- the importance of security for businesses. It’s no secret that practically any company which uses computers is at risk of becoming a victim of cyber attacks and hacking. Organizations need to invest in the correct blend of security software which increases their protection and helps keep intruders away from their data. Unfortunately, there’s another consideration which has to be taken into account: computer security demands employees who understand technology.

Studies continually show that  people are still the weakest link in computer and Internet security. Poor password choices, combined with a weak understanding of technology, are usually the culprits which allow massive data breaches and attacks to succeed. Employers have to work out a security strategy which takes the computer knowledge of their employees into consideration.

Computers Jargon is Complicated

There’s no denying that computers aren’t always the easiest to understand, particularly for some older generation workers. Many have trouble figuring how to use a computer for its basic functions and don’t even take security into consideration. Even more advanced users can find computer terminology tricky and not bother to learn anything about it. An article from Reuters captures the problem perfectly:

Computer jargon, a “tick box” culture and unimaginative advertising are discouraging Internet users from learning how to protect themselves online.

Faced with such gobbledegook, many of the world’s nearly 2 billion Internet users conclude that security is for “experts” and fail to take responsibility for the security of their own patch of cyberspace — a potentially costly mistake.

Some developers are making a move towards creating more user-friendly computer software but this doesn’t mean it’s time to relax. A lot of proprietary and specialized software is still challenging to understand. Occassionally, developers can even add to the confusion- take for example the troubles caused by Adobe’s security updates. Companies need to take charge and face the problem head.

Solutions for Companies

Unfortunately, there’s no easy fix to the problem. Companies will have to explore several solutions to find which one works best for their employees.

  1. Hire tech savvy employees
  2. Run educational workshops
  3. Choose the correct mix of security software

Ideally, businesses would be able to implement all three solutions to create an extremely secure business environment. However, most organizations have a specific budget in place and need to work within its constraints. Exclusively hiring tech savvy workers can be costly as in many cases, they’ll require a higher salary. It also may be complicated to find workers with an in depth understanding of security for certain jobs. Educational workshops can be effective but often have mixed results. It’s challenging, if not impossible, to quantify their value; there’s no real way to measure if an employee is truly ready for the dangers of the Internet after training. Additionally,these workshops usually have to be outsourced and can be costly.

Using the correct type of computer protection is usually the most affordable and reasonable option. By choosing the correct products, businesses can use software which requires minimal interaction yet fully protects users. It’s important to implement encryption software as part of the security package and we feel that Alertsec Xpress is a top candidate for the role. Our full disk encryption service is easy to install and manage; it also require very little additional use from employees. Best of all, it’s affordable and can complement hundreds of other anti-virus suites perfectly. To start countering employees who don’t understand computer security, start a free trial now!

Further Reading
 People Are Still The Weakest Link In Computer And Internet Security, Study Finds [Science Daily]
Computer jargon baffles users, hinders security [Reuters]

No comments »

Posted in Data Protection, Encryption

Tags:

Breaking into BitLocker

January 27th, 2010

Windows 7, Microsoft’s latest snazzy operating system, comes pre-installed with BitLocker for its Enterprise and Ultimate editions. BitLocker is a hard drive encryptions feature which is meant to help business users and customers who pay a premium enjoy a greater sense of security. BitLocker uses a combination of AES encyption in CBC mode and the Elephant diffusor to protect data. According to Microsoft TechNet, “BitLocker protects against data theft or exposure on computers that are lost or stolen, and offers more secure data deletion when computers are decommissioned.”

Unfortunately, that’s only part of the story; BitLocker isn’t quite as safe as Microsoft would like customers to think. In fact, just recently, software firm Passaware released a tool which can essentially crack the encryption! It also lacks a quite a few features that other providers offer and has several vulnerabilities. The BitLocker service is very new and fails to get any sort advantage over existing market leaders.

What Does Your Business Need?

If you’re managing an organization, you know that you have enough on your plate without having to worry about your computers’ security. You need a solution that works out-of-the box, a proven and successful encryption service which keeps your private information safe and won’t give you any trouble. You need a standalone feature which can’t be exploited and works without any overly complicated set-up.

More importantly, you need a service provider which specializes in its field. Using security companies that work exclusive on encryption technology grants many advantages. Security solution provider who’ve worked in the field for many years can offer a much more complete service than business that offer encryption as a bonus feature.

BitLocker’s Weakness

An analysis of BitLocker from WindowsSecurity.com summarizes our thoughts on the product:

For organizations that take security more seriously this technology still needs to mature substantially before being able to be used with confidence.

BitLocker’s greatest weakness is its integration with the Windows 7 operating system. Unlike our computer encryption software, which works alongside your OS, the BitLocker feature is coded directly into it, making the service less secure. BitLocker’s dependence on the operating system login credentials can be exploited, as can its complicated volume structure. BitLocker also inexplicably stores the Master Key (used for data recovery) unprotected on the hard drive. BitLocker also fails to automatically back up recovery information, meaning that the process has to be done manually.

If you’re serious about your company’s security, it’s a much better idea to go with the full disk encryption we offer. We go beyond BitLocker’s capacities, fixing all of its quirks and providing customers with additional support. For example, we offer a 24/7 remote password reset service, something BitLocker has never even considered. It’s unsurprising that’s the Pointsec technology we offer is certified and can be used by governments or the military, while BitLocker has no 3rd party certification. In business, it’s best to play it safe and choose a product with a 20 year history and proven record, rather than experiment with an inferior one.

Further Reading

BitLocker Drive Encryption [Microsoft TechNet]
First commercial tool to crack BitLocker arrives [ars technica]
Endpoint Encryption – Is BitLocker Enough? [WindowsSecurity]

1 comment »

Posted in Data Protection, Encryption

Tags:

Advice on security for small/medium sized organisations

November 16th, 2009

We’ve talked about the The Information Commissioners Office (ICO) several times here, most recently in Encrypt Before the Law Smacks It On.  We talk about the ICO because it is one of the few governmental agencies, anywhere in the world, that has real legal powers to ensure that organizations keep private data secure.  Knowing the quality of work that the ICO has created it is intriguing to see their latest project.  The ICO is soliciting bids for a project to research and produce a report on the availability of advice on information security for small/medium sized businesses (SMBs).

The ICO says that “The aim of the project is to establish whether there is appropriate advice available on keeping personal information secure for small to medium sized organisations.”  They want to understand what authoritative advice is available and how these information can best be made accessible to these small organizations.

Government Report on Security for SMB Organisations

On the one hand you have to wonder if the world needs another government report.  But on the other hand I think back the number of small and medium sized businesses that have been featured within the electronic walls of this blog alone. When you read through the ICO enforcement page you will spot some large businesses like UPS – but there are many small businesses like a sole medical practitioner or small government agencies that have fallen prey to unsecured and unencrypted data.

A great deal of the ICO’s enforcement efforts concern the loss of personal data – most often the media which is not appropriately encrypted. In theory, Large organisations, whether in the public or private sector, should have the resources to enable them to either maintain an ‘in-house’ security capacity or to obtain support from those with specialist security expertise.

What is much less clear is whether there is sufficient advice and resources available for smaller organisations.  While the organizations themselves might be smaller, some of them will hold vast repositories of personal information – on par or greater than a large organization.  But it is the rare small organization that has the resources to afford to either retain ‘in-house’ specialists or to pay for the support of security consultants.

Just because you are small, it does not mean your database is small!

While we are months away from this report, indeed we are at least a month away just from the selection of the organization to handle this study, we can only hope that this study will highlight the value that security via software-as-a-service (SaaS) brings to the table.

Many large organization select SaaS tools like Alertsec to ensure the security of their hard drives; making a selection that is highly cost-efficient.  However, if services like Alertsec did not exist, these large businesses would find other ways (albeit more expensive ways) to address the security issues. SMB often have a different challenge in that they have little to no budget for critical security projects.  They might, and often do, think that they have no options.  Only when they see the cost of ownership data to they realize that security and encryption are indeed possible in their small and underfunded world.

Software as a Service fits SMB

Hopefully, when the report with “advice on security for small/medium sized organisations” comes out in 2010 it will recognize the considerable options and benefits that SaaS provides for small and medium sized organizations.

1 comment »

Posted in Data Protection

Tags:

Your data is your data, no matter where it is

October 26th, 2009

laptop-puzzle-pieceWith some of the most stringent reporting requirement regarding data breaches, the tiny state of New Hampshire (population 1.3 million) in the northeastern United States is turning into the place to go to learn about data breaches.   The latest news on how a “laptop left on plane put pension fund participants at risk” is an interesting tale about how security does not stop at your firewall – indeed security is a piece of most every business puzzle.

Party A does not encrypt and loses data owned by Party B

This story is a bit hard to follow but essentially on June 14 an employee of the Verso Paper Corp. left a company laptop behind on an airplane.  One their laptop were two documents that contained the names and Social Security Numbers of some former and current participants in the PACE Industry Union-Management Pension Fund (PIUMPF). According to a letter (pdf) sent to the New Hampshire Attorney General’s Office, it seems that PIUMPF had provided Verso with the data as part of a discussion relating to the possible merger of Verso’s pension plan into PIUMPF.

So say you are the IT manager at PIUMPF and perhaps if you have secured and encrypted all your data – you are sitting safe and pretty.  But your company’s data is shared with Verso and they don’t have nearly as good security – their laptops are not encrypted and as this case highlights – a third party can bring you down from a security perspective.

You can’t just encrypt, You have to educate

Alertsec has written and talked about this many times.  What your partners do matters: from Software-As-A-Service vendors who host your data to the company, to the company that carries your backup tapes to a vault to business partners that gain access to some or all of your data. When it comes to security, the actions of your partners matter.

Any other vendor that will come in contact with your confidential data has to be asked to follow the same stringent security protocols that you use.  However, the decision to share data may occur outside the confines of the IT world.  This is a key reason why it is not just enough to secure and encrypt your organization’s PCs – you have to ensure that your senior leaders understand the security issues of data sharing.

Encryption is the only secure way to protect your information

It might seem pushy to ask questions about a business partner’s security procedures – but the case with Verso Paper  highlights why you have to be proactive and specifically tell business partners what you mean by security. If the unthinkable actually happens and your business partner loses a computer with your laptop, a tool like Alertsec Xpress ensures that the information is protected at all times and cannot be compromised which ensures you complete peace of mind.

No comments »

Posted in Data Protection, Encryption

Tags: