Posts Tagged ‘hard drive encryption’

« Older Entries

Henry Ford Health System didn’t Learn from its Previous Mistake

February 28th, 2011
USB Flash Drive

Lost Flash USB Drive

This is the second news of data breach within the Henry Ford Health System in less than a year. On 31st January 2011 an employee of Henry Ford Health System in Detroit lost an official flash drive. In the previous incident, a Henry Ford employee’s laptop was stolen from an unlocked office. Laptop encryption software was not used in the stolen laptop. This was the second case of data breach occurring within the hospital which took place just before three months of the latest incident in September but this time again the stolen drive was not encrypted.

Personal Data of 2,777 Patients is on Risk

The drive was containing the personal information of 2,777 patients and the security lapse within the Henry Ford put their information on huge risk. The lost information included names, address, e-mail address, phone number and date of birth, medical record numbers, type of treatment, test information and results of the patients. The drive contained information of only those patients who tested for urinary tract infections between July and October 2010.

An investigation of the breach started on 8th February 2011 but it is still not clear as to how, the device was lost. Henry Ford’s Chief Privacy Officer Meredith Phillips said in a statement there is no evidence the flash-drive data was misused.

Federal Health Information Privacy Law

According to the federal health-information privacy law, health care organizations are required to notify patients within 60 days of such a breach and health systems also must pay for identity monitoring for a year to help guard against identity theft.
In such case of data breach HIPAA require Henry Ford Health System to notify the affected patients, local media and the Department of Health and Human Services. Henry Ford has not placed a prominent notice of the breach on its Web site but it is notifying affected patients individually and offering one year of free credit monitoring services. Patients seeking information on activating ID monitoring may call 877-835-0549 between 9 AM to 9 PM on weekdays.

Security Flaw because of Unencrypted Devices

Everyday there are cases of security and identity breaches in the news and most of them occurred because of the unencrypted portable devices. What an organization should do in such case of data security? I will say the idea is to become a little more proactive. A simple solution like Data encryption software has a special option to encrypt the data. Which keeps your documents safe and protect your sensitive data against un-authorized users by utilizing the latest data encryption technologies.

Keep your Sensitive Data Safe with Alertsec

Above incident shows that in the absence of full disk encryption, privacy of such a huge number of people can get affected. To keep your sensitive data safe from thefts and hacking, it is vital to use Data encryption software. There are many incidents taking place across global organizations which highlight the need of a data security and recovery software. By a mere investment of $13/month, the information can be secured with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

Related articles
Enhanced by Zemanta

1 comment »

Posted in full disk encryption

Tags:

Common Arguments Against Encrypting

January 13th, 2010

xcd

It’s not uncommon to hear about companies neglecting to encrypt and properly secure their computer data. Many businesses underestimate the damage that can be caused by unprotected information getting into the wrong hands. Others knowingly accept the risks and hope for the best. Unfortunately, institutions which don’t encrypt their computer hard drives are playing an extremely dangerous game- one that can have very serious consequences.

While the above comic pokes fun at the benefits of computer encryption, the reality is that most data related disasters don’t involve a complicated kidnapping plot! In most cases, a careless employee leaves a computer unattended or is a target of theft. In these circumstances, encryption is the best defense your business has to ensure that your computer records and data are protected.

Below are the most common arguments against encryption with rebuttals, explaining why encryption is the appropriate solution. If you have any other concerns or arguments, feel free to leave them in the comments and we’ll attempt to address them in a later post. On the other hand, if you’re convinced, take a peek at our affordable encryption solutions or sign up for a free trial!

“It’s Not That Serious…”

Unencrypted company data getting into the wrong hands can be an extremely serious and costly issue. All sorts of problems can arise if someone gets access to information they shouldn’t. If personal customer details are jeopardized, you may be liable for damages related to the data breach. You also risk a serious blow to your reputation; customers are very unlikely to continue doing business with a company that can’t offer stable and secure transactions.

Other types of information leaks can cause just as many troublesome issues. If sensitive information about company business is discovered, operations and future plans may have to be put on hold. Figures and data could find their way to competitors, helping them gain an unfair edge. Even something as innocent and simple as employee salaries could wreak havoc, causing friction among co-workers. All in all, no matter what type of data is lost, it can cause serious damage to a business.

“It Won’t Happen To Us.”

Companies like to think that they have enough protection which makes encryption unnecessary. Many have security measures in place and rely heavily on workplace policies, employee training, or even simply common sense. While this may be an easy way to cut costs, it’s a poor strategy for businesses interested in a secure future. A major data breach can occur from a single error that is often unpredictable. It’s irrational to rely on other strategies when there’s a simple solution.

It’s a good idea to think of encryption as sort of insurance related business expense. While you can hope that your data will always be secure without the extra layer of protection, you’ll certainly be wishing you had encryption if a company computer is ever lost or compromised.

“Am I Really Protected?”

Contrary to the suggestions of the introductory comic, encryption works and is an effective solution for both small and large businesses. It’s an extremely powerful technology that prevents others from accessing your computer’s stored data without knowing your password. Unlike most basic login/password prompts, encrypted hard drives are protected using AES, a proven industry standard.

We ensures your data is safe by including additional levels of security such as personal authentication questions. Rest assured, computers using an encryption service are as protected as they can be.

No comments »

Posted in Data Protection, Encryption

Tags:

Advice on security for small/medium sized organisations

November 16th, 2009

We’ve talked about the The Information Commissioners Office (ICO) several times here, most recently in Encrypt Before the Law Smacks It On.  We talk about the ICO because it is one of the few governmental agencies, anywhere in the world, that has real legal powers to ensure that organizations keep private data secure.  Knowing the quality of work that the ICO has created it is intriguing to see their latest project.  The ICO is soliciting bids for a project to research and produce a report on the availability of advice on information security for small/medium sized businesses (SMBs).

The ICO says that “The aim of the project is to establish whether there is appropriate advice available on keeping personal information secure for small to medium sized organisations.”  They want to understand what authoritative advice is available and how these information can best be made accessible to these small organizations.

Government Report on Security for SMB Organisations

On the one hand you have to wonder if the world needs another government report.  But on the other hand I think back the number of small and medium sized businesses that have been featured within the electronic walls of this blog alone. When you read through the ICO enforcement page you will spot some large businesses like UPS – but there are many small businesses like a sole medical practitioner or small government agencies that have fallen prey to unsecured and unencrypted data.

A great deal of the ICO’s enforcement efforts concern the loss of personal data – most often the media which is not appropriately encrypted. In theory, Large organisations, whether in the public or private sector, should have the resources to enable them to either maintain an ‘in-house’ security capacity or to obtain support from those with specialist security expertise.

What is much less clear is whether there is sufficient advice and resources available for smaller organisations.  While the organizations themselves might be smaller, some of them will hold vast repositories of personal information – on par or greater than a large organization.  But it is the rare small organization that has the resources to afford to either retain ‘in-house’ specialists or to pay for the support of security consultants.

Just because you are small, it does not mean your database is small!

While we are months away from this report, indeed we are at least a month away just from the selection of the organization to handle this study, we can only hope that this study will highlight the value that security via software-as-a-service (SaaS) brings to the table.

Many large organization select SaaS tools like Alertsec to ensure the security of their hard drives; making a selection that is highly cost-efficient.  However, if services like Alertsec did not exist, these large businesses would find other ways (albeit more expensive ways) to address the security issues. SMB often have a different challenge in that they have little to no budget for critical security projects.  They might, and often do, think that they have no options.  Only when they see the cost of ownership data to they realize that security and encryption are indeed possible in their small and underfunded world.

Software as a Service fits SMB

Hopefully, when the report with “advice on security for small/medium sized organisations” comes out in 2010 it will recognize the considerable options and benefits that SaaS provides for small and medium sized organizations.

1 comment »

Posted in Data Protection

Tags:

Your data is your data, no matter where it is

October 26th, 2009

laptop-puzzle-pieceWith some of the most stringent reporting requirement regarding data breaches, the tiny state of New Hampshire (population 1.3 million) in the northeastern United States is turning into the place to go to learn about data breaches.   The latest news on how a “laptop left on plane put pension fund participants at risk” is an interesting tale about how security does not stop at your firewall – indeed security is a piece of most every business puzzle.

Party A does not encrypt and loses data owned by Party B

This story is a bit hard to follow but essentially on June 14 an employee of the Verso Paper Corp. left a company laptop behind on an airplane.  One their laptop were two documents that contained the names and Social Security Numbers of some former and current participants in the PACE Industry Union-Management Pension Fund (PIUMPF). According to a letter (pdf) sent to the New Hampshire Attorney General’s Office, it seems that PIUMPF had provided Verso with the data as part of a discussion relating to the possible merger of Verso’s pension plan into PIUMPF.

So say you are the IT manager at PIUMPF and perhaps if you have secured and encrypted all your data – you are sitting safe and pretty.  But your company’s data is shared with Verso and they don’t have nearly as good security – their laptops are not encrypted and as this case highlights – a third party can bring you down from a security perspective.

You can’t just encrypt, You have to educate

Alertsec has written and talked about this many times.  What your partners do matters: from Software-As-A-Service vendors who host your data to the company, to the company that carries your backup tapes to a vault to business partners that gain access to some or all of your data. When it comes to security, the actions of your partners matter.

Any other vendor that will come in contact with your confidential data has to be asked to follow the same stringent security protocols that you use.  However, the decision to share data may occur outside the confines of the IT world.  This is a key reason why it is not just enough to secure and encrypt your organization’s PCs – you have to ensure that your senior leaders understand the security issues of data sharing.

Encryption is the only secure way to protect your information

It might seem pushy to ask questions about a business partner’s security procedures – but the case with Verso Paper  highlights why you have to be proactive and specifically tell business partners what you mean by security. If the unthinkable actually happens and your business partner loses a computer with your laptop, a tool like Alertsec Xpress ensures that the information is protected at all times and cannot be compromised which ensures you complete peace of mind.

No comments »

Posted in Data Protection, Encryption

Tags:

Encrypt Before the Law Smacks It On!

October 22nd, 2009

The Information Commissioners Office (ICO) is the UK’s independent authority set up to promote access to official information and to protect personal information.  The ICO has legal powers to ensure that organizations comply with the requirements of the Data Protection Act.  The ICO is an outgrowth of the The Data Protection Act 1998 which has helped to encourage businesses to step up and take action to ensure appropriate protection of data. The ICO, which is responsible for enforcing the Act, has shown great success in getting organizations to cooperate after DPA violations.

Information Commissioners Office Enforcements

Reading through the ICO enforcement page is like reading an advertisement for encryption software.

  • 14 September 2009 – Billing Pharmacy Ltd, theft of an unencrypted computer containing sensitive personal data for around 1,000 customers.
  • 4 September 2009 – Sandwell Metropolitan Borough Council, an unencrypted memory stick was lost by an employee.
  • 21 August 2009 – London Borough of Sutton, theft of two unencrypted laptops.
  • 20 August 2009 – Repair Management Services Ltd (formally MVRA), theft of an unencrypted laptop containing the personal information of approximately 36,800 individuals.
  • 12 August 2009 – UPS Limited, an unencrypted password-protected laptop was stolen containing the payroll data of approximately 9,150 UK based UPS employees.
  • 28 July 2009 – Imperial College Healthcare NHS Trust at St Mary’s Hospital, South Wharf Road, London, theft of six unencrypted laptop computers (two incidents)
  • 28 July 2009 – NHS Lothian, theft of an unencrypted memory stick
  • 28 July 2009 – London Clubs International Limited, theft of an unencrypted laptop containing the data of approximately 26,000 customers.
  • 14 July 2009 – Chelsea & Westminster Hospital NHS Foundation Trust – theft of an unencrypted USB memory stick containing personal data relating to 143 of the Trust’s patients.
  • 14 July 2009 – The Hampshire Partnership NHS Trust, theft of an unencrypted laptop computer, containing the personal data of 349 patients and 258 members of staff.
  • 14 July 2009 – The Royal Free Hampstead NHS Trust, loss of an unencrypted computer disk containing personal data relating to some of the Trust’s patients.
  • 14 July 2009 – Surrey and Sussex Healthcare NHS Trust, theft of two unencrypted laptop computers containing personal data relating to 23 and up to 80 of the Trust’s patients respectively.

Password protected laptops are not secure

Referring to the UPS case noted above, Mick Gorrill, Assistant Information Commissioner with the ICO, said ‘Password protected laptops are not secure. I urge all organisations to restrict the amount of personal information that is taken off secure sites. I am pleased that UPS has encrypted its laptops and smartphones, and I urge other organisations to follow suit.”

Encryption is the most Affordable Security Approach

In all these cases, the breaches are clear examples where had data security measure like laptop encryption software been used; the entire incidents could have been avoided.  There are so many benefits to encryption; it is so affordable; it is so obvious – yet as the ICO enforcements show – we are a long way from universal laptop encryption.

In each of the cases noted here, the organization implement encryption policies as part of the enforcement with the ICO – and I bet each of them wished they had  implemented the same policies on your own, ahead of the law!

No comments »

Posted in Encryption, Lawsuits and settlements

Tags: