Posts Tagged ‘laptop security software’

« Older Entries
Newer Entries »

Antivirus + Encryption = Total Security

January 17th, 2010

It’s important to understand that encryption software is very different from antivirus software. Many companies consider the two security solutions to be the same and fail to realize that they complement one another. While antivirus software is a perfect way to ensure that your computer is safe from the trojans, viruses, and rootkits, it only goes so far. Antivirus software doesn’t add an extra level of data security by encoding your hard drive. If an outsider gets their hands on a company notebook, antivirus won’t be able to prevent them from directly accessing the information stored.

A recent post from ComputerWeekly brings up a great point:

“…for as little money as it costs to install anti-virus software on your laptop, you can install encryption software, and protect your organisation not only from a data breach but also against any backlash…”‘

Companies need to understand the differences between antivirus and encryption and accept both as standards in their company’s defense. Most, if not all, data breaches or hacking attempts can be prevented and avoided by the right combination of security software.

Protecting your business is in your best interests and that’s where we step in- we provide a powerful and effective encryption method which works alongside all antivirus protection to ensure that your computer is secure. Using industry standard encryption, our software prevents unauthorized users from accessing private company information. Best of all, our software is affordable and manageable for pretty much any business. To learn more about our encryption solution, click here.

If you have any questions about how antivirus and encryption work together or would like to share an experience, leave a comment.

Further Reading
Data encryption is simple safeguard against data breaches [ComputerWeekly]

2 comments »

Posted in Data Protection, Encryption

Tags:

Employees – The Weak Link in Encryption

October 18th, 2009

woman-bed-laptopWith the continued growth of mobile computing and of data security laws, every day companies are investing more an more time and dollars into security systems.  Unfortunately, a common failing of these laptop security measures is the fact that they are heavily reliant on the diligent action of laptop-using employees to remain effective.  Thus, even after this investment of time and money – a security breach occurs because of the weakest link – the person behind the keyboard.

Employees Can’t Be Relied on to Enforce Security

Most organizations promote polices for the safe use of mobile computing devices and for accessing sensitive files.  However, just thinking about yourself:

  • Have you ever shared a password with another employee
  • Have you ever heard about another employee sharing passwords and not reported that?
  • Have you ever turned off an anti-virus, anti-spyware or encryption program?
  • Have you ever copied confidential data from it’s home (mainframe, shared network drive) to your PC for convenience?

Regardless of policies, the reality is that busy salespeople, unknowing marketers and harried administrative staff will ignore or avoid policy and load sensitive information onto portable computers. With more than 600,000 laptops lost or stolen each year from U.S. airports alone, companies relying on organizational policy to protect sensitive data will continue to fuel data breach media headlines.

Value of Remote Administration for Encryption

laptop-outside-womanTraditionally, organizations have used corporate firewalls and other intrusion detection systems to protect corporate networks from potentially compromised endpoints.  However, in today’s laptop-dominated environment, endpoint security strategies place the responsibility for security on the device itself and not on the employees.  This next generation of security strategy is already common in the form of anti-spam filters, desktop level firewalls and anti-virus software programs.

For best protection using encryption , there should be no local administration available for the end-user.  This is one of the benefits of Alertsec Xpress, as it  is designed to support an enforced security implementation where the user will not be able to disable the security without proper authority. Recognizing that organizations cannot rely on end-users to consistently follow IT policy or diligently apply security software, Alertsec Xpress eliminates the requirement for end-user involvement to be effective.

No comments »

Posted in Data Protection, Encryption

Tags:

Losses from high-tech security breaches nearly double in 2009

October 5th, 2009

canadian-data-breachA new Canadian study from the Rotman School of Management reveals a major increase in annual losses related to Information Technology (IT) security breaches. According to this study, which surveyed more than 600 IT security professionals across the country, the costs associated with security breaches include:

  • IT security breaches cost the average Canadian organization an estimated $834,000 in 2009 – a 97 per cent increase from the $423,000 reported by the study last year.
  • Similarly, the average number of reported IT security breaches also increased 276 per cent to 11.3 per organization in 2009 – compared with an average of three in 2008.

While every type of organization incurred an increase in breach costs during 2009, the increases were different across sectors:

  • Government organizations more than tripled their average annual cost of breaches to $1,000,000 in 2009, up from $321,000 in 2008.
  • Private companies more than doubled their cost of breaches to $807,000 up from $294,000 in 2008.
  • Publicly traded companies reported a moderate increase of only six per cent year-over-year.

These alarming numbers bring with them a silver lining, as the increase in the number of reported cases could be attributed in part to higher detection levels due to compliance regulations.  At the same time, it is a shame that IT departments are not adopting data encryption software like they should be.  Even with increased reporting, proper use of tools like Alertsec could have led to a decrease is losses due to security breaches.

The study highlighted the value of IT investments in security as the top-performing respondents (those without breaches) spent at least 10 per cent of their IT expenditures on security, with the average security budget was seven per cent of the total IT spending. The study reports that Canadian organizations are finding it difficult to improve their security posture within the current economic climate – but the cost of ownership for hosted encryption services is a drop in the bucket for the millions that are spent on security.

stolen-laptopWith a 56-per-cent jump in occurrences of laptop or mobile hardware devices being stolen in Canada alone, encrypting files on laptops should be so obvious a solution!  File encryption is not a new technology – it’s an established technology. However, too many organization weigh security and convenience and land on the convenience side – not realizing how simple hosted encryption can be!

2 comments »

Posted in Encryption

Tags:

US Federal Agencies Still Fail at Security

September 29th, 2009

gao-security-reportThe U.S. Government Accountability Office (GAO) has released another information security report which indicates that while federal agencies continue to make progress with information security policies and practices, there is still the need to “mitigate persistent weaknesses.”  The report says that for the fiscal year 2008, almost all 24 major federal agencies had weaknesses in information security controls.

The GAO’s auditors said a recent audit that examined how well agencies were protecting information and complying with the Federal Information Security Management Act (FISMA) found significant problems. “These persistent weaknesses expose sensitive data to significant risk, as illustrated by recent incidents at various agencies,” GAO said. “Further, our work and reviews by inspectors general note significant information security control deficiencies that place a broad array of federal operations and assets at risk.”

While these security issues ranged the spectrum, many focused on the issue of securing confidential data.  An analysis of the reports reveals that 48 percent of information security control weaknesses pertained to access controls. For example, agencies did not consistently establish sufficient boundary protection mechanisms; identify and authenticate users to prevent unauthorized access; enforce the principle of least privilege to ensure that authorized access was necessary and appropriate; apply encryption to protect sensitive data on networks and portable devices.

  • The Securities and Exchange Commission had 23 new weaknesses in controls intended to restrict access to data and systems.  “For example, it had not always (1) consistently enforced strong controls for identifying and authenticating users, (2) sufficiently restricted user access to systems, (3) encrypted network services, (4) audited and monitored security-relevant events for its databases, and (5) physically protected its computer resources.
  • While the Los Alamos National Laboratory—a weapons laboratory—implemented measures to enhance the information security of its unclassified network, vulnerabilities continued to exist in several critical areas, including encrypting sensitive information.

In response to this report, Vivek Kundra, President Obama’s newly appointed federal chief information officer, said that OMB was working to clarify FISMA reporting guidance and improve performance metrics. He also said OMB was planning to move FISMA reporting to an Internet-enabled database for fiscal 2009 reporting.  The hope here is that the transparent and public reporting of issues will, as has occurred in the private sector, encourage an increased focus on security.

The report highlighted several opportunities including the SmartBUY program. This program, led by the General Services Administration, is to support enterprise-level software management through the aggregate buying of commercial software governmentwide. The SmartBUY initiative was expanded to include commercial off-the-shelf encryption software and to permit all federal agencies to participate in the program.

The tools are all there – maybe someday all the confidential data will actually be encrypted.

No comments »

Posted in Data Protection, Encryption

Tags:

All encryption is not created equal

September 25th, 2009

One of the benefits of a software like Alertsec is that many governments do not require notifications of security breaches when the data in question was encrypted.  However, in the United States of the exceptions to this is the tiny state of New Hampshire. In New Hampshire a company is required to report a data breach notification even if sensitive information was encrypted.

Normandeau Associates Reports Stolen Laptop

laptop-is-it-safeSo just recently, Normandeau Associates filed a letter with the Attorney General when a laptop was stolen. According to the letter filed with the AG, a computer with personal information of 277 NH residents (who knows how many more people living in other states were affected) was stolen from an employee’s home in November 2008.  The laptop theft was recovered in February 2009.  However, somehow the fact that the laptop was stolen did not come to light until June 2009.

According to a copy of the letter sent to affected residents, the laptop contained a database of past and current Normandeau employees, including SSNs, names, and bank account numbers.

Confidential Data on the Laptop

So, why was this database on the laptop computer?  The official letter explained:

Normandeau has policies that prohibit personal information from being downloaded onto its laptop computers. In this instance, the database was temporarily stored on the laptop during restorative maintenance to the company’s network, and contrary to company policy, not thereafter removed. The company took action against the responsible person for unintentionally failing to remove the database containing the personal information as required by company policy. No further precautionary actions were required to prevent similar breaches.

But the letter also noted:

The perpetrator required specific computer software to access the encrypted database in its existing format on the laptop, and it is unknown if access was actually made.

Levels Of Encryption

That last note explains why states like New Hampshire require reporting even when data is encrypted.  There are different levels of encryption, and depending on how strong (or weak) the database’s encryption happens to be, there could have been a data breach.

The most common example of encryption is password protection used in Microsoft Office Products like Word and Excel. However, the encryption used is primitive at best.   A simple search on the Internet will yield software that is inexpensive and often free that will allow for the breaking of this basic encryption.

While the letter from Normandeau does not identify the encryption that was used, it does say “required specific computer software to access the encrypted database” which points out that the encyrption was not on the entire laptop – but just on this database.

Hard drive encryption is used in order to encrypt all data stored on a hard drive. With a program like Alertsec all installed programs, files and system settings are encrypted.  This makes it impossible for an unauthorized person to read your files.

All encryption is not equal – but Alertsec will provide a high level of encryption for minimal cost and expenditure of time.

No comments »

Posted in Data Protection, Encryption

Tags: