In a new survey, 70% of organizations storing third-party data are not “very confident” that the sensitive data stored within their organization is protected. Over 80% of the organizations that responded to the survey were actually storing sensitive data from their customers, clients, vendors and business partners. About 50% were ?fairly confident? that the information was protected. About 20% were “not confident at all” that sensitive data was protected. And 5% were “unsure.”
It’s disconcerting that so many companies are still complacent when it comes to data protection. It means that these organizations would have some serious questions to answer should they suffer a breach. In fact, regulators such as the SEC, ICO and EU would likely deem that they had failed in their obligation to provide appropriate security protection to prevent sensitive data breaches and impose a hefty financial penalty.
Further information gathered by the survey included more insight into those who identified as “not confident” that data was protected — only 10% did not know where the data is stored and 0% did not monitor all data access. These additional data points make it clear that the lack of confidence in protection likely stems from the ever-changing abilities for cyber thieves to find ways to access and steal data.
The Ponemon Institute’s Cost of Data Breach Study – which focuses exclusively on U.S. data breaches, also has shown that the cost of data breaches has been on the decline as more efforts are put into reaction and response. The most significant being that both the organizational cost of data breach and the cost per lost or stolen record have declined. The organizational cost has declined from $7.2 million to $5.5 million and the cost per record has declined from $214 to $194.
The survey states, “This decline suggests that organizations represented in this study have improved their performance in both preparing for and responding to a data breach”. However, it seems that as data breaches continue to occur and the efforts of data hackers improves, businesses feel as though they never are prepared and begin to lack the confidence that they can control and protect data security. Having secure usb flash drive review will add some confidence when selecting such devices, products and vendors for a company’s data protection needs.
Oliver David writes articles for publications on topics like usb protection and usb encryption.
Web connected TVs and set-top boxes are only a small percentage of the hundreds of millions of American households. A new report from the research firm, NPD In-Stat is predicting that 100 million homes in both North America and Europe will own a television that has Internet content capabilities by 2016. At this point, there are limited concerns about information security with regard to these connected TVS – like those in the Roku or Apple Tv networks. However, recent revelations are raising fears that these connected TVs will be a new security hole.
Roger Grimes, a blogger has written about his exploits working as a security advisor for an unnamed CATV service provider. Grimes wrote in InfoWorld about his work as part of a team that was tasked with penetrating the CATV’s network. The team was able to bypass the security features of the CATV provider’s set top box, redirecting the service’s Disney channel to a porn site. These shenanigans were on top of the team’s ability to access the CATV provider’s web servers.
“Our goal was to see if we could hack into the set-top box, steal customer personal information, pirate services, and incur denial-of-service conditions.” Roger Grimes wrote in a recent article. Adding, “we not only owned the box, but ended up taking root of the entire cable system.”
The future of Web-connected Tv is going to be just like today’s world. There is a potential that the world may see malware takeovers of TVs, DoS attacks, and all the other hacker related activity that is seen in current computer networks in the always-connected world. Perhaps things like usb encryption and other forms of encryption will help.
Most likely the world will see hackers do the following with Internet connected TVs:
– Present fake credit card forms to fool consumers into giving up their private information.
– Intercept and redirect Internet traffic to and from the HDTV, which could be used fool consumers into thinking that “imposter” banking and commerce websites were legitimate.
– Monitor and report on consumers? private Internet usage habits without their knowledge.
Oliver David writes articles for publications on topics like flash drive reviews and secure flash drives.
A current survey demonstrated that a majority of organizations as well as government organizations are blind towards the reality that they’ve an issue with their information protection. These organizations are at an excellent danger and do not even understand it.
Also, the businesses might be unaware that they’ve currently lost information or had the private info stolen from their databases or computer systems by cyber thieves. This blindness implies that they’re unaware that they’ve lost useful info or that the operations happen to be compromised by some means.
Listed here are some suggestions to help keep your information secure as well as your reputation sterling:
1. Keep in mind that certainly one of the worst errors would be to believe that it’s the responsibility from the IT division to safeguard consumer and sensitive information. Security ought to have the focus of C-level management and it ought to be a component from the general corporate technique with each an outside and much more importantly internal threat.
2. It’s suggested from sources on-line which you manage the core operations and make particular which ones are priorities for the organization. Then defend these operations via layering of protection. Monitor the flow of company interactions to be able to know exactly where the weak intersections and exactly where vulnerabilities are. Use usb encryption and other technologies.
3. Leading management of every organization ought to chair a cross-functional security compliance committee. The committee ought to manage figuring out what the essential info assets are that have to be protected and what the right mixture of external and internal protections are and placing them into location.
Governments, organizations and businesses can take a powerful stance in securing information after which utilizing this to bolster their reputation and trust from the public. Taking the additional actions beyond complying with regulations, organizations which do greater than the minimum to shield information and info will offer a increase in protection of information. A business can turn a powerful corporate objective to secure and shield private info into a increase to corporate reputation and branding.
Oliver David contributes articles for blogs on subjects like usb flash drive review and usb protection.
Because the tools of security networks from cyber robbers improve in sophistication so do these tools utilized by the particular thieves themselves. Groups like Anonymous as well as other cyber crime groups are now favoring totally free automated tools to rapidly exploit web site vulnerabilities. What tends to make current incidents fascinating will be the speed and effectiveness from the hacks. 
The speed and ease had been accomplished through automation. Actually newer crime ware toolkits such have enabled individuals with minimal pc expertise to learn from cybercrime. This really is simply because these cyber crime tools automate the otherwise labor intensive procedure of making hard-to-spot malware.
This malware that’s created to find and steal sensitive individual information like bank account numbers and passwords and to make use of infected PCs as a part of a higher crime network of infected computer systems Nevertheless the sophistication level has been increased and these types of automation are becoming applied to make much more advanced web site hacking tools. Automated hacks aren’t new but now they’ve elevated sophistication. This really is even truer with regards to tools for exploiting SQL injection flaws. Higher attack tool sophistication can produce worrisome attack volume capabilities.
Automation is really a important indicator that somebody desires to attain an economic climate of scale. Inside a current information breach in Europe the suspect admitted to exploiting 259 websites in 90 days an typical of 3 web sites each day. The suspect was the teenager and he had conducted web site reconnaissance to catalog bugs in applications and Internet-connected databases then returned to these websites to exploit them. Automated attacks might also display telltale signs that organizations can use to assist spot and block such attacks whilst they are in progress. Utilizing encrypted flash drives is one way that businesses may avoid the attack of hackers.
Automated attacks have a tendency to be launched against a sizable quantity of websites more than a brief time period which means that much better attack intelligence and info sharing could assist organizations spot these kinds of attacks as they are taking place.
Oliver David contributes articles for blogs on subjects like usb flash drive review and usb protection.
China has published a draft for new recommendations on personal data protection. The document ?Personal Information Protection Guidelines for Public and Commercial Service Information Systems? was developed by a panel of experts and submitted for evaluation before becoming a national regular for the country.
The China Software Testing Center, a government institution that’s affiliated with the Ministry of Business and Info Technology (MIIT) coordinated the efforts to draft the guidelines and release them for review. The document involved greater than 30 numerous government agencies, organizations and commercial entities.
Using the release from the draft recommendations, Ouyang Wu, Deputy Director General for Information Security at MIIT, explained that the present scenario for individual information protection in China is “very concerning”. Criminal organizations happen to be exploiting the data they obtain from government and commercial databases for individual acquire. China, like other countries has had a spate of high profile data breaches previously year. This has raised public concern and awareness from the problem.
The draft guidelines provide procedures for the gathering, processing, transmitting and destruction of personal data. Ouyang states that organizations following the recommendations will require to follow eight principles: a clear objective for data collection, collect the minimum quantity of individual data possible, prior notification of the collection to the individual, user consent for collection, powerful security, trust and finally, accountability. When the use of a secure flash drive then often times data protection and personal protection are afforded in China.
The guidelines are not mandatory. Currently, you will find greater than 200 laws and regulations, which touch upon the area of individual information protection. However, there isn’t any complete legal framework governing this area.
In 2009, the revised penal code added a new category of crimes on “selling or illegally provisioning of citizens” individual information. However, the articles don’t define what would qualify as criminal activities in this category.
Oliver David contributes articles on subjects like usb encryption and usb protection.
There have been concerns over privacy of personal data ever since the internet became more ubiquitous for personal and professional use. These concerns have been on the rise as more high profile data breaches are discovered and reported. As well, companies like Google, Facebook and Twitter battle with governments over data privacy, the time to be concerned seems to be here and now.
Google recently upgraded and began to implement its new privacy policy. This took place despite strong opposition from the European Union and French authorities. The new privacy policy give Google the right to consolidate what it knows about users across all of its services (Google+, YouTube, Picassa, etc), something it had never done before. Google argues that this new policy will provide a “simpler, more intuitive Google experience.”
These popular online sites aren’t the only digital companies that are under scrutiny for their privacy policies and use of customer data. This spring, it was discovered that Path and Hipster (mobile apps) had been uploading user address books to their servers. Also, Apple and Android phones were also found to be providing access to an owner?s photos, even without permission from the user/owner.
The question has to be raised both in the U.S. and Europe about who actually owns the data. Is it the user and should be safeguarded by the service, to be removed upon an account cancellation. Or is this data that of the application/company to be monetized and used in ways that put individuals at risk for privacy invasions and data theft. Utilizing usb protection is a great way to protect privacy.
Recently it was announced that many advertising networks and leading Internet companies such as AOL, Google, Microsoft, and Yahoo had agreed to implement the Do not Track feature: essentially, it stops websites (and advertising networks) from tracking users. This blocks certain practices used by advertisers, such as personalized advertising.
This move was in line with a White House call for a “Consumer Privacy Bill of Rights”. The whitepaper suggest that user’s online data should have the same set of protections that they should have offline. Fundamentally, the US approach calls for Internet companies and industries to voluntarily adopt regulations with enforcement by a regulatory agency. This hasn’t been implemented but it is clear that steps are finally being made to give online data the privacy protections needed in an ever-increasing digital world.
Oliver David writes articles on data security on topics like encrypted flash drive and secure flash drive.
As technology increases with mobile phones, tablets, skype and other means to stay in touch with the office while working remotely, the likelihood of a data breach whether digital or paper is also going to increase. This popular option of working from home, a coffee shop or in a hotel has increased dramatically in the past 10 years.
Every enterprise should consider what steps they should take to secure data before issuing mobile devices and allowing employees to work from a distance. Data thieves have also seen this increase in mobile work and are targeting sloppy remote access networks in order to gain entry into a system to find valuable data. Below are some tips for ways a business can secure remote access networks.
1. Use Virtual Private Networks (VPNs). VPNs provide secure remote access to a company’s internal IT network for remote employees almost as if they were directly accessing it from the office. VPNs give the user a way to work remotely without the need to modify any existing IT systems. The risks are that the physical security systems are not in place with remote access. There are no longer any firewalls, etc. This may allow a system to be fooled into believing a hacker is an employee and give that person access.
2. Limit Access. Because of the limits of VPNs, limiting access to data by remote workers will provide a level of security that may not be achieved if the network is free and open to all telecommuters. Look at each task of telecommuting workers and determine whether or not they need remote access to your IT network. If they only need to access email, perhaps there is a work around that limits the access and thereby provides security.
3. Use SSL Encryption. Secure Sockets Layer (SSL) encryption is a great way to ensure that the data is protected during online transactions. Any remote employee could be accessing the company?s data from locations that don?t provide complete security (e.g., a coffee shop). For fuller protection of your data it is important to implement a SSL certificate for remote employees.
4. Require Strong Passwords. So many studies have shown that employees tend to use passwords that very easy to decipher and decode. The examples of passwords like “1234″ or “password” are already recorded in the data breach history books. Knowing this makes it imperative that employees use strong effective passwords. They also must keep the passwords restricted and safe from prying eyes. Having a password expiration data is also an effective way to keep data secure while being accessed remotely.
Having a secure flash drive is important too.
Oliver David writes articles for Data Security Weekly and other publications on topics like usb flash drive review and usb encryption.
Many financial institutions are making plans to meet their security needs in light of the high profile data breaches that have been front and center in the news. Each bank must make their own personalized plan, however there are some basic steps that can be taken to improve and increase overall data risk management.
According to a study by the Ponemon Institute, criminal data breaches are on the rise, accounting for 31% of breaches in 2010 — a seven-point increase from 2009. The institute also found that the average organizational cost of a data breach climbed to $7.2 million in 2010, while the cost per compromised record averaged $214. Overall, total breach costs have grown every year since 2006.
One of the first things that any bank should undertake is to understand the data life cycle at the institution and at branches. Taking the time to investigate and identify how financial data is collected, how it is used, how it gets transmitted from one location to another, how it is stored and finally how it is destroyed. After this analysis, it is much easier to figure out where the holes or vulnerabilities are in the data chain.
The basic rule for managing sensitive financial data is to first decide if you need it, if not, then don?t collect it. If you do need it, collect what you need and then control and encrypt it. After you no longer need it, then destroy it securely (whether digital, or paper).
Here are a few tips for securing bank data:
1. Protect bank waste. Yes, you don’t want to randomly throw out paper files. It is important to take the extra step of shredding paper files.
2. Identify sensitive data. Make sure supervisors know what type of data can be used by cyber thieves and that they know how to secure it.
3. Secure the ATM. All too often data hacks are placing unauthorized skimming devices and even small cameras near the ATMs in order to gain account numbers and pins.
4. Keep an eye out for unattended customer data. Develop a way to check that customer data is stored when employees are away from their desks, whether that is a policy that it must be locked up when not in use or that computers must be turned off if the employee is away from their desk.
5. Finally, wipe clean the memory on hard drives. Make sure the memory is cleaned on all devices like copiers, computers, fax machines and even mobile devices. Working with encrypted flash drives is a key way to avoid data loss.
The cost of complacency is too high to not take these and other steps to be certain financial data does not end up in the wrong hands. This is something that no financial institution can afford in these digital times.
Oliver David writes articles on topics like secure usb drive review and usb protection.
The Oregon Supreme Court dismissed a class action lawsuit against a healthcare business in Oregon. The lawsuit was the result of the theft of patient data on backup storage devices that were stolen from an employee’s car in 2005.
Providence Home Health Services took costly and substantial steps to protect their patients after the theft was discovered. This quick reaction by the healthcare company shows the importance of taking rapid and prompt steps to protect customers after the discovery of a data breach.
The ruling by the state’s Supreme Court ends the 6-year legal effort by plaintiffs. About 365,000 patients of the company were affected by the data breach. The thief broke into an employee?s car and stole the computer disks of information. The data on the disks included patient?s names, addresses, and some Social Security information. In only a handful of cases were the patient?s private health information on the stolen disk. The data had not been encrypted, but did require a special program to access.
The healthcare company immediately notified affected patients and provided ways to protect themselves against identity theft. The company also offered to pay for 2 years of credit monitoring and other related services if their identity was stolen. In addition, they offered to compensate for any financial loss that might have come about from identity theft. They created a web site and call center to answer patient’s questions.
Soon after the theft was announced, several individuals filed a class action lawsuit seeking more than $73 million. The plaintiffs sought damages for distress suffered when they learned of the theft. Despite Providence’s prompt actions in providing protection and credit monitoring services, plaintiffs also sought recovery of the cost of credit monitoring services they said had been separately incurred.
Although various Oregon courts decided the case on questions of law, the healthcare provider’s quick and thorough response to the theft was a key factor in the successful result at each level. When the theft occurred, Oregon had no law governing how a custodian of records should respond to a theft of information. Having responded quickly to contact its patients and arrange for credit protection was in hindsight, one of the best things the company could do. A secure flash drive would have helped this situation.And it’s a model for other companies to follow.
Oliver David writes articles for Data Security Weekly and other publications on topics like usb flash drive reviews and usb encyrption.
EU Finds Google Online Privacy Policy in Breach of Information Protection Laws and Regulations
By | April 4, 2012
A number of EU information protection agencies have determined Google’s online privacy policy to become in breach from the Union’s laws. The EU Justice Commissioner, Viviane Reding arrived at this conclusion following a number of agencies reviewed the company’s policies.
Asked as to what respects the policy might be breaking EU law, Reding stated: “In many respects. 1 is the fact that no one had been consulted, it’s not in accordance using the law on transparency and it utilizes the information of private persons to be able to hand it more than to 3rd parties, that is not what the customers have consented to.”
The French government’s information protection agency, the CNIL also weighed in on the legal elements of Google’s policy. Commissioner Reding commented concerning the CNIL’s reporting that “And they’ve come towards the conclusion that they’re deeply concerned, and that the latest guidelines aren’t in accordance using the European law, and that the transparency guidelines haven’t been applied.”
The reports happen on the heels of Google’s January announcement that it was simplifying its online privacy policy into 1 that would apply to all the company’s services like YouTube and Gmail. The primary concern is the fact that customers can’t opt out from the policy if they wish to make use of the services. Everyone is concerned about data security in the EU and the U.S.
“Protection of individual information is really a fundamental rule from the European Union. It’s inscribed within the treaties. It’s not an if, it’s a should,” she stated. In reply, Google earlier posted a notice that defended its new streamlined policy. “Our privacy policy is now a lot simpler to know,” the business stated.
Reding argued most customers had been unaware of what they had been signing as much as once they utilized mainstream Web services. “We know information will be the bloodstream of those new industries … but in the exact same time you will find fundamental European guidelines … which need to be applied, and sadly we usually see that these guidelines are just not observed, and illegality is taking more than.”
Oliver David contributes articles for Data Security Weekly and other publications on hardware authentication and flash drive reviews.
