Ultimate Mobile Data Security – Perfect for the forgetful secret agent…the memory stick that self-destructs by remote control

A data protection company has come up with the perfect piece of kit for the spy who’s more Johnny English than James Bond.

ExactTrak Ltd has developed a memory stick that can be tracked by GPS if it becomes separated from its owner – and can even be destroyed by remote control.

The memory stick, called Security Guardian, is slightly larger than your garden variety device and includes an encrypted memory chip and a SIM card, which means that it can be tracked by GPS and GSM triangulation.

Data protection: ExactTrak's Security Guardian includes a SIM card, so that the memory stick can be tracked if it becomes separated from its owner

Data protection: ExactTrak’s Security Guardian includes a SIM card, so that the memory stick can be tracked if it becomes separated from its owner

If sensitive information is on board the stick when it is misplaced or stolen, the owner has a variety of ways of disabling or destroying information so that it cannot be viewed or shared.

Owners can sign in to their account and block files and information. Alternatively, they can text a specific code to the stick itself, which will disable the device or lock the files within.

And, if all else fails, users can send a high-voltage charge directly into the stick, melting the internal chip and erasing everything contained on it.

Tracking device: The memory stick can be located by GPS and GSM triangulation. But if that's not good enough, files can be blocked or deleted via remote control

Tracking device: The memory stick can be located by GPS and GSM triangulation. But if that’s not good enough, files can be blocked or deleted via remote control

Killer blow: If all else fails, users can send a high-voltage charge directly to the memory stick, frying the internal chip and obliterating all information on it

Killer blow: If all else fails, users can send a high-voltage charge directly to the memory stick, frying the internal chip and obliterating all information on it

This killer bolt can be delivered without an internet connection – regardless of whether the device is connected to a computer or not.

The growing interest in data protection follows a number of high-profile cases where sensitive Government information was left on public transport – including a case in 2009 when a Government contractor lost a memory stick containing the information of 84,000 prisoners.

A 2008 report found that more than 3,200 laptops and mobile phones containing sensitive information had been lost or stolen from government departments.

In their sales pitch, ExactTrak claims that 65 per cent of recorded data losses are due to laptops and USB memory devices that go missing.

In a survey by the Ponemon Institute for Intel, 56 per cent of IT managers admitted that they turned off or disable their encryption. A further 35 per cent admitted to sharing passwords with colleagues.

ExactTrak is currently working with Government and corporate clients, developing a range of products that provide mobile data security and asset recovery.

But it’s not reserved for security services, ExactTrak’s website says: ‘Location monitoring and data security services can be delivered either via secure access to our monitoring platform, hosted on the Fujitsu Global Cloud Platform, or can be located within your organisation behind your own firewall.

 

 

Data losses on USB sticks – it’s raining again

The problem of lost USB sticks has been back in the news recently with data losses moving from laptops to the storage devices.

In January, the Information Commissioner’s Office (ICO) and the Office of the Data Protection Supervisor (ODPS) for the Isle of Man jointly criticised Praxis Care after an unencrypted memory stick was lost last year. It contained personal information relating to 107 Isle of Man residents and 53 individuals from Northern Ireland.

Last week, the details of more than 1,000 school pupils were lost when a USB stick was misplaced by a member of East Lothian Council.

It was at the end of 2009 that I looked back at ‘a tricky 12 months for the USB stick’ when it was blamed for data loss and Conficker. While the problem has not been eradicated completely, it does seem to be slipping back somewhat.

I recently spoke with a new company offering what it calls the ‘Fort Knox’ of USB memory sticks: I know what you are thinking, heard it all before. Well what caught my attention was that this was less a memory stick and more a tracking device, with GPS and GSM modules to track where it is and deliver this information securely to a management console hosted securely on Fujitsu’s Global Cloud Platform.

It also features remote wipe capabilities of any data on the device, whether it’s plugged in to a USB socket or not.

Named Security Guardian, creator ExactTrak said that its inbuilt software is linked to an online monitoring platform that protects against the biggest problem with mobile data security: human error.

Managing director Norman Shaw told SC Magazine that Security Guardian is been adopted by users due to it being encryption technology-agnostic and available with either 16 or 32GB storage.

He said: “We applied intelligent elements to communicate with the device and we can turn the device on or off and delete the memory. We can know where it is geographically.
“We met with the ICO and they said that it is all very well having encryption but 50 per cent of people share passwords. One of the technologies on this is that if you share a password, you can remotely remove or turn data off. A problem is that data losses are often not reported for months; we say this can overcome the stigma of losing data by saying ‘we lost the device but we deleted the contents of it’.”

Shaw said that this is sold not as a product but as a service, and a recent partnership with Fujitsu saw its Global Cloud Platform selected to host the back-end infrastructure.

The heart of the Security Guardian solution is the management console which provides remote access to the devices and maintains a verifiable audit trail detailing when and where data was accessed. ExactTrak said it needed a partner that could host the management console while providing the utmost levels of security, scalability and availability, and it selected Fujitsu’s Global Cloud Platform as a secure portal and because it could offer “global scalability almost instantly”.

Shaw said: “Once data is on the device it is encrypted. We have Trusted Client technology from Becrypt and the cloud capability from Fujitsu and it is all dynamic data on the device, so what is on there is secure.”

In my recent conversation with Thales, it was suggested that technology should make encryption transparent, and “if you know you are using it then it has gone wrong”. I asked Shaw if he felt there was a problem with encrypted data and that people were not using it.

He said: “Some people realise the problem of encryption, so how do you prove that it was turned on? You say that a laptop was encrypted, but then it appears on eBay and it turns out that it wasn’t encrypted at all.

“With our solution you can say that the data was turned on or off on the management console with a verifiable audit trail and the ICO can say the matter is closed.”

There are solutions out there to prevent data loss and most of them offer different levels of security and capability, and what ExactTrak offers is certainly different – the capability to react after the incident.

Original article from SC Magazine  Feb 2012

Could High Profile Data Losses Be A Thing Of The Past?

Over the past year a number of organisations have suffered high profile data losses, leading to hefty fines and considerable damage to their reputation. With the EU data protection law set to change imminently, the importance of effective strategies to prevent data loss and the ability to detect and respond to data breaches quickly has become of paramount importance to businesses.

The European commission has put forward  proposals that greatly strengthen data privacy laws and see a single set of rules on data protection applied across the EU. The new law would mean increased responsibility and accountability for those processing personal data, with organisations required to inform their national supervisory authority of serious data breaches as soon as possible – within 24 hours where feasible.

This, coupled with the high profile media coverage of data loss incidents, is forcing businesses to become more aware of the risk their operations are exposed to without adequate data security policies.

Additionally, each time we hear about data loss cases such as a lost USB memory stick or a stolen laptop containing sensitive information, which accounts for over 65% of recorded data losses, we are quickly reminded that these are often the result of human error.

One recent story condemns East Lothian Council who lost the personal data of over 1,000 pupils because one employee downloaded the information to a memory stick and subsequently lost it. Another example is Irish telecoms firm eircom, who recently confirmed the theft of three laptops containing personal information of over 7,000 customers.

The laptops were not encrypted and as a result the organisation has been heavily criticised by the Data Protection Commissioner for failing to employ standard data security measures and faces a very hefty fine.

In the UK, unlike some European countries, if the data loss has been caused by the actions of an individual employee, the penalty fine will be issued to the data controller within the company and the company itself will be liable to pay.

This, alongside the fact that human error will inevitably continue and the use of USB memory sticks is only set to proliferate, means that businesses need to adopt technology solutions that work within those parameters to protect themselves.

Even if your organisation uses encryption products, you still have significant exposure. Many surveys and reports have found that encryption is often turned off and there is no way to be able to prove the product was encrypted without recovering it. The sharing of passwords is also a very common potential exposure.

Of course, people can and will always make mistakes but businesses can protect themselves through readily available technology solutions. USB keys exist today that can have their memory turned on, off or deleted remotely and can be located through inbuilt GPS technology. Businesses have the power to avoid future data losses but the solution is just as much a people one as it is a technology one.

Norman Shaw. CEO ExactTrak Ltd. manufacturers of Security Guardian

Published in Business Computing World    Feb 2012

Security Guardian USB stick can be tracked and remotely deleted

Using a web-based console, administrators can also apply policies to Security Guardian devices used by their staff, and locate them if required using their built-in GPS capability.

However, the GPS does not simply allow lost devices to be tracked, but also enables organisations to set location-specific policies governing their operation.

The memory can be enabled or disabled for specific geographic areas, so a hospital could configure their memory sticks to only work when they are actually on the premises,” said Shaw.

Administrators can also set a policy so that the device will automatically disable its memory if it has been unable to check in with the ExactTrak cloud service for any length of time.

In this state, the data is preserved, but cannot be accessed until the Security Guardian is able to communicate with the management service again. When the memory is disabled, it is electrically isolated from the USB interface, according to ExactTrak.

Unlike many other secure USB Flash drives, Security Guardian devices are not self-encrypting. This is because customers told ExactTrak that they wanted them to function with encryption services they were already using, such as Becrypt Trusted Client, Shaw said.

Because of the unusual nature of the Security Guardian devices, they will be sold via system integrators such as Fujitsu as part of a service package including GSM provision. Customers can expect to pay £25 to £30 per device per month.

Published in V3.co.uk  Feb 2012

Huge rise in reported data breaches

Reported data breaches to the Data Protection Commissioner rose by 350pc in 2010, following the introduction of a more stringent code of practice in the middle of last year.

Publishing his annual report earlier today, Data Protection Commissioner Billy Hawkes said last year had seen a “dramatic increase in the number and significance of organisations that have lost personal data”. The report shows 410 data security breach incidents from 123 organisations were reported to the DPC in 2010, up from 119 reports from 86 organisations in 2009.

“It can be assumed that the sudden increase reflects the more exacting demands placed on organisations by the code of practice rather than an increase in the absolute number of data breaches,” the report said. The figures show the level of reported breaches spiked after the code was introduced last July. At the press conference this morning, the DPC confirmed early signs suggest this year’s level of breaches will be similar to last year’s

Original article from Silicon Republic.

Protecting sensitive mobile data

41% of IT workers carry sensitive data on their gadgets.

Around 41pc of supposedly security-savvy IT professionals are walking around with sensitive information sitting on their mobile devices unprotected, new research reveals.

In fact, 19pc revealed that their organisation had suffered a data breachfollowing the loss of a portable device (ie, laptop, USB, CD), with 54pc confessing the device had not been encrypted – an offence under data protection laws, according to a study by Origin Storage.

With 70pc of organisations making data encryption mandatory, 11pc of those respondents carrying sensitive information unprotected are actually breaching their organisation’s data protection efforts while the other 30pc are simply following their organisations’ woefully inadequate example.

KEYSTONE COPS?

When digging a little deeper, the study, amongst IT security professionals at this year’s Infosecurity Europe show, uncovered 37pc of respondents who confessed that between 81pc and 100pc of all sensitive data stored on their device(s) was actually left unprotected – so not just one or two documents transferred in a hurry.

“When you consider the level of knowledge this audience is assumed to have, working in IT and having some form of security remit, yet the lax protection used for sensitive data, it’s hardly surprising data breaches are increasing in frequency and especially recently in size,” said Andy Cordial, Origin’s managing director.

Original article from Silicon Republic.

How safe is your data?

Mobile data is a risk.

Surprisingly 56% of the top 500 UK companies do not use encrypted memory sticks. Hardly a way to protect valuable commercial information and corporate reputation.

Relying solely on encryption is NOT the solution to avoid data loss.

More than 60% of corporate executives admitted to sharing their access passwords. The Pomemon Institute survey discovered that 60% of departing employees stole company data before they departed. Furthermore some 42% stole the data on a company supplied USB memory stick.

Security Guardian can help overcome many of these potential data protection issues.
Passwords can be remotely changed. Laptops can be configured to only allow Security Guardian USB memory stick.
Security Guardian will report where the data is being used.

You can remotely deleted data is you suspect a problem.

Security Guardian is no more expensive than other quality encrypted memory sticks and a lot more secure .
Security Guardian puts you in control of your data, avoids commercial and reputational loss as well as avoiding Data Protection fines of up to £500,000.

Find out for yourself. Email: evaluation@exacttrak.com or call
0203 2875107

Ultimate data protection with Security Guardian

Security Guardian is already recognised as the Fort Knox of USB Flash Drives due to its ability to allow data to be deleted even when not connected to a laptop or the internet.

Security Guardian data protection and information security can now be further enhanced by the complete range of Becrypt CAPS, CESG and FIPS approved encryption products. This includes a range of encryption products that cover the complete spectrum of governemnt approved security levels as well as Trusted Client.

Trusted Client is a self-contained encrypted environment that allows employees to connect to an organisation’s network and data whilst preventing data loss and leakage. This secure isolated environment provides access to a corporation’s existing VPN infrastructure as well as backend applications such as Windows desktops and Microsoft applications.

Go further and control what devices can be used to connect to your laptops. In conjunction with Becrypt’s Advanced Port Control, you can prevent any unauthorised device connection except Security Guardian. This will mean that when data is transferred to a Security Guardian you will always know where it is, thanks to the embedded GPS System. Data on Security Guardian can be remotely deleted, even when not connected to a laptop, thanks to the internal battery.

Full product details can be found on our resourse pages.

 

There but for the grace of…

There have been a lot of words written about the hacking of the RSA network and the possible breach of its seed generating system and possible customer compromise. Let’s face it, RSA has been seen to be a quality benchmark adopted by countless corporate organisations.

You can get a glimpse of the worry & concern felt by the IT Security and support teams by looking at the posts on The Register.

Clearly, the fact that RSA have a problem is one thing but what comes across clearly is that communication out to their thousands of customers has been slow, unconvincing and unhelpful. The proposed solution of disabling remote access suggests that many corporations should put their business on hold.

One can only wonder what would be the effect of having a mandatory disclosure clause inserted into the SLA so that companies would work with RSA to finds a way around the problem that enables business to learn collectively from events like this and implement agreed cross party solutions.

Are your affected by the RSA problem?
What would you do?

Laptop loss is data loss

Laptop theft = Data Loss

Every laptop contains data. Some more sensitive than others. The recent laptop theft figures from the USA and the UK are staggering.

During 2010 some 637,000 laptop were reported stolen at US airports.
That is 1745 per day.
Over 400,000 were never recovered.
300,000 contained sensitive information of which over 200,000 had no data protection.

In the UK where we have fewer airports and travellers but the figures are also alarming. Heathrow alone accounted for 783 laptops lost / stolen per week during 2010.
Gatwick contributed a further 477 per week.
Just taking these two major International airports that is over 65,000 laptops per year.

Laptops, like mobile phones are easily replaced. What is more annoying, frustrating and damaging is the loss of the data, information and telephone numbers. In many cases the data held on the laptop or smartphone contains sensitive or personal information. If this data relates to third parties and in the wrong hands leads to fraud, blackmail or identity theft, the problems really start.
Protecting your mobile data is not difficult. Failure to do so is just stupid and possibly illegal under the data protection acts.

There are a range of solutions available from standard encryption products to products such as Security Guardian that will help protect your valuable data by encrypting your data, tracking where it is and allowing you to delete the data remotely. Taking action now could save you getting a thumping great fine.