Tag Archives: USB memory

A long recovery road after a data breach

Posted on by

Small to medium-sized businesses face a long recovery road after a data breach

Understanding why data breach preparedness is a priority is key. According to the latest Ponemon Institute Study, State of SMB Cyber Security Readiness: US Study, the road to recovery is long and hard for small to medium-sized businesses (SMBs) after a data breach.
 Not only did the SMBs lose customers, costs to acquire new customers went up significantly, some organizations had to lay off employees and it took almost a year to recover from the damage to their business reputation.  The purpose of the study was to understand the ability of SMBs to prepare their companies for a possible cyber security threat or data breach.

The study examined the differences in perceptions about the consequences of a data security breach between those companies that experienced a breach and those that have not.  The average cost of a data breach was almost $900K, which is almost three times more than what unaffected companies estimated.  This lack of awareness about the costs and consequences of a data breach can negatively affect an SMB’s ability to be prepared for a cyber security attack.  Although participants stated that the priority for their IT security spending was to meet compliance requirements and implement a data breach response plan, the reality is most companies didn’t have policies in place to deal with a breach of data.  In addition, respondents expressed that their biggest frustration in implementing a data security plan was dealing with employee negligence and felt it was unrealistic to expect an organization of their size to be totally secure from a cyber attack. In response, The Ponemon Institute has the following recommendations to improve the current state of cyber readiness for SMBs:

  1. Like bigger sized organizations, make it a priority to implement formal data protection and security programs to detect cyber security risks.
  2. Conduct risk assessments and monitoring to identify data breach risks. Establish security objectives and set actionable metrics to be able to measure that your company is meeting security goals.
  3. Ensure that employees’ mobile devices are properly protected with anti-virus/anti-malware protections and encryption technologies.  Identify your sensitive and confidential information that needs security and protection at all times.
  4. Educate workers through training and awareness programs on the importance of following proper security procedures.  Make the business case for investing in cyber security.

As with many things, it’s not the size that counts, it’s the content that is important.  And no matter how large or small the business, the importance of protecting that content should always be the first priority in every company’s cyber security plan.

Original article from Experian 22nd Feb 2013

UK Biggest Data Loss Disasters of 2012

Posted on by

The UK’s Biggest Data Loss Disasters of 2012
With the growth in the use of personal devices for work, it is no surprise that data loss increased in 2012. In fact, it is astounding to think that UK data loss in general has risen by an estimated 1,000 per cent in just under five years.

Here, we take a look back at some of the biggest data losses the UK faced in 2012.

NHS trust loses personal data of 600 maternity patients, and kids On at least two separate occasions in 2012, the NHS was forced to admit losing two unencrypted USB sticks containing highly sensitive personal patient data. In the first instance, the device in question contained data relating to around 600 maternity patients. A second USB stick containing the names and dates of birth of 30 children and full audiology reports of a further three was also lost. This caused great embarrassment to the NHS, and distress to the patients whose confidential information was compromised.

Lost data blunders costing  councils £1.9 million A series of blunders by various UK councils led to them being fined heavily for serious data breaches, including the disclosure of highly sensitive, personal information. The fines totalled an astonishing £1.9 million. The mistakes included information being sent to the wrong people, while one individual even left hard copies of highly confidential documents on the train.

Shopacheck loses data on 1.4 million customers In terms of the number of customers affected by any single data loss incident, Shopacheck experienced the biggest loss in 2012. The loan firm managed to lose sensitive financial information pertaining to 1.4 million of its customers after two back-up tapes went missing. The tapes contained highly confidential information including customer names, addresses, dates of birth, telephone numbers and email addresses.

Police force pays £120,000 penalty for data breach Greater Manchester Police was fined £120,000 after a memory stick, which had no password protection, was stolen from an officer’s home. This caused a serious breach of data security, not least because the device contained information about members of the public who had given statements as part of drug investigations. It also contained details of police operations, potential arrest targets and the names of officers.

USB stick with nuclear plant data lost by ONR official While on a business trip to India an Office for Nuclear Regulation (ONR) official lost an unencrypted USB memory stick containing data relating to one of the UK’s nuclear power stations in Hartlepool. What made it worse for this blundering individual was the ONR confirming that unencrypted USB sticks should not be used for transporting documents with a security classification. It seems this official should have thought a little more about effective ways to protect his organisation’s sensitive data.

As these examples demonstrate, data loss can largely be attributed to human error and ineffective backup and security solutions. Once again, we are reminded of the importance of implementing effective data protection policies. Many of these disasters could have been mitigated with the use of a solution such as EVault’s Endpoint Protection for mobile devices (laptops and tablets), or by using the cloud, to backup sensitive company data.
Let’s hope that businesses realise this in 2013!

Original article by By Jean-Jacques Maleval, Mon, January 21st, 2013

Ultimate Mobile Data Security

Posted on by

Perfect for the forgetful secret agent… the memory stick that self-destructs by remote control

A data protection company has come up with the perfect piece of kit for the spy who’s more Johnny English than James Bond.

ExactTrak Ltd has developed a memory stick that can be tracked by GPS if it becomes separated from its owner – and can even be destroyed by remote control.

The memory stick, called Security Guardian, is slightly larger than your garden variety device and includes an encrypted memory chip and a SIM card, which means that it can be tracked by GPS and GSM triangulation.

Scroll down for video

Data protection: ExactTrak's Security Guardian includes a SIM card, so that the memory stick can be tracked if it becomes separated from its ownerData protection: ExactTrak’s Security Guardian includes a SIM card, so that the memory stick can be tracked if it becomes separated from its owner

If sensitive information is on board the stick when it is misplaced or stolen, the owner has a variety of ways of disabling or destroying information so that it cannot be viewed or shared.

Owners can sign in to their account and block files and information. Alternatively, they can text a specific code to the stick itself, which will disable the device or lock the files within.

And, if all else fails, users can send a high-voltage charge directly into the stick, melting the internal chip and erasing everything contained on it.

Tracking device: The memory stick can be located by GPS and GSM triangulation. But if that's not good enough, files can be blocked or deleted via remote controlTracking device: The memory stick can be located by GPS and GSM triangulation. But if that’s not good enough, files can be blocked or deleted via remote control

Killer blow: If all else fails, users can send a high-voltage charge directly to the memory stick, frying the internal chip and obliterating all information on it Killer blow: If all else fails, users can send a high-voltage charge directly to the memory stick, frying the internal chip and obliterating all information on it

This killer bolt can be delivered without an internet connection – regardless of whether the device is connected to a computer or not.

The growing interest in data protection follows a number of high-profile cases where sensitive Government information was left on public transport – including a case in 2009 when a Government contractor lost a memory stick containing the information of 84,000 prisoners.

A 2008 report found that more than 3,200 laptops and mobile phones containing sensitive information had been lost or stolen from government departments.

In their sales pitch, ExactTrak claims that 65 per cent of recorded data losses are due to laptops and USB memory devices that go missing

In their sales pitch, ExactTrak claims that 65 per cent of recorded data losses are due to laptops and USB memory devices that go missing.

In a survey by the Ponemon Institute for Intel, 56 per cent of IT managers admitted that they turned off or disable their encryption. A further 35 per cent admitted to sharing passwords with colleagues.

ExactTrak is currently working with Government and corporate clients, developing a range of products that provide mobile data security and asset recovery.

But it’s not reserved for security services, ExactTrak’s website says: ‘Location monitoring and data security services can be delivered either via secure access to our monitoring platform, hosted on the Fujitsu Global Cloud Platform, or can be located within your organisation behind your own firewall.