PC Data Security BlogFresh perspectives on laptop security, encryption, and risk management. |
|
||||||||||
|
|
What’s scarier than a hacker? Your employees.11:19 am on October 30, 2008 | By Meghan Whelan | In data breach, information security, risk management, security policy | No CommentsIn a study recently released by Compuware, results showed most data breaches are caused by employees, not hackers. The survey of 1,112 IT workers found that only one percent of data losses this year were the result of hackers. Here’s a breakdown of the results:
Negligent insiders were overwhelmingly cited as the cause of data breaches in the survey. What does this mean for company security policies? Will we soon see a shift towards tying up the internal loose ends that compromise company data? It might be a good idea. Especially when you add to the equation the data from other security studies showing the impact of a data breach on a small company. One-third of companies in one survey said that a major security breach could put their company out of business. Additionally, a data breach that exposed personal information would cost companies an average of $268,000 to inform their customers–even if the lost data is never used. Or, to break it down further, which a Forrester survey did, a breach will cost a company between $90 and $305 per exposed record. In today’s economy, every dollar spent in a security budget has to get scrutinized. A better strategy for security professionals is to put those dollars toward preventitive measures that combat insider negligence instead of throwing money at an outside threat.
Security News Brief: 10-22-088:42 am on October 22, 2008 | By Meghan Whelan | In data breach, laptop security, laptop theft | No Comments
I lost my USB flash drive!3:56 pm on October 14, 2008 | By Ravi Mishra | In data encryption, information security, risk management, security policy | No Comments
Flash memory devices are dirt-cheap and offer lots of storage. As a result, lots of employees run around with critial company data on their USB Flash devices.
But what if they lose a USB Flash device with sensitive company data at Starbucks? As an organization, you’re vulnerable. That’s why USB Flash security is critical. These solutions come in 2 flavors:
1. Consumer USB Flash Security Solutions 2. Enterprise -level USB Flash Security Solutions
Consumer USB Flash Security Solutions typically provide data encryption and password protection on USB Flash devices - Good. But how and under what conditions those capabilities are utilized are determined by the user. What if the user opts to ignore the security features? The organization is still vulnerable.
Enterprise-level USB Flash security solutions provide controls that are enforced - by the Enterprise. The decision about whether or not to secure the device is not a decision left to the user. These important controls include USB port blocking, enforced encryption, auditing and destruction of at-risk data. When it comes to security risk I believe that most IT administrators will want the decisions on what data can be put on a USB flash device and if so, under what security rules and conditions. Reliance on employees for this critical decision is risky indeed.
What if it’s Your Data on a Lost or Stolen Device?6:27 am on October 9, 2008 | By Mike Lee | In data breach, information security | No CommentsToday, people rely heavily on small electronic devices which can contain a lot of personal information about oneself and one’s life. PDAs, cell phones, laptops, usb thumb drives, ipods, and cameras are just a few of these devices. It’s important to consider the information you’re storing on them. Do your devices include online banking information, bills, receipts, tax returns, personal photos and videos, contact information, online account information, electronic signatures, emails, and…? If this information is intercepted by another person, they can learn a great deal about you. Losing such a device now becomes a much larger undertaking than most people realize. It’s like losing your wallet. What do you do when your wallet is lost or stolen? You cancel your credit cards, get a new id/driving license, perhaps subscribe to a credit reporting/protection agency. Would you do the same thing if you lost one of these electronic devices? You might not - but you should. These are necessary precautions against identity theft and other damaging uses of your personal information. Your vulnerability may be even greater. Do you store photos or video of your family on these devices? How would it feel if they were in the hands of a complete stranger? A stranger with the morals that justified stealing the device in the first place?
Security News Brief: 10-03-089:43 am on October 3, 2008 | By Meghan Whelan | In identity theft, information security, laptop theft, security policy | No Comments
|
 Subscribe in a reader
Categories:
Archives:
Links: |
|
Powered by WordPress. Theme designed by Web Hosting at Lunarpages. |
