Symantec researchers intentionally lost 50 smartphones in New York, Washington, D.C., L . A ., the S . F . Bay Region, and Ottawa, Canada in public locations like elevators, park seats and food courts. The lost devices included corporate and individual information like passwords and e-mail.
Prior to the phones had been left behind, every 1 had been furnished with logging software program to record what files and apps ended up being accessed and GPS tracking switched on to keep track of the device's physical place.
The Symantec researchers discovered inside a current smartphone study. What is even worse, whoever finds it'll most likely snoop about taking a look at pictures, emails as well as other private info, Symantec stated.
Individuals had been most likely to access delicate individual and company information stored on them, like password data files, private pictures and e-mail messages, Although 50% from the finders attempted to send back the devices towards the owners listed within the get in touch with file, they nonetheless succumbed towards the enticement to spy about beforehand, Symantec stated. About 89% from the finders viewed individual information and 83% accessed business-related information stored on lost smartphones, Symantec discovered.
None from the smartphones within the study had any type of password or other security controls enabled to shield the information. About 57% of individuals who discovered the phones viewed personal files named "saved passwords". About 60% checked individual e-mail inboxes and accessed online community tools on the telephone, and 72% opened a folder marked "private pictures."
Thinking about that only half from the devices had been ever returned, customers require to think about that if they ever shed their phones, they would end up exposing all of their info, accounts and company information to strangers. Having usb protection could help secure the data.
Organization need to put a guideline in place to address the best way to wipe data before a device is replaced and to work with their employees to have their old deviceswiped before they are disposed of in the secondary market.
The Oregon Supreme Court dismissed a class action lawsuit against a healthcare enterprise in Oregon. The lawsuit was the outcome from the theft of patient information on backup storage devices that had been stolen from an employee's vehicle in 2005.
Providence House Well being Services took pricey and substantial actions to shield their patients following the theft was found. This fast reaction by the healthcare business shows the significance of taking rapid and prompt actions to shield clients following the discovery of a information breach. The ruling by the state's Supreme Court ends the 6-year legal work by plaintiffs.
About 365000 patients from the business had been affected by the information breach. The thief broke into an employees vehicle and stole the pc disks of info. The information on the disks included patients names addresses and some Social Security info. In only a handful of instances had been the patients private well being info on the stolen disk. The information had not been encrypted but did need a unique system to access. The healthcare business instantly notified affected patients and supplied methods to shield themselves against identity theft.
The business also provided to spend for two years of credit monitoring as well as other associated services if their identity was stolen. Additionally they provided to compensate for any monetary loss that may have come about from identity theft. They produced a website and call center to answer patient's concerns. Soon following the theft was announced a number of people filed a class action lawsuit looking for much more than 73 million. The plaintiffs sought damages for distress suffered once they learned from the theft.
Regardless of Providence's prompt actions in supplying protection and credit monitoring services plaintiffs also sought recovery from the price of credit monitoring services they stated had been separately incurred. Even though numerous Oregon courts decided the case on concerns of law the healthcare provider's fast and thorough response towards the theft was a important element within the effective outcome at every level. When the theft occurred Oregon had no law governing how a custodian of records ought to respond to a theft of info. Getting responded rapidly to get in touch with its patients and arrange for credit protection was in hindsight among the best issues the business could do. A secure flash drive would have helped this situation.And it is a model for other businesses to adhere to.
The last couple of years have observed an improve in large-scale information breaches. But what are a few of the worst information breaches ever? Beneath is really a report on eight from the worst information breaches more than the last ten years.
1. Heartland Payment Systems, occurred in 2008 and affected 134 million credit cards. It was an SQL injection that installed spyware onto Heartland's information systems. SQL injections took benefit of poorly monitored systems of retailers as well as other comparable businesses. SQL injections are probably the most typical type of attack against Internet websites back within the early 2000s.
2. TJX Businesses, this attack took location in 2006 and exposed 94 million bank card records. The thieves in this case took benefit of weak information encryption and stole the credit card information throughout a wireless transfer in between shops.
3. RSA Safety, this embarrassing attack to get a safety business occurred in 2011 and affected about 40 million employee records. The business stated two separate hacker groups worked in collaboration having a foreign government to launch a number of spear phishing attacks against RSA workers, pretending to be individuals the workers trusted, to enter the company's network. EMC reported final July which it had spent a minimum of $66 million on remediation.
4. U.S. Division of Veterans Affairs, thieves stole 26.five million records of veterans and military personnel inside a case of a stolen difficult laptop. The breach took location in 2006 and also the unencrypted information included names, Social Safety quantity, dates of birth as well as other info.
5. Sony's PlayStation Network, more than 77 million Sony PlayStation Network accounts had been hacked back in 2011. More than 12 million unencrypted credit card numbers had been stolen. Sony nonetheless hasn't found the supply from the hack attack.
6. Gawker Media, this breach took location in 2010 when 1.three million e-mail addresses and passwords had been hacked. The thieves also stole supply code for Gawker's custom-built content material management method.
7. Google, an action of commercial espionage in 2009 affected Google, Yahoo and a number of other Silicon Valley businesses. This attack by Chinese hackers exploited a weakness in an old version of Web Explorer to acquire access to Google's internal network. It appeared that China was trying to acquire info on Chinese human rights activists, however they also stole intellectual property. If they had used a secure flash drive this may have been prevented in some way.
8. AOL, in 2006, this business lost information on over 20 million internet inquiries from over 650,000 users. The information included buying and banking information. The information was posted on the web site. This was dubbed 1 from the dumbest moments in company history simply because AOL Study posted the information.
The main target for many information breaches remains consumer records based on a Trustwave Spider Labs report. The Trustwave 2012 International Safety Report demonstrates regardless of the top profile political cyber hacks, 89% of information breaches investigated by the business involved the theft of consumer info. Obviously the primary cause for this concentrate on cyber thieves is cash.
The cyber hackers are targeting those companies and organizations which are homes a huge selection of a large number of consumer information. These targets are mainly businesses that procedure probably the most bank cards or any other monetary information which will permit a thief to syphon off money.
The Trustwave survey demonstrated that the food, beverage, retail and hospitality business makes up about an extraordinary 85% of information breaches. This percentage implies that the cause these companies are targeted is due to the chance. Whether or not the lone cyber hack or nicely organized cyber crime rings, most will target probably the most vulnerable. Retail, beverage, food and hospitality business is nicely recognized for its payment method vulnerabilities and lax safety practices. Frequently occasions these businesses don't have the practical information on correct IT monitoring and outsource to a 3rd party vendor. These venders subsequently use remote access to monitor the safety, that has its on inherent vulnerabilities.
These safety lapses are multiplied a large number of occasions more than within the franchised food business. It's simple to get a thief to locate 1 vulnerable region to enter into a retail network, after which they've hit the jackpot. Simply because each and every franchise place utilizes comparable or standardized pc systems and networks. If a information hack is in a position to burgled 1 restaurant or retail franchise, they're extremely most likely in a position to hack into a large number of restaurants from exactly the same franchise. If they had an encrypted flash drive that may have helped.
Alternatively finish from the spectrum, the healthcare business, which has been topic to a lot much more scrutiny and privacy legislation, included only 3% of Trustwave?s investigative caseload, largely due to breach notification laws and much more mature info safety policies.
A new report published this week by Trustwave SpiderLabs shows that the food and beverage industry was the main target for cyber criminals in 2011 and will likely continue to be a target in 2012.
In the "2012 Global Security Report" the food and beverage industry was singled out as the top target for cybercriminals for the second straight year. The industry made up 44% of data breach investigations conducted by SpiderLabs in 2011. The company's report is based on 300 data breach investigations and 2,000 penetration tests.
According to the report, the thieves targeted customer records, making up 89% of breached data investigated. The next targets were trade secrets or intellectual property.
"The food and beverage industry was the top target of our investigations. That may be surprising. Most people might think that banks and governments would be at the top of the list?, said Nicholas J. Percoco, head of SpiderLabs.
"The criminal element wants to turn their criminal activity into money as quickly as they can. They go after the food and beverage industry because it tends to have high transaction volume. The criminals have found that those organizations have a low barrier to entry from an infiltration standpoint. Once they are in the environment, the lack of security awareness within those organizations affords them almost unlimited amounts of time to aggregate that data. They are then able to extract that data out of the environment and use it for fraudulent activities", said Percoco.
SpiderLabs found that restaurant franchises were the most targeted because they often use similar IT systems across all of their locations. Once a cyber criminal has breached a network, they can attack multiple locations with ease. More than one third of the company's investigations were with franchise operations. Things like usb protection are useful in protecting against data breaches.
Unfortunately, self-detection of compromises decreased in 2011 and only 16% of victimized organizations were able to detect the breach themselves. The remaining 84% relied on information reported to them after the breach was discovered by a third party entity: regulatory, law enforcement, or the public.
Using the quick pace of technologies and also the modifications that take location in current technologies, customers frequently buy the following greatest smartphone, tablet or laptop as soon because it hits the marketplace. What's left following the new device is plugged in and operating is the fact that the old telephone, tablet or pc is place away in storage, offered away or maybe sold in to the secondary marketplace.
Nevertheless, what occurs towards the info that was stored on the device. Frequently occasions, the device isn't correctly wiped to be able to shield the sensitive information that would effortlessly be accessible on it. Just lately, Motorola sold refurbished devices that nonetheless contained individual information and info from the prior owners.
Listed here are some actions a consumer can take be particular to shield themselves from a information breach as soon as they no longer use or manage their old device:
1. Alter passwords frequently. If user information is somehow mysteriously intact following each customers and also the manufacturer refreshes a device, an additional tool to assist maintain your self protected would be to alter up your password. For instance, alter your e-mail, bank as well as other on-line account passwords each month. This way, even when somebody gets an old device which has information stored on it, they most likely will not have the ability to access towards the info.
2. Factory reset. This reset will eliminate all of the account information from all of the apps, removes user-downloaded apps, and returns the device's software program to an "as-new" situation.
3. Erase the memory card. This may be simple to forget. There is a bit check box within the factory-reset procedure (but only a few of the time) that asks if you would like to erase the memory card, also. Make certain you check it. That way, apps that you have moved towards the memory card--as nicely as pictures, music files, documents, and so on.--are erased. Much better but, pull the memory card out, stick it into a pc and reformat it.
4. Encrypt your device. Not all devices provide encryption, encrypting the device is accessible via the data security settings. The belief is the fact that even when reset, an encrypted device to factory circumstances, any user information left on the device could be so jumbled as to become unusable.
Many IT managers have to adhere to a growing amount of federal regulations regarding data security. Most IT managers likely spend a great deal of their time making certain that their company is in compliance with these federal mandated regulations. Unfortunately, a lot of organizations and IT departments focus on the compliance portion and begin to lose sight of the main goal which is to protect against data breaches.
Many experts agree that it is very possible that an IT department can meet the basic compliance requirements without actually having their data secure. But fortunately there are tools in the marketplace that can provide security and also achieve the necessary compliance mandated by law.
A recent article provided an overview of the federal regulations that can affect any American business. The authors recommended three steps to help achieve regulatory compliance as well as securing critical data. These steps are:
1. Develop a set of well-defined security and compliance policies for the organization. 2. Deploy the right tools to protect the company’s system and all the platforms and apps within the system and finally 3. Develop a systematic backup strategy for the company’s data.
The alphabet soup of compliance is a jumble of acronyms like SOX (Sarbanes-Oxley), GLBA (Gramm-Leach-Bliley Act), HIPAA (Health Insurance Portability and Accountability Act), PCI DSS (Payment Card Industry Data Security Standards), and FOIA (Freedom of Information Act). Fortune 500 corporations and organizations with dedicated IT staff have a much easier time understanding and addressing the compliance mandates. But for small and medium businesses, it can be overwhelming to even figure out where to begin.
Unless your business is a publicly traded entity governed by the SEC, SOX should not have any impact on you; unless you work for a government agency, it is unlikely that you need to concern yourself with FOIA. However, PCI DSS affects virtually every business, and many small and medium businesses fall under the guidelines of HIPAA, GLBA, or both.
Each of the individual regulatory or industry compliance mandates was developed to address specific concerns. Achieving and maintaining compliance is no easy feat for organizations of any size, and it can seem overwhelming for small and medium businesses. But if using the steps above and staying focused on security first, then the compliance portion should be met.
For more information check out this secure usb drive review.
When people think about cloud computing the two things that are foremost in their minds are data security and privacy. Because of this, many individuals and companies tend to shy away from placing too much data in the clouds and focus on utilizing cloud services that are low in risk. Or even worse, they don’t even consider utilizing cloud-based services.
However there are many in the IT and security industry that feel that cloud computer may be a great deal more secure than anything that a company’s IT department could put into place to secure data. The main fear that has to be overcome is the fear that as a company not owning the infrastructure that the data resides in, puts security at risk. However thinking about this in terms of storing important documents in a safe deposit box is a great analogy. The bank building isn’t owned or maintained by the person placing items into the deposit box. However, if asked most people would agree that the bank is the safest place to keep valuable information.
Of course to gain access to the safe deposit box, the individuals have their own key. They are the only person that can access the contents of the box. Now use this example when thinking about how data would be stored in the cloud. Usb protection is also important.
Trusting the cloud service provider with maintaining and securing the data is important, but realizing that as the owner of the data, only you have the key or access to it. Cloud services must be inherently secure. Once the service is configured there must be no way for anyone but the owner of the data (including the cloud service provider) to access the data.
On top of the data being secured, the cloud service components must also be secured. But how can the individual or company be assured that the data is safe? Especially since the control over the physical infrastructure is placed in the hands of a third party. Encryption seems to be a mandatory requirement in order to provide assurance that the data is secure.
There happen to be a great deal of media reports about each information breaches as well as identity theft, but numerous individuals do not understand the distinction in between the 2. There certainly is really a close similarity between the two.
The fundamental definition of the expression breach is really a “hole” or “opening” but additionally using the caveat that these particular holes or openings were not intended to be there in the 1st location. Adding this definition to the phrase information breach and you are able to see that it's an opening to the information, or perhaps a hole by which to view, interact or obtain information. Generally the phrase is utilized to illustrate the loss of information and in most instances this info is sensitive and personal information which has the protection of regulations.
The term “data breach” brings up pictures of hackers or spies. These kinds of breaches are the methods that individual info may be compromised and stolen. Nevertheless, they're not the only methods. Some information breaches really are total accidents. In numerous from the high profile information breaches, either a pc was stolen, lost or maybe a disk or flash drive with info was lost, stolen or mislaid.
It does appear although that most breaches are intentional, and they are generally those that ought to be probably the most regarding to everybody who has made an internet purchase, frequently utilizes e-mail, and/or banks on-line. 1 of the biggest information breaches occurred to more than 130 million clients who had their information (credit card associated info) stored on a credit card processor’s databases. The hackers knew this and specifically targeted the business to ensure that they would acquire usage of sensitive monetary info of these 130 million individuals.
Thankfully, you will find laws that need businesses to shield individual info once they collect it. Being aware of what the connection is in between information breaches and identity theft is an essential step. It is simple to see that the connection occurs when a business has its info breached either through a theft or an accident. If a person’s info is lost from a information breach, specialists point out that they are 6 times much more most likely to turn out to be a victim of identity theft, due to the compromise of the data.
For more information check out this secure usb drive review.
Recently, a digital forensics company did an investigation and found that it is very easy to obtain sensitive information from old smartphones that are either sold as used or thrown away. This was also true even if the previous owner had utilized the factory reset.
The forensics company, Access Data, provided more details on what they found in an interview. In their estimate, 1 out of every 10 phones that have either been recycled, resold or thrown away still contain data. The company did an in-depth digital forensics review of 5 randomly selected smartphones that were purchased on the secondary or used market. The phones varied by manufacturer and included an iPhone 3G, Sanyo 2300, HTC Wildfire, LG Optimus and an HTC Hero. Of the 5 that were reviewed, 2 had not been reset to the default factory settings. These two phones contain information on active account ids and passwords, contacts, and calendar information, all very easy to locate.
All of the Android phones had been wiped, but four of the five phones included information that was still extractable with the right knowledge and tools. The company noted that all 5 of the used phones had some way to identify the location where the device came from either via the serial number or the old telephone number. Four of the five could easily identify the previous owner. Some of the data that was extracted included user account information, Social Security numbers, geo-location tags, deleted text messages and even a resume.
The forensic experts were able to use the geo-tags to get an exact latitude and longitude for the previous owner and find the street view of their home. Another phone revealed a Yahoo email account that the experts were able to use preset ids and passwords to log into via the handset.
Access Data noted that smartphones and tables have fast become a nightmare for both individuals, but also for businesses that are concerned about data breaches. Even though these devices cannot store a great deal of information, they still contain very sensitive data that can be used to access more and more data and information. Especially since the public at large and the business community have not adopted security measures for their mobile devices.
This is particularly troublesome for a business that has employees who use their own personal mobile devices to access the company’s network. It is one thing for a company to attempt to wipe a company owned asset of all data. However, it is very difficult for a company to ensure that an employee has wiped their mobile device before disposing it whether via the trash, resale or recycle. As well, this is coupled with the rapid churn of devices via incentives from the carriers or the advancement of technology that lures individuals to upgrade their device to the next best thing.
Organizations need to put a plan in place to address the best way to delete data before a device is replaced and to work with their employees to have their old devices wiped before they are disposed of in the secondary market. Utilizing aspects like usb encryption will help to deter data breaches.