According to the Toronto Star, the private data of 8600 Toronto teachers is now in the hands of thieves after unencrypted laptops were stolen from the Ontario Teachers' Insurance Plan.
The theft has served as call to action for OTIP:
OTIP spokesperson Julie Millard said the company is racing to finish a process it had started last fall to encrypt all data it holds on some 160,000 policy-holders.
“Because of what’s happened we’re working faster to encrypt all our communication devices by March—laptops, BlackBerries, even USB keys,” Millard said of the non-profit company owned by the province’s teachers’ unions.
Kanguru has just published a new whitepaper that explains how to use data cloning to roll out a new Operating System. Transitioning to a new OS, like Windows 7, can be time-consuming and tie up your IT staff for weeks or months. Using automated data cloning devices like the Kanguru Hard Drive Duplicator can greatly speed up the process.
This paper (PDF) explains the process of data cloning and the advantages of hardware-based duplicators. It also has a step-by-step guide to creating a master system image and provisioning multiple computers at once. Rather than installing a new OS, searching for system drivers and then reinstalling all of the applications, you can create one master disk and simply replicate it. The time-savings easily cover the cost of the duplicator.
The Ponemon Institute released their annual "U.S. Cost of Data Breach Study", which found the average data breach cost rising from $6.65 Million in 2008 to $6.75 Million last year. From Network World:
In tallying the cost of a data breach, Ponemon Institute looks at several factors including: the cost of lost business because of an incident; legal fees; disclosure expenses related to customer contact and public response; consulting help; and remediation expenses such as technology and training.
The study found that companies that have a CISO or similar position did much better at managing data breach costs.
Network World also has the 2009 Data Breach Hall of Shame.
Kanguru has partnered with Appspeed Distribution to increase the availability of Kanguru secure memory sticks in the United Kingdom. Kanguru Defender Elite can now be purchased by both Private and Public Sector users at Probrand's IT Index.
"An outbreak of data breaches in the UK has made encryption a high priority" commented Grahame Smee, Managing Director of AppSpeed Distribution. "Kanguru Solutions' highly secure storage devices and remote management console help businesses and government agencies combat the increasing data breach problem."
Defender Elite is in the final stages of FIPS 140-2 certification (Level 2). FIPS 140-2 is a US and Canadian security standard, which is also recommended by the UK Government Cabinet Office. Their new arrangements for data handling procedures (PDF) specify that
removable media should be encrypted to a standard of at least FIPS 140-2 or equivalent in addition to being protected by a authentication mechanism, such as a password
To add to the confusion, some vendors in the UK are advertising FIPS 197 validation. FIPS 197 only examines one component of the overall security system, and does not account for important considerations like authentication methods, random number generation, hashing and brute-force protections. FIPS 140-2 covers a much wider range of requirements and should be considered the minimum standard.
Last week we mentioned that over a million MA residents have been affected by data breaches since the Office of Consumer Affairs started keeping track in October of 2007.
If your business is based in Massachusetts or your company does business there, you may be affected by the new state encryption law starting March 1. Kanguru has a new whitepaper available that explains the law and how to meet compliance requirements.
Kanguru Whitepaper - Massachusetts Data Encryption Law (PDF)
Kanguru Website - General compliance information for Public Sector, Financial Services and Healthcare organizations.
One of our customers called last week to tell us the story of how the Kanguru Mini-Clone saved the day. This gentleman runs his own small business and stores very important files on his PC. Taking no chances, the system is set up with dual hard drives in a RAID 1 configuration. If one drive fails, the second drive contains an exact copy. Unfortunately, disaster struck when the motherboard failed and neither drive could be accessed.
The hard drives were quickly removed from the system and popped into the Kanguru Mini-Clone. The first drive was faulty, but the second one powered right up. Our customer was able to access and download all of his important files to another system through the USB connection. (The unit supports both USB and eSATA.) While he was at it, he used the Mini-Clone to make an exact duplicate of the functional drive and put it in the safe for backup. The business was able carry on with minimal interruption.
[caption id="" align="aligncenter" width="360" caption="Kanguru Mini-Clone - Hard Drive Duplicator"][/caption]
We thought this was a great illustration of the versatility of the Kanguru Mini-Clone. In addition to being a hard drive docking station and cloner, the product also has data wiping functions to sanitize old equipment. It's a great product for any size business.
A recent NY Times story on the Google - China confrontation mentions an increasingly common attack using USB flash drives to load malware.
Often, malware infections are a result of high-tech twists on old-fashioned cons. One scam, for example, involves small U.S.B. flash drives, left in a company parking lot, adorned with the company logo. Curious employees pick them up, put them in their computers and open what looks like an innocuous document. In fact, once run, it is software that collects passwords and other confidential information on a user’s computer and sends it to the attackers.
USB malware is a serious problem and Kanguru highly recommends using endpoint security to defend against these types of attacks. Portable flash drives may cause security concerns, but blocking them altogether can reduce worker productivity and cause major inconveniences. Endpoint security is an easy way to allow limited flash drive usage and still keep out unauthorized devices. That is why Kanguru has built USB Device Control directly into its Remote Management Console. Now organizations can remotely manage their secure devices and lockdown all others from one integrated console.
The latest issue of State Tech Magazine highlights a great feature of the Kanguru Defender and Defender Elite - the ability to track and manage USB drives in the field.
One feature of the Kanguru Defender drives that Conover appreciates is the ability to remotely set a password and wipe the drive clean if necessary. The agency has about 12 offices throughout the state, many of which are several hours away from headquarters in Albany.
For more info, view our Flash Presentation or contact your account manager at one of our authorized solution providers.
Via Axcess News:
A survey released today reveals that in the last year, 4,500 memory sticks have been forgotten in people's pockets as they take their clothes to be washed at the local dry cleaners. From 6th April onwards if data is lost and it causes a major security breach, this could now cost a company up to £500k with new powers given to the Information Commissioner's office (ICO) to fine companies who have not sufficiently protected customers details under the Data Protection Act.
This is actually an improvement compared to last year's survey, which hopefully means that security awareness is improving. It's still an awfully large number of flash drives, though, and there is no telling what kind of data is on them. Given today's large storage capacities, a memory stick could contain an entire database. Wouldn't you want the power to remotely delete a lost drive before it turns up at the dry cleaner?
Connecticut AG Richard Blumenthal is suing health provider Health Net over a lost external hard drive that contained sensitive information for 1.5 million past and present customers. Under the new HITECH legislation passed last year, states can obtain statutory damages in the event of a HIPAA security breach. The hard drive was not encrypted.
In a related story, BCBS of Tennessee just notified the public about a data breach affecting 500,000 customers. 57 unencrypted hard drives have gone missing. The drives contained names, birth dates, social security numbers, and diagnostic healthcare information. BCBS will pay for credit monitoring. No word on HITECH penalties or lawsuits yet.