USB mystery in South Korea

UPI is reporting on a story from South Korea's Yonhap News Agency, which has all the ingredients of a great mystery plot:  Secret battle plans, a missing USB flash drive and a potential cover-up.

"The military unit, the DSC and ministry of defense were all informed of the case but never took action," a source said in the Yonhap report. "It (the drive) contains confidential information on national security, but nobody knows where it is."

The story lacks detail, but it's not a stretch to believe that a large organization has know idea where it's IT assets are.  This is a common problem.

Kanguru's Remote Management Console solves this issue for USB flash drives.  Administrators can view exactly when and where each device is being used.  The moment that a drive is reported missing, an automatic delete or disable command can be issued from the console.

Written by Kanguru — October 31, 2012

Survey shows risky habits with USB sticks

A recent survey of office workers revealed that USB sticks are frequently used to store company information regardless of corporate policy.

Delving into the research reveals that more than half of the respondents said their USB sticks were not encrypted, leaving the corporate information on them completely vulnerable if they are borrowed, lost or stolen.

This ComputerWorld article makes the link between this type of weak security and the vulnerability of governments and corporations to data breaches that end up on Wikileaks.

Written by Kanguru — October 31, 2012

Experts discuss security for portable devices

The loss of portable devices is gaining more attention as companies strive to balance security concerns with user productivity.  Last week, a group of experts gathered to discuss laptops in particular.

Intel on Thursday brought together a panel of technology security experts to discuss the findings of a recent survey it sponsored, entitled, "The Billion Dollar Lost Laptop Problem." Conducted by Ponemon Institute, the survey gathered data from 329 organizations that have lost a total of more than 86,000 laptops worth a combined $2.1 billion in the past year. Forty-six percent of these systems contained confidential data, but 70 percent lacked basic precautions including encryption, back-up and anti-theft technology.

The numbers are similarly scary for portable storage devices like USB flash drives.  While these drives are extremely convenient for employees, the data stored on the drives needs to be protected.

Members of the panel pointed out two key areas for improving security.  One was implementing security controls that don't require user intervention.  When implementing encryption, it should be seamless and automatically enforced.  Another method of improving security is to include a remote kill or disable technology, so that lost devices can be locked down and secure from leaking data.  Making these features standard in portable devices will go a long way toward preventing future data breaches.

Written by Kanguru — October 31, 2012

HITECH Act not reducing Data Breach costs

Data breaches that expose confidential medical data are costing healthcare providers $6 Billion a year.  SC Magazine reports on a new study by the Ponemon Institute and the results are not good.

The top three causes of breaches were unintentional employee action, lost or stolen computing devices and third-party accidents. The average number of lost or stolen records per breach was 1,769.

The survey found that breaches have cost the U.S. health care system $12 billion over the past two years. The economic impact of a data breach was approximately $2 million per organization over a two-year period.

Expect the number of records per breach to increase as portable devices continue to grow in capacity and shrink in price.  Employees may have good intentions when they take the entire database home with them, but data breaches often result when a car is broken into or a thumb drive slips out the pocket.  Healthcare organizations need a policy for securing USB devices and it needs to be enforced automatically.

Written by Kanguru — October 31, 2012

FIPS 140-2 recommended by UK Government Department

The UK Treasury Solicitor's Department has published a new document that outlines security requirements for Counsel and Barristers.  The TSol guidance document (PDF) recommends using only FIPS 140-2 validated encryption products, and provides tips for choosing an encryption vendor.

FIPS 140-2 validation is a comprehensive process that requires testing by an accredited security lab.  Kanguru has now completed FIPS 140-2 certification with three generations of Secure USB Flash Drives:  Kanguru MicroDrive AES, Kanguru Bio AES, and the new Kanguru Defender Elite, which is compatible with Mac and Windows, as well as Ubuntu and Red Hat Linux.

 

 -----------------

Please note: This is an archived blog post.  Some information may be outdated, or may no longer be applicable. Please feel free to contact Kanguru Solutions for the latest updates, or for more information at 1 (508) 376-4245 or email us at sales@kanguru.com

Written by Kanguru Solutions — October 31, 2012

Riskiest places to leave your SSN#

Many entities use your Social Security Number to identify you.  Are they doing everything they can to protect that information?

Robert Siciliano, on behalf of McAfee, analyzed data breaches published by the Identity Theft Resource Center, Privacy Rights Clearinghouse and the Open Security Foundation that involved Social Security number breaches from January 2009 - October 2010 to reveal the riskiest places to lose your ID.

The top 10 most dangerous places to give out your Social Security number are:

#1 - Universities/Colleges (108)

#2 - Banking/Financial Institutions (96)

#3 - Hospitals (71)

#4 - State Governments (57)

#5 - Local Governments (44)

#6 - Federal Governments (33)

#7 - Medical Businesses (27) (Please note: These are businesses that concentrate on services and products for the medical field such as distributers of diabetes or dialysis supplies, medical billing services, pharmaceutical companies, etc.)

#8 - Non-Profit Organizations (23)

#9 - Technology Companies (22)

#10 (tied) - Medical Insurance and Medical Offices/Clinics (21)

Read the full article for tips on when and when not to provide your Social Security Number.

Written by Kanguru — October 31, 2012

Incomplete security leads to major medical-data breach

The Philadelphia Inquirer reports a on a major data breach at Keystone and AmeriHealth Mercy Health Plans.

A computer flash drive containing the names, addresses, and personal health information of 280,000 people is missing - one of the largest recent security breaches of personal health data in the nation.

A spokesperson for the companies responded to questions for a follow up article:

The insurers, she said, had been working to improve a method for allowing encrypted patient information to be available to company representatives at local health events. The drive was being used at headquarters to test the new system, she said.

The information on the missing portable drive was not encrypted.

Also, the two companies had embarked on an initiative to encrypt all company data, especially data on devices such as laptops or flash drives that would be used outside the building. But that initiative was not completed when the Sept. 20 incident occurred.

Written by Kanguru — October 31, 2012

Kanguru Partnership with BitDefender

The partnership between BitDefender®, an award-winning provider of anti-malware security solutions, and Kanguru Solutions, manufacturer of secure, portable IT storage solutions, has helped support Kanguru's expansion into European markets by adding BitDefender's anti-virus software to Kanguru's encrypted, remotely manageable flash drives.

Read the full story here.

With malware like Stuxnet spreading via USB sticks, anti-virus protection is more important than ever.

Written by Kanguru — October 31, 2012

Kanguru in Germany

Kanguru invites European IT Professionals to meet us at it-sa 2010, die IT-Security Messe, in Nürnberg on 19-21 October.

We will be exhibiting with our local distribution partner, OPTIMAL.  Product demonstrations will include Kanguru Defender encrypted USB memory sticks, Remote Management software and the RocIT Defender "PC on a Stick".

Visit the OPTIMAL/Kanguru stand in Nürnberg or contact OPTIMAL for more information about selling or purchasing Kanguru products in Germany, Switzerland and Austria.

Written by Kanguru — October 31, 2012

HITECH Act explained

CSO Blog has a short explanation of the HITECH Act and its implications for Healthcare providers and 3rd party partners.  The author also outlines some steps you can take to lower the risk of a data breach.  These include taking an inventory of all Protected Health Information (PHI) and using encryption on all storage devices.

Written by Kanguru — October 31, 2012

Today's Schedule

The Very Latest From Kanguru

Stay informed about the most up-to-date Kanguru products, services, special events and insights on IT technology from leaders in the secure data storage and duplication industry.

visit Kanguru News visit GuruBlog