Confidential Data

Insiders biggest threat to IT theft

Thu, 05 Jun 2008 06:59:59 -0400

Every IT department worries about security lapses and outside hackers stealing confidential data, but a new survey suggests that CIOs believe the biggest threat may actually come from within.

Secure Computing Corp., an enterprise gateway security provider, said a survey of 103 CIOs found that 80 percent of those polled felt internal threats posed the greatest risk. The security services company also reported that CIOs are acting on this concern, directing the bulk of their security-related IT spending to shore up internal safeguards.

To read more on the Internal threat:
- see this rcpmag.com article

Bank loses 4.5 million files

Mon, 02 Jun 2008 06:59:59 -0400

It's getting to be an all-too-familiar problem--a breakdown in controls combined with carelessness leading to theft of confidential data. The latest example is the confirmation by Bank of New York Mellon Corporation that unencrypted data storage tapes holding personal information of more than 4.5 million customers were lost in transport more than three months ago by a third-party vendor.

So far, the bank said, none of the unencrypted data has been accessed or used. The loss is causing big headaches for the bank - a lawsuit and investigations by several states.

CIOs know the risks of lax security and the consequences of data theft, and need to be constantly vigilant to make sure their IT staff take every precaution to protect their companies, customers and employees.

To read more about this problem:
- see this ComputerWorld.com article

Data theft headaches grow

Mon, 31 Mar 2008 07:59:59 -0400

Another week, yet another data theft. This time a laptop PC was stolen containing unencrypted, confidential data on March 4 and the event was disclosed after the company began notifying employees that their data had been snatched. Agilent Technologies, a Santa Clara, Calif.-based maker of test and measurement equipment, sent letters to 51,000 current and former employees telling then that some of their personal and financial data had been stolen. The breach occurred when a laptop was stolen from the car of a Stock & Option Solutions employee, a stock-plan management services firm that works for Agilent as a third-party contractor. What a headache! The data included names, addresses and Social Security numbers. It also included financial information relating to their Agilent stock options.

The theft of unprotected data seems to be occurring all the time. Last week, the National Heart, Lung and Blood Institute (NHLBI), part of the National Institutes of Health, said that a laptop containing personal and medical data on about 2,500 participants in a cardiac study had been stolen from an employee's locked trunk. The lesson from these tales: encrypt sensitive data and don't ever leave your laptop in your car even when it is locked.

For more on data thefts:
- Check out this ComputerWorld article

ALSO NOTED: BREAKING: Vista SP1 available NOW; Dell launches one-socket servers for SMBs;

Tue, 18 Mar 2008 07:59:50 -0400

> BREAKING: Vista SP1 available NOW. Blog
> P2P networks: Is your confidential data at risk? Article
> Intel: Quad-core laptop CPUs this year. Article
> Dell launches one-socket servers for SMBs. Article

And Finally... Vista SP1, toilet paper, together at last. Article

Protect desktop data, too

Mon, 11 Feb 2008 06:59:58 -0500

You've got your systems secured, or so you think. You have the best anti-hacking software available to keep the bad guys out, that much is for sure. And yet, like many CIOs, you haven't taken the steps to protect data on desktops, laptops and other portable storage devices.

The number of incidents involving these kinds of devices is growing. Two recent examples include Horizon Blue Cross Blue Shield of New Jersey and Georgetown University. Both faced data compromises that could have been avoided. If you are thinking about saving a few dollars by shaving down the security budget, think again. If you think it's unlikely this could happen on your watch, study these recent thefts.

Horizon notified about 300,000 members of the potential compromise of their personal information following the theft of a laptop containing the data on Jan 5th. Although a security feature on the stolen laptop deleted all of the confidential information on Jan. 23rd, it's unclear whether the thief accessed the data before then. The data on the laptop was not encrypted, but it was password-protected. That sounds like a job half done.

Meanwhile, the CIO at Georgetown University faced a different headache when a computer disk was stolen from a locked room. The disk contained Social Security numbers and other identifiable data for 38,000 current and former students. Ignorance is not bliss for the CIO and other IT executives. A theft is a theft by any terms. And letting your guard down may just be showing criminals the door to get in.

For more on securing it all:
- See this ComputerWorld article

Also check out these technology stories from the FierceCIO network:
> What happened with the Asian Internet outage? Article
> Get ready for February Patch Tuesday. Article
> The made-to-order smartphone. Article

Mobile tech is here to stay

Thu, 08 Nov 2007 06:59:58 -0500

Handheld computers are great until you try to protect them from hackers. Then portable devices, especially personal digital assistants and laptops become a big headache. In a new survey, the Computing Technology Industry Association found that 60 percent of organizations surveyed said that security issues had increased over the last 12 months. And the problem is bound to increase. About 80 percent of the organizations in the survey permit data access by remote or mobile employees. Not surprisingly, only a third have developed any security awareness training for these workers. So what's a CIO to do? Get with this issue quickly because mobile technology is not just coming--it's already here. "The increasing pervasiveness of remote access to confidential data and applications by mobile employees, and the implementation of wireless networks, are raising the stakes for corporate IT departments," said John Venator, president and chief executive officer of CompTIA. What are you doing about this issue? Are you blocking mobile access until you can be sure it is secure? Are only a few top-level employees at your shop allowed to use remote devices? Let us know if you are ready for this high-tech revolution, and how your colleagues can be ready for it, too.

To read more about this mobile trend:
- See this Federal Computer Week article

Survey: Businesses lack adequate security plans

Tue, 15 May 2007 20:01:39 -0400

A recent survey conducted by technology services firm Scott & Scott in conjunction with the Ponemon Institute found that businesses are still unprepared to deal with data breaches. The survey found that businesses don't have proper security policies in place, are not taking advantage of encryption technology to protect data, and aren't consulting with legal counsel before responding to an event which could leave them vulnerable to legal liabilities. The survey also pointed out the need for encryption technology on all devices containing confidential information.

Read more survey results:
- read the article at Dr. Dobb's Portal

ALSO:
- read this on picking up the pieces after a data breach
- this on maintaining vigilance in an insecure world
- this on controlling information access
- and this on layered security

DOJ pushes for better data sharing

Tue, 09 Jan 2007 19:01:38 -0500

If the U.S. Justice Department gets what it wants, the FBI and other federal agencies will be sharing data over a new, centralized data bank nicknamed OneDoJ. The DOJ wants an "aggressive" plan to push out better technology for faster and more accurate data sharing and is establishing a special committee for the effort. One big hurdle is the issue of privacy and protecting confidential information that the database will house.

For more on the DOJ data effort:
- read the news at CSO

Another laptop goes missing at Boeing

Thu, 14 Dec 2006 19:01:38 -0500

Boeing has fired an employee that it says was responsible for the theft of a laptop this month and is working with law enforcement to track down the mobile device, as it contains confidential information on nearly 400,000 current and former employees. The laptop data was not encrypted (though it was reportedly password protected), which means the the social security numbers, addresses and other personal data contained therein could end up in the wrong hands. It's the third time a laptop has gone missing from the company and while none have yet been recovered, Boeing claims that none of the missing information has been used for criminal purposes.

For more on the laptop theft:
- read the news at Computerworld

PLUS: Hackers hit Texas university with data theft. Article
Related Article: Starbucks beats Boeing in laptop loss count. Article

Browser flaw hits IE and Firefox

Sun, 26 Nov 2006 19:01:38 -0500

Since its debut, Mozilla's Firefox browser has been deemed safer and more secure than Internet Explorer by many--but that doesn't mean it's free of vulnerabilities. Researchers have found an issue in the browser's password manager, which lets users store passwords and user names related to specific sites. The vulnerability could allow hackers access to passwords and other confidential information. Mozilla had admitted that the flaw exists, as has Microsoft, since the flaw also affects Internet Explorer. But neither vendor has yet to release a patch.

For more on the new browser security issue:
- check out the news at CIO Today