Dec 29

Report Said Most Enterprises Don’t Correctly Protect Sensitive Data

Trustwave found surprising data security trend in its 2014 risk status reports, which included the fact that most companies don’t have mature approach to control and track sensitive data.

 

For data security issues, enterprises have high degree of awareness of legal responsibility but they don’t figure out how to control risks by tracking sensitive data. The report interviewed 476 IT professionals in more than 50 countries, most of which were in the United States and the United Kingdom. According to the report, 63% of enterprises don’t have mature approach to control and track sensitive data.

 

“This means that many enterprises don’t know what their sensitive data is and where it is, who can access it and its mobile location,” senior vice president of Trustwave, Phil Smith, said, “This type of information is the first step of building security strategy.”

 

If enterprises don’t know what their sensitive data is and where the data is, then how do enterprises protect the data? Smith said the first part of risk assessment is to identify the location of enterprise’s sensitive data. Enterprises should know what sensitive data is, where it is and its movement and who has right to access it.

 

The report also found that while 58% of enterprises use third party program to manage sensitive data, but 48% of enterprises actually don’t deploy third party management program.

 

“Many companies (especially retail) outsource payment process to third party vendors, letting them access sensitive payment information,” Smith said, “however, they don’t know how these providers protect their data.”

 

Secure payment processing issue is particularly important, especially in 2014 so many retail data leak issues occurred. Smith recommends enterprises to communicate with their third party providers, so that each party knows what their responsibilities are in data protection. In addition, he recommends that enterprise should build secure requirements in the contract with third party provider.

 

Although enterprises may not protect all data, but Trustwave’s survey found that enterprises had high degree of awareness of the legal responsibilities. 60% of enterprises said they knew their legal responsibility of protecting sensitive data. The survey found that only 21% of enterprises didn’t have any training in secure awareness, which means that most enterprises actually had some forms of security training programs.

 

In addition, most respondents indicated that the deployment of control over BYOD was already in place. Only 38% of respondents indicated that their companies didn’t have any control on BYOD.

 

Smith said: “There are still a lot of companies do not have security policies and procedures foucus on BYOD.”

 

Patch management is an important part of corporate security, but the study found that 58% of enterprises didn’t have mature patch management process. Smith pointed out that in many cases, enterprises focus on deploying more strict access control, intrusion prevention/detection equipment and other perimeter security, but put patch repair and existing system maintenance on lower priority.

 

Another important finding of the survey is that the board of directors highly involves in enterprise security. 45% of enterprises have the board of directors or executive-level management involving in security affairs. Security is a top-down problem.

 

“All sectors of enterprises should consider security as an important issue, from IT professionals to non-technical staff and management,” Smith said, “C-level executives should not only ask their IT team whether our data is safe? It should also be asked how our data is protected? What control measures is deployed? “

Dec 15

Nearly one-third SMEs don’t emphasize on data secure backup

According to the survey conducted by the Internet and Mobile Security Organization AVGTechnologies, most companies hadn’t noted real value of their data. The result of the test showed that 37% of small business manager spent more time on tidying up desks and ordering new business cards rather than doing backup for data. This survey was give to 500 U.S. small businesses managers, and the result showed that although most (75%) businesses relied on automatic backup system, about a quarter (24%) of businesses didn’t require employees to back up data at least every week. However, 30% of respondents thought that more than half of their data were critical data.

 

Given that small business claimed that more than half of the data were sensitive data, the loss of employees’ mobile devices should attract more attention. In fact, about half of small businesses said they had experienced the loss of mobile devices. Interestingly, the survey showed that many small businesses management staff didn’t think employees’ mobile devices contained a lot of sensitive data. They cared more about the security of data transferred to cloud. When asked about cloud-based backup, 64% of small and middle enterprise said security was the issue they cared about most.

 

And the results of the survey can be concluded as below:

 

1. Compared with backup data in UK (22%) and US (21%), a substantial proportion of small and middle businesses often spend more time on tidying up desks and ordering new business cards, which is not even the most conventional computer-related work. 43% of UL companies and 53% of US companies said they spent more time changing passwords.

 

2. When it comes to cloud backup, security is still a most concerned issue. Other key issues include the cost, data recovery and lack of control.

 

3. Most small businesses have not experienced mobile device data loss, but they are approaching (51% in UK, 53% in US).

 

4. Most SMEs (62% in UK, 66% in United States) are confident that they can prevent data loss when employees leave the company.

 

5. Most small businesses (59% in UK, 54% in the US) still don’t require employees to back up daily. A considerable number of backup data (68% UK, 75% of the United States) is operated by IT automation systems.

 

6. When it comes to mobile device data, only 1-10% of employees of about one-third of SMEs (32% in UK, 34% in the US) go out of office at least once a week. On the other hand, mobile devices are increasingly used to work, and only a small number of companies said 80% -100% of their staff go out of office one day a week.

 

7. When the device is lost or stolen, 39% of UK businesses and 41% of US companies priority is to ensure that data cannot be viewed by an unauthorized third party. That’s why you need to protect files in drive with password and configure different users’ permission to content in the drive.

May 19

Nine mistakes enterprise often commits after data leakage

In the recent International Association of Privacy Professional (IAPP), a data and privacy protection expert from Data Breach Resolution – Michael Bruemmer lists top nine common mistakes that enterprises commit after data leakage.

When the enterprise leak their data owing to being attacked , if the enterprise fails to handle the problem, the situation will become deteriorate, which may result in secondary attack on enterprise brand and performance and even involve the enterprise into legal troubles.

1. There is no external safety management services company to assist

When the severity of data leakage exceeds the company’s processing ability, it’s better for the enterprise to have the assistance of external security services team, which is called the incident response team, such as Verizon Business, Trustwave or IBM all can provide similar service. This kind of service should be considered when making out business continuity / incident response plan.

2. There’s no external legal counsel

Currently laws and regulations are unable to effectively cover all types of sensitive personal information, hence when serious data leak incidents happen, it’s necessary to commission an external data leak related experienced lawyer unless your company’s legal department well knows all data and privacy related laws.

3. There’s no sole decision maker

Data leakage often involves multiple departments in company, and every department has its head, which always leads to low efficiency in execution. Enterprise must assign a similar CISO position, which can play a planning and coordination role in promoting the overall issue response.

4. A lack of transparent communication mechanism

A lack of transparent communication mechanism will lead to troubles, and wrong communication message will cause wrong actions, which will delay the processing speed of the entire incident and make new confusion.

After the incident response team was established, every staff in this team should be definite and provide a complete contact list for external consultants.

5. There is no communication plan

Another problem in enterprise is a lack of communication plan to communicate with the p[ublick or the media.

Enterprise should prepare a detailed and feasible media communication plan for a data leak incident. Rapid and effective media communication can avoid spreading false reports.

6. Think and plan before things happen

Data leakage incident often needs you to make decision when holding incomplete information or information is changing fast, which is somewhat similar to a hospital emergency room. Enterprise must launch contingency processing flow while data leak incident happens. Waiting to grasp the full information and then taking action will miss the best opportunity.

7. A lack of rehabilitation and correction plan after the event happens

After handling the data leakage incident, enterprise should make out a rehabilitation and correction pan to maintain good communication with consumers and stakeholders, while avoiding this kind of events from happening again. It’s helpful for rebuilding the brand and retrieve trust of customers by sharing your investment in information security technology and services with your customers and investors.

8. Provide customers with no remedy

Consumers should always be the core of intrusion response, which means that companies should notify consumers through channels such as call center to take proper measures to protect personal privacy data after the data leakage incidents happen.

9. There’s no plan to execute

Incident response plan must be constantly updated and corrected, and its implementation needs a complete team to continue to advance.

For more information about data security, you can visit: www.kakasoft.com

Dec 17

Dangers in Mobile Information Age

The development of the Internet and information technology makes people step into the information age, but with the change of the information processing terminal, people also enter the mobile information era. In this mobile era, people can use their mobile information devices to connect the network anytime and anywhere, beginning their informationalized living, office and entertainment. It’s sure that the mobile situation will continue for a long period of time, because it fit people’s hope of free.

But it is this portable mobile device that brings about information and data security issues to people. How to deal with mobile device security issues has become one of most concerned things of individuals, companies and even countries. Also due to the diversity of mobile devices and information technology, the protection solutions must keep up with them, namely is able to adapt to various possible environment and safety requirements.

Mobile Device Management (hereinafter referred to as MDM), namely management of smart phones, tablet PCs and other mobile network client. Now, MDM is an indispensable measure for enterprises, because the mobile network clients are similar to traditional computer, poor management is likely to cause a bad impact on operating safety.

Smart phones and tablet computers are developed from the PDA (Personal Digital Assistant, Pocket PC), their history is not long. They can be used as a mobile network clients, the earliest portable microcomputer appeared in the late 1990s.

Mobile + Portable= Increasing chance of stolen

Owing to the small size and portability, the stolen risk of microcomputer is significantly higher than desktop computer. Most desktop computers are larger in the volume and fixed on positions in the office, they are seldom stolen if you close the door. But because of the small size of laptops and smart phones, the stolen difficulty is sharply decreased.

Many researches show that mobile phone is now more important than our wallets for people. The reason why phones are becoming so important is that in addition to its intrinsic value, the important data stored in the phone, such as scheduling, address book, and so such private information are important.

Business people tend to store data involving many business secrets in office tablet PCs and smart phones, especially in the email. E-mail specific contents are different based on each company ‘s information infrastructure, which may include unimportant chat, and may also include customer information, corporate plans, and even the contract documents. Email possibly contains passwords of common office applications.

The most frightening thing is data. Important data may be lost due to security vulnerabilities in equipment: hackers can gain access to the device, and access the data in the device. Another way is through the phishing application. As long as you download some phishing applications, they will be able to access to the data stored in your device. Apparently, users who download these applications are insufficient of vigilance. As long as the application is free, users are willing to download; they are seldom concerned about the possibility that the data in their own equipment may therefore be compromised.

The traditional Trojan viruses can also spread on a mobile platform. Even though Apple, Google, Microsoft and other companies have considered this problem in the design of operating procedures and ensure that the factory equipment is not toxic, but it’s impossible that the program has no flaws.

As the security issues come with the development of mobile technology and IT are more and more, in order to decrease the loss caused by mobile device stolen we’d better password protect the data stored in it. If the threatening objects aim at the value of data, you can use encryption solution to protect the data.

People look for freedom, while the yearning for freedom also affects their attitudes of handling things. In the face of security issues in the information age, individuals, companies and countries need encryption technology to protect files and lock portable storage devices.

Oct 09

The Ban on Samsung Smartphone Import Is in Effect

According to the news, the U.S. Trade Representative’s office (USTR) said on Thursday that the ban on importing Samsung smartphones proposed by U.S. International Trade Commission (hereinafter referred to as “ITC”) will come into effect.

The earlier report said that owing to the absence of a veto by the United States President Barack Obama, the ban on imports of Samsung smartphones ruled by ITC is already in force.

However, the ITC’s ruling has to be handed over to U.S. President Barack Obama for considering, Obama has 60 days to give the final result of this ruling. If Obama does not veto the ITC ruling, the ruling will come into effect. Several media reports said, now 60 days time has passed, and Obama did not veto the decision.

ITC’s decision does not clearly indicate which devices of Samsung infringe, but has been determined that, Galaxy S 4G, Fascinate and Galaxy Tab these old models are infringing.

In sharp contrast, Apple has had a similar experience, but the result was the opposite. In June this year, ITC has ruled that some old products of Apple has infringed the patent of data transferring of Samsung’s products and ban the import or sale of AT & T version of the iPhone 4, iPhone 3GS, iPad (3G version) and iPad2 (3G version). But in August this year, the Obama government has rejected ITC’s ruling.

Nowadays, innovations in the field of IT usually rely on many small improvements involving numerous technologies, which means the patent is not always clear precisely. The open secret is that everyone infringes others’ patents in some way.

The battles of patent between companies are continuing, the fights of copyright are also continuous. If you operate a business and your company specializes in selling created videos or documents to customers, most companies tend to store the videos or documents into a USB and sell this USB to customers, but what can you do to protect your copyright from being breached by others? Here, I recommend you to use USB encryption solution to ensure the contents in your USBs will not be copied or transmitted by unauthorized users. You can use USB copy protection program to password protect the USB and configure access permissions to specific groups or individuals to allow them to access the contents in it and prevent other unauthorized access at the same time. Complete protection is the indispensable measure to ensure the security of companies’ wealth and inventions.

Aug 12

Google are Developing New Security Authentication Products

According to foreign media reports, the world’s largest search engine Google ( microblogging ) is currently developing a new security authentication technology, the use of the technology may be able to make use of jewelry and other users Jewelry login account, instead of entering tedious password.

 

Google’s announcement about this experiment was appeared in a scholarly articles published in January. The goal of this development is to produce a small “USB key”, the user can use this key to entered all verified information into the computer. In addition, Google also mentioned that the embedded smart chip ring will be expectedly produced.

 

Last month, in RSA security conference hold in San Francisco, an engineer of Google who specializes in charge of security, Mayank Upadhyay, has a public speech for this technology. He said that the use of personal hardware to password login accounts can prevent from re-use or being copied. He also said that the people are familiar with this technology. “Everyone is very familiar with the ATM, why not use the computer in the same way?”

 

Upadhyay said that Google is developing a small USB key, when the key is inserted into the computer, the user can be authenticated through the network. The key is also built non-contact chip, which can be used on a mobile device.

 

Secret security token like that Google is developing does not contain a static password that can be replicated. Each encryption keys and devices are matched with each other; built-in data will never be transmitted to the outside world. When the key is connected, the key will make the right answer to the question the web site set up to ensure that the same information will not land again.

 

After the meeting, Upadhyay said that Google will also produce a ring which can replace cryptographic token, but he did not disclose the details of their work. “Some people may feel uncomfortable on the USB cryptographic token.”

 

From the development of Google, the personal security has become one of heated topic nowadays, for the science and technology have rapidly advanced, personal data and information are equal to fortune for all of us and the tricks of data theft have been more and more excellent. For people who are accustomed to storing personal data or information in PC or USB, the data security is the most important thing that will annoy them. I recommend Folder locker or USB locker to keep the data in the PC or USB more secure.

Mar 13

How to deal with password leakage and breach in the current world?

The revealing of one of the Weird’s reporter’s most precious password was hacked by complex social exploits and t soon arouse people’s attention for the possibility of breach of their password for important accounts. Passwords are confidential personal information needs people’s special attention and it equals the urgency of USB security and folder encryption for files with valuable data on USB drive disks or a computer.

In June of 2012, hackers breached 6.5 million LinkedIn passwords and revealed them on a website, which surprised the ordinary users and made people realized that some sites that they usually visit with simple password may pose their information in danger. Some people also think that some sites should take higher level of security protection for their account and data. Although people find many problems about the current password and authentication system, there is no a better one can replace it in the current platform of Internet.

It is said that Google is working on find a substitution for password may be a USB device or a piece of jewelry. Till now this is just a concept that hasn’t turned into reality, so we cannot count on this completely new technology to save us out of the trouble now. Some people with confidential information or files still use password to protect folder on their computer or secure USB drive with USB security applications, but for these protecting methods, passwords is a must.  

There is still a little hope for ordinary people to fight with hackers and other cyber- criminals on the Internet and prevent them from getting your account and password easily. That is people need to make their password stronger, for example choose both numbers and characters and a proper length for your password, or abandon specific words or names in the password will increase the security strength more or less.  

There are more things to do if you want to password protect USB drive or other important files. For all people live in the digital world, they encounter passwords in all webs and social networking sites. Hackers may aim at the weak password, but the root of the problem is people attention and minding of the password as well as the information. As long as people concentrate and care about their password they can protect their data better.

Mar 07

Microsoft: who is peeping on users’ privacy in e-mails?

According to the report of some international media, that “Scroogled” campaign, which is advocated by Microsoft has moved on from sniping at Google Shopping to charge Gmail with invading its users’ privacy for it peeps e-mail for keywords that can be used for advertising purpose. It is said that Microsoft is planning to cease this campaign, but Microsoft said to Businessinsider that they will proceed on this campaign as long as Google peeps on users’ privacy.

Data protection and privacy security has long been a focused topic for people all around the world, if you think you lock file and folder on your computer with data security program is enough to safeguard your personal information, you are totally wrong. Files and documents in computer may have some of your information, however, how about the online world? People send and receive e-mails on the Internet from time to time, and they shop online and pay bills online too. Therefore these activities pose yourself to the danger and threat which may result in data leakage of your privacy and other information.

When Microsoft found that Google scan users’ Gmail and send them targeted advertise, they encourage users to abandon their Gmail accounts and take up accounts in Outlook.com which belongs to Microsoft in the first round of Scroogled campaign.  And then in the second Scroogled campaign which is advocated in the November of 2012, Microsoft built Scroogled.com and criticized Google adwords.

Privacy protection contains many contents such as USB copy protection and many other aspects, and people care about these topics very much. It is said that Microsoft will end their activity which aims at Google by changing the way used. They will give up using advertise to impact, while about the new measures and policies which they still keep in secret. But one thing can be sure is that no matter what measure Microsoft take to object Google, there is too soon to declare the end of it.

Actually, Microsoft also scans users’ emails in their Outlook mail service, but they said that they doing this just for the sake of preventing the invasion of spam and malware. It is hard to tell who people should believe and blame about the two giants. People need to pay attention for their privacy and protect personal information, or one day they may fall into endless trouble.

 

Mar 04

IT Security Problems Come from Internal Professionals

There are so many kinds of security dangers that threat the operation and protection of confidential information in a company or the enterprise. Hackers and phishers are not rare on the internet anymore and they plan attacks on website and servers all around the world. From time to time, USB security issue, leakage of personal information and other data breach from computer system of the company is worrying and drawing more attention from the public.

People who are very familiar with the inside operation and mechanism of a business is the biggest potential of data leakage and insider cracker for the whole company. Today, more and more people depend on online transaction and data exchange, which requires online account information very often for the whole business. And once these data fallen into the wrong hand, the coming consequence or loss is irrevocable.

Online privacy now is a vital concern for all people who use computer and rely on Internet to fulfill the need of data exchange. It is common that when people store some of the important files and folders on computer and usually they lock file and folder up to prevent the potential data breach and data leakage. While, this protective measure will not go for the business which contains many independent users.

The increasing number of identity theft posses more need and urgency for data protection for the data management of company. While, one thing for sure is that, the crime rate related to data protection inside the business gradually has a tendency of growing in recent years. The online world seems free and flexible, while there are also traps or even threats that hinder the integrity of people’s privacy, such as some targeted content or advertisement. For a browser, the inside plug-ins can track all activities of the user and send you ads and spam according to the account information and your surfing record.

It is reported that most of the data leakage related to personal information are come from the inside of the business or institution. Therefore, the situation is more serious for security professionals than normal attacks from online hackers and malware. In order to protect privacy and personal information from illegal breach and malicious attempt, people have to pay close attention on USB copy protection and file protection on computer or any other device.

There is no doubt that some big enterprises are gradually collecting information about their customers, in the online world, dangers and threats can be found everywhere. Most people haven’t realized the problem or they just have no choice to become the current situation for the Internet world.

Feb 22

Identity Fraud Poses a Growing Threat to People’s Work and Private Life

According to a recent report that people in US are experiencing a continuous rising number of identity fraud in the last three years, which indicates that about 5 percent adults in America are affected by identity fraud. Comparing to the figure in the last three years, researchers find that in 2012 the number of identity fraud has risen by about 0.9 percent and stays at the highest level.

People in the modern society are suffering from all kinds of dangers that may result in the leakage of their personal information and important data as the related crime on both the Internet and the real world is rampant. From digital data protection on portable USB drive disks to data security issue for real paper documents, people lock USB disks and keep their files in safe place, however, the effect is barely satisfactory.

When it comes to the losses of identity Fraud, the victims are not the one who suffered the most, and it was proved that the bank, businesses and merchants absorbed a considerable amount of identity fraud. When criminals get people’s identity information they may apply for new account of credit cards, which harm the identity owner’s credit record and cause loss for financial institution as well.

Data breach from any area is an annoying enough matter for anyone. Let’s just take data breach from computer for example, people may store some highly confidential files or pictures on the computer, and when they are flown into the wrong hand the consequence would be terrible. A very possible source of identity theft is from Social Security members, which is a vital factor for opening a new account.  

Financial damages come from identity fraud are obvious in the sector of aging system when financial organizations exchange details of deposits and other cash transfer made by enterprises and individuals.

Data protection is becoming more and more important as increasing number of data leakage and data breach cases walk out on the show, therefore, folder encryption on computer or copy protect USB with valuable files which are rather important. Once your identity details for into the wrong hand you may become the target of criminals. For social service institutions it is very necessary to build more security information management system to protect citizens’ identity information and prevent identity theft from happening. For individual people, when they need to pose their information on the Internet they need to think twice and be cautious.