Sep 22

Ten tips for USB drive data leak prevention

USB storage devices are popular because of its small size and portability. Even in the enterprises they are often used for data temporary copy and share. However, precisely because it brings convenience, it also brings many risks in the aspect of data security; especially in the field of enterprise- class, as many data and information are highly classified, once they are leaked or breached, the losses caused by them might be incomparable.

So when you are using USB storage devices, how to protect enterprise data? Here, we give you the top ten tips.

1. Manage authorized devices

Software that’s responsible for devices management can help IT staffs to track USB devices connected to the network, so as to understand what data is being transferred, when the data s used. If the IT staffs can’t monitor devices’ dynamic information, sensitive data is likely to be copied or accessed by outside unauthorized staffs.

2. Block unauthorized devices

When not dealing with official business, some staffs still use USB devices to access or copy data. If the data and information is confidential, please disable all ports of unauthorized external devices. Meanwhile, strictly prevent staffs using unauthorized devices to connect to the company computer.

3. Make up USB encryption plans

Make up and implement an encryption scheme. This plan should include how to protect flash memory devices and their data transfer process, specify who can access to the company data and make up a response plan when the device get lost.

4. Provide company-approved devices

It’s necessary to not only tell staffs that they need to use encrypted drives and set password, but also provide company-approved devices. If enterprise can’t provide secure USB device and its execution policy, staffs will often adopt unsecure practices.

5. Adopt appropriate secure level

Enterprises often need to seek balance among cost control, security and productivity. Find the right secure level according to company’s budget. If you do not need military secure level, you do not need to spend too much money.

6. User training and education

Make employees understand how to safely use a variety of devices. Companies often require using secure devices, while there are still data leak incidents, which is mainly because staffs don’t use these devices, for they feel difficult to use. It’s a must to let employees fully be aware of the consequences of not using secure devices.

7. Clarify secure policy

Making up policies is only the first step, but it’s very important. Define individuals who can download data into secure drives, and create a limitation that only allows these users to access. To clarify who to obtain these devices, and how to place these devices and which type of password should be used to protect them.

8. Encrypt data

The confidential data is sent via emails or removable storage media transmission, they should be password protected before users to use them. If data is not encrypted in advance, attackers can bypass secure control and directly access these data.

9. Protect endpoints

Even the most careful users will connect infected USB to the company computer. The latest anti-virus software is critical because it ensures access networks are secure. When the USB is connected to network, it requires scanning them as soon as possible. For older Windows computers, they need to install patches to disable autorun.

10. Disable unsecure devices

A report of Ponemon institute found that even if the company will provide approved secure devices, 72% of employees still used meeting and trade exhibition drive devices, while these drives tend to spread malicious software.

May 19

Nine mistakes enterprise often commits after data leakage

In the recent International Association of Privacy Professional (IAPP), a data and privacy protection expert from Data Breach Resolution – Michael Bruemmer lists top nine common mistakes that enterprises commit after data leakage.

When the enterprise leak their data owing to being attacked , if the enterprise fails to handle the problem, the situation will become deteriorate, which may result in secondary attack on enterprise brand and performance and even involve the enterprise into legal troubles.

1. There is no external safety management services company to assist

When the severity of data leakage exceeds the company’s processing ability, it’s better for the enterprise to have the assistance of external security services team, which is called the incident response team, such as Verizon Business, Trustwave or IBM all can provide similar service. This kind of service should be considered when making out business continuity / incident response plan.

2. There’s no external legal counsel

Currently laws and regulations are unable to effectively cover all types of sensitive personal information, hence when serious data leak incidents happen, it’s necessary to commission an external data leak related experienced lawyer unless your company’s legal department well knows all data and privacy related laws.

3. There’s no sole decision maker

Data leakage often involves multiple departments in company, and every department has its head, which always leads to low efficiency in execution. Enterprise must assign a similar CISO position, which can play a planning and coordination role in promoting the overall issue response.

4. A lack of transparent communication mechanism

A lack of transparent communication mechanism will lead to troubles, and wrong communication message will cause wrong actions, which will delay the processing speed of the entire incident and make new confusion.

After the incident response team was established, every staff in this team should be definite and provide a complete contact list for external consultants.

5. There is no communication plan

Another problem in enterprise is a lack of communication plan to communicate with the p[ublick or the media.

Enterprise should prepare a detailed and feasible media communication plan for a data leak incident. Rapid and effective media communication can avoid spreading false reports.

6. Think and plan before things happen

Data leakage incident often needs you to make decision when holding incomplete information or information is changing fast, which is somewhat similar to a hospital emergency room. Enterprise must launch contingency processing flow while data leak incident happens. Waiting to grasp the full information and then taking action will miss the best opportunity.

7. A lack of rehabilitation and correction plan after the event happens

After handling the data leakage incident, enterprise should make out a rehabilitation and correction pan to maintain good communication with consumers and stakeholders, while avoiding this kind of events from happening again. It’s helpful for rebuilding the brand and retrieve trust of customers by sharing your investment in information security technology and services with your customers and investors.

8. Provide customers with no remedy

Consumers should always be the core of intrusion response, which means that companies should notify consumers through channels such as call center to take proper measures to protect personal privacy data after the data leakage incidents happen.

9. There’s no plan to execute

Incident response plan must be constantly updated and corrected, and its implementation needs a complete team to continue to advance.

For more information about data security, you can visit: www.kakasoft.com

Apr 01

How to avoid failure of network security equipments deployment? (1)

The enterprise network is rapidly developing! Some of the groups began to clean up phone and tablet and refuse the internet connections from coffee shops and train connections (as a WAN link).

The concept of the extended enterprise brings about more and more severe problems to IT security portfolio, because their sensitive data and valuable data frequently flow out of the traditional network boundaries. In order to protect enterprise from the persistent threats of diverse and low-end low-speed adaptability, IT enterprises are deploying various new network security devices: the next generation of firewalls, IDS and IPS devices, security information event management (SIEM) systems and advanced threat detection system. Ideally, these systems will focus on management, following a centralized security policy, as a part of a universal protection strategy.

However, when deploying these devices, some common mistakes in enterprise will seriously affect their ability of universal protection. This article will introduce some problems which should be noted in the planning and deployment of new network security equipment, and how to avoid related problems that may lead to the failure of defense in depth.

A maximum error is assuming that the security device itself is secure. It’s apparently easy to understand, but we must insist on this footing. How secure is the so-called “enhanced” operating system? What’s its latest status? And how secure is hyper stable “Web server”?

Before starting any job, you must create a testing plan to verify all network security devices are really secure. The first is to start from some basic tests: do you timely upgrade, install patches and fix bugs on each device and their supporting network, server and storage infrastructure? In accordance with the currently known vulnerability information clearing-house you must be sure to regularly upgrade and install equipment patch.

Then, turn to aspects that are more difficult to handle: periodically assess potential weaknesses on multiple device configurations. The inappropriate dement sequence of encryption system and application delivery optimization (ADO) will also cause data leakage, even if various devices can operate properly. This process can be carried out in conjunction with penetration test.

For any safety equipment, management/control channel is most prone to have vulnerabilities. Therefore, the most important thing to note is how you need to configure and modify secure devices and who are allowed to carry out these configurations. If you are ready to access the secure system via a Web browser, the security device will run a Web server and allows Web traffic in and out. Are these flows encrypted? Whether it needs to use a standard port? Whether all the devices need to use the same port (so the intruder can easily guess)? Is it accessed by a common network or a separate management network connection? If it belongs to compile the connection, then any host that send traffics through this port may attack this device. If it’s on a managed network, you only need to worry about other devices on the network.

Best scenario is that if you can’t directly access the device, you need to ensure that all configuration changes must use encryption and multi-factor authentication. Moreover, it’s necessary to closely track and control identity information of equipment management to ensure that only authorized users can gain administrative privileges.

For more information about network and computer security information, please visit: www.kakasoft.com

Dec 17

Dangers in Mobile Information Age

The development of the Internet and information technology makes people step into the information age, but with the change of the information processing terminal, people also enter the mobile information era. In this mobile era, people can use their mobile information devices to connect the network anytime and anywhere, beginning their informationalized living, office and entertainment. It’s sure that the mobile situation will continue for a long period of time, because it fit people’s hope of free.

But it is this portable mobile device that brings about information and data security issues to people. How to deal with mobile device security issues has become one of most concerned things of individuals, companies and even countries. Also due to the diversity of mobile devices and information technology, the protection solutions must keep up with them, namely is able to adapt to various possible environment and safety requirements.

Mobile Device Management (hereinafter referred to as MDM), namely management of smart phones, tablet PCs and other mobile network client. Now, MDM is an indispensable measure for enterprises, because the mobile network clients are similar to traditional computer, poor management is likely to cause a bad impact on operating safety.

Smart phones and tablet computers are developed from the PDA (Personal Digital Assistant, Pocket PC), their history is not long. They can be used as a mobile network clients, the earliest portable microcomputer appeared in the late 1990s.

Mobile + Portable= Increasing chance of stolen

Owing to the small size and portability, the stolen risk of microcomputer is significantly higher than desktop computer. Most desktop computers are larger in the volume and fixed on positions in the office, they are seldom stolen if you close the door. But because of the small size of laptops and smart phones, the stolen difficulty is sharply decreased.

Many researches show that mobile phone is now more important than our wallets for people. The reason why phones are becoming so important is that in addition to its intrinsic value, the important data stored in the phone, such as scheduling, address book, and so such private information are important.

Business people tend to store data involving many business secrets in office tablet PCs and smart phones, especially in the email. E-mail specific contents are different based on each company ‘s information infrastructure, which may include unimportant chat, and may also include customer information, corporate plans, and even the contract documents. Email possibly contains passwords of common office applications.

The most frightening thing is data. Important data may be lost due to security vulnerabilities in equipment: hackers can gain access to the device, and access the data in the device. Another way is through the phishing application. As long as you download some phishing applications, they will be able to access to the data stored in your device. Apparently, users who download these applications are insufficient of vigilance. As long as the application is free, users are willing to download; they are seldom concerned about the possibility that the data in their own equipment may therefore be compromised.

The traditional Trojan viruses can also spread on a mobile platform. Even though Apple, Google, Microsoft and other companies have considered this problem in the design of operating procedures and ensure that the factory equipment is not toxic, but it’s impossible that the program has no flaws.

As the security issues come with the development of mobile technology and IT are more and more, in order to decrease the loss caused by mobile device stolen we’d better password protect the data stored in it. If the threatening objects aim at the value of data, you can use encryption solution to protect the data.

People look for freedom, while the yearning for freedom also affects their attitudes of handling things. In the face of security issues in the information age, individuals, companies and countries need encryption technology to protect files and lock portable storage devices.

Nov 19

Master Data Leak Proof Initiative with Encryption Software

Security has always been a relative concept, data security is the same. Even though it is a relative concept, it doesn’t mean that it is not important. Data security is absolutely safe, but the secure level user can select is relative.

“Users should be free to choose secure level they need. Some users may need more Internet information exchanges, their required safety level might be a little lower, a number of special populations such as children, and they need higher secure level.

But some people who are used to use network security, data security programs for free make themselves be tied up with many software ads packages when they enjoy the free service. Such kind of security program is free, while it will grasp user’s mind and decide users secure level when they choose this free program. This is equal to give the autonomy of data secure to others, or it’s just the reason why data leakage happens so frequently.  

Currently, people are paying more and more attention to information security and personal privacy. People are gradually willing to grasp the autonomy of data leak proof, but don’t want to be controlled by others.

How can we get back our autonomy of data leak proof? Where shall we begin? The answer is the data itself, as long as you control the data itself, which is as the main body of information security, once the data has been controlled, and then the information security initiative naturally will be returned to your hands.

So what if you control data itself or ensure the security of the data itself? That is file encryption software. Choose trustworthy encryption software, use its technology to automatically choose data protection method, once you do so, you get the data defense initiative for your own data, even though you want to use other programs to further enhance the security, as long as you control the data, the data leak proof initiative is still in your hands.

Multi-mode encryption is a kind of transparent data encryption technology that can offer a variety of usage scenarios and adopt a variety of encryption strategies. In multi-mode encryption mode, the user creating secret files ways include both active and passive methods, which contains at least the following modes: specific format encryption mode, specific directory encryption mode, specific format unencryption mode, specific user unencryption mode(able to modify and check other’s secret files), particular user unencrypted mode (able to view but can’t modify other’s files), USB flash drives and other external hard drive encryption mode , Network Neighborhood network encryption mode, manual encryption, full disk encryption, etc.; these encryption modes can be assigned to different users or user groups .

This flexible encryption technology that can be selected according to the user’s own requirements just meets people’s desire for the right of choice, so that people can master data security and information security initiative.

Oct 09

The Ban on Samsung Smartphone Import Is in Effect

According to the news, the U.S. Trade Representative’s office (USTR) said on Thursday that the ban on importing Samsung smartphones proposed by U.S. International Trade Commission (hereinafter referred to as “ITC”) will come into effect.

The earlier report said that owing to the absence of a veto by the United States President Barack Obama, the ban on imports of Samsung smartphones ruled by ITC is already in force.

However, the ITC’s ruling has to be handed over to U.S. President Barack Obama for considering, Obama has 60 days to give the final result of this ruling. If Obama does not veto the ITC ruling, the ruling will come into effect. Several media reports said, now 60 days time has passed, and Obama did not veto the decision.

ITC’s decision does not clearly indicate which devices of Samsung infringe, but has been determined that, Galaxy S 4G, Fascinate and Galaxy Tab these old models are infringing.

In sharp contrast, Apple has had a similar experience, but the result was the opposite. In June this year, ITC has ruled that some old products of Apple has infringed the patent of data transferring of Samsung’s products and ban the import or sale of AT & T version of the iPhone 4, iPhone 3GS, iPad (3G version) and iPad2 (3G version). But in August this year, the Obama government has rejected ITC’s ruling.

Nowadays, innovations in the field of IT usually rely on many small improvements involving numerous technologies, which means the patent is not always clear precisely. The open secret is that everyone infringes others’ patents in some way.

The battles of patent between companies are continuing, the fights of copyright are also continuous. If you operate a business and your company specializes in selling created videos or documents to customers, most companies tend to store the videos or documents into a USB and sell this USB to customers, but what can you do to protect your copyright from being breached by others? Here, I recommend you to use USB encryption solution to ensure the contents in your USBs will not be copied or transmitted by unauthorized users. You can use USB copy protection program to password protect the USB and configure access permissions to specific groups or individuals to allow them to access the contents in it and prevent other unauthorized access at the same time. Complete protection is the indispensable measure to ensure the security of companies’ wealth and inventions.

Sep 16

Reuters: “Prism” Scandal Propels the U.S. Technology Industry

Reuters published an article entitled “Despite fears, NSA revelations helping US tech industry” analyzing that after the exposure of monitoring project called “Prism” implemented by the National Security Agency, it’s widely believed that the scandal will have a serious impact on the image and income of U.S. technology companies in overseas markets. But it turns out, because demands of encryption and related security services rise in overseas markets, which actually allow some U.S. technology companies to benefit a lot from the “prism” scandal.

 

The following is parts of the article:

 

Prophesies of doom

 

Shortly after Snowden’s leaked documents detailed collaboration giving the NSA access to the accounts of tens of thousands of net companies’ users, the big Internet companies and their allies issued dire warnings, predicting that American businesses would lose tens of billions of dollars in revenue abroad as distrustful customers seek out local alternatives.

 

In a federal court filing last week, Google said that still-unfolding news coverage was causing “substantial harm to Google’s reputation and business”. The company said that could be mitigated if it were allowed to comment with precision about its intelligence dealings.

 

Likewise, last month, six technology trade groups wrote to the White House to urge reforms in the spy programs, citing what it called a “study” predicting a $35 billion cumulative shortfall by 2016 in the vital economic sector.

 

That number, it turns out, was extrapolated from a security trade group’s survey of 207 non-U.S. members – and the group, the Cloud Security Alliance, had explicitly cautioned that its members weren’t representative of the entire industry.

 

Boon for encryption sector

 

As for the upside, so far only a minority of people and businesses are tackling encryption on their own or moving to privacy-protecting Web browsers, but encryption is expected to get easier with more new entrants.

 

Snowden himself said that strong encryption, applied correctly, was still reliable, even though the NSA has cracked or circumvented most of the ordinary, built-in security around Web email and financial transactions.

 

Some early adopters of encryption have senior jobs inside companies, and they could bring their habits to the office and eventually change the technology habits of the whole workplace, in the same way that executive fondness for iPhones and iPads prompted more companies to allow them access to corporate networks.

 

A week ago, Google said it had intensified encryption of internal data flows after learning about NSA practices from Snowden’s files, and consultants are urging other big businesses to do the same.

 

Stiennon said that after more companies encrypt, the NSA and other agencies will spend more to break through, accelerating a lucrative cycle. “They will start focusing on the encrypted data, because that’s where all the good stuff is,” Stiennon said.

 

Just as Snowden said, correctly applied strong encryption is still reliable. Correctly applied file encryption, folder encryption and USB encryption will useful and reliable for ordinary people and enterprise to protect their important or even confidential data. Data security isn’t a dispensable problem that we can ignore any more, for data loss and data leakage have retaliated back a bitter lesson. Complete data security management should be established in every enterprise and effective data protection should be paid more attention by individuals.

Apr 22

A Ban is Not a Proper Solution to USB Leakage

Since April, 2011, Wikileaks has published hundreds of thousands of military documents about the wars in Iraq and Afghanistan. After a investigation by U.S. military, the leakage of these files are caused by the leakage of USB flash disk of former U.S. intelligence analyst in Iraq.

According to CNN reported on Dec.13, 2011, since there was no better leak prevention techniques, the commander of U.S. air force network division, Richard webb major general would publish network control orders that the army should be forbidden to use USB removable storage media ,offenders would be court-martialed. It’s reported the other services also received a similar command, it’s also said that this action the army took aimed at preventing the recurrence of military secrets by websites such as Wikileaks. In fact, as early as the end of 2008, in order to prevent the spread of the virus, the U.S. had banned removable storage media, as the ban had brought a lot of troubles to the military data transmission, in February 2010, the ban was canceled, then resulting in a lot of confidential documents by Wikileaks, in this situation, American army had to ordered the army to ban the use of portable storage media once again.

In information age, removable storage devices have become an indispensable part of people’s life.USB flash devices, as one of the most convenient storage tools, have played an important role in people’s life, study and work. Perhaps it’s the excessive dependence that makes USB flash devices a way of data leakage. However, the action of forbidding the use of USB flash devices, alone, is not enough.

As for how to solve the problem of data leakage, we should change the thinking way. Since USB devices have become our necessities, that what we should do is how to use anti-leakage technology to prevent the problem happening, rather than banning the use of USB devices to block the way of transmission of information. That’s to say, what we shall consider is how to use USB flash drive encryption to protect USB disk security.

Nowadays, many people have been aware of the problem of data leakage, and some solutions have accordingly come into being to tackle it, such as USB security software.

U.S. army told us that the information security should avoid the misunderstanding of heavy technology, light management, and build a solid defensive line by strengthening the management of information security on the basis of necessary technical measures. In addition, notice to enhance education of information security for personnel to improve the awareness of information security.

Mar 15

Samsung Galaxy S4 Finally Comes out and Within Reach of People

For years, in the market of smartphone, Apple and Samsung have been competing with each other for the market share. Ever since the release of Galaxy S3, Samsung has made Android phone more adorable than any other phone could. On March 15, 2013, Radio City Hall was filled with people, at the same time at the heart of New York City in Times Square an even larger crowd waiting there. At the beginning of the release conference, a piece of video which is about the company’s Unpacked Event campaign, and people are wondering about what it is in the little boy’s box.

Samsung made a perfect secret keeping job before the real release of Galaxy S4, so that it left much more space for all kinds of guesses and rumors and made it the most awaited phone of Samsung. Recently, with the popularity of all kinds of smartphones, tablets and ultrabooks, people enjoy more freedom in data on the removable devices, while USB security issues or folder protection case becomes more and more important at the same time.

Finally, when the box was opened and all guesses and anticipated come into the eye of all people. It is proved that Samsung S4 deserves a highly praise whit its strong and powerful hardware and featured new features. It sports a larger 5-inch 1080p Full HD Super AMOLED display and come with a much smaller bezel, has 441 ppi. Other specs include a 13MP rear-facing camera and 2MP for front camera, 2600mh battery and thinner body.

Apart for the improved hardware, the highlighted features of S4 lie in the brand new updated user experience. Sound Shot, Drama Shot, Eraser, Air Views, S Translate, Adapt Display, Story Album, Home Sync, S Voice Drive, Smart Switch, Group Play, Air Gesture and other special features make Galaxy S4 a perfect smartphone also brings people more convenience in use.  There are more chance for people to access the digital files on phone or computer, which also pose your files and folders to dangers and risks of data leakage, therefore, you need to lock files on your smartphone or PC.

Also, some people think that S4 is much like the previous S3 in appearance. There are a large amount of people talking about the disappointment about the new Samsung phone. But there are still space for improvement. We cannot deny that the development of technology keeps presenting surprise and changes to people’s life, from the original computers, phones to the recent advanced software and apps, such as USB flash drive copy protection application. Maybe this time you are not so satisfied with a single technology, more or less time will tell you about the reality. We can just anticipate for the next new product or new invention to enter our life.

Mar 13

How to deal with password leakage and breach in the current world?

The revealing of one of the Weird’s reporter’s most precious password was hacked by complex social exploits and t soon arouse people’s attention for the possibility of breach of their password for important accounts. Passwords are confidential personal information needs people’s special attention and it equals the urgency of USB security and folder encryption for files with valuable data on USB drive disks or a computer.

In June of 2012, hackers breached 6.5 million LinkedIn passwords and revealed them on a website, which surprised the ordinary users and made people realized that some sites that they usually visit with simple password may pose their information in danger. Some people also think that some sites should take higher level of security protection for their account and data. Although people find many problems about the current password and authentication system, there is no a better one can replace it in the current platform of Internet.

It is said that Google is working on find a substitution for password may be a USB device or a piece of jewelry. Till now this is just a concept that hasn’t turned into reality, so we cannot count on this completely new technology to save us out of the trouble now. Some people with confidential information or files still use password to protect folder on their computer or secure USB drive with USB security applications, but for these protecting methods, passwords is a must.  

There is still a little hope for ordinary people to fight with hackers and other cyber- criminals on the Internet and prevent them from getting your account and password easily. That is people need to make their password stronger, for example choose both numbers and characters and a proper length for your password, or abandon specific words or names in the password will increase the security strength more or less.  

There are more things to do if you want to password protect USB drive or other important files. For all people live in the digital world, they encounter passwords in all webs and social networking sites. Hackers may aim at the weak password, but the root of the problem is people attention and minding of the password as well as the information. As long as people concentrate and care about their password they can protect their data better.