We have posted about this a little earlier this year, but it’s worth mentioning again that the UK Information Commissioner’s Office, which is the data watchdog for the UK Government, continues to take tough measures with public sector organisations that have suffered data breaches.

Most recently, a UK healthcare organisation misplaced 3 unsecured USB flash drives with confidential patient details, and has signed an undertaking confirming that the Trust will take a number of steps to ensure personal data is kept securely.
 
The Assistant Commissioner at the ICO said: “I urge all NHS organisations to restrict and encrypt the amount of sensitive information stored on portable devices. In this case, our investigation found that there was a lack of understanding and awareness among staff of their responsibilities under the Data Protection Act.”

This is good practice, and a good argument for deploying secure USB flash drives.

Here’s an article on SC Magazine’s website on the explosive growth in storage capacities of USB flash drives, with a discussion of what steps can and should be taken to secure them. 

As SanDisk CEO Eli Harari pointed out recently, the increase in capacity of drives has exceeded Moore’s Law in recent years, making it increasingly tempting to use flash drives to store and transport large amounts of data. 

The article takes in comment from several vendors, including SanDisk, looking at the issue.  The conclusion is enterprises and IT-literate consumers are already taking advantage of secure flash drives to protect their data – but there will always be a price-conscious market for unsecured drives.

Our Cruzer Enterprise secure USB flash drives have been further enhanced to meet the needs of government employees.  The drives have been independently tested to be waterproof under Military Standard 810-F, and the user interface has been reconfigured for better accessibility for visually-impaired users. 

The drives are certified as waterproof when immersed or in rainy conditions.

The drives are also suitable for use by the visually impaired under the requirements of Section 508 of the Rehabilitation Act of 1973, which requires federal agencies to make IT accessible to people with disabilities.  The drives’ user interface is compatible with assistive technologies such as screen reader software that recreates the Cruzer Enterprise’s GUI through text-to-speech representation or via a Braille output device.

Of course, Cruzer Enterprise drives feature industry-leading cryptographic modules and encryption algorithms, and are fully compliant with Trade Agreements Act (TAA) requirements, qualifying them under the strictest federal guidelines.  They are also the only secure USB drives listed for Common Criteria certification.

With around 250 data breaches publicly reported in the United States between Jan. 1 and Jun. 12 this year, rogue employees and hackers were the major causes according to figures released this week by the Identity Theft Resource Center.

Theft by employees and hacking were each responsible for 18% of all incidents, an increase of around 10% compared with the same period in 2008.

The Center also found that 14% of breaches so far this year were due to data contained on lost or stolen digital media, such as a laptop or USB thumb drives.  That’s still a significant number – and all the more reason to consider using a secure USB flash drive solution, such as our Cruzer Enterprise range.

A new data security survey has been released, polling the opinions of nearly 1000 IT professionals on their data security practices and habits.

At first reading, it looked to be following the same approach as many previous surveys, pointing the finger of blame at users for causing security breaches by copying confidential company data to USB flash drives. 

As we have discussed on this blog before, it’s all too easy to blame users, when the company should share equal blame for not helping to make security easy for individuals – for example by deploying secure pen drives to all users.

However, on reading further, the survey takes a more balanced view.  57% of the survey sample blamed their companies for ineffective data security policies, and 58% said they were not provided with enough data-security-related training. 

It’s good to see signs that the awareness of the true causes of data losses is growing.  Securing against leaks needs a combination of policies, and products to enforce them.  As we have said before, the sooner we can stop the blame game and work together to improve security, the better.

Earlier this week, another UK Health Service body suffered a data breach when a member of staff lost an unencrypted pen drive.  The drive contained the details and medical records of thousands of patients, including patients’ names, addresses, dates of birth, hospital and national insurance numbers and details of their medical treatment.
 
The data had been downloaded against data handling regulations, and has not been found as yet, forcing the organisation to make a public apology and write to all the patients whose details have been lost. 

This is in contrast to a similar UK health organisation which deployed SanDisk’s secure USB flash drives to all its key staff, to secure mobile data and protect against just this type of breach.  By using the Cruzer Enterprise drives, data is encrypted without the user being able to tamper with the process, and without affecting drive performance or usage.  This makes it a win-win both for the organisation and for the users.  An altogether healthier approach to security.

Have you ever looked at all the data breaches that have occurred in the past 18 months, and thought “that couldn’t happen to me”?  The truth is, it can happen to anyone, and at more or less any time.

All it takes is a moment’s inattention to lose a thumb drive or disk.  And if the data on that device is not protected in any way, congratulations:  it’s your own data breach. 

To highlight that it can indeed happen to anyone, this article on Enrique Salem, president and CEO of security giant Symantec is revealing.  In it, he admits that he has personally lost a USB flash drive containing confidential information.

He also points out that certain data security features need to be automated – such as mandatory encryption, alerts to administrators in the event of protected data being accessed, and more.  This security best practice helps to ensure confidential data stays confidential. 

So if you’ve ever lost a flash drive in the past, don’t worry:  it can even happen to CEOs of security companies.  But if you think it cannot happen to you, you might want to think again.

Everyone knows that the “insider threat” – company employees – are a major security risk, right?  Well, according to a recent report by computer forensics specialist Verizon Business, the biggest IT security risk to business is still external parties.

The report found that 74% of breaches resulted from external sources, and just 20% were caused by insiders.  And worryingly, most of the security issues found could be traced directly to bad decisions or poor security practice within IT departments, not end users.
 
As mentioned in our earlier post, ‘Why the blame game doesn’t work’, individuals are frequently blamed for security lapses, and this diverts attention away from the real problem.

With cybercrime exploding and a rising wave of malware already seen this year, companies need to be more vigilant than ever before.  That means taking a long, hard look at all aspects of security, and ensuring that policies are enforced by solutions at all stages.

So perimeter security should be leakproof.  Data should be encrypted, wherever it is.  Staff should be issued with secure USB flash drives, that feature mandatory encryption.  Only by delivering security at all levels, can companies really start to take control, instead of wasting time looking for people to blame for breaches.