The personal health records of over 83,000 Canadians have been lost on an unencrypted USB memory stick.

The device was lost by a member of staff from a centre in Ontario State, and contained data collected from everyone who attended H1N1 or seasonal flu vaccination clinics in the region over a period of nearly two months. The information included personal information such as names, addresses, phone numbers, dates of birth, health card numbers, doctor’s names and so on. Read More »

The Royal Navy has begun an investigation into how a memory stick containing restricted information on Royal Navy manoeuvres and personnel was found in a public car park, close to the mooring of the Navy warship HMS Hurworth in Belfast, Northern Ireland.

Although the device was handed in to police, an attempt had been made to sell the flash drive and its contents to an Irish newspaper – which suggests the contents of the drive were not protected.  The Navy investigation will focus on trying to establish if the data on the drive has been copied.

Incidents such as this highlight the wisdom of the approach being taken by the US military on the re-introduction of flash drives – including measures such as authorised staff being issued with centrally procured, approved, secure USB flash drives, a ban on all personally owned flash media.  This way, users can enjoy the flexibility of flash drive use without the security risks, as the protection is delivered and managed transparently.

Here are some sobering statistics from a recent US survey of IT professionals.  The leading magazine InformationWeek recently announced the findings of its State of Encryption Survey, which polled the opinions of 499 IT staff. 

Only 14% of respondents said encryption is used across their organisations, and just 38% said they encrypt data on mobile devices.  The main reason for deploying encryption (31%) was to meet regulatory requirements – and there’s a strong reason for this, as 44 US states enforce mandatory disclosure of data breaches, and such disclosure can cost organisations hundreds of thousands of dollars. Read More »

This week marks one year since the Conficker worm (known as Downadup at the time) was discovered in the wild.  As we know, it went on to become one of the biggest infections ever seen, with an estimated 12 million-plus PCs infected globally.

This interview with Eric Sites, a member of the Conficker Working Group, looks at what has happened through Conficker’s lifespan, and speculates as to who developed the worm.

Conficker has also been instrumental in driving changes to everyday computing practice.  As one of the first worms to exploit Windows Autorun and to spread via removable media, it’s forced companies to re-evaluate the way they use devices such as USB flash drives. 

It made the security sector look at providing anti-malware software to protect data on devices other than PCs – such as on our secure USB drives with onboard AV scanning.  This shows that with any problem, there is also an opportunity to improve data security.

Earlier this week, the Information Security Forum’s World Congress was held in Vancouver, Canada.  One of the keynote speakers was FBI Assistant Director of Cybersecurity, Shawn Henry.  He spoke about how the new and emerging threats against security are proving effective, and how exploiting security flaws is costing corporates in hard cash.

He also related some recent, effective hacking techniques which his department had investigated.  A key example was during a recent conference, where a malicious party left several USB memory sticks in a nearby parking area, with each device containing malware. Any conference attendee plugging the drive into their laptop to see who it belonged to “was providing egress for a potential adversary,” said Henry.

This reinforces the need for organisations to control how they allow the use of USB devices – good practice is to lock out unauthorised or personal devices, to avoid the risk of this type of hack, and to issue staff with secure USB flash drives that safeguard data against loss or theft.

We have just announced that our Cruzer Enterprise secure USB flash drives have raised the bar for secure devices.  They are now the first and only FIPS 140-2 Level 2 USB drives to earn Common Criteria Certification.

This is an internationally recognized ISO standard (ISO/IEC 15408) used by governments and other organizations to assess the security functional requirements and security assurance requirements of technology products. With its certifications recognized in 26 countries, Common Criteria is an important global evaluation standard for security products.

The evaluation examines the entire device to certify its effectiveness in protecting the confidentiality, integrity and availability of sensitive information, and assures users that the security features of the product will perform as expected.

And speaking of performance, the Cruzer Enterprise range is also safe to use in harsh, wet environments, as it has passed environmental tests to meet Military Standard 810-F 506.4 and 512.4 when submitted to immersion and rainy conditions.  That’s a little extra reassurance that your data stays safe.

Our latest article on securing USB flash drives against malware and data loss or theft is now online here, at leading portal Global Security Magazine.

The article looks at how to stop worms such as Conficker propagating onto networks, and using USB memory sticks to spread, based on what happened to UK public sector organisation Ealing Council earlier this year.

It also covers best practice in data security and management.

Personal data doesn’t get much more sensitive than an individual’s medical and health records, so it’s no surprise that the health sector has been among the leaders in adopting best practices in data security.

This article by John D. Halamka, the chairman of the American Healthcare Information Technology Standards Panel, sets out the issues and proposes a data security standard for all circumstances.

This includes mandatory encryption of data whether at rest or in transit – including the use of secure USB flash drives.  It’s well worth a read.

As you may have seen in the news, there’s a widespread email phishing scam going on that has so far affected over 30,000 users of Hotmail, Google and Yahoo’s web mail services.  Username and password details for these accounts were posted briefly online. 

But there’s also an underlying security issue that needs attention.  Many people often use one password for multiple online applications, such as their webmail, online banking and more.  Which means if a hacker can crack one password, they may have access to many other aspects of your online life.

So it’s worth having a different, and complex, password for every online application that you want to protect.  This is easy to do with our Usecure USB flash drives, as the user interface requires that you use a complex alphanumeric password (it also gives you a handy reminder, just in case you should forget).  But it’s good practice to not use that password again!

Frustrated by slow broadband speeds?  Here’s an alternative to consider:  send the data on a USB flash drive, by carrier pigeon.

That’s exactly what a South African IT company did to highlight the poor performance of its ISP’s ADSL service.  The IT company strapped a 4GB memory stick to the pigeon’s leg and sent it 60 miles to its second office, while simultaneously starting to download the same file via ADSL.

The bird arrived after 1 hour 8 minutes, and the data took an hour to upload from the USB flash drive.  By which time the ADSL download was only 4% complete.  So the experiment was a success:  in some conditions, pigeon post is faster.  And if a secure USB flash drive is used to carry the data, the data is also well protected against loss, theft … or cats.