The Royal Navy has begun an investigation into how a memory stick containing restricted information on Royal Navy manoeuvres and personnel was found in a public car park, close to the mooring of the Navy warship HMS Hurworth in Belfast, Northern Ireland.

Although the device was handed in to police, an attempt had been made to sell the flash drive and its contents to an Irish newspaper – which suggests the contents of the drive were not protected.  The Navy investigation will focus on trying to establish if the data on the drive has been copied.

Incidents such as this highlight the wisdom of the approach being taken by the US military on the re-introduction of flash drives – including measures such as authorised staff being issued with centrally procured, approved, secure USB flash drives, a ban on all personally owned flash media.  This way, users can enjoy the flexibility of flash drive use without the security risks, as the protection is delivered and managed transparently.

Here are some sobering statistics from a recent US survey of IT professionals.  The leading magazine InformationWeek recently announced the findings of its State of Encryption Survey, which polled the opinions of 499 IT staff. 

Only 14% of respondents said encryption is used across their organisations, and just 38% said they encrypt data on mobile devices.  The main reason for deploying encryption (31%) was to meet regulatory requirements – and there’s a strong reason for this, as 44 US states enforce mandatory disclosure of data breaches, and such disclosure can cost organisations hundreds of thousands of dollars. Read More »

Earlier this week, the Information Security Forum’s World Congress was held in Vancouver, Canada.  One of the keynote speakers was FBI Assistant Director of Cybersecurity, Shawn Henry.  He spoke about how the new and emerging threats against security are proving effective, and how exploiting security flaws is costing corporates in hard cash.

He also related some recent, effective hacking techniques which his department had investigated.  A key example was during a recent conference, where a malicious party left several USB memory sticks in a nearby parking area, with each device containing malware. Any conference attendee plugging the drive into their laptop to see who it belonged to “was providing egress for a potential adversary,” said Henry.

This reinforces the need for organisations to control how they allow the use of USB devices – good practice is to lock out unauthorised or personal devices, to avoid the risk of this type of hack, and to issue staff with secure USB flash drives that safeguard data against loss or theft.

Our latest article on securing USB flash drives against malware and data loss or theft is now online here, at leading portal Global Security Magazine.

The article looks at how to stop worms such as Conficker propagating onto networks, and using USB memory sticks to spread, based on what happened to UK public sector organisation Ealing Council earlier this year.

It also covers best practice in data security and management.

Personal data doesn’t get much more sensitive than an individual’s medical and health records, so it’s no surprise that the health sector has been among the leaders in adopting best practices in data security.

This article by John D. Halamka, the chairman of the American Healthcare Information Technology Standards Panel, sets out the issues and proposes a data security standard for all circumstances.

This includes mandatory encryption of data whether at rest or in transit – including the use of secure USB flash drives.  It’s well worth a read.

Frustrated by slow broadband speeds?  Here’s an alternative to consider:  send the data on a USB flash drive, by carrier pigeon.

That’s exactly what a South African IT company did to highlight the poor performance of its ISP’s ADSL service.  The IT company strapped a 4GB memory stick to the pigeon’s leg and sent it 60 miles to its second office, while simultaneously starting to download the same file via ADSL.

The bird arrived after 1 hour 8 minutes, and the data took an hour to upload from the USB flash drive.  By which time the ADSL download was only 4% complete.  So the experiment was a success:  in some conditions, pigeon post is faster.  And if a secure USB flash drive is used to carry the data, the data is also well protected against loss, theft … or cats.

A major health organization in North East England, NHS South of Tyne and Wear, has deployed 800 SanDisk Cruzer Enterprise secure flash drives as part of a layered approach to device security.

The organisation has responded to UK Government drives for improved data security in the public sector, and is using FrontRange Solutions’ Device Wall to control the transfer of information to encrypted devices, alongside McAfee endpoint encryption and the SanDisk USB pen drives.

It has replaced 800 flash drives with the encrypted devices and once port control across all endpoints is enabled, staff will only be able to use their authorised, issued drive.

A new data security survey has been released, polling the opinions of nearly 1000 IT professionals on their data security practices and habits.

At first reading, it looked to be following the same approach as many previous surveys, pointing the finger of blame at users for causing security breaches by copying confidential company data to USB flash drives. 

As we have discussed on this blog before, it’s all too easy to blame users, when the company should share equal blame for not helping to make security easy for individuals – for example by deploying secure pen drives to all users.

However, on reading further, the survey takes a more balanced view.  57% of the survey sample blamed their companies for ineffective data security policies, and 58% said they were not provided with enough data-security-related training. 

It’s good to see signs that the awareness of the true causes of data losses is growing.  Securing against leaks needs a combination of policies, and products to enforce them.  As we have said before, the sooner we can stop the blame game and work together to improve security, the better.

 The UK Liberal Democrat party has called on the Government to tighten data security in Britain’s National Health Service as a priority, following a recent series of over 150 losses of confidential patient data by NHS organisations.

Read More »