A UK local council has lost the personal details of hundreds of residents when a memory stick fell out of an employee’s pocket. Details lost include names, addresses, national insurance numbers, ethnicity and more.
Read More »

The police force in England’s second-largest city, the Greater Manchester Police (GMP), has suffered extensive disruption for several days following an infection by the Conficker worm.
Read More »

It’s been reported today that the UK security service, MI5 has accused China of bugging and initiating acts of espionage on UK business executives, to obtain sensitive commercial secrets.

The story, from a leaked MI5 document says that undercover intelligence officers from China’s People’s Liberation Army and the Ministry of Public Security have also approached UK businessmen at trade fairs and exhibitions with the offer of “gifts”. The gifts — such as USB memory sticks and other digital media — have been found to contain electronic Trojan bugs which provide the Chinese with remote access to users’ computers.

This is yet another example of the use of innocuous-looking devices in an attempt to harvest sensitive or confidential data. The best advice to protect your PC and corporate networks is to use only authorised, secure flash drives, preferably with on-board anti-malware scanning capability, and lock out unauthorised devices. After all, Trojan horses are no longer larger than life and made of wood.

It seems from a recent report that healthcare businesses have become a specific target for hackers in recent months. International managed security services company SecureWorks says that attempted hacker attacks launched at its healthcare clients doubled in Q4 2009, increasing from an average of 6,500 per healthcare client, per day in the first nine months of 2009, to an average of 13,400 per client per day in Q4 2009.

It’s suggested that there are two main reasons for this: the large amounts of identifiable data on patients stored within healthcare organisations, and the sheer number of possible attack vectors, including web-based attacks and attacks from devices (such as infected, unauthorised USB flash drives).

In some territories, such as the UK and Canada, healthcare bodies are rolling out extensive data security measures (such as secure USB drives with onboard anti-virus scanning). This is a sensible and practical response to the increase in data security risks.

We saw in 2008 and 2009 how worms came back to prominence, thanks to the wide spread of Conficker and its variants. A timely reminder that the threat is still high was given last week, when Google revealed a highly sophisticated series of cyberattacks originating from China that stole some of its intellectual property and affected about 30 other Silicon Valley companies.

This recent attack shows how malicious software has evolved into an advanced weapon that can specifically target companies – even companies as advanced as Google – with the aim of gaining a financial or competitive advantage.

Attackers will try any method available to seed the malware onto a company network, including infecting USB flash drives and distributing them at events, or “losing” them in car parks for unwitting employees to find. That’s why latest-generation secure flash drives, such as our own Cruzer Enterprise range, can also feature onboard anti-malware scanning to nullify this threat.

It’s been talked about for some time, but now the UK’s information watchdog, the Information Commissioner’s Office, will soon be able to penalize companies that are proven to have acted recklessly or maliciously with personal data.
Read More »

If your car is stolen because you left the keys in the ignition, your insurer would not cover you for the theft because you hadn’t taken reasonable precautions.

Unfortunately, the UK Ministry of Defence has just had a laptop containing defense secrets stolen from its London headquarters, together with the equivalent of the ignition key. The encryption key was taken along with the computer, apparently giving the thief access to the laptop’s files.

This highlights a vital issue in IT security practice, but one that is often overlooked: never, ever leave an encryption key, security token or any indication of a password near the computer it protects. Even if that computer is inside a highly secure building like the Ministry of Defence HQ, there’s still a risk that a curious, or disgruntled, colleague could access the PC and data.

Your safest bet is to probably keep your most valuable data on a secure usb drive - just don’t keep the password laying around.

The Royal Navy has begun an investigation into how a memory stick containing restricted information on Royal Navy manoeuvres and personnel was found in a public car park, close to the mooring of the Navy warship HMS Hurworth in Belfast, Northern Ireland.

Although the device was handed in to police, an attempt had been made to sell the flash drive and its contents to an Irish newspaper – which suggests the contents of the drive were not protected.  The Navy investigation will focus on trying to establish if the data on the drive has been copied.

Incidents such as this highlight the wisdom of the approach being taken by the US military on the re-introduction of flash drives – including measures such as authorised staff being issued with centrally procured, approved, secure USB flash drives, a ban on all personally owned flash media.  This way, users can enjoy the flexibility of flash drive use without the security risks, as the protection is delivered and managed transparently.

We’ve all lost things at some time in our lives – car keys, wallet, mobile phone – and have experienced the frustrations this can cause.  Some might have lost things like laptops, and had to suffer the problems of paying for a replacement, and the loss of useful information that was on the device. 

These problems are irritating, but usually don’t cause much more than minor inconvenience.  If only it was the same in the business world.  That laptop loss, or loss of a USB flash drive, could be just the first of many problems.  Does the business know what data was on that PC or thumb drive?  Did the user remember to encrypt the data?  What are the ramifications if the data falls into the wrong hands?

This article from Jon Collins, head of research company Freeform Dynamics, looks at practical, good-practice steps companies can take to minimise the fallout from device losses. 

It maps closely onto the benefits our secure USB flash drives and data management solution deliver to users – automated, transparent protection of data, the ability to track and audit what data has been copied to devices, and remote device termination.  With the right equipment, small problems will stay small.

Here are some sobering statistics from a recent US survey of IT professionals.  The leading magazine InformationWeek recently announced the findings of its State of Encryption Survey, which polled the opinions of 499 IT staff. 

Only 14% of respondents said encryption is used across their organisations, and just 38% said they encrypt data on mobile devices.  The main reason for deploying encryption (31%) was to meet regulatory requirements – and there’s a strong reason for this, as 44 US states enforce mandatory disclosure of data breaches, and such disclosure can cost organisations hundreds of thousands of dollars. Read More »