Measure and control IT security

AKS-Labs has released some metrics that are very useful for estimation of security risks. These metrics are:

- Identity Theft Risks;
- Security and Privacy;
- IT Security;

Check homepage for details.

To protect your organization’s employees and clients, you need to evaluate how well your company protects its PII. Here are seven common mistakes to avoid.

Keep users in the dark

If your users don’t know how to identify and handle PII, it’s only a matter of time before one of them discloses this data to the wrong source.

Partner with the wrong businesses

If your company collects and shares PII with insecure partners, who do you think will end up in the paper and explaining to law enforcement about how a breach occurred? Your company will.

Keep data around past its prime

What do you do with data once it’s served its purpose? If you aren’t destroying PII when it’s no longer required, then you’re not doing your job. That doesn’t mean throwing it away either — that means destroying it.

Don’t worry about physical security

It’s imperative that you implement physical access controls to prevent unauthorized people — including employees — from gaining access to PII. Get a door lock and a badge reader, and start controlling access.

Don’t lock up your records

If you don’t have specific storage areas on your network (as well as file cabinets) for PII, then how can your properly protect it?

Ignore activity on your network

If you’re not going to actively monitor your network for suspicious activity or incidents, then stop collecting the data. Develop a method that’s within your capabilities and budget to monitor your network for suspicious activity or incidents. And while you’re at it, develop a response and mitigation strategy for security incidents.

Audits? Who needs audits?

A lot of businesses either don’t know what security events to audit or don’t read their security logs — or both. If you’re not sure which events to audit, find out. Set up security auditing, and start reviewing your logs today.

From the article by Mike Mullins.

This blog is run by the authors of FindProtected.
FindProtected is a security program that allows you to search for password protected files. With FindProtected, you can effectively identify protected files containing sensitive data on your network.

A misstep in preserving electronic data for litigation could mean defeat before the enemy is even engaged.

According to Greg Fordham, a founder of K&F Consulting Inc., “Just not deleting anything off the computer isn’t enough.”

“The continued use of a computer can alter important metadata such as file system date and time stamps. Similarly, continued use can overwrite dynamic system data such as virtual memory stored to a disk, or overwrite deleted data so that it is unrecoverable,” he said.

Steps Fordham recommends include: early notice to preserve evidence - even prior to filing; preserving electronic evidence in a forensically sound manner that will capture the full spectrum of data; and developing a questionnaire or guide that seeks specific details about a clients electronic and computer systems.

According to K&F Consulting.

This blog is run by the authors of FindProtected.
FindProtected is a security program that allows you to search for password protected files. With FindProtected, you can effectively identify protected files containing sensitive data on your network.

For fear of becomming the next victim of identity theft, 150 million U.S. consumers don’t bank online, according to experts. But the banking industry could improve profitability by as much as $8.3 billion per year if banks build consumers’ confidence in online security, according to the TriCipher Consumer Online Banking Study.

The study, which was based on online survey responses from 3,349 U.S. adult consumers, reports that 31 million customers would feel safe enough to begin banking online and another 39 million online users would increase their online banking activity if their banks offered free identity protection software.

While only 6 percent of survey respondents have been victims of identity theft or fraud, 41 percent — which translates to more than 88 million U.S. online banking customers — would change banks or reduce their online service usage if their individual institution was compromised by a data breach, the study says, making identity protection a significant competitive differentiator.

Consumers are willing to take extra steps to protect their identities, but they do not want to pay extra for these services. “Many view this as a service they should get automatically,” explains Stephen Knighten, statistical analyst, Javelin. “They are willing to take extra steps, but not at an expense.”

According to the study, 62 percent of online banking users would download and use identity protection software if their banks provided it for free. Consumers are interested in second-factor solutions, including biometrics (33 percent), one-time password tokens (20 percent) and peripheral device recognition solutions (15 percent). “The key to these solutions’ success,” says Knighten, “is that they must be convenient.”

While banks must foot the bill for these security measures, they can recover their investments by cross-selling to the lucrative online banking segment, notes TriCipher’s DeSantis. “Banks can target them with profitable lines of credit, mortgages and similar products,” he says. “The key is to reinforce trust and loyalty of account holders. … Unless you have their confidence, they will start to stray.”

See full story.

This blog is run by the authors of FindProtected.
FindProtected is a security program that allows you to search for password protected files. With FindProtected, you can effectively identify protected files containing sensitive data on your network.

An adviser to the UK Cabinet warns that civil servants’ low awareness of data security threats puts information collected by the government at risk.

A key advisor to the Cabinet Office on information assurance issues, said that with the exception of the police, defence and intelligence communities, public servants have little grasp of information security threats. “What keeps me awake at night is that, with some notable exceptions, across government there’s too little awareness of the scale and breadth of the risk facing us at the moment,” he said.

Ignorance of information security threats at board level is actually more of a threat than the threats themselves, according to Burton. “No-one knows the scale of the risk. We need to energise boards. The technical risks are nothing compared with ignorance at board level,” he said in a panel discussion at a British Computer Society (BCS) security event this week.

The UK government recently announced two sets of controversial plans around data use - plans to form the database for the ID Cards National Identity Register from three existing databases, and plans to relax data-sharing laws so government departments can share information more easily.

See full story.

This blog is run by the authors of FindProtected.
FindProtected is a security program that allows you to search for password protected files. With FindProtected, you can effectively identify protected files containing sensitive data on your network.

AKS-Labs has released a Windows privacy utility called RecentCleaner. With RecentCleaner one can check and clear the list of recently opened files. Recent files is a kind of link that program creates when the file is being opened. Almost all products create recently files, for instance Microsoft Word, Excel, PowerPoint, Access, WinZip, WinRar. Windows system keeps the record of recently accessed files too.

Sometime the list of recently opened files can become a great security problem, as it hard to remove all these records fast. RecentCleaner was created to solve this issue in a timely manner. Recent files records can be cleared in a single click now.

Learn more about clearing recent files at RecentCleaner web-site.

AKS-Labs has released a version 1.0 of RecentCleaner, a personal privacy tool designed to browse and clean recently accessed files list. The program supports WinZip, WinRar, Word, Excel, PowerPoint, Windows recent files.

Learn more about clearing recent files.

Amid warnings about the risk of identity theft, Canadian insurance companies have begun offering policies that help defray the cost of setting things right, if you fall victim.

Identity theft occurs when a crook uses another person’s name and other personal information such as social insurance number, credit-card number or bank account illegally to make purchases, borrow money or make some other costly transactions without the victim’s consent or even knowledge.

According to research by Phonebusters, a national anti-fraud organization…, thousands of Canadians a year report cases of identity theft — although the rate may be lower now than it was a few years ago.

It can be time-consuming and costly for innocent victims of identity theft to compile the information and get the legal advice required to verify they aren’t at fault. It’s those expenses — such as lost wages, lawyer and notary fees and courier charges — that are covered by identity theft insurance.

“Those are where the real expenses come in. It’s not the $5,000 or $10,000 loan. It’s the expense of clearing everything up,” says Bryan Seaton, spokesman for ING Canada, which recently began offering identity theft protection across Canada.

There has been increased public awareness of the measures — such as shredding documents with account numbers, proper storage of passwords and account numbers and software protections for your computer — that can be taken to prevent your personal information from getting into the wrong hands.

“We have a duty to defend your title. So we do what we can to get it resolved. Or, in a worst-case scenario, we can pay out the money that you’ve lost as a result of this problem,” says Kathleen Waters, vice-president of Title Plus, a service provided by Lawyers’ Professional Indemnity Co.

See full story.

This blog is run by the authors of FindProtected.
FindProtected is a security program that allows you to search for password protected files. With FindProtected, you can effectively identify protected files containing sensitive data on your network.

- Consider investing in a records-management software system to ensure the secure preservation of records electronically.

There are very reputable companies that make software for legal records management. Most of these software systems are licensed per work station, so it can be a costly investment. So whoever is in charge of this should shop carefully.

- Do not consider an e-mail In Box as a tool with which to manage records.

The e-mail systems like Outlook were never meant to be records-management systems. When e-mail files get really large, they tend to get corrupted…

When it’s e-mail, you probably have all kinds of things in there and don’t separate the wheat from the chaff because it takes too much time. So you get sloppy.

If you are going to use your e-mail as a client file, think about what you want in there and what you’d want someone else not to see. Delete it, and then delete the deletion.

- Store records in a location outside the offices of your law firm.

Even in small and midsize firms, there’s so much data it’s hard to back it all up on one tape, and it becomes harder to recover that much data. So some firms are turning to business continuity systems [with which] they send their data electronically off-site so it can be easily retrieved.

- Leave the records-management responsibility to an expert in the field rather than rely on an in-house policy.

Most large firms have had a director of records or a manager of records, which was mostly a paper-pushing position. But what has happened is that 80 percent of records now are electronic, and so it’s an entirely different process to manage electronic records. That’s where an information officer [comes in and] works closely with a records manager to do the overall management of the electronic records.

- Follow the lead of publicly traded business clients, which have had to pay close attention to their record-management practices as federal regulation of those practices has tightened.

Regulation that’s now affecting publicly traded companies, such as Sarbanes-Oxley [a 2002 federal law that established strict standards for corporate governance], will probably come to affect private industries like law firms, and that will mean lawyers will have to be much more careful about how their firms keep their records.

(c) HENRY CHACE

This blog is run by the authors of FindProtected.
FindProtected is a security program that allows you to search for password protected files. With FindProtected, you can effectively identify protected files containing sensitive data on your network.

Recent files, also referred to as temporary files, are those created automatically and stored on the system’s hard drive. Microsoft Windows uses many temporary files to store data about the users’ web browsing history and settings.

There are some potential risks and dangers associated with recent files, read more about recent files and security risks.