Measure and control IT security

In today’s workplace, it’s impossible to eliminate mobile computing devices — laptops, thumb drives, mobile phones, PDAs and iPods. However, “since California enacted a data breach notification law in 2002 (followed by 32 other states), there have been a host of embarrassing disclosures about missing computers”.

About half of the states’ breach-reporting laws give companies a way to avoid disclosing such breaches: the use of encryption on the mobile devices.

But encrypting data on mobile systems isn’t a simple task. CIOs and CISOs have found that while the technology to encrypt laptop hard drives is pretty straightforward and simple to deploy, there are several aspects of mobile security for which technology is not yet solid, particularly for protecting data on removable media and handheld devices. That’s why security leaders who have adopted encryption make sure to use other techniques — both technological and managerial — to protect their mobile data.

The first decision when implementing an encryption strategy is whether to use full-disk encryption or file-based encryption. Although most operating systems have built-in file encryption tools, this approach has a significant security flaw: It relies on users putting files in the encrypted folders.

The other option is full-disk encryption, which protects everything on the hard drive. The latest disk-encryption solutions are easy to use and are not likely to slow down performance. “Several companies — including PGP, Pointsec and GuardianEdge Technologies — provide enterprise-class full-disk encryption software that can be installed and managed using standard tools, and that works with backup software and password management systems.”

See full story.

Data encryption is important for the security of stored data. However, it is also important to use secure file removal applications. If the sensitive data was deleted from laptop or PC using unsecure operations, it can still be recovered. To protect your deleted data, you need to use specific file wiping tools.

This blog is run by authors of Shred Agent and QuickWiper.

Raleigh, NC (AKS-Labs) September 25, 2006 — AKS-Labs, has release a version 1.1 of Shred Agent, a file shredder utility that works in background mode and does secure deletion of all deleted files.

With the wider use of encryption systems, an attacker wishing to gain access to sensitive data is forced to look elsewhere for information. One way to attack is the recovery of supposedly erased data from hard disk or random-access memory.

Shred Agent is designed to protect your privacy. When you delete files in Windows it is possible to undelete or recover them using different file recovery utilities. If you want to make sure that the file you delete cannot be restored by any means, Shred Agent is the right tool for you.

To make sure nobody else has access to your private files, you might use some encryption software. But encryption is useless if the original plaintext can be recovered. Wiping is the process of writing some information directly into the space where the old file was located.

Shred Agent works on hardware level, thus wiping the files completely, eliminating the possibility of ever recovering them. What makes it different from most file wiping utilities currently available on the market is the capability to control the wiping of files in the background. For example you can configure the corresponding filters to wipe temporary file created by office programs.

If Shred Agent is installed on a server and a remote user is trying to delete a file from the “Include” list, Shred Agent will wipe the file via network.

Shred Agent can be customized to suit just your needs. Configure filters to wipe only the files with certain extensions or belonging to a specific directory. Make sure Shred Agent is launched every time you switch on your computer. Record all the information about the files being wiped to a log file.

Read more at www.shredagent.com

Jane Putnam, “Identity theft epidemic on the rise in the U.S.”: “Most people do not realize how easily criminals can obtain personal data without even having to break into a home, according to the United States Department of Justice Web site”.

Identity thieves stole nearly $100 million from financial institutions last year, or an average of $6,767 per victim, according to MY ID Fix, an identity theft prevention and victim center.

In April 2005, computer hackers installed a program that recorded keystrokes onto four computers in the Widtsoe Building computer lab. The program recorded information like credit card numbers, net IDs and passwords. It was discovered by a lab assistant and removed from the lab computers.

“Right now, the thing that is most troubling is the large number of data breaches,” said Paul Stephens, a policy analyst at Privacy Rights Clearinghouse in San Diego. “It is so troubling because even an individual who is extremely responsible and careful, there really is not a whole lot they can do to protect themselves. They have to give out certain information, like Social Security numbers and bank codes, to employers and credit card companies. You trust them [employers and financial institutions] to take care of your private information. When they betray that trust, your identity can be stolen.”

This blog is run by the authors of FindProtected. FindProtected is an effective security program that allows you to search your network for password protected files. With FindProtected, you can properly identify protected files and relocate them if necessary.

UK Government has been urged to crack down on “identity theft” and raise public awareness of a growing form of fraud. The call came as Euro-MPs launched moves for cross-border co-ordination of efforts to prevent criminals stealing individual identities as a cover for their crimes.

According to a recent official report examining the measures in place to combat identity fraud throughout the EU, “European governments are not doing enough to fight rising levels of identity theft”. Chief among the criticisms highlighted is a need to enhance coordination between police forces, internally, within different EU states, and between member states and those outside the EU.

“Tackling identity offences is currently hampered by a lack of official data about the scale of the problem”. Although all European countries have acted to respond to identify offences, public awareness should be stepped up and European cooperation improved to tackle the problem.

In UK alone, more than one in four people are affected by identity theft. With the number of identity theft victims rising every year it is clear that more needs to be done to raise people’s awareness of this issue.

See full article.

This blog is run by the authors of FindProtected. FindProtected is an effective security program that allows you to search your network for password protected files. With FindProtected, you can properly identify protected files and relocate them if necessary.

In the past 15 months, corporations, universities and other organizations alerted more than 85 million U.S. consumers that their personal or financial data might have been exposed through electronic breaches, disgruntled employees or just plain incompetence. While consumer data leaks don’t automatically result in financial losses or identity theft, experts say your chances of becoming a victim depend on how well you know your rights and how quickly you spring into action.

A speedy response is most important in cases when a data breach or loss involves a consumer’s Social Security number, which thieves can use to open new lines of credit in the victim’s name, said Betsy Broder, assistant director of the Federal Trade Commission’s Division of Privacy and Identity Protection.

“Anyone whose Social Security number was lost or stolen should immediately report it to one of the three major credit bureaus and request that a 90-day fraud alert be placed on all credit files. Consumers have the right to renew this alert indefinitely, but they must contact one of the credit bureaus every three months to do so”.

Consumers who have evidence of attempts to open fraudulent accounts in their name should contact those creditors immediately, and file a report with the local police department. If possible, obtain a copy of the police report, or at least the police report number.

For many identity-theft victims, being denied a loan or line of credit or receiving a call from a debt collection agency is the first sign of trouble. By law, if you inform a collector that a debt is the result of identity theft, that collector also must inform the creditor, and creditors are prohibited from selling debt that results from identity theft or placing it for collection. You also are entitled to a copy of all information about fraudulent debt, including late notices and account statements.

See full article.

This blog is run by the authors of FindProtected. FindProtected is an effective security program that allows you to search your network for password protected files. With FindProtected, you can properly identify protected files and relocate them if necessary.

A Sunnyvale man was sentenced today to 14 years in prison for identity theft as part of a more than $1 million real estate scam. John Shaw, 47, faced up to 27 years after being convicted last year on 14 felony counts, including forgery, grand theft, identify theft, recording false documents, and conspiracy.

A licensed real estate agent, Shaw assumed the identities of at least five people, mostly his clients, and purchased real estate in their names. He then sold the property to other names he assumed, pocketing the profits.

Another identity thief who stole 16-thousand dollars from his victims, was sentenced Wednesday in Honolulu Circuit Court to 15 years in prison. The 28-year-old Saatkamp was also ordered to pay restitution to his victims - eight individuals and three financial institutions.

According to MercuryNews.com, kpua.net.

This blog is run by the authors of FindProtected. FindProtected is an effective security program that allows you to search your network for password protected files. With FindProtected, you can properly identify protected files and relocate them if necessary.

The New York Times published today a survey results on the number of people in the US, who suffered from identity theft: “The ranks of identity theft victims are large… In broad terms — including a thief’s use of existing credit card, bank or other accounts — the number of victims is about nine million a year, or roughly 4 percent of the United States adult population, according to surveys by Javelin Strategy and Research, an independent research firm.” About three million Americans each year fall victim to the worst kind of identity theft, new account fraud.

Although there are no exact figures of the crime’s costs, the Javelin study estimates the average annual cost per stolen identity at $6,300, a 22 percent increase since 2003.

Another New York Times article advises the following 8 steps to avoid identity theft:

Identity theives can also steal your identity information from your home PC, or computer at work. In order to secure this data, you need to implement specific technology solutions. But, notwithstanding all these measures, no one can be absolutely sure his identity information is safe.

This blog is run by the authors of FindProtected. FindProtected is an effective security program that allows you to search your network for password protected files. With FindProtected, you can properly identify protected files and relocate them if necessary.

People ages 18-29 make the most reports of identity theft in the US, according to the Identity Theft Data Clearinghouse, a division of the Federal Trade Commission.

According to the experts, colleges and universities are a prime target for electronic data thefts because of their wide use of names, addresses and Social Security numbers. “The reason is simple. Colleges have a tendency to use information, like Social Security numbers, for student IDs,” said Jay Foley, executive director of the Identity Theft Research Center.

In the past year, security issues have been reported in Kent State, Miami and Cleveland State universities, as well as the Ohio State University. Some have been computer thefts or hacking, while in other cases personal information was accidentally posted online. Many of the schools are updating their computer security systems and urging students to be careful when storing personal information.

See original article.

This blog is run by the authors of FindProtected.
FindProtected is an effective security program that allows you to search your network for password protected files. With FindProtected, you can properly identify protected files and relocate them if necessary.

Here are 5 most common myths of Identity Theft:

Myth #1: Identity Theft is on the rise. In reality, the number of people in the US victimized by identity theft has dropped from 11-million in 2003 to 9-million in 2005.

Myth #2: Identity Thieves target the elderly. People in their 20’s are most likely to be victims…. even most college students now know someone who’s been hit by an identity thief. “People in their 20’s often have perfect credit, and as a group can be the most careless with their information”.

Myth #3: Identity Thieves get your information from your trash. Actually, one of the fastest growing forms of identity theft “comes from shoulder surfers”.

Myth #4: Identity thieves steal personal information from the internet. “Truth of the matter is, that the internet is helping us. It’s helping us catch these people faster.”

Myth #5 Our information is most likely to be stolen by a stranger. 51% of identity thefts are committed by someone familiar to the victim….26% from a relative.

This blog is run by the authors of FindProtected.
FindProtected is an effective security program that allows you to search your network for password protected files. With FindProtected, you can properly identify protected files and relocate them if necessary.

According to an April 2 report by the US Justice Department’s Bureau of Justice Statistics, 3 percent of all households in the US became the victim of at least one type of identity theft during a six-month period in 2004. The estimated loss during this period was about $3.2 billion.

About one-third of households that were identity theft victims discovered the loss by noticing missing money or unfamiliar charges on an account, and about one-quarter were contacted by a credit bureau.

Approximately one-quarter of all victimized households said the misuse had not stopped. The misuse was more likely to have stopped for households experiencing credit card theft (78 percent) than those experiencing theft of other existing accounts (65 percent) or the misuse of personal information (54 percent). Loss of personal information was the cause of trouble for 15 percent of the surveyed households.

About one in five households spent at least one month resolving their problems, while one-third said the problems were resolved in one day.

According to Jim Kouri’s post at Postchronicle.com.

This blog is run by the authors of FindProtected.
FindProtected is an effective security program that allows you to search your network for password protected files. With FindProtected, you can properly identify protected files and relocate them if necessary.