According to a security company’s 100 penetration attempts, most organizations succumb to five attacks, none of which involve malware or zero-day flaws. The top five attacks, according to darkreading.com: abuse of weak domain user passwords — used in 66% of Praetorian pen testers’ successful attacks broadcast name resolution poisoning (like WPAD) — 64% local admin […] read more
According to the folks at phiprivacy.net, the recent addition of twenty-nine data breaches to the HHS “Wall of Shame” show that laptop and desktop computers still account for approximately half of all medical data breaches. This indicates two things: (1) Too many covered entities are not using HIPAA level encryption and (2) computers still account […] read more
Dissent at phiprivacy.net brings us news that the Arizona Counseling and Treatment Services, located in the city of Yuma, has announced the theft of an employee’s laptop computer with personal patient information. Although it’s not spelt out, it appears pretty evident that laptop disk encryption for protecting PHI like AlertBoot was not used. When it […] read more
BYOD Security: Employees Work 20 Extra Hours, Happy, And A Significant Portion A Data Breach Waiting To Happen.
According to a global survey, employees under a BYOD plan can work up to 20 extra hours per week…happily. This is good news to employers, possibly not so much to employees (but who’s to say, really? If they’re happy, they’re happy). Not so good news: despite BYOD in place, 19% do not require mobile security […] read more
Following the password leaks of LinkedIn, eHarmony, and Last.fm from last month, Formspring, described as a question-and-answer website, has announced and plugged up a password leak. One differentiating factor: Unlike the earlier data breaches Formspring used proper data security, at least in name only: they first salted their passwords before hashing them. 420,000 Passwords Post […] read more
The big data security story one month ago was the hacked presence of LinkedIn user passwords. It was also revealed that eHarmony and Last.fm were affected as well. However, stories focusing on these two were eclipsed, probably due to LinkedIn’s overwhelming user base. Regardless, there are lessons to be learned from the eHarmony breach thanks […] read more
Do you know why solutions like managed laptop encryption software such as AlertBoot are better than some standalone ones? Among many reasons, it’s because the encryption cannot be overridden by anyone but the administrator. It has to be done from a central console. This ensures, among other things, that a laptop stays encrypted once it […] read more
UK Data Protection: ICO Penalizes Telford and Wrekin Council £90,000 For Two Breaches In As Many Months.
The Information Commissioner’s Office (ICO) in the UK has announced it has penalized another UK body for lacking adequate controls when it comes to data security. The fine this time is a hefty £90,000 for two data breaches in two months. It’s one of those cases that show that data encryption software like AlertBoot can […] read more
Paranoia. It’s one quality that grows in you — if you didn’t suffer from it already — if you work in the information security space. But, apparently it doesn’t affect everyone. A survey was taken among participants of London’s InfoSecurity Europe show last year. The show being what it is, it’s not far-fetched to assume […] read more
A survey by the Healthcare Information and Management Systems Security (HIMSS) organization shows that US healthcare organizations are experiencing increased patient data breaches, fed by the introduction and growth of electronic records. The use of full disk encryption software like AlertBoot can counter such malignant developments, seeing how laptops and other portable devices account for […] read more