Register for our Upcoming Webinar

March 16th, 2010 Author: arieanna
header.jpg

On March 24th, Absolute Software and Intel will be hosting a webinar on how anti-theft technologies work together to secure your mobile devices. By providing intelligent, automated, policy-based protection against loss or theft of laptops, anti-theft technology and IT asset manage tools help protect patient data and minimizes organizational risk.

This webinar will cover:

  • The challenges in protecting healthcare data
  • The rules governing the protection of healthcare data and the consequences of noncompliance
  • Keeping sensitive healthcare data out of the wrong hands
  • Employing new technology that offers rapid lockdown and rapid recovery to keep you in compliance with healthcare data security laws

Speakers at the webinar are:

  • Robert Ayoub, Industry Manager of Network Security Information
    & Communication Technologies Practice for Frost & Sullivan
  • Brad Myrvold, Systems Manager of Desktop Technology for Allina Hospitals and Clinics
  • Anand Pashupathy, General Manager of the Anti-Theft Services Business Unit for Intel
  • Moderator: Kirk Laughlin, Contributing Editor for Health Data Management Magazine
Category: Absolute Software | No Comments »

Absolute & Ponemon 2010 Laptop Encryption Study

March 15th, 2010 Author: arieanna

2010report.jpgIf you are a long-time reader of the Absolute Software blog, you’ll recall the 2009 study we sponsored with the Ponemon Institute – The Human Factor in Laptop Encryption. We have now followed-up that with a 2010 study looking at the US, UK, Canada, Germany, France and Sweden markets.

The study shows that business managers are continuing to ignore laptop security procedures above and beyond encryption. Indeed, even with encryption, most corporations are unable to determine if encrypted data remains secure.

Key findings from the whitepaper:

  • 95% of IT practitioners report that someone in their organization has had a laptop lost or stolen
  • Of those laptops lost or stolen, 72% resulted in a data breach.
  • After a data breach, 0nly 44% of organizations were able to prove the contents were encrypted.
  • 33% of IT practitioners believe encryption makes it unnecessary to use other security measures, whereas 58% of business managers believe this to be the case.
  • 62% of business managers surveyed strongly agree and agree that encryption stops cyber criminals from stealing data on laptops versus 46% of IT practitioners who strongly agree or agree.
  • 36% of business managers surveyed record their encryption password on a private document such as a post-it note to jog their memory or share the key with other individuals. Virtually none of the IT practitioners record their password on a private document or share it with another person.
  • 60% of business managers have disengaged their laptop’s encryption solution and 48% admit this is in violation of their company’s security policy.
  • 55% of business managers sometimes or often leave their laptop with a stranger when traveling.

You’ll see there are many troubling pieces of information there. Individuals have a false sense of security about their laptop security. Indeed, many individuals appear to ignore laptop security altogether by disengaging encryption or not using safe password practices. Are you using a layered approach to your laptop security? If not, find out how we can help!

Download the whitepapers here.

Category: Absolute Software, Security Policy, Surveys & Reports | No Comments »

Large Botnet Arrest

March 15th, 2010 Author: arieanna

1260786_laptop_work.jpgSpanish police arrested 3 men suspected of being responsible for the world’s largest network of virus-infected computers – the so-called Mariposa botnet. The botnet was made up of nearly 13 million computers across 190 countries. The botnet was rendered inactive in December, with the arrests following.

Out of 13 million computers infected, the chances would be pretty good that many of these computers would reside in a business environment. According to the report, the botnet included PCs inside more than half of the Fortune 1000 companies and more than 40 major banks.

The botnet was designed to steal sensitive information from social media sites and other online email services.

“This is very alarming because it proves how sophisticated and effective malware distribution software has become, empowering relatively unskilled cyber criminals to inflict major damage and financial loss,” – Senior research advisor Pedro Bustamante

The 3 men arrested were all Spanish citizens without records and limited hacking skills. Other arrests may follow.

Via BBC

Category: Theft News, Web Security | No Comments »

Identity Theft Top Consumer Complaint in 2009

March 12th, 2010 Author: arieanna

The FTC has released a report stating that the top consumer complaint for 2009 was identity theft. The FTC received 278,078 complaints of identity theft during the year, topping the list with 21% of all the 1.3 million complaints received.

Despite topping the list, the number of complaints actually went down 5% from the 2008 figures and going down in absolute figures for the first time since 2000. Of the other complaints, Third Party and Creditor Debt Collection ranked second on the list of complaints and Internet Services ranked third.

Looking more closely into the identity theft complaints, 17% of those complaints were credit card fraud. The next most common complaints were government documents/benefits fraud and phone or utilities fraud. Florida had the highest per capita rate of identity theft in the US.

This data indicates all of the complaints received by the FTC but does not indicate absolute crime figures. None of the complaints were verified by the FTC.

Via wired ; Image: Clipart

Category: Identity Theft, Surveys & Reports | 1 Comment »

Cybersecurity Plan Declassified

March 11th, 2010 Author: arieanna

bg-title-nsc_0.jpgThe Obama administration has declassified and published part of its cybersecurity plan. Saying that Obama has “identified cybersecurity as one of the most serious economic and national security challenges” faced in the US, appointing Howard A. Schmidt as cybersecurity coordinator last year. Schmidt made the declassification announcement at the RSA Security Conference.

Schmidt says there are about 40 legal questions surrounding the cybersecurity initiative that the government is working on. The initiative was set to protect US networks – military, civilian and government networks as well as infrastructure systems – and to combat cyberwarfare.

The declassified plan includes information on Einstein 2 and 3, intrusion detection systems on federal networks that would detect potential threats. Wired does a great job discussing the privacy and civil liberty issues surrounding these deployments. The plan outlines several initiatives that are a part of the Comprehensive National Cybersecurity Initiative (CNCI) – see the outline here.

Category: Government Security, Privacy & Security Laws | No Comments »

Tip of the Day Links

March 10th, 2010 Author: arieanna

SANS has put together a great blog featuring a security awareness tip of the day. The tips are brief and to-the-point, so a great easy format to read each day.

Some of the tips are ones I would highlight in individual posts, but I figured it’s best just to send you on over there to also add it to your RSS feed. Some of my favorite posts from their recent coverage are:

  • A password should be used by only one person
  • Avoid default installations
  • Email isn’t the only online communication that has security risks
  • Use Google’s cached mode to avoid spyware
  • Take time to explore security settings

Not all the posts have a lot of information but, if they make you think, they are a good jumping point for you to continue your research.

Category: Security Links | No Comments »

Cybereducation in Schools Found Lacking

March 9th, 2010 Author: arieanna

The National Cyber Security Alliance (NCSA) released the 2010 State of Cyberethics, Cybersafety, and Cybersecurity Curriculum in the U.S., a report which looks at the state of cyberethics, cybersafety, and cybersecurity training in the nation’s schools.

The study polled teachers, school administrators, and technology coordinators. It indicates that the youth in the US aren’t receiving enough instruction on how to use technology and to navigate the cyber world in a safe and responsible manner. Despite the lack of past study, most of those polled strongly agreed that these topics should be taught in schools.

“The study illuminates that there is no cohesive effort to provide young people the education they need to safely and securely navigate the digital age and prepare them as digital citizens and employees,” said Michael Kaiser, Executive Director of the National Cyber Security Alliance.

Data from the study:

  • >75% of teachers have spent fewer than 6 hours on cyberethics, cybersafety and cybersecurity training in the last 12 months
  • 35% of teachers taught online conduct
  • 27% of teachers taught about the safe use of social networks
  • 18% taught about scams, fraud and social engineering
  • 19% taught about safe passwords
  • 72% of teachers indicated that parents bear the primary responsibility for teaching these topics, 51% of school administrators indicate that teachers are responsible

Via Stay Safe Online

Category: Education Security, Education and Technology | No Comments »

Watch Our School Laptop Management Webinar

March 8th, 2010 Author: arieanna

Our featured webinar for the month is on Worry-free Strategies for School Laptop Management, hosted by Absolute’s Geoff Glave and Joe Fives, Director of Technology and Information Services for the Kansas City Kansas Public School District.

e-school-video.jpg

This school district has learned how to use Computrace to track over 6,000 macbooks, successfully – and securely – implementing a laptop program that supports the education program. You will have a chance to learn about everything from grant approvals to theft rates and even recovery stories!

Head on over here to learn more and to register to watch.

Category: Absolute Software, Case Studies, LoJack for Laptops | No Comments »

Don’t Press F1 Key

March 6th, 2010 Author: arieanna

Microsoft has issued a security advisory for Windows XP users that pressing the F1 key when prompted to online could put users at risk for a hack.

The F1 key vulnerability exists because of an un-patched vulnerability in Internet Explorer that would allow hackers to hijack the source PC.

Microsoft is investigating new public reports of a vulnerability in VBScript that is exposed on supported versions of Microsoft Windows 2000, Windows XP, and Windows Server 2003 through the use of Internet Explorer. Our investigation has shown that the vulnerability cannot be exploited on Windows 7, Windows Server 2008 R2, Windows Vista, or Windows Server 2008. The main impact of the vulnerability is remote code execution. We are not aware of attacks that try to use the reported vulnerabilities or of customer impact at this time.

Microsoft may supply a security patch for this vulnerability in an upcoming patch release. No date or confirmation of this patch is available.

Via network world

Category: Web Security | No Comments »

Please Rob Me

March 5th, 2010 Author: arieanna

There’s been a lot of buzz about the website PleaseRobMe – so much, in fact, that the site has been down every time I went to see it in the last week! The site, by aggregating public location-based check-ins, highlights just how many people are asking for their homes to be robbed. How? By advertising just where they are – a restaurant, theatre, etc. Essentially, anywhere but at home.

header.png

Now, this type of information is not new. It’s the same thing as advertising in a newspaper about when you’re getting married or that a relative has died. However, these location-based services – Foursquare or even Twitter – have made the practice more prevalent and prolific.

What do you think about location-based services? I don’t use them, but I do admit that I often tweet things such as “out for coffee with my husband”, giving any potential robber the opportunity to rob me.

Category: Web Security | No Comments »

Archives