On March 24th, Absolute Software and Intel will be hosting a webinar on how anti-theft technologies work together to secure your mobile devices. By providing intelligent, automated, policy-based protection against loss or theft of laptops, anti-theft technology and IT asset manage tools help protect patient data and minimizes organizational risk.

This webinar will cover:

• The challenges in protecting healthcare data
• The rules governing the protection of healthcare data and the consequences of noncompliance
• Keeping sensitive healthcare data out of the wrong hands
• Employing new technology that offers rapid lockdown and rapid recovery to keep you in compliance with healthcare data security laws

Speakers at the webinar are:

• Robert Ayoub, Industry Manager of Network Security Information
  & Communication Technologies Practice for Frost & Sullivan
• Brad Myrvold, Systems Manager of Desktop Technology for Allina Hospitals and Clinics
• Anand Pashupathy, General Manager of the Anti-Theft Services Business Unit for Intel
• Moderator: Kirk Laughlin, Contributing Editor for Health Data Management Magazine

If you are a long-time reader of the Absolute Software blog, you’ll recall the 2009 study we sponsored with the Ponemon Institute – The Human Factor in Laptop Encryption. We have now followed-up that with a 2010 study looking at the US, UK, Canada, Germany, France and Sweden markets.

The study shows that business managers are continuing to ignore laptop security procedures above and beyond encryption. Indeed, even with encryption, most corporations are unable to determine if encrypted data remains secure.

Key findings from the whitepaper:

• 95% of IT practitioners report that someone in their organization has had a laptop lost or stolen
• Of those laptops lost or stolen, 72% resulted in a data breach.
• After a data breach, 0nly 44% of organizations were able to prove the contents were encrypted.
• 33% of IT practitioners believe encryption makes it unnecessary to use other security measures, whereas 58% of business managers believe this to be the case.
• 62% of business managers surveyed strongly agree and agree that encryption stops cyber criminals from stealing data on laptops versus 46% of IT practitioners who strongly agree or agree.
• 36% of business managers surveyed record their encryption password on a private document such as a post-it note to jog their memory or share the key with other individuals. Virtually none of the IT practitioners record their password on a private document or share it with another person.
• 60% of business managers have disengaged their laptop’s encryption solution and 48% admit this is in violation of their company’s security policy.
• 55% of business managers sometimes or often leave their laptop with a stranger when traveling.

You’ll see there are many troubling pieces of information there. Individuals have a false sense of security about their laptop security. Indeed, many individuals appear to ignore laptop security altogether by disengaging encryption or not using safe password practices. Are you using a layered approach to your laptop security? If not, find out how we can help!

Download the whitepapers here.

Spanish police arrested 3 men suspected of being responsible for the world’s largest network of virus-infected computers – the so-called Mariposa botnet. The botnet was made up of nearly 13 million computers across 190 countries. The botnet was rendered inactive in December, with the arrests following.

Out of 13 million computers infected, the chances would be pretty good that many of these computers would reside in a business environment. According to the report, the botnet included PCs inside more than half of the Fortune 1000 companies and more than 40 major banks.

The botnet was designed to steal sensitive information from social media sites and other online email services.

“This is very alarming because it proves how sophisticated and effective malware distribution software has become, empowering relatively unskilled cyber criminals to inflict major damage and financial loss,” – Senior research advisor Pedro Bustamante

The 3 men arrested were all Spanish citizens without records and limited hacking skills. Other arrests may follow.

Via BBC

The FTC has released a report stating that the top consumer complaint for 2009 was identity theft. The FTC received 278,078 complaints of identity theft during the year, topping the list with 21% of all the 1.3 million complaints received.

Despite topping the list, the number of complaints actually went down 5% from the 2008 figures and going down in absolute figures for the first time since 2000. Of the other complaints, Third Party and Creditor Debt Collection ranked second on the list of complaints and Internet Services ranked third.

Looking more closely into the identity theft complaints, 17% of those complaints were credit card fraud. The next most common complaints were government documents/benefits fraud and phone or utilities fraud. Florida had the highest per capita rate of identity theft in the US.

This data indicates all of the complaints received by the FTC but does not indicate absolute crime figures. None of the complaints were verified by the FTC.

Via wired ; Image: Clipart

The Obama administration has declassified and published part of its cybersecurity plan. Saying that Obama has “identified cybersecurity as one of the most serious economic and national security challenges” faced in the US, appointing Howard A. Schmidt as cybersecurity coordinator last year. Schmidt made the declassification announcement at the RSA Security Conference.

Schmidt says there are about 40 legal questions surrounding the cybersecurity initiative that the government is working on. The initiative was set to protect US networks – military, civilian and government networks as well as infrastructure systems – and to combat cyberwarfare.

The declassified plan includes information on Einstein 2 and 3, intrusion detection systems on federal networks that would detect potential threats. Wired does a great job discussing the privacy and civil liberty issues surrounding these deployments. The plan outlines several initiatives that are a part of the Comprehensive National Cybersecurity Initiative (CNCI) – see the outline here.

SANS has put together a great blog featuring a security awareness tip of the day. The tips are brief and to-the-point, so a great easy format to read each day.

Some of the tips are ones I would highlight in individual posts, but I figured it’s best just to send you on over there to also add it to your RSS feed. Some of my favorite posts from their recent coverage are:

• A password should be used by only one person
• Avoid default installations
• Email isn’t the only online communication that has security risks
• Use Google’s cached mode to avoid spyware
• Take time to explore security settings

Not all the posts have a lot of information but, if they make you think, they are a good jumping point for you to continue your research.

The National Cyber Security Alliance (NCSA) released the 2010 State of Cyberethics, Cybersafety, and Cybersecurity Curriculum in the U.S., a report which looks at the state of cyberethics, cybersafety, and cybersecurity training in the nation’s schools.

The study polled teachers, school administrators, and technology coordinators. It indicates that the youth in the US aren’t receiving enough instruction on how to use technology and to navigate the cyber world in a safe and responsible manner. Despite the lack of past study, most of those polled strongly agreed that these topics should be taught in schools.

“The study illuminates that there is no cohesive effort to provide young people the education they need to safely and securely navigate the digital age and prepare them as digital citizens and employees,” said Michael Kaiser, Executive Director of the National Cyber Security Alliance.

Data from the study:

• >75% of teachers have spent fewer than 6 hours on cyberethics, cybersafety and cybersecurity training in the last 12 months
• 35% of teachers taught online conduct
• 27% of teachers taught about the safe use of social networks
• 18% taught about scams, fraud and social engineering
• 19% taught about safe passwords
• 72% of teachers indicated that parents bear the primary responsibility for teaching these topics, 51% of school administrators indicate that teachers are responsible

Via Stay Safe Online

Our featured webinar for the month is on Worry-free Strategies for School Laptop Management, hosted by Absolute’s Geoff Glave and Joe Fives, Director of Technology and Information Services for the Kansas City Kansas Public School District.

This school district has learned how to use Computrace to track over 6,000 macbooks, successfully – and securely – implementing a laptop program that supports the education program. You will have a chance to learn about everything from grant approvals to theft rates and even recovery stories!

Head on over here to learn more and to register to watch.

Microsoft has issued a security advisory for Windows XP users that pressing the F1 key when prompted to online could put users at risk for a hack.

The F1 key vulnerability exists because of an un-patched vulnerability in Internet Explorer that would allow hackers to hijack the source PC.

Microsoft is investigating new public reports of a vulnerability in VBScript that is exposed on supported versions of Microsoft Windows 2000, Windows XP, and Windows Server 2003 through the use of Internet Explorer. Our investigation has shown that the vulnerability cannot be exploited on Windows 7, Windows Server 2008 R2, Windows Vista, or Windows Server 2008. The main impact of the vulnerability is remote code execution. We are not aware of attacks that try to use the reported vulnerabilities or of customer impact at this time.

Microsoft may supply a security patch for this vulnerability in an upcoming patch release. No date or confirmation of this patch is available.

Via network world

There’s been a lot of buzz about the website PleaseRobMe – so much, in fact, that the site has been down every time I went to see it in the last week! The site, by aggregating public location-based check-ins, highlights just how many people are asking for their homes to be robbed. How? By advertising just where they are – a restaurant, theatre, etc. Essentially, anywhere but at home.

Now, this type of information is not new. It’s the same thing as advertising in a newspaper about when you’re getting married or that a relative has died. However, these location-based services – Foursquare or even Twitter – have made the practice more prevalent and prolific.

What do you think about location-based services? I don’t use them, but I do admit that I often tweet things such as “out for coffee with my husband”, giving any potential robber the opportunity to rob me.