Archive
Laptop Security Blog Internet Safety is an important topic for educators, and a number of resources are being developed to aid teachers.
A number of videos are being created around Internet Security, and these videos are being uploaded to sites such as YouTube or TeacherTube. Videos aid with visual learning and are great to engage students in dialogue.
Here are some great examples of Internet Safety Videos.
A Slashdot user wrote in and asked for reviews on laptop tracking software. The user had been held up at gunpoint and had his laptop stolen, it was a horrible experience and he was looking for advice on how to protect his new laptop purchase.
There are 175 comments so far on the post. One user advises a self-made solution, out of fear that laptop tracking is an invasion of privacy. This is a bit of a paranoid stance, as laptop tracking is only activated when your laptop goes missing. And is invaluable during those times. One user addresses the fallacy of the argument with this example:
Your argument is weak, it is like saying “I don’t want to have an alarm in my house because they will know when I am not at home when I activate it”.
Encryption is a big part of the conversation, although this only covers the security aspect of the laptop, and not tracking and recovery.
It sounds like most of the comments come from the consumer perspective. Comments revolve around the physical cost of the laptop, not around the cost of the data it contains, or the cost of that data if it were to be breached.
Very little tangible advice has been given thus far about laptop tracking software solutions. Lojack and Computrace were mentioned in one reply, but no other products have been recommended. The conversation has become derailed from a dialogue comparing software solutions, as was originally intended, to paranoia about using any solution at all. When it comes to laptop theft, one cannot be paranoid enough – but when it comes to protecting that laptop, one should take practical steps to keep data secure by installing tracking and recovery software.
Learn more about the real cost of a laptop theft here.
Tags: laptop theft, laptop recovery, laptop tracking, absolute software, lojack, computrace
Here is another great list of back-to-school technology essentials for high school or college students. The Vancouver Sun’s top 10 list of techno-savvy gear includes:
All of this technology should come with security education. It is important to teach teens about Internet Safety, about protecting personally identifiable information, and preventing laptop theft.
Tags: technology, student technology, school, back to school
A member of the House of Lords committee, Lord Harris of Haringey, has reinstated his support for a data breach notification law and its recommendation by the Science and Technology Committee.
Lord Harris believes businesses should be more security conscious and that, in some cases, the financial penalties of data breaches are not strong enough.
A data-breach notification law would “concentrate the minds” of companies holding data, because loss of data would have an impact on that organisation’s reputation, said Harris. He added that all board-level executives should be legally liable for data loss.
The Met’s Special Crime Unit has concerns over the creation of any data breach law, as there is currently no structure in place to deal with policing data breach notification. They caution that the response be proportionate to the size of the company or issue.
David Evans, senior guidance manager at the ICO mentions:
“If we’re allowing businesses to have self-control, we should expect openness and transparency. If their security measures aren’t adequate, they should be expected to cough that up. However, if the reputational risk [of disclosure] is bigger than the risk of not disclosing data loss, then companies may decide not to notify,” said Evans.
The law is still in early planning stages.
Via ZDNet UK Tags: uk law, security breach, data breach, data breach notification, it security, it security uk
The Computer Security Institute has released its annual Computer Crime and Security Survey. The survey indicates that insider threats do not cause as much damage in a security breach as previously thought.
The report indicates that insider attacks are now the #1 most common cause of security incidents - 60% of respondents have experienced insider-related issues in the past year. Viruses previously topped the list of security incidents.
Company losses due to cybercrime have doubled over the past year, so the cost of poor security is increasing. However, despite the predominance of insider-related issues, they only account for 20% of losses.
In 16% of cases, cybercrime costs exceeded 60% of losses; in 5%, cybercrime costs exceeded 80% of losses. There is a good deal of variability in the costs of cybercrime. Most likely, this is due to the fact that data breaches vary widely.
The biggest red flag in the survey was in regard to compliance:
Some 30 percent of respondents stated that, despite new laws concerning breach disclosure, they experienced at least one incident that was never reported outside the organization. Only 29 percent reported incidents to law enforcement agencies.
The fact that breach notification is being overlooked, despite compliance laws designed to prevent it, is quite disconcerting.
Twenty-six percent said they did not report their incidents to law enforcement because of fears of negative publicity. Twenty-two percent said they believed law enforcement would be unable to help them, and 14 percent said they feared their competitors would use the breach reports to their advantage.
Via Dark Reading Tags: it security, business security, data breach, compliance, security compliance, data breach notification
Some big news in Vancouver has followed in the wake of the theft of six computers from a company called Workspace. The news has spread like wildfire around the web because, in the case of this theft, the suspect unknowingly identified himself by playing around with his new stolen computer’s camera.
One of the six computers stolen from Workspace, an open-concept shared work environment in Vancouver’s Gastown, is set up with a program called Photobooth. Photobooth uses the in-built camera on the Mac to take snapshots; in combination with a second program called Flickrbooth, it has the ability to share those photos online. This particular iMac computer sat on the coffee bar area of Workspace as a communal computer, and Photobooth is a popular application visitors use to leave a brief hello.
This story has hit the news because the thief, or the buyer of the stolen computer, stumbled upon the Photobooth application and decided to take a couple of photos of himself. What he didn’t know was that Workspace had the application pre-set to automatically upload those photos to Flickr (a photo sharing service). The suspect has, therefore, revealed his identity.
Last week a number of computers were stolen from our office in Vancouver, BC. One of those computers was a shared iMac with Flickrbooth, an app that automatically uploads photo booth shots to our flickr account, installed on it. Just this morning a friend called to tell us that there are photos of whoever has the computer now in our flickr stream! Obviously the guy didn’t know he was uploading images of himself and his awesome tattoos.
The news was first reported by Workspace owner Bill MacEwan, who noticed the photos appear in his Flickr stream.
The photo is of a man without his shirt, and with many identifiable tattoos. He took a second picture of his large back tattoo, ironically making himself even more identifiable. This picture, coupled with security footage could assist police in finding the suspect. He may, however, be none other than a knowing or unknowing purchaser of the stolen laptop, in which case his identity has been revealed to the detriment of his character.
Although the photo is an unusual element in this case, it should not be taken that programs such as Flickrbooth/Photobooth are replacements for computer tracking and recovery programs. Computer security is far more complicated, and computer recovery is still most guaranteed with the use of laptop recovery software such as Absolute Software’s Computrace/Lojack programs. This case hinges on both luck and stupidity, but the data on these computers may still be at risk, and there is still a chance the computers may not be recovered.
Earlier this year, the Federal Trade Commission (FTC) released a report that indicated that young adults are at high risk for identity theft.
According to the report, youth spending longer periods of time online are putting themselves at high risk for exposing personal information. People between 18-29 experienced the highest levels of identity theft with 31% of total thefts.
College students do not realize how serious the threat of identity theft actually is, said Johnny May, certified identity theft risk management specialist and author of “Johnny May’s Guide to Preventing Identity Theft.”
“I think [students] believe they don’t have anything worth losing,” May said. “The reality is this makes is easier for identity theft to occur.”
Youth are not overly proactive in the area of I.D. theft security, most figure they don’t have much worth stealing. Therefore, they do not follow the basic steps to prevent identity theft. Youth should be encouraged to shred any documents with personal information, get an updated credit report, install antivirus software, and use a firewall.
“College students need to treat their personal information as if it were gold,” May said. Once it is out there, you can’t take it back.”
Via State Hornet ; hat tip to flying hamster ; Tags: identity theft, youth, id theft, id theft prevention, security
Consumers who are concerned about Identity Theft have a tool at their disposal: the credit freeze.
Two years ago, the credit freeze was almost unheard of, but now, 39 states allow you to freeze your own credit file.
When consumers freeze their credit file, they put a stop to all new credit activity. No new accounts, credit cards, or loans can be issued. This gives consumers peace of mind that new credit is being issued without their awareness.
Whenever consumers want to extend their credit in any way, they can temporarily lift the freeze. A freeze is lifted by providing a PIN number. The credit freeze, therefore, does not prevent consumers from accessing their own credit.
To set up a credit freeze, consumers must notify all 3 credit bureaus (Experian, Equifax, TransUnion). Some states may require a small fee to initiate or lift a freeze.
Consumers can read more about state-by-state credit freeze laws here.
Note: this does not protect consumers from thieves using existing credit cards or bank account numbers, so consumers should be vigilant with respect to identity theft prevention tactics.
Tags: credit freeze, id theft, identity theft, consumer id theft
Ameritrade has sent a notification to customers of a data breach that resulted from a hacker. In the process of investigating a spam issue, Ameritrade discovered rogue code in their systems, which allowed information to be retrieved by an external source.
The database containing the rogue code contained personally identifiable information for 6.3 million customers.
Ameritrade notified customers that their personal information was accessed, but as yet there are no details as to whether or not personal identity data was breached (in this case the concern was over Social Security numbers).
Information on client assets, user IDs, passwords and PIN numbers were not stored in the affected database.
This is Ameritrade’s third data breach in as many years, and their handling of this latest issue was much more more proactive than previous incidents. Notification has not been required at this stage, as identity data is not known to have been breached. However, this proactive approach goes a long way to restoring consumer confidence.
The Ameritrade advisory notes that no action is required of customers at this point.
Via InformationWeek (1, 2) ; Tags: ameritrade, data breach, data breach notification, hackers, it security, security, business security
eWeek has put together a slideshow of the “Worst Data Breaches Ever.” The data breaches were defined as “worst” not just on the basis of numbers of records or people affected, but also on the basis of the responsiveness of those organizations to notify the bodies affected, the extenuating details of the data breach, and the organization’s responsiveness to addressing the issues that caused the breach.
Included are the following data breaches, including the number of people affected and the method of data exposure:
From the examples given in this slideshow, hackers and data devices being lost or stolen were the primary causes of data breach.
Tags: data breaches, data loss, identity theft, business security, it security