Archive for September, 2007

This is something I had never personally considered – the importance of shredding your junk mail.

Cockeyed.com has proven, by demonstration, how ineffective just tearing up your junk mail is. Their demonstration shows just how easy it is for someone to hijack your credit this way:

1. Rip up junk mail Credit Card Application form into many pieces
2. Put said pieces back together
3. Tape up application
4. Fill in application
5. Check box with “Change My Address” and insert another address
6. Insert different phone number in the “Cell Phone” area
7. Send in application

So, is tearing up the application good enough to prevent credit/identity theft? Well, despite the advice to “tear or shred” all junk mail by the FTC, it was not.

The new credit card arrived in the mail to the changed address. They were able to activate it with the cell number provided on the application.

Yes, that’s right. The credit card company accepted the obviously torn up application and issued a card. No phone call to his home number to ensure the application was valid. Another very good reason to purchase a shredder.

Via infoworld Tags: shredder, junk mail, credit card company, credit application, id theft, identity theft, credit fraud, credit card fraud

The Kansas City School Board has approved a new program to supply all high school students (5,550) with laptop computers for the school day. The program will cost the district $6.4 million over 4 years.

“This is a bold, bold move and a difficult decision for the board,” acknowledged Superintendent Jill Shackelford.

The School Board has approved the program in order to “bridge the technology gap.”

As of yet, it has not been decided if students will be allowed to take the laptops home at night. Admittedly, this poses a greater security threat. If the lending program goes ahead, $10 computer insurance will be bought for each computer, and data security software to remotely wipe data will be installed.

Absolute Software’s Computrace products allow you to recover lost laptops, and also to remotely wipe data if needed.

Via KansasCity.com Tags: kansas city, laptop program, education, education technology, laptops in schools

An article on InterGovWorld caught my eye. A recent study from Input has identified government IT spending patterns, and it’s clear that the fourth quarter sees the majority of spending.

The US Government will spend nearly $22 billion on IT in the fiscal year, which ends September 30. This is a record amount to be spent on IT. 33% of that budget is spent in the fourth quarter, as agencies try to use up the remainder of their budgets. There is the mentality that if you don’t use the allotted budget, it will be reduced the next year. So, spending is accelerated as the fiscal year goes on.

The budget for the next fiscal year is often not approved right away, so there is a period of time in the first quarter where the spending is cut back due to the unclear budgetary means.

Although the study does not relate specifically to the allocation of IT spending, it would seem to me that the budgetary fluctuations could have a negative effect on IT spending. While the slow quarters allow time for planning, there is a rush during the spending quarters to max out the budget. Many decisions are initiated by vendor suggestions, and this could point to one of the issues regarding IT Security.

If decisions are not made as to the spending which will happen during the fiscal year, and for which exact products, the specific IT needs may be overshadowed by the rush. Decisions may be made based on the availability of, or presentation of, certain products by certain vendors. This is different than going into the spending process with a set plan of what to buy and from whom, in order to fulfill an IT need.

Vendors play a very important role in the process of IT spending, and are crucial to companies and agencies in understanding the changing IT landscape and their own needs, but the report here indicates an inefficiency in Government spending allocation that could result in a fractured IT strategy.

Tags: IT spending, government spending, IT, IT security, government security, budgets

Miami-Dade County Public Schools rolled out a new version of their web portal on Monday which provides increased online resources to parents, students and teachers.

On the new portal, you can look up school bus routes, check grades, report a dirty school bathroom, or even order groceries. Information is tailored for Students, Parents, Employees & the Community. Under community, you can learn about local blood drives, mentoring and more.

Students have unbounded resources. From news to academic assistance, resources for learning, career prep, a virtual library, and a portal they can log into for private information such as online collaboration, assignment postings and online versions of their textbooks. Parents have access to the same information, including textbooks to assist in homework.

The information for students & parents is immediate and up-to-date. Achievement can be monitored more closely on a single organized site, and resources for improvement are more readily available. Grades are available online, as well as information on missing assignments and absentee listings.

To set up an account, parents have to obtain a PIN number from their child’s school. Parents must get a PIN number for each child and, for security reasons, must go to the school in person. ”The schools know which parents belong to which children,” said Debbie Graper, a technology administrator with the district.

The Miami-Date project is designed to get parents more involved in their children’s schoolwork, a key to student success. The project, which cost $3.2 million and was done in partnership with Microsoft, serves 53,000 employees and 342,000 students.

Earlier this year, 13 Miami-Date schools were named in Newsweek’s Top High School list.

Via Miami Herald ; Tags: miami dade, miami dade school district, school portal, education portal, education technology, school technology, online learning

Telework Exchange has released another interesting report titled “Remote Control – Federal CISOs Dish on Mobility, Telework, and Data Security.” The study, done in co-ordination with HP, found that 94% of Federal CISOs do not consider telework programs a security threat. Most (63%) consider mobile devices the #1 security threat.

83% of Federal CISOs report that laptop use has increased over the past year; for 17% of the respondents, laptops account for half of all Agency computers.

In order to remain FISMA-compliant, the CISOs recommend data security training for all employees, an audit of how many employees work outside the office, and a solution to ensure teleworkers are compliant with the official telework program.

Eric Brennan, director, PSG Solutions Marketing, HP, notes that the lack of security concerns regarding telework is,

“further evidence that when agencies establish telework programs with proper security training, support, and equipment, Federal employees can safely benefit from more work/life balance, freedom, and cost-savings from reduced commute times.”

This data is in line with another of Telework Exchange’s recent studies which showed that teleworkers pose little security threat, and are well managed. It is the “unofficial teleworkers” who pose the greatest security threat. Therefore, the internal audit and mandatory security training are essential.

Tags: telework, ciso, business security, working from home, home office, security, it security

The Ponemon Institute has published a new report that exposes the security risk of off-network data devices. The report accuses companies of having lax security when it comes to data on devices that are disconnected from the network.

The survey of 735 senior IT security professionals found that:

• 62% of respondents confirm, or are unsure, that off-network devices contain unprotected confidential or personal information
• 39% of respondents do not view the management of off-network devices as critical to security
• 70% of data breaches have resulted from the loss of off-network devices
• 30% of respondents have no way to detect the loss of data on off-network devices
• 73% of respondents experienced the loss or theft of a data-bearing machine sometime in the last 2 years

Clearly, the data indicates a counter-intuitive attitude towards off-network security. Although most data breaches can be linked to the theft or loss of data devices such as laptops or PDAs, a large proportion of companies consider off-network security a low priority.

30% of companies, as indicated above, feel unable to track data leakage in these off-network devices, pointing to the challenges posed by this area of IT security.

“Protecting data that is stored on devices outside the confines and control of the corporate network is a problem for which many companies simply do not have a solution,” said Dr. Larry Ponemon, founder and chairman of the research company bearing his name. “Our research shows that, while most companies recognize the risk off-network data poses, few seem to have a grasp on how to manage the many challenges off-network data present to maintaining a strong data security program, and many do not even have a policy to address the situation.”

You can download the report here [PDF]

Via ZeroDay Tags: off network security, security, it security, laptop security, data security, data breach, data loss, security policy

We recently referenced an education technology piece on Absolute’s website, and I wanted to highlight it over here. The article by Westchester1 is called “High Tech Checklist for A-plus Students” and covers all the latest back-to-school technology for high school and college students – and what you need to keep it all safe.

All the latest technology (and what you need to protect it) for back-to-school:

1. Laptop Computer - for homework, research, and social networking.
   • Laptop Tracking & Recovery Software - such as Absolute’s LoJack for Laptops
   • Security Software & Hardware – includes the other basics like anti-virus, anti-spyware, encryption and firewall software, and a good cable lock
2. MP3 Player - one with good audio recording for recording lectures. Effective learning is both visual and aural.
   • Protective Materials - a case, screen protectors, & ID tags (or engraving)
3. Portable Gaming - for play and multi-purpose applications including Internet access
   • Lock it up – keep it in a locker, even in your dorm room. Out of sight is a plus, locked is a preference.
4. Cell Phone - one complete with a camera phone or video capabilities. Get a good data plan. Communication is vital to social learning, and for families too.
   • Protect it - most people overlook this. You can password-protect your address book or other personal information & pictures. Consider a replacement policy if the phone is lost or stolen.

Via Westchester1 Tags: back to school, technology, school, education technology, kids technology

Connecticut Governor M. Jodi Rell has ordered new laptop security controls for Connecticut agencies and employees. In a statement issued recently, Governor Rell asked that the CIO for the Department of Information Technology (DOIT) prepare a new policy before September 7.

The new security policy must include the following:

• agencies must immediately notify the DOIT of a lost laptop
• agencies must monitor & restrict sensitive data from going onto laptop computers and portable devices
• the expanded use of secure remote data access, including VPN technology
• the deployment of encryption tools to agencies

A multi-agency working group will identify the standards and tools to be implemented throughout the government.

“Sensitive data should not be loaded onto a laptop,” Governor Rell said. “Laptops can be targets for thieves and every State employee must be vigilant and adhere to common sense practices to secure the taxpayer-funded equipment and data with which they have been entrusted.”

This announcement follows a recent data breach regarding a laptop theft at the Department of Revenue Services.

“This new policy will address that and other laptop security issues. Common sense practices, strong policies, and institutional and individual vigilance are required to strengthen protections of laptops and data.”

Tags: laptop security, it security, government security, data security

The Connecticut Department of Revenue Services (DRS) has issued a statement that a laptop containing personal information for 106,000 people has been stolen.

An Agency laptop containing names and Social Security Numbers for 106,000 taxpayers was stolen earlier in August from the DRS office in Hartford. The laptop was password-protected, but no word on whether or not it was encrypted or protected in any other way.

The DRS will be contacting affected individuals. Those affected will get a free copy of their credit report. DRS Commissioner Pam Law noted:

“While there is no indication that any information has been compromised in this instance, I want to assure citizens that everything that can be done will be done to safeguard residents’ personal data”

One would hope that this means upgrading their security policies to include more stringent security technologies such as computer tracking and recovery software (like Absolute’s Computrace products) , and laptop locks within the office.

Via courant Tags: data breach, identity theft, connecticut department of revenue services, drs