Microsoft recently released a new survey of 3,600 security, privacy and marketing professionals in the US, UK and Germany entitled “Microsoft Study on Data Protection and Role Collaboration Within Organizations”. The study indicates that poor collaboration leads to twice as many data breaches, and that the cost of data breaches is on the rise.

Key findings from the survey:

• 78% of respondents believe the marketing department informs security & privacy executives of its personal data collection initiatives; yet, only 30% of marketers actually do this
• Phishing for personal data went up 150%, Trojans for personal data went up 500% yet poor collaboration accounted for twice as many data breaches over the past 2 years
• 74% of respondents with poor inter-departmental collaboration suffered a data breach in the past 2 years
• 29% of respondents with good inter-departmental collaboration suffered a data breach in the past 2 years

Corporate units all think of protecting personal data in different ways. Marketers are concerned with reputation and trust; privacy experts with regulatory compliance; security professionals with protection from attacks. The different priorities, different reporting structures and lack of collaboration leads to trouble. Collaboration benefits the goals of all parties, but the disconnected reporting structures make collaboration difficult to achieve.

Many departments may assume that the IT department is securing all data, and thus feel they have little responsibility in data management.

Brendon Lynch, a privacy strategist with Microsoft, notes:

“It shows the need for better collaboration that accounts for the entire data lifecycle. You can’t just assume the IT security people are taking care of it all.”

There is no single solution for effective data protection collaboration, but awareness of the issue is the first step towards planning effective security policies.

Via eWeek.com & search security Tags: data security, collaboration, it security, data breach

A man stole 150 laptops from offices in 5 states in the past 5 years by portraying himself as ‘trusting’ to office employees.

A clean-cut and well dressed man would walk into an office and mingle with the company staff. He would blend into the crowd in his “faceless” attire and manner. When they left for the day, he’d pack up the office laptops and walk away. Eric Almly was a serial laptop thief - known to some as the Khaki Bandit - until he made one fatal mistake. He went up against LoJack for Laptops - and lost.

Eric Almly had his routine down - he’d practiced until perfect. His operation, from choosing his targets to the resale of his stolen goods online, was flawless. No fingerprints, no leads from video surveillance, no connection between stolen goods and online sales.

But Eric Almly chose the wrong target in April of this year. He stole 11 laptops from the Tampa headquarters of Outback Steakhouse; unfortunately for Eric, 9 of those laptops were equipped with Absolute Software’s LoJack for Laptops.

The stolen computers transmitted the computer’s physical address to police, and police were able to nab the thief. Almly was then connected with many other crimes from the evidence on hand.

Almly had gotten away with 139 laptop thefts before being caught, and would have continued to evade police had Outback Steakhouse not protected their laptop computers with Absolute’s product.

Via sptimes, wsj Tags: eric almly, lojack, lojack for laptops, laptop security, laptop theft, serial thief, laptop recovery

The Government Communications Headquarters (GCHQ) in the UK has begun a month-long campaign to attract Internet-savvy gamers into intelligence careers. Essentially, the government is looking to hire gamers to IT jobs. The GCHQ is the surveillance arm of British intelligence - comparable to the  American NSA.

The GCHQ is taking an aggressive approach to attract these tech savvy gamers. They are embedding job ads within video games such as  “Tom Clancy’s Splinter Cell: Double Agent.” This is the World’s first in-game recruitment advertising campaign.

Screenshot via Spong

Billboards advertising open GCHQ positions will appear in scenes of various video games (computer, Xbox).

“The world of online gaming offers GCHQ an additional route for targeting a captive audience,” explains Kate Clemens, Head of GCHQ’s Digital Strategy at TMP Worldwide. “These gamers are loyal and frequent users of PC and console games and are particularly receptive to innovative forms of advertising.”

Government recruitment strategies have changed. Online ads, paper ads, campus recruitment - all may be usurped by more interactive forms of advertising. This method of recruitment will enable the GCHQ to further refine the applicant pool to a more specific subset of IT professionals.

Via CSO Online, AP, Onrec Tags: recruitment, gchq, government, it, intelligence, advertising, job posting, gaming, gamers

Absolute Software announced today that it has attained Gold Certified Partner status in the Microsoft Partner Program. This is the highest level of Microsoft partner certification.

Gold Certified Partners meet Microsoft’s highest standards of technology experience. The program rewards the impact that technology partners have in the marketplace.

“The Microsoft Partner Program brings together technology providers who are passionate about making an impact on the Canadian economy,” said Lora Gernon, Director, Partner Group, Microsoft Canada Co. “Absolute Software, who has achieved Microsoft Gold Certified Partner status, demonstrates commitment to growing Canada’s technology industry by focusing on excellence in the IT security industry.”

The Certification solidifies Absolute’s dedication to security software and opens new opportunities to better network with Microsoft’s extensive Partner network.

Read the announcement here.

Tags: microsoft, gold certified, absolute, absolute software, security, security software

Source: West Virginia Government
Number Affected: 200,00
Information breached: Social Security Numbers
How: Lost data tape

West Virginia officials are warning 200,000 past and current members of 3 health insurance programs (PEIA, Children’s Health Insurance Program, AccessWV) that their personal information may have been breached.

A data tape with names, addresses, marital status and Social Security numbers was lost during shipping with the United Parcel Service (UPS). The package was compromised during transit and the data tape slipped out.

This is an example of a very accidental loss of data. This particular data tape can be read only by specialized data processing equipment with specific software. Though this is not a guarantee against data theft, it is a deterrent. Data devices should also be included in security policies and appropriate software, such as encryption, installed.

Via SC Magazine & Daily Mail Tags: data breach, west virginia, lost data, ups

It is no surprise that identity theft is a big problem for businesses. Stakeholders are increasingly concerned that their data is well protected. With media interest in data breaches increasing, businesses are facing increased scrutiny surrounding their data security practices.

According to the Privacy Rights Clearinghouse, over 167 million files with personal records have been breached since 2005. Portable data devices have increased the frequency of data breaches, as security policies have not evolved to cover the many accidental ways data can move or be lost.

The Tuck School of Business at Dartmouth held a workshop recently on this subject. A reporter at the Concord Monitor noted:

“Security for today’s employers means more than installing a firewall and keeping up to date with the latest virus protection software. It means rethinking employee practices and developing a culture in which employees are mindful of the security risks their actions pose to the company.”

The workshop addressed the fine line between being prepared and being paranoid. Even with perfect security measures - technology & training - data can still be breached. Security needs to be monitored around the clock for appropriate protection - knowing exactly where all data is, and determining whether it is being accessed when it shouldn’t be. It’s a task nearly impossible to surmount.

Best practices are not perfect, but provide a great deal of protection. Having good technical security solutions and consistent employee training is the best means of protection. Employees are responsible for more data breaches than inadequate technology. A culture of safe - not paranoid - security practices is highly suggested.

Via concord monitor Tags: security policy, identity theft, data breach, business, it, it security, security

Home Depot has confirmed a data breach affecting 10,000 employees as a result of a laptop theft.

A laptop containing personal data for 10,000 employees was left by the regional manager in a car, and was subsequently stolen. The stolen data included names, addresses and Social Security numbers.

The laptop was password protected, but no other security features were detailed. Home Depot does have a policy about taking data offsite, which the manager violated by leaving the laptop in his car.

“The Home Depot takes data security seriously and works very diligently to protect its customers’ and associates’ privacy,” said Sarah Molinari, corporate communications manager for Home Depot. “We continually work to upgrade and improve our data security and privacy systems.”

Exactly what those data protection measures are was not specified. Home Depot issued what is now a de facto statement about the theft:

“We have no reason to believe that the data contained on the laptop was the target of theft, or that any personal information was accessed or used improperly,” DeFeo said.

Free credit monitoring is being offered.

Via AP, CNET Tags: home depot, laptop theft, laptop security, data breach, identity theft

Absolute Software will be hosting a Webcast on October 30th. Ben Haidri, the head of Absolute’s Business Development, will be giving a talk on the challenges of balancing security with computer mobility.

Ben Haidri has more than 20 years experience in the technology field, specifically in security and wireless technologies.

The Webcast will cover:

• changing dynamics in the market
• cutting-edge technology
• new wireless devices
• the emergence of handheld mobile computers from cell phones
• changing attitudes towards work and leisure
• new mobile security threats
• solutions for evolving security needs

The Webcast will be held on October 30th at 12pm EST for one hour.

Sign up here to attend the Webcast.

Tags: webcast, absolute software, mobile security, security webcast, it professionals

InfoWorld wrote a great article last week about data management. Recent data breaches is are demonstrating a clear trend - companies don’t know what information they have, or where it is.

Iron Mountain recently released a survey with 2000 IT professionals and legal experts about data storage. Their survey found that 65% of respondents do not have a records management strategy. This affects data retention, storage, back-up and management.

Laura McDaniel, director of compliant records management at Iron Mountain had this to say:

“From a records management standpoint, most companies may have some sort of retention schedule or policies or procedures in place, but many are still in the dark ages in terms of adopting these rules across their entire organization, especially for electronic records.”

38% of companies report uniform policies for the disposal of confidential information, despite government and industry regulations in this area. Companies could also extend a data destruction strategy to include the ability to remotely delete breached data.

The survey did indicate a positive trend toward companies committing to enterprise-wide records management. One of the barriers to implementation has been a lack of senior-level support for the program, and clearly defined roles for committee members. The next obstacle is identifying where all the data resides in the company.

Tags: data security, data mangement, records management, data, it security

The Transportation Security Administration (TSA) has suffered a data breach as a result of two laptop thefts from an undisclosed contractor.

3,930 commercial drivers for The Hazardous Materials Endorsement Threat Assessment are at risk for identity theft as their names, addresses, license numbers and some Social Security numbers were breached.

The laptops belonged to a contractor working for the TSA. The two laptops were stolen from the same contractor on separate occasions. Earlier this year, the TSA breached personal information for 100,000 employees when a hard drive was stolen.

After the first laptop theft, the contractor told the TSA that personal information had been deleted from the laptop prior to its theft. After the second theft, TSA investigators found that the deleted data could be accessed by someone with data recovery skills. TSA has instructed the contractor to encrypt all hard drives.

Ironically, the data breach was announced one day before the TSA began collecting personal information for background checks for all its 750,000 employees.

Via Associated Press ; Tags: tsa, transportation security administration, data breach, lost laptop, laptop security, laptop theft