Ken Colburn (aka the Data Doctor) was on CNN a couple of weeks ago to give some simple advice on protecting your sensitive information if your computer is stolen. The most common mistakes people make that put data at risk on lost laptops, according to Ken, are: not set a password on the computer, auto-saving username and passwords, and leaving sensitive information unprotected by alternate passwords or encryption.
As you can see from the video below, Ken goes on to recommend software than can help make your computer more secure and/or recover it. He recommends LoJack for Laptops / Computrace, as well as other programs listed here.
Thanks Ken for the great coverage!
Also in the news: Microsoft will stop selling its Windows Live OneCare consumer security service and will re-release it as a free download by the end of 2009. They hope this will mean less malware. Speaking of malware, a new trojan came up a couple days ago that can send both Mac & PC users, even with patched software, to impostor websites. Ouch!
Secunia has followed-up to a survey done one year ago to see if PCs are any more secure this year than last. The data was collected from 20,000 new users of their software in the period of a week, mirroring the same sample from a year previous. The software is thus able to give a snapshot of how many installed programs are “secure” or “patched.”
Based on the data, PCs are more insecure than they were last year. Only 1.91% of PCs scanned could claim to have full secure / patched programs. The rest were not running the latest (and most secure) version of software available on at least one program.
0 Insecure Programs: 1.91% of PCs
1-5 Insecure Programs: 30.27% of PCs
6-10 Insecure Programs: 25.07% of PCs
11+ Insecure Programs: 45.76% of PCs
Quite scary that nearly half of those 20,000 PCs had more than 11 programs unpatched! Leaving programs unpatched makes them targets for hackers, which can lead to data leak issues if not stopped up. Mainstream programs like Microsoft Office, Adobe Flash and broswers are major targets for hackers.
So, perhaps now is a time to run your security updates? On PC and Mac, most programs can be updated automatically, or all together. In a few instances, you may need to ‘check for updates’ in individual programs. Of course, in a corporate environment, where you’re dealing with hundreds or thousands of computers, you need a way to manage this at once. Absolute’s asset tracking can help inventory what software and patches are installed, but other strategies (including Secunia PSI) can supplement in rolling out updates regularly.
Some great news from Absolute Software - The ASUS B50 line of business notebooks will now provided embedded support for Absolute’s anti-theft and management solution, Computrace.
ASUS is one of the world’s top 10 notebook manufacturers, with the B50 taking into consideration the needs of mobile business executives. The B50 features an integrated biometric fingerprint scanner, Trusted Platform Module for secure login and encryption, and now embedded Computrace support. You can read more about this news here.
What does embedded support mean?
This means that all the great features of Computrace are embedded at the firmware level, not the software level. When consumers activate the service, Absolute can provide a level of security and recovery capabilities at a higher level.
Embedding support for the Computrace agent into the BIOS provides customers the highest level of persistence and allows the Computrace agent to survive operating system re-installations, hard drive reformats and even hard drive replacements. That means anyone trying to remove the security features to get at your data is going to have a much harder time.
For a full list of computers with embedded support for Computrace (Dell, Fujitsu, etc), check here.
Also in company news, Absolute will showcased it’s laptop security solutions at the Intel Developer Forum (IDF) in Taipei on October 20-21. For more information, read here.
The Transportation Security Administration (TSA) has changed its policies (as of August 16) to allow for certain types of laptop bags to go through the security scanner with the laptop inside. No need to take out the laptop - a process that takes time and risks the laptop being accidentally dropped or stolen.
There are several new laptop bags that meet the TSA criteria of:
Designated laptop-only section
Laptop section completely unfolds to lay flat on x-ray belt
No metal snaps, zippers or buckles around the laptop section
No pockets around the laptop section
Nothing packed in the laptop-only section other than the laptop
Computerworld has put together a good list of the laptop bags available already to meet these new specs. The laptop bags fall into 3 types:
Butterfly-style to open flat: one side the laptop, the other side storage
Double- or triple-compartment bags that unfold (like a garment bag)
Notebook sleeves (many existing on the market)
The bags that have been manufactured fall into many categories - from standard shoulder bags to wheeled bags to folded-backpacks. There’s probably one to fit your preference.
Having one of these bags will not guarantee that you won’t have to remove your laptop - if the security scan doesn’t give a clear enough picture of your laptop, you will have to take it out.
The National Institute of Standards has released a new draft of recommended guidelines on cell phone & PDA security, helping companies to navigate this overlooked area of data security. Mobile devices pose an increasingly large risk to data security. Lost or stolen laptops are currently one of the main causes of data breaches, so the increased data access capabilities of even smaller mobile devices increases the risk of data breaches as the result of lost or stolen devices.
Publication SP 800-124 provides an overview of mobile devices in use today and insights on making IT security issues regarding their use. Threats increase for handheld devices due to their size & portability and the available wireless services. These two issues increase the risk for loss / theft, unauthorized use, malware, spam, electronic eavesdropping, electronic tracking, cloning and server-resident data.
The guidelines give many examples of these types of threats as well as safeguards that can be put in place. The safeguards suggested include:
Central management of devices - have organization-issued devices with a system to centrally configure and manage devices & their updates
User-oriented measures - teaching employees about procedures to follow using organization devices (understanding the security features & how to use them)
Authentication - require user authentication with PINs and passwords
Backup data
Reduce data exposure - avoid sensitive information being on, or accessed by, any handheld device. Encrypt any sensitive data.
Turn off wireless interfaces - minimize risk by only turning them on when needed
Add security software such as firewalls, antivirus, VPN, etc.
Absolute Software has announced a new service to add to their comprehensive data security Computrace suite. Post-theft forensic auditing services will now be offered through the online customer center IT asset management portal. Organizations will be able to determine if sensitive information on lost or stolen computers has been accessed. It will also be able to determine if an encrypted volume or password has been compromised.
John Livingston, CEO of Absolute Software, notes:
“The ability to track computers off the network, physically recover missing computers and remotely delete sensitive information with the assurance that the data has not been accessed by criminals is essential for true compliance with data protection regulations.’
The ability to determine if information has been accessed provides visibility and accountability in the event of a data breach. Organizations will be able to prove that they have removed sensitive information from lost computers (via the remote data delete) and will also be able to prove that the lost information is safe.
This new service helps companies confirm compliance with data privacy regulations, and can also aid in the breach fallout with stakeholders. By demonstrating that data is safe, an element sorely missing from most breach notification announcements, companies can retain the trust and security of their valued stakeholders.
Absolute Software and McAfee have joined forces to collaborate on an interoperable risk management solution. This solution would integrate Absolute’s flagship theft recovery, remote data delete and IT asset management solution Computrace with McAfee ePolicy Orchestrator.
Absolute Software has joined McAfee as a founding member of the McAfee Security Innovation Alliance, a technology partnering program that speeds the development of interoperable security products towards the “triple promise” of threat protection, risk reduction and compliance management.
The Alliance is taking a role in providing leading products to enterprise consumers in an integrated way - simplifying the complexity of the security environment. John Livingston, Chairman and CEO of Absolute Software, says:
“McAfee is taking a real leadership role in providing enterprise customers with integrated security and management capabilities. Integrating our products with the McAfee ePO management console provides customers with both secure and manageable solutions.”
The McAfee ePolicy Orchestrator allows for the ideal layered approach to computer security we’re always writing about. It will allow companies to access a single user interface to centrally-manage all of their security and compliance products from those ‘best of’ partners in the Alliance. Altogether, companies can access solid data breach protection by using Alliance products and the McAfee ePolicy Orchestrator.
You can read more from the news release here and more about the Alliance here.
It should come as no surprise that laptops top the list of most stolen gadgets. They are small and attractive for black market resale. Switched.com has put together a list of the top 5 most stolen gadgets, and steps you can take to prevent theft, or to minimize its consequences.
The 5 Most Stolen Gadgets:
Laptops - tips include locks, passwords, insurance, encryption and tracking software
Cell Phones - use a password, call your cell company to deactivate it, call the police
GPS Devices - remove the device and its mount when you park, use a friction mount (so no ring is left visible), also use a password, close car windows, and install a car alarm
Car Stereos - remove faceplate, use a security code, use a car alarm, log serial number
iPods - use other headphones, conceal the player, be careful where you take it (subways, schools)
In other government news, the US and UK governments have created a new e-mail specification to enable secure government electronic collaboration.
The Transglobal Secure Collaboration Program (TSCP) is the result of a collaboration effort between the two government defence agencies and aerospace partners. The TSCP e-mail specification is a public-key infrastructure-based technology that verifies user identities via digital certificates that can encrypt and verify email content.
Paul Grant, deputy information sharing executive, Information Sharing Office in the office of the Defense Department CIO, stated TSCP is “transforming e-mail from one of the most extensively used but least trusted collaboration capabilities to one that can be trusted with sensitive information. This will serve as foundational for sharing ‘Controlled Unclassified Information’ without mission partners, which certainly includes our suppliers.”
The TSCP Website says that its mandate is to develop secure solutions to “affordably mitigate multi-national compliance and IT security risks inherent in large-scale collaborative programs.” Governments and their contractors will adopt the specification with differing levels of access and classification.
Yoggie Security Systems was awarded the CES Best of Innovations 2008 award for computer accessories for its USB security product: Pico Gatekeeper. A data security product that takes out one of the most volatile components of the practice: people. Once plugged in, it takes care of everything, and never needs IT attention.
Pico Gatekeeper came out in October of 2007. It is a “set it and forget it” type of security device. The USB flash drive is working linux computer that filters all incoming traffic to attack viruses, spyware, phishing, spam and other threats. It hides your computer from potential hackers, even on unprotected wireless connections. And it checks for security updates every five minutes.
All of this happens without intervention. All this security does not bog down any running applications.
Paired with a strong security policy, encryption and strong passwords, and a laptop recovery / data wipe product (Computrace), the Pico Gatekeeper could strongly enhance the security of mobile computers.
Some great news from Absolute Software - The 
draft of recommended 
Absolute Software and McAfee have joined forces to collaborate on an interoperable risk management solution. This solution would integrate Absolute’s flagship theft recovery, remote data delete and IT asset management solution 
Recent Comments
12/26/2008 11:31 pm
2 Comments
12/18/2008 09:03 pm
1 Comment
12/17/2008 08:37 pm
2 Comments
12/16/2008 09:29 pm
1 Comment
12/14/2008 07:09 pm
1 Comment