Archive for the ‘Technology Advice’ Category

The National Institute of Standards has released a new draft of recommended guidelines on cell phone & PDA security, helping companies to navigate this overlooked area of data security. Mobile devices pose an increasingly large risk to data security. Lost or stolen laptops are currently one of the main causes of data breaches, so the increased data access capabilities of even smaller mobile devices increases the risk of data breaches as the result of lost or stolen devices.

Publication SP 800-124 provides an overview of mobile devices in use today and insights on making IT security issues regarding their use. Threats increase for handheld devices due to their size & portability and the available wireless services. These two issues increase the risk for loss / theft, unauthorized use, malware, spam, electronic eavesdropping, electronic tracking, cloning and server-resident data.

The guidelines give many examples of these types of threats as well as safeguards that can be put in place. The safeguards suggested include:

• Central management of devices – have organization-issued devices with a system to centrally configure and manage devices & their updates
• User-oriented measures – teaching employees about procedures to follow using organization devices (understanding the security features & how to use them)
• Authentication – require user authentication with PINs and passwords
• Backup data
• Reduce data exposure – avoid sensitive information being on, or accessed by, any handheld device. Encrypt any sensitive data.
• Turn off wireless interfaces – minimize risk by only turning them on when needed
• Add security software such as firewalls, antivirus, VPN, etc.

There are very detailed suggestions about how to centrally organize devices and their capabilities. Download the study here [PDF]: “Guidelines on Cell Phone and PDA Security (Draft).” In addition, you may wish to review the “Performance Measurement Guide for Information Security” Study [PDF].

Absolute Software also provides security solutions for handheld devices with Computrace Mobile. Check it out here!

Hat tip to Dan Lohrmann Tags: mobile security, data security, mobile security policy, it security, cell phone security, pda security, handheld devices

Absolute Software has announced a new service to add to their comprehensive data security Computrace suite. Post-theft forensic auditing services will now be offered through the online customer center IT asset management portal. Organizations will be able to determine if sensitive information on lost or stolen computers has been accessed. It will also be able to determine if an encrypted volume or password has been compromised.

John Livingston, CEO of Absolute Software, notes:

“The ability to track computers off the network, physically recover missing computers and remotely delete sensitive information with the assurance that the data has not been accessed by criminals is essential for true compliance with data protection regulations.’

The ability to determine if information has been accessed provides visibility and accountability in the event of a data breach. Organizations will be able to prove that they have removed sensitive information from lost computers (via the remote data delete) and will also be able to prove that the lost information is safe.

This new service helps companies confirm compliance with data privacy regulations, and can also aid in the breach fallout with stakeholders. By demonstrating that data is safe, an element sorely missing from most breach notification announcements, companies can retain the trust and security of their valued stakeholders.

Tags: absolute software, computrace, it security, data security, compliance, forensic auditing, auditing, data breach, it asset management, it security, business security, laptop security

Absolute Software and McAfee have joined forces to collaborate on an interoperable risk management solution. This solution would integrate Absolute’s flagship theft recovery, remote data delete and IT asset management solution Computrace with McAfee ePolicy Orchestrator.

Absolute Software has joined McAfee as a founding member of the McAfee Security Innovation Alliance, a technology partnering program that speeds the development of interoperable security products towards the “triple promise” of threat protection, risk reduction and compliance management.

The Alliance is taking a role in providing leading products to enterprise consumers in an integrated way - simplifying the complexity of the security environment. John Livingston, Chairman and CEO of Absolute Software, says:

“McAfee is taking a real leadership role in providing enterprise customers with integrated security and management capabilities. Integrating our products with the McAfee ePO management console provides customers with both secure and manageable solutions.”

The McAfee ePolicy Orchestrator allows for the ideal layered approach to computer security we’re always writing about. It will allow companies to access a single user interface to centrally-manage all of their security and compliance products from those ‘best of’ partners in the Alliance. Altogether, companies can access solid data breach protection by using Alliance products and the McAfee ePolicy Orchestrator.

You can read more from the news release here and more about the Alliance here.

Tags: mcafee, absolute, absolute software, security, it security, computer security, mcafee security innovation alliance, security products, technology, epolicy orchestrator, business security, enterprise security

It should come as no surprise that laptops top the list of most stolen gadgets. They are small and attractive for black market resale. Switched.com has put together a list of the top 5 most stolen gadgets, and steps you can take to prevent theft, or to minimize its consequences.

The 5 Most Stolen Gadgets:

1. Laptops - tips include locks, passwords, insurance, encryption and tracking software
2. Cell Phones – use a password, call your cell company to deactivate it, call the police
3. GPS Devices - remove the device and its mount when you park, use a friction mount (so no ring is left visible), also use a password, close car windows, and install a car alarm
4. Car Stereos – remove faceplate, use a security code, use a car alarm, log serial number
5. iPods - use other headphones, conceal the player, be careful where you take it (subways, schools)

Continue reading at Switched for more tips.

Tags: stolen gadgets, gadgets, it security, security, theft, gadget thefts, laptop theft, laptop security

In other government news, the US and UK governments have created a new e-mail specification to enable secure government electronic collaboration.

The Transglobal Secure Collaboration Program (TSCP) is the result of a collaboration effort between the two government defence agencies and aerospace partners. The TSCP e-mail specification is a public-key infrastructure-based technology that verifies user identities via digital certificates that can encrypt and verify email content.

Paul Grant, deputy information sharing executive, Information Sharing Office in the office of the Defense Department CIO, stated TSCP is “transforming e-mail from one of the most extensively used but least trusted collaboration capabilities to one that can be trusted with sensitive information. This will serve as foundational for sharing ‘Controlled Unclassified Information’ without mission partners, which certainly includes our suppliers.”

The TSCP Website says that its mandate is to develop secure solutions to “affordably mitigate multi-national compliance and IT security risks inherent in large-scale collaborative programs.” Governments and their contractors will adopt the specification with differing levels of access and classification.

Via intergovworld Tags: collaboration, secure email, e collaboration, security, it security, government security

Yoggie Security Systems was awarded the CES Best of Innovations 2008 award for computer accessories for its USB security product: Pico Gatekeeper. A data security product that takes out one of the most volatile components of the practice: people. Once plugged in, it takes care of everything, and never needs IT attention.

Pico Gatekeeper came out in October of 2007. It is a “set it and forget it” type of security device. The USB flash drive is working linux computer that filters all incoming traffic to attack viruses, spyware, phishing, spam and other threats. It hides your computer from potential hackers, even on unprotected wireless connections. And it checks for security updates every five minutes.

All of this happens without intervention. All this security does not bog down any running applications.

Paired with a strong security policy, encryption and strong passwords, and a laptop recovery / data wipe product (Computrace), the Pico Gatekeeper could strongly enhance the security of mobile computers.

Via sfgate Tags: pico gatekeeper, usb, usb security, laptop security, data security

What happens when your upgrade your computers, replace broken computers, or decide to get rid of any outdated data devices such as disk drives or PDAs? How do you dispose of them? Are your practices ensuring that data is destroyed?

NetworkWorld has published a piece on how to properly handle end-of-life IT assets. Their article indicates that many companies do not know what to do with their outdated equipment and, as a result, often place those items into storage. However, this does pose a security risk if data has not been wiped and can be quite costly given the continued cost of software licenses and the lost resale value of that equipment.

In an age where environmentally friendly disposal is encouraged, companies have their choice between recycling or refurbishment and resale. The latter now being encouraged in order to get still-viable equipment into the hands of those who need it.

An asset recovery provider can help you handle the disposal process, including data destruction, refurbishment and resale. The article provides a set of questions that you could ask potential IT asset recovery companies, to know if they are qualified to manage your assets. Such companies should, for example, be able to deal with equipment of varying ages. You should ensure they can wipe your data, and can confirm it with forensic analysis; any data that cannot be erased should be destroyed. The company should be able to refurbish your computers for maximum return and should provide you with the reporting you need for a proper IT asset audit trail.

Tags: it assets, it asset recovery companies, it disposal, computer disposal, refurbishment, recycling, it security, data security

The Virtual Hosting Blog created a list of resources a while back that I’ve been meaning to share. They provide 12 Resources to test your PC weaknesses – a list of tools to help you identify (and sometimes fix) system vulnerabilities.

The list includes:

1. Audit My PC helps you find free security tests
2. Qualys FreeScan checks server weaknesses
3. Proxy Way looks at your privacy settings and how much of your information can be accessed online
4. Test My Firewall advice on web security
5. Hijack This searches your system for hackers
6. GFI Email Security Testing Zone tests your email security against viral threats
7. WindowSecurity.com works as per #6
8. The PCman Website Virus Test plants a fake virus to gauge your computer’s ability to notice real viruses
9. Sophos Threat Detection Test tests your anti-virus software strength
10. Symantec Security Check free security scan and virus detection test
11. Nmap (Network Mapper) audits security on large networks
12. PC Security Test 2007 scans for viruses, spyware, and hacking threats

Continue reading the details of this list here.

Tags: security, computer security, pc security, it security, vulnerability check

Here is another great list of back-to-school technology essentials for high school or college students. The Vancouver Sun’s top 10 list of techno-savvy gear includes:

1. Laptop computer – as low as $399. Back-to-school bundles often include extra software or price reductions.
2. Software – A good Office set, anti-virus (set to auto-update), locking cables, and a product such as Absolute’s Lojack
3. Printer – consider just black & white to save on ink costs
4. Communications – cell phone, Skype account
5. Music & Entertainment – iPod with speakers
6. Memory Drives – flash drives.
7. Backpacks – suited for laptops
8. Camera – to capture memories of a once-in-a-lifetime school experience
9. Flat-Panel Monitor – can double as a tv
10. Extras – wireless mouse, keyboard

All of this technology should come with security education. It is important to teach teens about Internet Safety, about protecting personally identifiable information, and preventing laptop theft.

Tags: technology, student technology, school, back to school

Portable data devices – from laptops to flash drives – pose one of the greatest threats to data security. These devices are stolen or are known to go missing on an all too frequent basis.

Security Policies often focus on the issue of laptop security, but with software to assist with this concern (including Absolute’s products) it is often flash drives that get missed.

The first step that every security policy should address is a clear definition of what data can be accessed & removed from a company network and what cannot.  Given the prevalence of security breaches caused by portable data devices, perhaps the appropriate use of laptops and flash drives is a logical second step. Regardless of where these policies start, it is important to remember that policy alone is not a strong enough safeguard against data loss.   

A new physical safeguard has come on the market in the form of the IronKey hardware-encrypted USB flash drive. The IronKey is designed to be the most secure flash drive on the market. It uses military-grade hardware-based encryption and the encryption keys are stored on the drive itself. In order to access and decrypt files, a password is required alongside the encryption keys.

The IronKey has a built in back-up against theft. If the password is incorrectly entered 10 times, the IronKey will internally self-destruct and completely erase everything on the drive.

In addition to this, the IronKey website can provide secure web browsing. When logged in – via the password and plugged-in USB device – the service turns FireFox into a malware-protected application.

IronKey’s hardware-encrypted flash drives and online protection services are ideal for companies who want to secure their endpoints and protect their data from leaking into the hands of unauthorized people. Equip your employees, sales people and your best customers and partners with IronKey devices, and enjoy the peace of mind that always-on hardware encryption can bring. – IronKey Enterprise

IronKey is $79 for 1GB and $149 for 4GB.

Via gizmodo ; Tags: ironkey, usb, flash drive, usb flash drive, flash, encrypted flash drive, data security, it security, business security