It appears (not surprisingly) that the biggest problem is lack of encryption.
Once again we say, encrypt all mobile storage now!
Saturday, 11 July 2009
70% of UK orgs hit by a data breach in the last 12 months
A new survey of 615 companies and public sector organisations has shown that 70% have experienced some kind of data breach in the last 12 months.
Trading system secrets stolen by former Goldman Sachs employees
In a rare example of public disclosure the FBI arrested an employee of Goldman Sachs who is accused of stealing computer code used for complex, high speed market trading.
The activity was detected by GS's automated monitoring systems that scan email for any transfer of code.
The suspect was on $400,000 a year, makes one wonder how much the code is worth?
Would you know if your employees were stealing data, if your answer is no, or don't know, contact us for help. Check out our Drilling info for some ideas.
Wednesday, 1 July 2009
UK ID cards to be optional for UK Nationals - govt U turn
So the next chapter in this farce unfolds. The new Home Secretary effectively destroyed the long lauded Labour plan for compulsory ID cards for all UK citizens.
Many (ourselves included) have opposed the scheme from the start but there are other issues here:
How much has this scheme cost so far?
How many SME's have geared up to bid and put forward products and now face financial difficulties?
The biggest single point of failure with laptop security - people
In another survey once again the common failings of laptop security revolve around users, not hardware.
A few numbers to get you thinking:
50% of business managers switch off encryption
12, 000 business laptops are left at Airports in the US every week
67% of left laptops are never reclaimed
For security to be successful a holistic approach, combined with staff training and buy-in are essential.
Russians accused of corporate espionage in Germany
Germany's counter-intelligence chief has openly accused the Russian intelligence services of corporate espionage, stealing commercial information to give Russian commerce an edge.
We see more and more state sponsored corporate espionage. If you are dealing with international bids or develop original ideas (hardware and software) contact FaberBrent for advice.
Friday, 26 June 2009
What happens to your old computers, they end up in a West African market stall.
A hard drive has turned up in a Ghanaian marketplace containing multi-million dollar deal info between the Pentagon and a military contractor.
Do you have a policy in place for disposing of your old computers, do you rely on third-parties to recycle them, do you audit those third parties? If you need help with these questions contact FaberBrent.
Thursday, 25 June 2009
FaberBrent's groundbreaking solicitors CPD infosec course gets glowing approval from the SRA
Not wanting to blow our own trumpet but we are delighted to go live with our new CPD course for solicitors.
"Holistic Information Security - Understanding the Threat, UK/EU Law and Practical Steps for Risk Reduction" is a 90min course providing practical, real-world information security advice and an update on EU/UK data law.
"Holistic Information Security - Understanding the Threat, UK/EU Law and Practical Steps for Risk Reduction" is a 90min course providing practical, real-world information security advice and an update on EU/UK data law.
Shock horror - SpyPhone software exposed
We are always flattered when something we have been publicising makes an appearance and now spyphone software have reached the attention of Homeland security.
Understanding insider risk
A good article detailing the difference between insider threat and risk. We are all human and often the single biggest risk to information security is biological, not electronic. A holistic approach to your security policy will help minimise these variables.
Parcelforce website reveals customer data
Customer names and addresses were exposed online due to a Parcelforce system error. the extent of the exposure is not known.
56% of employees frequently see confidential documents on office printers
A survey by Samsung of 4,500 European office workers has shown over 50% frequently access confidential documents not intended for them.
This is not an IT or access failure but simply people not taking care of documents and printers. An effective security policy must be holistic, it is not enough to just control hardware.
Shock horror - wireless keyboards are a security risk
A presentation has been released detailing how to intercept data from some Microsoft wireless keyboards.
We are a little surprised that anyone with security concerns would ever have considered a wireless keyboard!
LSE are critical of Home Office Internet surveillance proposal
The London school of Economics have claimed that the Home Office proposal for Internet interception won't work, is too expensive and has poor safeguards.
Majority of Employees admit to breaking infosec rules
A new survey has shown that 69% of employees are happy to break security policy.
There are two pillars to successful policy observation: education for all and systemic controls wherever possible (of course the rules and procedures have to fit with your business practice).
For help creating an effective security culture contact FaberBrent.
IT pros almost as bad as general public when it comes to mobile passwords
I find the findings of this survey unacceptable but is some ways predictable.
The reality is IT professionals rarely have a security mindset, this is not to be confused with configuring IT security systems. Speaking recently to a long-serving military man who has recently joined a major defence contractor, he has found the lack of a real security culture shocking.
Do not rely on your IT professionals to have a true security mindset, employ specialist external auditors for genuine piece of mind.
Be sure to activate pin codes on both your phone and voice-mail. This is a basic security requirement and not a chore once you are in the habit.
Saturday, 13 June 2009
Robotic one-eyed snake cam
The Israeli military have developed a robotic snake complete with a wireless camera 'eye' for reconnaissance missions.
UK mobile phone directory, opt-out or be listed
There have been many headlines regarding this controversial service. The bottom line is that many millions of us have found our mobile phones in a public directory with very questionable authority.
The company responsible, Connectivity, claim they give out no actual data but only connect with consent. We wonder how long until their data is breached and we all have to get new mobile phones?
To opt out text 'E' to 118800 from the phone you want taken off, it takes up to 4-weeks to be removed. Why 4 weeks when this is an automated database function (surely it should be almost instant?).
What ever way we look at this development it appears to be a significant erosion of privacy.
British Consulate-General sets good InfoSec example in New York
Nice to report a positive public-sector infosec story.
The British Consulate-General in new York has gone public with its use of BeCrypt's USB token authentication system. This multi-factor system allows remote working and data access with a good level of protection.
In our opinion this kind of system should be rolled-out across the public sector.
36% of IT pro's have used their position to view sensitive company data
In another example of insider threats Cyber-Ark's 2009 Trust, Security & Passwords Survey found some very serious results on just how much snooping IT staff are prepared to do.
It is worth considering that often even junior IT staff have access to huge amounts of very confidential company data.
If you don't have checks and processes in place to mitigate this significant risk contact FaberBrent now.
Subscribe to:
Posts (Atom)
Posts
