Posted on February 23, 2011 by Josh Arrington
The Information Commissioner’s Office (ICO) has found Cambridgeshire County Council in breach of the Data Protection Act, after the council lost an unencrypted memory stick, contrary to policy, containing sensitive data relating to vulnerable adults.
What’s interesting, and in many ways particularly disappointing, in this story is that the council had only just undertaken an internal campaign promoting its encryption policy. The fact that so soon after this a member of staff was willing to completely ignore the policy really indicates just how far organisations still have to come in educating workers on the importance of information security.
On top of this, it’s fair to say that using USB drives for such important information at all should be out of date. Technology has sufficiently advanced that companies should be looking beyond such devices – which have proven far too often to be vulnerable in nature.
What organisations must look for is a secure file transfer solution that removes sensitive information from such devices and keeps them stored centrally and securely. This would go a long way to mitigating the risk of losing data when mobile devices inevitably do go missing.
See Full Article
Posted on February 14, 2011 by Josh Arrington
Leading up to the RSA Conference, we in the security industry tend to be acutely aware of new threats and breaches. This year is no different, with emerging stories associated with cyber threats like Night Dragon and speculation swirling about the motivation behind the Nasdaq hack. And, you don’t need another headline to remind you that cloud security is top-of-mind for a majority of RSA attendees.
Cyber-Ark believes that as these cyber threats become more targeted and sophisticated, organizations’ fears about loss of control and lack of security are amplified, particularly in the data center. This is further reinforced with the increasing dependency on virtual environments, whether on premise or with Cloud Service Providers, where the magnitude of risk increases dramatically by a single privileged access.
This year at RSA (booth #2045), Cyber-Ark is launching a solution that offers continuous protection against internal and advanced external threats in the data center. That solution is our new Privileged Session Management Suite. This comprehensive Suite improves compliance and risk management with the ability to isolate, control and record privileged access to databases, virtual environments and servers using a common platform for reduced total cost of ownership. Users can view session recordings or monitor sensitive events across the entire data center using one web interface or dashboard view, and generate a unified report for audit and compliance purposes.
This Suite is another important step in proactively enhancing an organization’s security posture, particularly as privileged accounts are commonly the target of attack due to the system-wide access they enable. Organizations must isolate and protect their sensitive servers, databases and hypervisors and be able to control and record ‘who’ and ‘what’ are accessing these business-critical systems.
Please join us at RSA, and roll by our booth where our big “Wheel of Privilege” will be turning. Try your hand for a chance to win an iPad, and, in the words of the iconic Tina Turner, don’t spend another minute worryin’ about the way things might have been. Talk with Cyber-Ark to learn more about steps your organization can take to proactively protect against security threats targeting your most sensitive data, applications and systems.
Posted on February 11, 2011 by Josh Arrington
Inboxes can always be difficult to manage – filing message after message, flagging and categorising – but many organisations are still really struggling to deal with large attachments, often finding that they clog up email exchanges and slow staff down.
Indeed, Virgin Media Business has just conducted some research* and found that 69 percent of public sector workers in the UK cannot send or receive emails larger than 10 MB in size, and 89 percent are unable to send or receive emails in excess of 15 MB. Clearly these limitations can be hugely inhibiting for staff – preventing them from sharing large files and getting the most out of the resources at hand.
Such restrictions are clearly out of date, with more information than ever flowing between staff and companies, most often via email. In order to enhance productivity, organisations should be looking at ways to enable staff to share large files in a quick, simple and secure way. For example, with a secure file transfer solution that takes sensitive documents out of the email exchange – delivering access to the files through a secure link – employees can enjoy a far quicker and less congested inbox.
With this clear benefit, workers stop seeing security processes as a hindrance to their performance, but rather as an enabler to better business practices.
View Full Article
Posted on February 8, 2011 by Josh Arrington
The UK Information Commissioner’s Office has today issued two local government councils with fines for breaches of the Data Protection Act. The two bodies were fined £80k / $128k and £70k / $113k respectively after two unencrypted laptops, containing the details of around 1,700 individuals, were stolen from the home of an employee working on the joint out of hours service for both councils.
What’s particularly interesting in this case is that one of the council’s actually had a policy in place requiring all data to be encrypted – something which they’d evidently failed to roll out organisation-wide.
Given both councils chose to ignore the warning signs, it’s quite clear that more needs to be done to ensure that organisations take data protection more seriously. As we’ve seen in the US with Senate Bill 1386, fines certainly act as a wake-up call to those involved, but education is absolutely essential if staff are to understand the pitfalls that can ensue from poor data protection policies.
With four fines already under its belt, the UK ICO seems set to make its point – issuing a warning only last week to local councils threatening prosecution for failure to implement proper data control procedures. Unfortunately we’re still seeing the fallout from organisations that are simply not succeeding in protecting valuable data, so it remains to be seen whether such warnings will be taken seriously. If not, and lessons are to be learned the hard way, at least we can be sure the powers that be will not be turning a blind eye.
Full Article
Posted on January 20, 2011 by Josh Arrington
February 24, 2011
Hilton Houston Hobby Airport
Houston, TX
The Houston Tech-Security Conference features 25-30 vendor exhibits and several industry experts discussing current tech-security issues such as email security, VoIP, LAN security, wireless security, USB drives security & more. There will be lots of give a ways and prizes such as iPods, $25, $50 and $100 gift cards, as well as cash prizes and lots more! This unique conference format will provide educational speaker sessions as well as tremendous networking opportunities. You’ll come away with advice and knowledge you can start applying to your environment immediately. Your registration will include your breakfast, lunch, conference materials and entrance into the conference sessions and exhibit area.
Posted on January 20, 2011 by Josh Arrington
February 14-17, 2011
Moscone Center
San Francisco, CA
http://www.rsaconference.com/2011/usa/about.htm
Cybercrime. Malware incidents. Data breaches. Compliance legislation. Today’s changing security landscape means you can’t leave anything to chance. You need a balanced perspective. You need to separate speculation from fact.One event brings all the security issues, answers and thought leaders together. Over five days, RSA® Conference 2011 delivers the latest, knowledge in one place to protect your organization from threats today.
Posted on January 20, 2011 by Josh Arrington
February 10, 2011
Network Meeting Center
Santa Clara, CA
The San Jose Tech-Security Conference features 25-30 vendor exhibits and several industry experts discussing current tech-security issues such as email security, VoIP, LAN security, wireless security, USB drives security & more. There will be lots of give a ways and prizes such as iPods, $25, $50 and $100 gift cards, as well as cash prizes and lots more! This unique conference format will provide educational speaker sessions as well as tremendous networking opportunities. You’ll come away with advice and knowledge you can start applying to your environment immediately. Your registration will include your breakfast, lunch, conference materials and entrance into the conference sessions and exhibit area.
