Tomorrow is April 1, 2011. Yes that’s April Fool’s Day and today is World Backup Day. The goal of this day and site is to bring awareness to the need for people and businesses to backup their data. It’s also about data security and the value of your business. The last joke you want to hear on April Fool’s Day is my data is gone.
Information is the most important and valuable asset to you and your business. Today most of our information is electronic and sitting on hard drives. Unfortunately most hard drives are prone to failure, so we need to backup our data. This sounds simple and logical, but how many people do this routinely?
If you are a medium or large size business, I’m sure you are backing up your data nightly. Are you? If you are a small business or sole proprietor, you may not be. Too many individuals and businesses are lax about keeping their data backed up on a regular basis. If you are doing it, where are you storing it? Do you have redundant backups? Have you tried to recover your data and restore it?
Read the rest of this entry »
Most of us still remember the horrible and constant images of the BP oil spill last year in the Gulf of Mexico. The residents are still trying to piece their lives back together and some are finally getting a little solace. Now to add insult to injury, a BP employee lost a laptop with personal information on Louisiana residents who filed claims for compensation. The data included a spreadsheet of names, Social Security numbers, phone numbers and addresses. The laptop was password-protected, but the information wasn’t encrypted. So effectively, it’s fair game.
BP mailed out letters to about 13,000 people notifying them about the potential data breach. It reported this incident to law enforcement and offered to pay for credit monitoring for the affected people. The employee lost the laptop on March 1, 2010, but BP took almost a month to notify affected people. A spokesman for BP said, “We’re committed to the people of the Gulf Coast states affected by the Deepwater Horizon accident and spill, and we deeply regret that this occurred.” Looks to me like BP doesn’t really care that much, since their data and document security are pretty lax.
What is BP’s responsibility in this case? Louisiana has very explicit breach notification laws that define the process of notification. According to the law:
Read the rest of this entry »
Another year has gone by and things in the technology world have changed dramatically. That was very apparent this year at the AIIM Info360 2011 conference in Washington, DC. It was a new venue this year, but all of the old familiar faces were there. This is the 4th year that eDocument Sciences joined Fasoo.com in a booth to showcase the latest in enterprise digital rights management and document encryption solutions. With all the press about Wikileaks last year and the ever increasing data breaches in organizations around the world, this is surely a good time to look at ways to shore up your information security defenses.
One of the new products introduced at the show was Fasoo Secure MFP Shell. This new security solution provides a shield for a multifunction printer (MFP) to help prevent document and data leaks. Up until now it has been difficult to find a single security solution to protect both printouts and scanned files on MFPs. Fasoo Secure MFP Shell provides pull printing, watermarks on output and encrypts scanned files to protect critical information, whether electronic or on paper.
“Preventing data breaches at MFPs is one of the last security vulnerabilities in business and I believe that Secure MFP Shell will change the way organizations protect their sensitive files and documents,” said Bill Blake, President and COO of eDocument Sciences.
A lot of information security leaks are attributed to insider threats. Just look at Wikileaks and the US government. An Army private copied thousands of documents onto a CD and walked out the door with them. This may be an extreme case, but is becoming more common.
A lot of data and document security issues are due to the oops factor; we do it accidentally or unknowingly. Most of us don’t willingly comprise our company or personal security, but sometimes it happens because of a lack of knowledge. I think a lot of this can be traced to insufficient training. Most companies just assume that everyone knows how to operate a computer safely.
If a new CRM system comes in, everyone gets trained on it. What about email, Microsoft Word, Adobe Acrobat, instant messenger and a browser? What about basic computer security? Most people are just expected to figure it out on their own. How many times have you accidentally hit a key or clicked and something happened that you didn’t expect? And if it did, you weren’t sure how to undo it?
Read the rest of this entry »
Social engineering is the act of coercing or manipulating people into divulging confidential information or into taking actions that allow someone to steal confidential information. This is very different from using technical hacking techniques or exploiting computer or networking weaknesses to get this information. Social engineering works on our psychology. Just think of all the ads and scams that play on people’s emotions to buy something or donate money. It uses the same thinking to steal information.
Kevin Mitnick popularized the term many years ago when he started using simple techniques to gain access to systems. Mitnick said it was a lot easier to trick someone into giving him a password than to spend a lot of time hacking into a system. This is nothing new, but more people are using these techniques to steal valuable information from businesses.
You’ve probably seen various forms of this in movies and television shows. A great example is how James Bond got into a secure aeronautics facility in Diamonds are Forever. 007 waited until he saw an employee about to enter the facility. He pretended to use his key card in the door, but actually let the other person do it. He then followed him into the building. Criminals and others trying to gain access to a building or office can do the same by using the pretense that they forgot their access card, so it’s very nice of them to let you in. Once inside, the person could steal a computer, steal documents or download data onto a USB drive.
Read the rest of this entry »
