A recent incident in the news illustrates a common problem with sensitive and confidential information. People can and do make mistakes when it comes to properly handling personally identifiable information (PII).
According to news reports, insurance documents from 1996 and 1997 were accidentally placed into a Tooele County, Utah employee’s personnel file. The documents had names and Social Security numbers that were not his. The information had been misfiled a long time ago and was scanned to an electronic version.
When he was terminated from his job, he asked for his employee file. He got everything on a CD and discovered the insurance documents. He contacted the state Attorney General’s office since he knew something was wrong. He wondered how many other people may have PII in their files and was concerned for his privacy.
Read the rest of this entry »
With the recent revelations that Chinese hackers infiltrated both The New York Times and The Wall Street Journal, I thought it was time to look into password security again. The hackers were monitoring the newspaper’s China coverage and wanted to know what reporters were involved.
The hackers were after employee passwords so they could access email accounts and other resources. Both organizations claimed they only accessed emails and there was no further damage, but only time will tell.
I haven’t seen any reports on how simple or complex the passwords were, but if the reporters are like most of us, they probably had something that could be cracked with a simple dictionary attack. Last month I wrote about reviewing passwords and making sure you have a bit of complexity in them. The key thing is the length of your password and using characters that aren’t in a dictionary.
Read the rest of this entry »
It’s the start of a new year and time to review all the passwords you use. I was prompted to do this by an incident where I think an account of mine was hacked. Unfortunately we all have to use passwords to get into our computers, smartphones, tablets and websites we use. Security experts are working on better authentication systems using biometrics, open authentication systems like OAuth, OpenID and others, but widespread adoption is still years away. For the moment we are stuck with our passwords.
One of the biggest security threats to companies in 2013 is default or weak passwords. In the past year, about 90 percent of successful data breaches analyzed by Verizon started with a weak or default password, or a stolen and reused credential. One egregious incident was the hacking of Mat Honen last year that exploited social engineering and poor password recovery policies. With a little ingenuity people can guess weak passwords, especially when you use a default password, like “admin” or something simple like “123456”.
Read the rest of this entry »
I was thinking over the December holidays about the most memorable eDocument Sciences events from 2012. We had a lot to be thankful for as we got new customers and some old ones that treated us very well.
Our business of helping companies protect and control their most important information is growing as more organizations realize that their most critical documents are not as well guarded as they would like. Fortunately we have answers for them.
Here are the top 5 in chronological order starting with a big security conference in February.
- Read the rest of this entry »
As the holidays wind down for 2012 and we spend time with our families, many of us will use our mobile phones and tablets for everything. According to recent research by Gartner, businesses and consumers will buy about 1.2 billion smartphones and tablets in 2013 to add to what’s already out there. We all use mobile devices because they are convenient and provide fast access to information. They are convenient for accessing documents, searching for information, and communicating with everyone. Just look around the next time you are in a store or mall. Everyone is clicking on something.
The use of mobile devices has exploded as more employees want to use their own devices at work. This has become a nightmare for some IT departments as they try to provide convenience and still keep corporate information secure. Rather than fighting the trend, many organizations are creating bring-your-own-device (BYOD) programs that embrace employee-owned devices. BYOD policies govern mobile device usage while maintaining a secure computing environment.
Read the rest of this entry »
