Washington state attorney general Rob McKenna has called for all organizations, both private and public, to do more to protect their data against internal theft. Currently, Washington rates as the 7th-worst state in the US for data theft, with 1 in 9 residents affected by identity theft in 2005.
According to McKenna: “We’re urging any owner of data… to take better care of that information, to step up their security efforts, because we do know that a certain number of ID thefts are perpetrated by people working on the inside.”
In addition to better security and criminal checks on new joiners, organizations need to carefully consider how to balance the need to make data accessible to employees with the risks of that data being exposed to unauthorized parties outside the network. With USB sticks and other portable devices being increasingly cited in data theft cases, an obvious starting point is to control the presence of these (often personally-owned) devices on the corporate network.
TechWorld news discusses, alarming numbers released yesterday by the Privacy Rights Clearinghouse (PRC) stating that over 93 million data records of U.S. residents have been exposed due to security breaches since February 2005.
“The latest trend to show up is the loss of memory sticks,” Beth Givens Director of the PRC said, referring to portable USB Latest News about USB drives that are often used to transport data among various computers. “I don’t think it’s anything new that they are being lost or stolen. But they are now being reported, at least, and affected individuals are being notified.”
As many as 4,000 past and current employees of Erlanger Hospital in Tennessee are thought to be at a high risk of identity theft following the theft of a USB flash drive from one of the facility’s offices. According to news reports, the device was not encrypted, leaving the data (understood to be names and social security numbers)open for anyone to read.
Although a hospital spokesperson claimed the drive was probably thrown-away by mistake by a cleaner or other innocent third-party, this is likely to come as little comfor to those employees affected.
And while this security incident may appear small compared to other recent security breaches, it all-to-clearly higlights the risks of allowing staff unrestricted access to insecure portable storage devices.
>>> More
Centennial Software, a developer of IT security and asset management solutions has released of the latest version of the company’s award-winning endpoint security software, DeviceWall 4.5. Designed to help organizations manage the business risks associated with portable storage devices (iPods, USB memory sticks, PDAs, etc.) on the network, the new release sets the benchmark for device and data security.
New in DeviceWall 4.5 is file access auditing which automatically logs all data being moved between portable devices and the corporate network. In today’s mobile business environment, certain employees need the ability to move data to or from the network. File access auditing ensures that system administrators have a historical record of these file movements for future incident investigations.
DeviceWall 4.5 also introduces an enhanced temporary access feature that makes it even easier for administrators to grant time-limited access to specified devices. DeviceWall was the first solution of its kind to allow administrators to grant users temporary access to portable storage devices. DeviceWall 4.5 extends that capability by providing time-restricted access and automated policy deployment thereby increasing control while providing greater flexibility and ease of administration.
“While portable devices pose a significant security threat, they are also an inescapable fixture in today’s enterprise,” noted Andy Burton, CEO of Centennial Software. “DeviceWall provides a more business-sensible approach to managing these devices, where strength and flexibility go hand in hand. With DeviceWall, you can stop unwanted connections just as effectively as a brute force technique such as gluing USB ports. But unlike the alternative, DeviceWall can discriminate between authorized users and unwanted devices - and permissions can be changed in real-time by administrators. DeviceWall has always best delivered this level of dynamic management, and the new version further widens that competitive gap.”
Additional enhancements in this release include user interface and usability improvements, simplified administration and support for Apache Web Server. Together, these enhancements enable an organization to quickly implement control over portable devices wherever they may pop-up on the network and maintain ongoing enforcement and monitoring that can adapt to changing business and security requirements.
“When trying to protect confidential customer and company data from internal loss, the more information you can access regarding how employees are interacting with the network, the better,” said Bill Martin, president at Resource One Computer Systems, Inc.
David Beesley, managing director at Network Defence Ltd, added: “DeviceWall 4.5 covers the spectrum of device security management, from initial usage surveys through device control and policy enforcement all the way to file transfer audit for forensic analysis, meaning that we have one cost-effective and simple solution that maps directly to business requirements.”
More Information and Free 30 Day Trial
A new study published by UK insurer, Royal & Sun Alliance, estimates that corporate ID theft (the use of company accounts information and contracts to enter into unauthorized deals) will cost businesses in the region £700 million ($1.33 billion) a year.
According to the research, corporate ID theft is growing just as fast a personal data theft, with firms of more than 250 employees most at risk. Phishing attacks and scams such as the unauthorized changing of company legal details were cited as key threats, but many organizations are also failing to recognize the risks posed by those disgruntled employees or opportunists within the company.
