Archive for the ‘Data Security’ Category

« Older Entries

New Data Breach Report – Portable Media Fastest Growing Data Breach Sector

Tuesday, July 27th, 2010

The Digital Forensics Association just completed a fascinating new report ominously titled “The Leaking Vault – Five Years of Data Breaches”.  The report analyzes over 2,800 data loss incidents from publicly accessible sources and is the largest study of its kind.  It’s a great read if you have a strong stomach for forty two pages of data breach data.

One eye popping data point is that during 2005 – 2009, 148.6 million records have been reported lost due to use of portable media.  This source of data breach is second only to data hacks. Perhaps most alarming is that loss of data from portable media represents the fastest growing data breach sector.

The security risks from portable media is a topic we’ve covered several times in the past year in the Accellion Managed File Transfer Blog.  Just in case you missed the earlier posts here they are again.

• Health records found on USB stick in UK Car Park

• Top 3 File Transfer Mistakes

• Another reason why file transfer via a USB stick is not a good idea

In addition to sharing the unpleasant truths regarding data breaches the Leaking Vault report also offers some good recommendations on steps to take to increase data security.  Recommendations for securing Portable Data is one of their four focus topics.

Here’s Accellion’s recommendation for reducing the risk of data breach from portable media  - Don’t use USB memory sticks for file transfer, use a secure file transfer solution.

Posted in Accellion, Data Breach, Data Security | No Comments »

NHS Trusts Failing to Protect Information

Thursday, July 15th, 2010

National Health System (NHS) organizations in the UK have accounted for more than once quarter of the data security breaches reported to the Information Commissioner’s Office (ICO). If this keeps up the ICO could become a profit center with their new powers, approved in April, to impose penalties up to £500,000 on offending organizations.

The ICO issued a press release on June 15 announcing Poor Data Security in the NHS.  NHS Stock-on-Trent and Basingstoke and North Hampshire NHS Foundation Trusts were the latest NHS bodies found in breach of the Data Protection Act (DPA). Mick Gorrill, Head of Enforcement at the ICO was quoted “Everyone makes mistakes, but regrettably there are far too many within the NHS.”  He went on to add “We have taken a number of steps to explain the importance of personal data to NHS bodies and help them comply with the law.”

But wait a sec, just yesterday, July 14, there was another press release announcing Birmingham Children’s Hospital NHS Foundation Trust found in breach of the Data Protection Act (DPA).  Did the folks at Birmingham Hospital NHS Trust not get the message from the ICO?

Posted in Accellion, Data Breach, Data Security, Healthcare, UK | No Comments »

An Ounce of Prevention is Worth a Pound of Notification

Friday, July 9th, 2010

The recently introduced C29 amendment to the Canadian Personal Information Protection and Electronics Documents Act (PIPEDA) is a sign that the Canadian government is stepping up its efforts to raise the visibility of data breaches through expanded data notification requirements.  This week’s SC magazine article entitled “Canada’s newly introduced data breach is a start, but it lacks teeth” raises the question of whether this legislation goes far enough.  Under the C29 amendment, banks, retailers and other companies are required to report any “material breach of security safeguards involving personal information under their control.”  In the amendment, the focus is on notification not specifically prevention.

While it is some consolation to the individual to know that they will be informed if their personal information has been breached, it would be a lot more reassuring to hear that corporations are required by law to implement safeguards to protect their information. The recently introduced Massachusetts legislation CMR-17 is a good model for legislation that goes significantly further than setting regulations for notification and extends to requirements for data breach prevention.

While data breach notification regulations are a good step in the right direction, an ounce of prevention is worth more than a pound of notification.

Posted in Accellion, Data Breach, Data Security | No Comments »

HIPAA Hazard – Shipping CDs via FedEx

Wednesday, July 7th, 2010

This week Lincoln Medical and Mental Health Center of NY suffered an embarrassing data breach resulting from a lost FedEx shipment of CDs. More than 130,000 medical records were exposed in this breach and it is small consolation to read that “Siemens was promptly directed to suspend further transport of CDs by the carrier.”  Of particular note in this data breach is the fact that both Siemens and Lincoln Medical and Mental Health Center thought it was an okay idea to ship CDs of unencrypted healthcare data as part of a standard business process, until of course a shipment went astray.  Did the word HIPAA never come up?  Why would anyone think it is a good idea to ship CDs of unencrypted healthcare data when there are readily available secure file transfer solutions?

DataLossDB the Open Security Foundation tracks data breaches and lists 134 data breaches from Snail Mail affecting 2729 Organizations in its database. This week’s Lincoln data breach adds one more organization who has experienced the security hazards of shipping sensitive information unencrypted via the mail.

Posted in Accellion, Data Breach, Data Security, HIPAA, Healthcare | No Comments »

Musings from the Gartner Security Summit

Wednesday, June 30th, 2010

Last week I joined over 1,000 IT professionals at the 2010 Gartner Security and Risk Management Summit in the Washington DC metro area.

Security in the cloud was a major theme during the conference. Interestingly while security was identified in recent Gartner surveys as the number one concern for companies moving to cloud computing, it isn’t stopping people moving to the cloud. The large majority of corporations surveyed expected to have systems running in the cloud very soon.  It seems the benefits are so compelling there is little foot-dragging on this score.

Another interesting topic raised during the conference was that despite all the millions of dollars invested in securing corporate networks and assets, it is often the non-technological leak that causes damage; typically an inadvertent mistake by an insider.  The example discussed was the security hazards of using removable media ie a thumb drive, to move files. Now that example really hit home.

All in all it was a good conference – so thanks Gartner for putting together a good program.

Gary Rogers

Senior VP Worldwide Sales

Posted in Accellion, Cloud, Data Security | No Comments »

Accellion at Microsoft Tech Ed North America

Tuesday, June 15th, 2010

Last week, Accellion exhibited at Microsoft Tech Ed North America for the first time. It was a great event and met all of our expectations!

We couldn’t believe how busy our booth was in New Orleans. We spoke with prospects from across the country and met with so many of our existing customers. It’s always nice to put faces with customer names.

Our days were filled with conversations with attendees about secure file transfer and with our new demos showcasing our new plug-ins for the Microsoft Business Productivity Infrastructure (BPI) and Business Productivity Online Suite (BPOS) – including plug-ins for Outlook 2010, SharePoint 2010 and Office Communications Server 2007 R2.

We’re already looking forward to Tech Ed next year. See you in Atlanta!

Posted in Accellion, Data Security, Email Attachments, Product | No Comments »

Vegas and Security?

Thursday, June 3rd, 2010

A few weeks ago my daughter and I went to Las Vegas so I could attend a security conference. It just so happened that her school was having Spring Break the same week. Luckily I had a friend who was going there at the same time so they could play all day while I attended sessions on securing Enterprise data. Not sure who got the better deal :-)

It turned out that the conference was really interesting. One of the sessions I attended had 4 CIOs from 4 different verticals (Healthcare, Law, Technology, and a major University) on a panel where attendees could ask questions regarding how they secured data within their Enterprise. They discussed many subjects including the difficulties of managing data leaving the Enterprise, managing a work force that is geographically dispersed and working more and more from home, and trying to keep up with the new generation of workers who expose themselves on social sites but get very upset if any part of their financial or personal data gets confiscated or used for purposes they did not approve.

The location of the conference was also interesting. It just so happens that Nevada was the first state to require businesses to secure personal data. Nevada State legislation Chapter 603-A was introduced in 2005 and an amendment was added late last year. This amendment added 2 significant changes: (1) a requirement to comply with the Payment Card Industry Data Security Standard (PCI); and (2) requirements to encrypt personal information in certain contexts.

This year Massachusetts followed suit with their own legislation, CMR-17. Part 3 of the Computer Systems Security Requirements requires:  (3)Encryption of all transmitted records and files containing personal information that will travel across public networks, and encryption of all data containing personal information to be transmitted wirelessly.

It is good to see State Government taking an interest in controlling the transmission of sensitive personal data. Accellion Secure File Transfer helps businesses in these States comply with these new laws. Not only does Accellion send files encrypted, but also stores these files encrypted.

Vegas and Security? I guess these guys are ahead of the pack! I wonder when the rest of the world will catch up?

Mary Nicknish, Accellion Product Manager

Posted in Accellion, Data Breach, Data Security | No Comments »

Big File Transfer Myth – BUSTED

Tuesday, May 25th, 2010

Mythbusters has to be one of my favorite programs. Since 2003 they have tested more than 700 myths related to technology, science, animals, humans, food – you name it they’ve tried it.  And if they haven’t tried it you can submit a myth for them to test.  Last week’s episode investigated the validity of the Giant Water Slide Jump that has been a recent YouTube hit.  Awesome fun!

Stephanie Jordan of Messaging News did her own myth busting this week in her recent article entitled Managed File Transfer Myth:-MFT is just for Big Corporations with Big Files.

Stephanie tackled the Big File Transfer myth head-on by exploring the relationship between the size of a file, the size of an organization and the associated security risk.  Its an important topic to cover and thanks Stephanie for raising awareness that no matter the size of the file or the size of the organization you can get yourself in a heap of trouble if you are not securing the transfer of intellectual property and confidential information.

Just like the Giant Water Slide Jump, the Myth that Managed File transfer is just for Big Corporations with Big files is officially  - BUSTED.

Posted in Accellion, Data Security, Product | No Comments »

Signs of the Times

Tuesday, May 18th, 2010

The game of baseball requires more than bats and balls, gloves and uniforms. Communication is essential. Every pitch hinges on the ongoing conversation between the catcher and the pitcher about what to throw to the batter. Fastball?  Slider?  Curve?

For a very long time in the world of baseball, this conversation between catcher and pitcher has occurred in the clear. The catcher and pitcher are sixty feet apart, and the use of messaging technology is against the rules, so the catcher uses hand signals to indicate the suggested pitch. Traditionally, “one” (a flash of the index finder) communicated “fastball,” and “two” (”the deuce”) indicated a curveball.  But with the myriad of pitches thrown today, signals are complex, including indications of pitch location.

The signaling of pitches led to another baseball tradition:  opponents trying to steal those signs. When an opposing team successfully steals signs, it is not easy to detect.  A team may lose a game, with their pitcher giving up ten runs, and simply conclude that their man on the mound just didn’t have his best “stuff” that day.

It is rare when a team is caught stealing signs, but this past week it may have happened. The Colorado Rockies were playing host to the Philadelphia Phillies on Monday May 10th when the local TV crew spotted the Phillies’ bullpen coach, Mick Billmeyer, with a pair of binoculars. The Phillies claim that he was simply watching their own catcher when they were on the field. Were the signs stolen?  Hard to tell.  All we know for sure is that the Phillies won the game, 9-5.

As in baseball, communication is essential in business, and much of this communication still occurs in the clear. The key difference is that the use of technology to improve privacy and security in business is not only legal, it’s recommended.

For more on the most recent sign stealing episode, and one from baseball’s storied past.

David Cain
Vice President, Worldwide Channel Sales
Accellion, Inc.

Posted in Accellion, Data Security | No Comments »

Federal Agency File Transfer Security Study

Wednesday, May 12th, 2010

A recent report by MeriTalk entitled “Why Encrypt? Federal File Transfer Report” offers interesting data and recommendations regarding securing the transfer of federal data.  Perhaps most alarming was the significant use by those surveyed of unsafe methods for transferring files:

•  66% use physical media (e.g. tapes, CDs, DVDs, USB drives)

•  60% use FTP

•  52% use personal e-mail accounts

and also the disappointing data that “currently just 58% say employees are aware of secure file transfer policies.”  The study was commissioned by Axway and illustrates the gaps between what should be happening to secure the transfer of data and what is actually happening.

Use of Accellion secure file transfer within the federal government has been steadily growing with recent Accellion government deployments at:

•  US Securities and Exchange Commission

•  NASA

•  State of Florida, Department of Transportation

•  Government of Newfoundland and Labrador

•  Government of Saskatchewan, Information Technology Office

It seems from the recent study there is still more work to be done in securing file transfers by Federal Agencies.  We are here to help.

Posted in Accellion, Data Breach, Data Security, FTP | No Comments »

« Older Entries