Archive for the ‘UK’ Category

Newer Entries »

Accellion Cloud beats the Volcanic Ash Cloud

Monday, May 17th, 2010

Yet again, ash clouds from the Eyjafjallajökull volcano in Iceland are seriously affecting airline traffic, with Heathrow airport closed again this morning. Over the past few weeks millions of passengers - and important documents – have been stranded across Europe and the world.

Clyde & Co. LLP, a leading international law firm based in London, recently purchased the Accellion secure file transfer solution to ensure safe delivery of sensitive documents and avoid paying courier charges.  They had originally chosen an Accellion hardware appliances but then fate intervened: Clyde & Co. ran into problems thanks to the flight disruptions caused by the Icelandic volcano: it wasn’t only passengers that were struggling to get home, the Accellion appliance could not be delivered by FedEx either.

But it got worse than that. The continuing disruption also meant that courier companies couldn’t deliver legal documents to Clyde & Co’s clients either – a major disruption of service for a legal company.

Clyde & Co. IT manager, Phil Newnham, called Accellion for urgent help and while we couldn’t charter a plane, we set up a hosted Accellion cloud appliance and within minutes Clyde & Co. was able to send confidential legal documents. Clyde & Co. files were flying again.

Even volcanoes can’t stop Accellion.

Posted in Accellion, Cloud, Product, UK | No Comments »

Health Records on USB Stick found in UK Car Park

Wednesday, May 5th, 2010

Another day, another data breach.  The BBC reported today that a memory stick containing health records from a nearby secure hospital facility was found by a 12-year old boy in a supermarket car park in the UK.  The information contained records of violent patients from the Tryst Park severe mental health unit at Bellsdyke Hospital, along with information about staff.

This is really getting silly.  As a spokesperson from the health authority NHS Forth Valley said “We have clear policies in place on the safe use of portable data devices.”  It seems that these clear policies either:

  1. weren’t clear
  2. didn’t cover the Asda Car Park
  3. were ignored

As mentioned before in the Accellion Blog the best idea with portable flash devices and USB sticks is DON’T USE THEM to transfer sensitive information - file transfer via USB stick is not a good idea.  Abstinence in this case really does seem the best idea.  Accellion secure file transfer technologies make it possible to quickly, securely and efficiently transfer sensitive information thus avoiding creating headline news such as today’s.

Another side benefit of using secure file transfer, other than securing the transfer of files, is it makes staff more conscious of the handling of confidential information. Did the person who dropped the USB stick in the car park really mean to take the records to Asda, or did they just forget the USB stick was in their pocket, which just happened to have a hole in it? In the case of information security humans are often the weakest link.

Sometimes safeguards are just that, they guard people from their own mistakes.  So next time you visit the local supermarket check your pockets beforehand.

Posted in Accellion, Data Breach, Data Security, Healthcare, UK | No Comments »

Accellion and the iPad 3G – Getting To Know You

Monday, May 3rd, 2010

The first iPad 3G showed up at Accellion today, cause for celebration.   As the hour-old owner of the iPad in question, I opened up a Skype video chat to show it off to Acellionites far and wide.  But there was also cause for concern:  would people be able to use it to send Accellion links?  I quickly volunteered myself as the beta tester for this dicey mission.

It began easily enough.  Click the Safari icon in the lower left corner to open a web page on the iPad, and type in the URL of your favorite Accellion web interface.  From there, I logged in using my network credentials (ah, the magic of LDAP integration!).   Seeing the Send File page, I wondered:  who would be the lucky recipient?  Yes, it was the same victim of my Skype chat, our fearless Director of Channel Strategy, Sunita.Reddy@accellion.com.

All was going well until I got to the Select A File button, which did not want to seem to engage for me.  Was it pilot error, or did we have our very first iPad compatibility issue?  Not wanting to trigger a worldwide development alert, I decided instead to use the Request a File button on the Send File page, to allow Sunita to send a file back to me.  She confirmed receipt of my invitation, and we seemed back on track.

Good news followed, as I was able to bring up my Accellion GoogleMail account on the iPad, and saw a new email with a file in my inbox.  A click or two later, and Sunita’s latest presentation on a new Accellion product (sorry, top secret) was quickly downloading to the iPad.

Extending Accellion to new platforms has been a recurring theme during my five years at the company.  Stay tuned…..

David Cain
Vice President, Worldwide Channel Sales
Accellion, Inc.

Posted in Accellion, Email Attachments, UK | No Comments »

Police responsible for first UK data loss subject to new fines

Wednesday, April 21st, 2010

Last Friday was not a good day for the Gwent Police in the UK.  The personal information of 10,000 people was accidentally emailed by the Gwent Police to a journalist at The Register, resulting in the first major UK data loss since new fines were introduced by the UK Information Commissioner.

It was bad enough that a Microsoft Excel spreadsheet containing birth dates and criminal record checks was sent unencrypted and without password protection.  To accidentally include in the CC: field, the email address of a journalist at The Register turned this into a high profile data breach.  The Register email address was in the system because it had been used earlier for two unrelated Freedom of Information requests.

IT staff were immediately called in to tighten security measures to avoid similar incidents occurring in the future.  As a minimum that should include a secure file transfer system, content monitoring and filtering and data encryption.

While The Register has cooperated with Gwent Police in deleting the file they did not feel compelled to comply with requests not to mention this story.

Posted in Accellion, Data Breach, Data Security, Email Attachments, UK | No Comments »

Failing Grade For Student Data Breaches

Wednesday, March 31st, 2010

It’s not been a good week, or month, for protecting the personal information of students.  If it wasn’t bad enough having to take out a loan for college, 3.3 million students now discover that their student loan information has been stolen from Educational Credit Management Corporation as reported in eWeek yesterday.

Also this week, across the pond in the UK, 9,000 students had their personal information stolen from a Barnet Borough Council member’s home. In this case the information included not only names and addresses, but indicators for language, gifted and talented, and special education needs.  Based on the response by Barnet Borough Council to this data breach, it is safe to assume that the wisdom of storing such sensitive information on unencrypted CD-ROMs and USB memory sticks, is not being viewed as gifted or talented.

And then earlier in March there was the data breach at Vanderbilt University affecting 7174 students, and the Cal State University in Los Angeles data breach of math grades and SSNs for 232 students, and then the P2P breach at New Mexico State University that exposed 300 students SSNs.

It seems a rather cruel lesson to become a data breach victim even before you are out of school.  We started an initiative a couple of years ago to encourage educational organizations to provide secure file transfer capabilities for use by faculty and students and Help Prepare Digital Natives for the Workplace.  I’m happy to report that many universities have now deployed Accellion to protect the transfer of sensitive student information, and in the process are training a whole new generation about how to protect sensitive data.

If you handle student data and are concerned about your file transfer security grade report, please give us a call.  We are here to help.

Posted in Accellion, Data Breach, UK | No Comments »

Top 3 File Transfer Security Mistakes

Tuesday, March 9th, 2010

Thought it might be helpful to share our perspective on the Top 3 Security Mistakes related to File Transfer along with some tips on how to avoid them.  After all, staying out of trouble is half the battle.

Mistake #1  - Using P2P file sharing software at work.

Using P2P file sharing in the workplace is just not a good idea. Installing P2P file sharing on a work computer can get you into a heap of trouble by inadvertently exposing computer files externally. The FTC recently had to inform 100 organizations that personal customer and employee data was being shared on P2P networks.  Legislation is under review that would require stricter notifications on the security hazards of P2P file sharing.  The best advice here is to practice P2P workplace abstinence – don’t use P2P file sharing in the workplace.

Mistake #2 – Sending confidential information via an email attachment, USB stick or CD

Email attachments, USB sticks and CDs are not a secure means of file transfer. When sensitive information is sent unsecured then an organization is at risk for non-compliance with industry and government regulations including HIPAA, SOX, and GLBA.  Files containing confidential information need to be protected to avoid data breaches. USB sticks and CDs, can easily be misplaced or lost in transit as the UK Government discovered in 2009 when disks containing personal information on 25 million UK citizens went missing in the Royal Mail. Email attachments are not secure and do not provide the encryption required by HIPAA. If a file contains confidential information it needs to be sent via secure, encrypted channels.

Mistake #3 – Forgetting to cleanup files on un-secure FTP servers

Everyone knows that FTP is not the most user friendly business application, and cleaning up files previously uploaded to an FTP server probably ranks right up there in priority with cleaning out the lint from your trouser cuffs.  In the hands of business users, FTP servers become a security breach waiting to happen.  Files uploaded and left indefinitely on the FTP server, can result in many years worth of files sitting out on unsecured FTP servers.  Coupled with the commonplace sharing of FTP account names and passwords, FTP servers are often a weak link in an organization’s data security program.

The good news is that managed file transfer can keep you out of trouble in all these areas.

Posted in Accellion, Data Breach, Data Security, Email Attachments, FTP, P2P, UK | No Comments »

Shell Hit By Massive Data Breach

Wednesday, February 17th, 2010

The Register reported this week a massive data breach at Shell.  A contact database of 176,000 staff and contractors at Shell was copied and forwarded to activists and lobbyists.  The interesting twist to this data breach is that the contact database was reportedly emailed out on behalf of 176 “concerned staff”.  Investigations are already underway by the Chief Ethics and Compliance Officer at Royal Dutch Shell to get to the bottom of who downloaded and distributed this sensitive information but it certainly was not authorized.

While Shell is downplaying the confidentiality of the data that was stolen, this data breach raises important questions regarding the vulnerability of other data.  A contact  database for 176,000 contacts is no small file, so it will be interesting to learn what systems were used for downloading and distributing the data and what safeguards were or were not in place to prevent such a breach.

One thing is for certain, if Shell had a managed file transfer system in place they would have records of the who, what, where and when of every file transfer going out of the company.  It would be a good starting point in tracking down those responsible.

Posted in Accellion, Data Breach, Data Security, UK | No Comments »

Skipton Double-sided Printing Error leads to Data Breach

Wednesday, February 3rd, 2010

Another day, another data breach.  Double-sided printing error leads to data breach. Is this perhaps someone’s green initiatives gone too far?

A printing “error”, late January 2010, resulted in details of more than 3,000 customers of Skipton Building Society having their passbook account details printed on the back of other people’s statements, as reported in the Financial Times.  Now that would make reading a bank statement considerably more interesting than usual.

For those unfortunate Skipton customers it’s little consolation to hear that the company, the UK’s 4th largest building society, said the “details revealed were not enough to put customers at risk of fraud, as the accounts required a signature to make withdrawals.”  Given the sloppiness of signatures today, I sure hope the tellers are checking those signatures carefully.

Don’t get us wrong.  Double-sided printing is a wonderful thing – reducing paper usage by almost 50%, it saves money and the environment.  Unfortunately the savings go out the window when the double sided printing results in a data breach.  And while double sided printing does save paper, how about ditching the paper altogether, and sending the statements electronically via secure file transfer – now that’s a good idea.

Posted in Data Breach, UK | No Comments »

Climategate – Stolen Emails Found on Public FTP Server, Climate Research Unit in Hot Water?

Thursday, December 10th, 2009

The recent data breach at the Climate Research Unit at the University of East Anglia continues to pick up steam.  Emails, source code and data files related to climate change research recently appeared on a public FTP server as reported in The Register and now it’s become a public relations nightmare dubbed Climategate.

Climategate just happens to be the latest embarrassing leak of sensitive info – in this case it’s of global interest.  While we aren’t in a position to voice an opinion on climate change, we definitely have an opinion on unsecure FTP servers – they’re unsecure and leave sensitive data exposed for anyone to view.   If you are at an organization that stills uses FTP for sharing files and this story is making you a little uncomfortable, there’s still time to add FTP Replacement to your to-do list for your 2010 – we could even get you sorted out before year end, so you can sleep better over the holidays.

Posted in Data Breach, FTP, UK | No Comments »

Newer Entries »