| |
Are Your Company Laptops Secure? Not Likely
 To many organizations, the reality of having a company laptop stolen is their worst nightmare. Aetna, Fidelity Investments, and Ernst and Young have recently joined the long list of organizations whose security has been breached by the theft of an employee’s laptop. Oftentimes, these stolen laptops contain sensitive information on them such as employee or client Social Security numbers, information valuable to competitors, or compromising legal information.
You may be surprised to learn that laptop theft occurs most often from offices, or that approximately one-tenth of the data on stolen company laptops is properly encrypted, or that less than one-fifth of all stolen laptops are ever recovered. When one considers the type of information that is potentially on company laptops, combined with the security measures put in place by the average organization, the logical conclusion is that the risk is enormous. Thankfully, there are ways to mitigate the risk.
There are several measures that an organization can put in place to make the theft of a laptop less threatening. If an employee cannot save information locally (to the laptop’s hard drive) and can only save information to a network drive, or access email then a thief would have to have access to the organization’s network to get to any sensitive information. Furthermore, if the data is such that it can be encrypted (for example, columns of social security numbers or rows of addresses), a thief will have a hard time viewing any sensitive information. Strong password protection is advised, but is not a standalone measure. Finding a stolen laptop is possible via certain technology - CompuTrace Complete from Absolute Software, for example, uses installed software on your laptop to attempt to locate a stolen laptop when the thief connects to the Internet. CompuTrace Complete can also delete files, folders, or drives remotely after a theft.
top
The (Rising) Cost of Doing Business
 The rising costs of energy and gas have gripped the country yet again. Consumers are barraged with daily news reports of the apparent minute-by-minute climb in gas prices. However, few are addressing how consumers may be indirectly impacted. Businesses of all shapes and sizes are confronted with the same economic impact consumers are - the question for them, however, is whether or not to pass those costs along to their customers. A recent Federal survey suggests that even increasing consumer pricing may not help businesses recoup all of their gas and energy expenses and competition may actually limit them in doing so. Businesses may find themselves in further dire straits if consumers are forced to continue paying $3+ per gallon. Increased consumer energy expenses mean decreased income available for the purchase of other goods and services.
So what’s a business to do?
Consumers are urged to consume less: carpool, combine errands, take public transportation. The recommendations for businesses follow the same lines: move or close facilities, modify transportation expenses, enhance energy purchasing strategies. The question then becomes, what are the most practical solutions? The bottom line is, none of the options are ideal or can be swiftly implemented.
Despite the pinch felt by many consumers and businesses, economists maintain that, as a society, we’ve become quite accustomed to the higher prices, which bodes well for continued consumer spending and confidence. In addition, our day-to-day activities are less energy-intensive than they were 50 years ago and we’re still several dollars per gallon away from the all-time high reached in the early 1980s. The true economic impact of today’s energy pinch is likely yet to be seen.
top
In July 2005, the Electronic Privacy Information Center (EPIC) issued a complaint to the Federal Trade Commission (FTC), urging the Commission to undertake investigative efforts into online data-brokering services. At that time, EPIC identified at least one such service provider, Intelligent E-Commerce Inc., who advertises, obtains, and sells telephone records to their clients in violation of federal regulation. Further evidence suggested that such data brokers do little to validate their clients’ intent in obtaining this personal information. Since EPIC’s original complaint was filed, at least forty other online data brokers have been identified as additional potential violators. EPIC’s primary concerns included: violations of privacy through “the collection, use, dissemination of personal information,” the ability for criminals and identity thieves to obtain information for unlawful activity, and the potential compromise of personal safety.
Developments revealed through a congressional investigation recently indicated that it’s not just the unsavory would-be criminal who uses data brokerage services to obtain personal identification information, including landline and cellular telephone records. In fact, state and federal law enforcement officials have been implicated as well. While the US House Energy and Commerce Committee and its Oversight and Investigations Subcommittee continues to ferret who’s offering illegally obtained telephone records and who’s buying them, both the Senate and the House have legislation pending that would protect phone records and criminalize the unauthorized sale of such records.
Source: Electronic Privacy Information Center, Complaint and Request for Injunction, Investigation, and Other Relief In the Matter of Intelligent e-Commerce Inc. Available: www.epic.org/privacy/iei/ftccomplaint.html.
top
Quote: "An honest politician is one who, when he is bought, will stay bought."
-Simon Cameron (1799 - 1889)
Pretexting an Ethical and Now Legal Issue for Data Brokers
The demand for background checks is at an all-time high due to the realized value and awareness of security by organizations. The usefulness of such information in instances of potential hires, security assessments, or in investigations is invaluable. Unfortunately, some data brokers, or companies that claim to be able to provide personal information, such as phone records, credit card statements, or other personal information for a fee, have been using unlawful means to gather such information.
The Federal Trade Commission (FTC), in an attempt to curb the unlawful gathering of personal information, has recently charged several data brokers with unfair labor practices. The FTC asserts that many data brokers are using the method known as “pretexting” to gather personal information that is later sold as part of a background check or investigation. Pretexting is the acquisition of personal information, such as phone records, under false pretenses. Pretexting can include posing as a customer to a cell phone company, sometimes using false or stolen documentation, to acquire telephone or other records for the purpose of selling them to organizations, private investigators, or law enforcement agencies.
Pretexting data brokers are certainly the exception, not the rule, of the security and investigations field. To avoid becoming involved with unlawful data brokers, research the firm you are using for your background checks. A scrupulous broker will be able to tell you their methodology for providing their background checks and their reports will typically indicate the source of the information provided.
top
Personal Password Security
 Passwords serve as our first line of defense in the day to day fight against cyber thieves to protect confidential and proprietary information. One of the biggest obstacles we face in creating strong passwords is convenience. In addition to all of the day to day information we have to process, most of us have multiple computer passwords to keep track of as well. In the name of convenience, particularly so that one does not have to remember a host of different passwords, many computer users adopt an easy to remember password and then create derivatives of that password for other log ins. This password creating technique, quite frankly, is bad practice and not only compromises personal security, but also the security of others.
Weak and easy to decipher passwords can include a person’s name, company name, sports team, or names of family members. The use of common words, such as “summer,” or “password,” can be more readily subject to thieves who use a method of attack known as a “dictionary attack” (in this type of attack, all words in the dictionary are exhausted in an attempt to unveil the password). Numerical combinations such as “1234” are also easier to decipher compared to more complex numerical combinations that also include a combination of upper and lower case letters and special characters, such as “$%!.” Finally, and not surprisingly, a password that someone else knows or one that could reasonably be known to someone else is also feeble.
There are several simple ways to help protect yourself and your company’s confidential and proprietary information through a better password. According to Microsoft®, there are some basic steps that can be taken when crafting a strong password:
A strong password should:
- Be at least eight characters long, and the longer the better
- Be a phrase not found in a standard dictionary
- Include a combination of lower and upper case letters, numbers and symbols
- Be changed at least every 90 days and “unique,” or significantly different than previous passwords
To learn more about how you can strengthen your password security visit: http://www.microsoft.com/athome/security/privacy/password.mspx.
top
 Security News Headlines is written and distributed for the reading pleasure of our clients and friends. We encourage recipients to forward electronic copies (in original form) onto others. But please remember, the contents and all articles are copyrighted and the property of Business Controls, Inc. If you would like to cite or use our material for personal or commercial purposes please contact us first. Thank you.
top
Want a Customized Electronic Newsletter for Your Organization?
 Now you can market your products, services and ideas with a customized professional electronic newsletter just like this one. The means to affordably communicate with your customers, clients or team members has never been easier. Our IT and design team will help you select a design and color scheme that suits your needs. Your customized monthly newsletter will display your organization's name, logo, address and phone number. Each issue will contain at least five topical articles professionally written by our editors. We can even add articles, messages and news releases contributed by you or your organization. Hyperlinks to your Website and automated subscribe and unsubscribe feature are included. We will even distribute the newsletter for you to your list of subscribers. To receive your own customized electronic newsletter, call Brad Mathers at 800.650.7005 or visit www.SecurityNewsletters.com today!
top
|
|
