Business News Holding

Tag: data-loss

  • Verizon to Offer New Encryption Services For Small and Medium-Sized Businesses

    Verizon is expanding its encryption service to cover documents and e-mail and launches new services for small and medium-sized businesses.

    Encrypted Docs enables the user to encrypt files and folders and determine who can access, read and write to the file or folder, enforcing privacy policies. As a result, important data – such as intellectual property, customer records, contracts, human resource files and highly sensitive negotiations – can be safeguarded via encryption.

    According to the company, e-mail encryption and newly added data encryption services will help prevent privacy leaks, unauthorized access and help keep documents private in case of theft or loss.

    Verizon Encrypted Mail service, which has been available since December 2005, verifies and authenticates that the message has not been altered, allows it to be opened only by the intended recipient, and allows users to lock e-mail that they receive so it cannot be viewed by others.

    Both services, available through the privacy packages (such as Data Protection Paks) offered by Verizon, are based on PKI, X.509 and S/MIME encryption standards.

    The company claims the services are best suited for businesses that have to comply with government regulations, and businesses that have employees who work at remote locations, where data should be kept private at all times to prevent loss or theft.

    "Typically, small businesses do not have the IT staff of large enterprises to manage the complexity involved with encryption services," said Mark Grosso, senior manager of business security products for Verizon.

    "Verizon is like a SMB’s CIO, offering small and medium-sized businesses an affordable, cost-effective suite of important Internet security services such as anti-virus protection, a remote backup and storage solution, and encryption services that will help ensure safeguarding the privacy of business’ data at every level. Plus, we offer our SMB customers 24 x 7 technical support," he added.

    How it works?

    For the encryption service, a user registers and downloads one plug-in for Encrypted Mail and Encrypted Docs. Before sending an e-mail message, users just click on the "Secure" button on their toolbar, and their message – along with any attachments – is immediately encrypted, digitally signed and sent to the recipient. If the recipient is another registered Encrypted Mail user, the user can open the message after entering his or her password.

    See a demonstration of Encrypted Mail here, and Encrypted Docs here.

    According to Verizon, the most robust privacy package is Data Protection Premium. Starting at $9.99 per month, it includes Encrypted Mail and Encrypted Docs together with the Verizon Internet Security Suite for Internet protection of up to 3 PCs, plus Online Backup and Sharing. This offer combines data encryption services with anti-virus, firewall, anti-spyware, fraud protection and content management, plus online storage and much more, whether in the office or on-the-go.

    "An organization needs to address its IT security at every layer, Grosso said. "While cost cutting is what all companies – particularly, the smaller ones – strive for these days, it’s important to not cut privacy solutions. That’s a surefire way to kill a business."

  • HSBC Fined $5.2 Million in UK for Data Loss


    Three units of HSBC Group have been fined GBP 3.185 million (USD $5.2 million) by Britain’s financial regulator for failing to protect consumer data from loss or theft.

    The Financial Services Authority (FSA) said all three firms had been warned by HSBC Group Insurance’s compliance team about the need for robust data security controls in July 2007.

    But in February 2008 an unencrypted CD containing the details of 180,000 policy holders was lost in the post.

    The FSA said HSBC Life UK Ltd was fined GBP 1.61 million, HSBC Actuaries and Consultants Ltd was fined GBP 875,000 and HSBC Insurance Brokers Ltd was fined GBP 700,000.

    HSBC said that no clients had reported losses as a result of these failures.

    It said it found that large amounts of unencrypted customer data had been sent by post or courier to third parties.

    Confidential information about customers was left on open shelves or in unlocked cabinets, and staff were not given sufficient training on identifying and managing risks like identity theft, the regulator said.

    Margaret Cole, the agency’s director of enforcement, said all three firms failed their customers by being careless with personal details which could have ended up in the hands of criminals.

    "It is also worrying that increasing awareness around the importance of keeping personal information safe and the dangers of fraud did not prompt the firms to do more to protect their customers’ details," she said.

    The largest previous fine for data protection failures was the GBP 1.26 million pounds assessed against Norwich Union.

    HSBC said it had contacted customers who were potentially affected, and said 33,500 employees had received data protection training.

    "We hold ourselves to the highest standards, but it is clear that in these instances we have fallen short, which we sincerely regret," said Clive Bannister, group managing director of HSBC Insurance.

  • Kroll Survey: Employees Are "Wildcard" In Data Storage Practices


    While implementing data storage policies that mandate where company files are to be stored is a popular data-protection measure, employees are not necessarily complying.

    This is leaving organizations vulnerable to data loss, according to a survey.

    Kroll Ontrack found that 40 per cent of individuals surveyed said their companies had a policy regarding where data should be stored.

    However, the survey results also revealed that 61 per cent of respondents "usually" save to a local drive instead of a company network.

    While the risks associated with saving to a local drive could be minimized with an external backup drive or backup software, 44 per cent of respondents said that their preferred storage location was not backed up.

    Jeff Pederson, manager of operations for Ontrack Data Recovery, said saving to a local hard drive on a desktop or laptop more often than not contradicts data storage policies.

    He said regulations usually require employees to save to a network folder.

    "With the majority of employees saving to unprotected, local drives, companies could be at risk for losing anything from project plans and spreadsheets to customer data and financial information," he said.

    Pederson added that having guidelines to save documents to a network better ensures employee data is regularly backed up in accordance with company data retention procedures – and reduces the chance of data loss.

    Brian Lapidus, chief operating officer of Kroll’s Fraud Solutions, a practice of the Background Screening division, said the survey results confirmed its findings.

    "Employees are the wild cards in policies and procedures, he said.

    "Companies must ensure that employees receive ongoing education to understand the risk of actions that do not follow the plan."

    To help businesses avoid losing critical data, Ontrack Data Recovery specialists recommend that companies have a clear, well communicated data storage policy in place for their employees.

    Companies should also ensure that data recovery is included in their overall disaster recovery or business continuity plan.

    To this end, they should identify and partner with a data recovery provider that is able to quickly respond to any type of data loss scenario.

    Pederson said the survey showed that data storage polices do not necessarily safeguard a vast quantity of critical company data.

    "This fact, coupled with the vast number of information-oriented regulations that have been enacted reinforces that companies need to be prepared to respond to data loss at the individual-employee level," he said.

  • Data Loss Stats Testament To Poor Security


    Less than a fifth of consumers regularly back up data on PCs, according to security solutions firm Webroot.

    Its latest research report, “State of Internet Security: Protecting Your Digital Life”, also shows that nearly one in five users had never backed up their personal files.

    The primary reasons cited for not backing up were forgetting that it doesn’t happen automatically and that it takes too long.

    Webroot’s report says that PC users are storing vast amounts of personal, professional and financial data on their home computers – and 46 million users lost some, if not all, of their valuable data last year because it was left vulnerable to hardware failure, software corruption and human error.

    It concludes that while 98 per cent of PC users surveyed have antivirus protection on their computers and 95 per cent use firewall protection, few have safeguards in place for their data.

    Paul Lipman, Webroot’s senior vice president and general manager of the Desktop Business Unit, said the focus of PC security had traditionally been on protecting the computer, and not the data stored on it.

    "But it’s the precious personal files – digital photos, music and financial records – that cannot be replaced if they are lost,” he said.

    “Based on our research, nearly 90 people per minute experienced some loss of personal data last year.”

    According to the Webroot report, the average home PC user has nearly 2,000 digital photos and nearly 2,500 digital music files on their computer.

    Loss of family photos was the number one concern reported, followed by loss of financial information, text documents and work projects.

    Webroot has published suggestions for protecting valuable files, including usinge automatic online backup, not relying on free sites to archive digital photos and backing up laptops and mobile devices.

  • CEOs Must Take Responsibility For Data Breaches


    A rapid rise in losses from giant databases highlights the need for tougher sanctions to deter such security breaches, according to a privacy watchdog.

    The UK’s Information Commissioner’s Office (ICO) is also calling on chief executives to take responsibility for the personal information their organisations hold.

    The number of data breaches reported to the ICO has soared to 277 in the past year.

    New figures, released today by the ICO, include 80 reported breaches by the private sector, 75 within the National Health Service and other health bodies, 28 reported by central government, 26 by local authorities and 47 by the rest of the public sector.

    The ICO is investigating 30 of the most serious cases.

    Richard Thomas, the Information Commissioner, said information can be a toxic liability and that accountability rests at the top.

    He said CEOs must make sure their organisations have the right policies and procedures in place.

    "It is alarming that despite high profile data losses, the threat of enforcement action, a plethora of reports on data handling and clear ICO guidance, the flow of data breaches and sloppy information handling continues," he said.

    "We have already seen examples where data loss or abuse has led to fake credit card transactions, witnesses at risk of physical harm or intimidation, offenders at risk from vigilantes, fake applications for tax credits, falsified Land Registry records and mortgage fraud.

    "Addresses of service personnel, police and prison officers and battered women have also been exposed. Sometimes lives may be at risk."

    Describing these breaches as "serious and worrying", Thomas said this was especially so because personal information is now the lifeblood of government and business.

    He said that as a result data protection has never been more important.

    "It is time for the penny to drop. The more databases that are set up and the more information exchanged from one place to another, the greater the risk of things going wrong," he said.

    "The more you centralise data collection, the greater the risk of multiple records going missing or wrong decisions about real people being made.

    "The more you lose the trust and confidence of customers and the public, the more your prosperity and standing will suffer.

    "Put simply, holding huge collections of personal data brings significant risks."

    Earlier this year, the UK Parliament decided that the ICO should have the power to impose substantial penalties for deliberate or reckless breaches.

    The ICO is working with the government to ensure this measure is implemented as soon as possible.

    It hopes that the threat and reality of substantial penalties will concentrate minds and act as a real deterrent.

  • No Black Hole for CERN Data

    The largest scientific instrument on the planet will produce roughly 15 Petabytes (15 million Gigabytes) of data annually when it begins operations

    System crashes and the ensuing data loss may be most IT managers’ idea of the end of the world.

    Yet spare a thought for the folk running the LHC Computing Grid (LCG) designed by CERN to handle the massive amounts of data produced by the Large Hadron Collider (LHC).

    Many people believe the USD $4bn energy particle acclerator, which crisscrosses the border between France and Switzerland, is a Doomsday Machine that is going to create micro black holes and strangelets when switched on tomorrow.

    While that is, hopefully, pure fantasy what is more of a nightmare is how to deal with the colossal amounts of data that the 27km-long LHC is going to produce.

    The project is expected to generate 27 TB of raw data per day, plus 10 TB of "event summary data", which represents the output of calculations done by the CPU farm at the CERN data center.

    The LHC is CERN’s new flagship research facility, which is expected to provide new insights into the mysteries of the universe.

    It will produce beams seven times more energetic than any previous machine, and around 30 times more intense when it reaches design performance, probably by 2010.

    Once stable circulating beams have been established, they will be brought into collision, and the final step will be to commission the LHC’s acceleration system to boost the energy to 5 TeV, taking particle physics research to a new frontier.

    CERN director general, Robert Aymar, said: “The LHC will enable us to study in detail what nature is doing all around us.
    “The LHC is safe, and any suggestion that it might present a risk is pure fiction.”

    Originally standing for Conseil Européen pour la Recherche Nucléaire (European Council for Nuclear Research), CERN was where the World Wide Web began as a project called ENQUIRE, initiated by Sir Tim Berners-Lee and Robert Cailliau in 1989.

    Berners-Lee and Cailliau were jointly honored by the ACM in 1995 for their contributions to the development of the World Wide Web.

    Appropriately, sharing data around the world is the goal of the LCG project.

    Since it is the world’s largest physics laboratory, CERN’s main site at Meyrin has a large computer center containing very powerful data processing facilities primarily for experimental data analysis.

    Its mission has been to build and maintain a data storage and analysis infrastructure for the entire high energy physics community that will use the LHC.

    And because of the need to make the data available to researchers around the world to access and analyse, it is a major wide area networking hub.

    The data from the LHC experiments will be distributed according to a four-tiered model. A primary backup will be recorded on tape at CERN, the “Tier-0” center of LCG.

    After initial processing, this data will be distributed to a series of Tier-1 centers, large computer centers with sufficient storage capacity and with round-the-clock support for the Grid.

    The Tier-1 centers will make data available to Tier-2 centers, each consisting of one or several collaborating computing facilities, which can store sufficient data and provide adequate computing power for specific analysis tasks.

    Individual scientists will access these facilities through Tier-3 computing resources, which can consist of local clusters in a University Department or even individual PCs, and which may be allocated to LCG on a regular basis.

    A live webcast of the event will be broadcast tomorrow. What are your thoughts on LHC – will it reveal the secrets of the universe or a gaping black hole?