Posted: February 12th, 2010 | Author: Richard | Filed under: Data Security, Government | Tags: Data Loss Risk, Government, Security | No Comments »
A new rule, approved by the Secretary of State for Justice and expected to come into force on 6th April 2010, will enable The Information Commissioner’s Office (ICO) to issue fines of up to £500,000 for serious data security breaches.
This new power is in no doubt a reaction to several high profile data losses from large organisations including the DVLA and the Ministry of Defence.
With an enormous amounts of personal data stored and processed online, Christopher Graham, the Information Commissioner, said he hoped the penalty would encourage companies to comply more closely with the Data Protection Act.
“These penalties are designed to act as a deterrent,” he said in an official press statement.
“I remain committed to working with voluntary, public and private bodies to help them stick to the rules and comply with the Act. But I will not hesitate to use these tough new sanctions for the most serious cases where organisations disregard the law.”
Under the most recent Act of 1998, data can only be used for the purposes for which it is collected and cannot be given to others without the consent of the individual.
Posted: November 27th, 2009 | Author: Richard | Filed under: Data Security | Tags: Access, Data Loss Risk, Security | No Comments »
According to the ‘the global recession and its effect on work ethics’ survey by Cyber-Ark, 48 percent of respondents admitted that they would take company information with them if they were dismissed tomorrow.
A third of workers would steal data to help a friend get a job while 13 per cent would take access and password codes.
Of the respondents, 39 percent would download company information if they found that their job was at risk and 25 percent said that the recession has meant that they feel less loyal towards their employer. Alarmingly, 13 per cent would take access and password codes to allow access to the network once they’ve left the company and continue downloading information.
Cyber-Ark claimed that the recession is creating camaraderie amongst workforces, at the expense of their employers as 41 per cent confessed to have already taken sensitive data with them to their new position, whilst a third would pass on company information if it proved useful in getting friends or family a job.
The most desired information was customer and contact details for 29 per cent of respondents, then 18 per cent said that they would steal plans and proposals. Eleven per cent would take product information.
If we are to take anything out of this report, it is that organisations need to be open to make improvements to how they control and monitor access to vital business systems, even by those at the highest levels.
Posted: November 27th, 2009 | Author: Richard | Filed under: Data Security, Government | Tags: Access, Data Loss Risk, harmful media, Security | No Comments »
New research from IDC and security vendor RSA, that included 400 top level executives, revealed that organisations are more likely to suffer from accidental data security leaks than malicious insider attacks.
The research shows that the accidental data leaks often cause more damage than insider attacks; giving reason to doubt the traditional assumption that theft is the highest cause. Most security leaks are accidents that occur simply when employees do not follow correct security protocol or misuse information accidentally.
The firms that participated in the poll reported that accidental data loss accounted for 6,244 of incidents; unauthorized people receiving privileged access to data resulted in 5.794 incidents of risk, and malware attacks that came from within the firms accounted for 5,830 incidents.
Posted: September 29th, 2009 | Author: Sai | Filed under: Webinar | 1 Comment »
Welcome! You have arrived at the website page to register for the free “I Give In to Sin (No More)” webinar that will be presented by CurrentWare on October 15, 2009.
The “I Give In to Sin (No More)” webinar will demonstrate how the use of suitable Internet and Endpoint Security solutions can help to control employee abuse of the Internet, along with restricting the use of unauthorized portable storage devices at the workplace. The webinar will be particularly useful to network administrators and IT managers in corporate, educational, healthcare and government institutions.
We will be highlighting three CurrentWare tools:
BrowseControl - Internet restriction
BrowseReporter - Internet monitoring
AccessPatrol – Portable storage security
Please respond to all the questions (mandatory) below no later than 12:01 a.m. (PST) October 14, 2009 and details about accessing the webinar will be emailed to you. You may attend one of the following “I Give In to Sin (No More) webinar live on :
- October 15th, 2009 at 9:00 a.m. (PST), or
- October 15th, 2009 at 12:00 p.m. (PST)
If you can’t attend, you can visit the link anytime on October 16 or thereafter and access a recording of the October 15 webinar.
Please note that the winner of the raffle will be announced On Oct 16, 2009. An email will be dispatched to the winner of the contest.
Please complete the below template and answer the contest question. Respondents of the correct answer will qualify to enter a raffle to win two tickets to one of Depeche Mode’s “Universal World Tour” concerts in 2009 or 2010.
SIGN UP NOW FOR THE WEBINAR
Please complete the below template and answer the contest question to sign up for the Currentware Webinar. Respondents of the correct answer will qualify to enter a raffle to win two tickets to one of Depeche Mode’s “Universal World Tour” concerts in 2009 or 2010.
You will receive an email upon submitting the form. Thank you.
Contest Rules:
- Prize will be 2 tickets to a Depeche Mode concert.
- Prize does not include any transportation cost
- Prize is eligible only to the participants that attend the webinar.
- Winner will be announced at the end of the second webinar session on Oct 15, 2009.
- The winner will be notified by e-mail. It is the sole responsibility of the individual who entered the contest to acknowledge the e-mail and claim the prize within thirty days. Once a winner has been contacted we will discuss suitable concert date and location.
- Currentware reserves the right to have the final say on the concert date, location and type of seat.
- Currentware reserves the right to disqualify any entrant trying to tamper with contest submission process and/or disqualify any entrant violating these rules and regulations.
Posted: September 16th, 2009 | Author: Richard | Filed under: Data Security, Government | Tags: Data Loss Risk, Government, harmful media, Security | No Comments »
A USB stick infected with malware brought Ealing council to it’s knees for several days after a town hall employee plugged it in to a work computer.
Despite the use of anti-virus software, the virus spread through Ealing council’s IT network, preventing the use of phones and making it impossible to process payments and fines for nearly a week.
On top of this delay, parking tickets worth £90,000 had to be cancelled, £14,000 was spent on on clearing housing benefit claims, the library service lost £25,000 as it could not issue fines or booking fees, and council property rent could not be collected.
Total costs are estimated to exceed £500,000 in lost revenue and system repairs.
A council report said:
“At the point the memory stick was plugged in the virus attacked the host PC.
It blocked connections to anti-virus and Microsoft Support websites and attempted to establish connections with 500 internet sites chosen at random from a selection of 25,000 seeking instructions from its author, and sought to also contact other similarly infected PCs that it could find.It then started propagating itself across the Ealing network.”
Bhav Lakhani, Operations Director at the international software distribution company Codework observed that;
“This unfortunate incident highlights the increasing dangers usb sticks and other endpoint devices pose and emphasises the importance of having a sound security strategy in place”
A council spokesman said: “The council acted immediately to protect all data and ensure that essential frontline services could continue.”
Posted: August 10th, 2009 | Author: Richard | Filed under: Internet, Internet Restriction, Web Monitoring | Tags: Block websites, Control, Internet, Internet Restriction, Restriction, Social Networking, Web Monitoring | No Comments »
It is increasingly important for companies to effectively communicate their web at work policy to everyone in the organisation to ensure safe and productive browsing and to avoid confusion.
Firms have generally become more relaxed about the personal use of IT at work, as the costs of supplying internet and PCs have come down. They should be reasonable in setting rules and communicate them effectively to employees, Netsafe executive director Martin Cocker says.
“Many companies are saying, `Yes, you can use Trade Me, but only in your lunch break’.”
However, Sarah Trotman, managing director of business network Bizzone, says businesses have become stricter about employees using social networking sites at work.
Firms are often finding that employees are “twittering” or blogging on behalf of the business without their knowledge, and employees are often more clued up about social networking sites and the web than business owners.
“It has become more challenging to control the amount of information going out about their own business.”
Mr Cocker says surveys have shown small and medium-sized businesses often have incomplete IT policies and security.
This was highlighted by the Safe Air email controversy. An employee at the Woodbourne aviation engineering firm was dismissed for sending 425 lewd emails at work over a six-month period, but the Employment Relations Authority ordered Safe Air to reinstate the worker, since he was unclear about acceptable standards for IT use.
Posted: August 4th, 2009 | Author: Sai | Filed under: How-to | No Comments »
The IP address is the unique network identifier for your computer. You will need to know what your IP address is if you want your computers to communicate.
To obtain the IP address from a Windows computer, follow the steps below:
- Go to Start Menu > run > type in CMD
- In command prompt, type in ipconfig
- Look for the IP address field. It is usually in the following format: XXX-XXX-X-XXX
Posted: July 29th, 2009 | Author: Meha | Filed under: Data Security | No Comments »
Ever since the start of the credit crunch, security people have been warning that workers could be tempted into crime. Now a survey of 600 London commuters appears to confirm those fears.
Asked whether they would consider selling their company secrets to a stranger, more than a third of the commuters (37%) said they would hand over the information for the right price.
For 63% of that group, the price would need to be vast, but others were more easily bribed. Ten percent of them would do it if their mortgage was paid off; 5% would do it for a paid holiday; 4% for clearing their credit card debt; and 5% for a new job. In 2% of cases, the promise of a slap-up meal would be enough to persuade them to hand over confidential information.
But when asked about disclosing credit card information, higher standards prevailed, with 80% saying they would not reveal that kind of information at any price.
The survey found that employee loyalty has changed, too, with a third saying they felt a lot less loyalty to their employers than a year ago. But 5% maintained they were more loyal because they had job security.
The commuters, who were interviewed last week at a number of central London railway stations, claimed to have access to a variety of important information in their jobs, including customer databases (83%); business plans (72%); accounting systems (53%); human resources databases (51%); and IT administration passwords (37%).
To find more information on how you can secure your network see AccessPatrol. Alternatively contact us for more information.
Posted: July 29th, 2009 | Author: Meha | Filed under: Data Security, Government | Tags: Data Loss Risk, Security | No Comments »
HSBC, Britain’s biggest bank, has been fined £3m by the financial regulator for failing to protect customers’ confidential details after data was lost in the post on two occasions. Three companies belonging to the bank’s insurance division have been fined by the Financial Services Authority after it found that large amounts of unencrypted customer details had been sent via post or courier to third parties. Confidential information about customers was also left on open shelves or in unlocked cabinets and could have been lost or stolen.
The failings date back to April 2007, when HSBC Actuaries, a division of the bank, lost an unencrypted floppy disk in the post, containing the personal information of 1,917 pension scheme members, including addresses, dates of birth and national insurance numbers. Later in February 2008, HSBC Life, another division, lost an unencrypted CD containing the details of 180,000 policyholders in the post. The confidential information on both disks could have helped criminals to steal customers’ identities and commit financial crime. The FSA fined HSBC Life £1.61m, HSBC Actuaries was fined £875,000 and HSBC Insurance Brokers was fined £700,000.
Margaret Cole, director of enforcement at the FSA, said:“These breaches are very disappointing. All three firms failed their customers by being careless with personal details which could have ended up in the hands of criminals.
“It is also worrying that increasing awareness around the importance of keeping personal information safe and the dangers of fraud did not prompt the firms to do more to protect their customers’ details.
Clive Bannister, group managing director of HSBC Insurance, said the group regretted the incident:
“Keeping our customers’ data confidential and secure is vitally important to everyone at HSBC,” he said.
“We have implemented even more rigorous systems, better checks and more training for our people. We believe our customers can have confidence that we are doing everything we can to protect their privacy.”
The data loss by HSBC is not the first time that data have gone missing from financial institutions and government departments. In November 2007, the government admitted that it had lost two CDs containing details of 25m child benefit records.
Another bank, HBOS, now owned by Lloyds, apologised to more than 60,000 mortgage customers in June 2007 after private information about them was lost in the post. The FSA takes any loss of data seriously.
In the past it has fined Nationwide, the building society, £980,000 for lapses in information security procedures after a laptop containing sensitive customer information was stolen from an employee’s home.
Norwich Union, part of Aviva, was fined £1.26m for not having effective controls in place, enabling fraudsters to obtain customers’ details and cash in £3.3m of policies.
A report issued by the regulator last year found that many financial services firms still had lax attitudes toward their customers’ private information, despite the series of high-profile incidents.
Posted: July 27th, 2009 | Author: Richard | Filed under: Internet, Internet Restriction, Web Monitoring | Tags: Block websites, Control, Internet, Internet Restriction, Social Networking, Web Monitoring | 2 Comments »
Facebook at work amounts to social “not-working”, according to a new survey that shows employee productivity is hit by people socialising on the internet during office hours.
A new study by Boston IT advisory firm, Nucleus Research found that, companies that allow users to access Facebook in the workplace lose an average 1.5% in total worker productivity.
Nearly half of employees in the recent social net-working study use Facebook during work hours some as much as two hours per day. The average worker uses it for 15 minutes a day, and most couldn’t come up with a legitimate “business reason” for logging on.
The survey of 237 employees also showed that 77% of workers who have a Facebook account use it during work hours. And “some” employees use the social networking site as much as two hours a day at work, the study found.
Do you think blocking social networking sites is a good idea?
To restrict Facebook access at work see BrowseControl. Click here for a free trial or feel free to contact us to discuss your requirements.
