Archive for Employee Security
Found USB Drive in Parking Lot
Posted by: | CommentsI was recently told of a story of an incident that happened a few weeks ago. However, this is not the first time I have heard the tale. An employee is walking through the parking lot and finds a USB stick on the ground. Fearful that it might be important information of a colleague, the employee picks up the stick and takes it back to his office. To determine who is the owner, the employee inserts the drive into his computer and opens up the folders thinking that its contents will identify the owner.
WAM – the entire company’s network is infected with a new virus that the anti-virus program did not recognize.
The dropping of virus seeds in the way of USB drives is a very common attack. Drives are left in corporate lobbies, doctor’s offices, parking lots, restaurants, any place where people gather. The thieves are counting on Good Samaritans to help their follow man or woman.
Employers need to inform their employees of the following procedures:
1. If they find a USB drive never have them put it into their computer
2. They should give the drive to IT to determine what they want to do with it.
3. If there is no IT dept either drob the drive into the garbage or first smash it with a hammer before dropping it into the garbage.
4. Don’t worry that someone will loose important data. They probably have backup and if they don’t they soon will; and if there was confidential data on the device you just saved the company’s customers from a data breach.
Medical ID theft is nothing to sneeze at
Posted by: | CommentsBelow is a report from the Smart Card Alliance on Medical Identity Theft. While the info is staggering the walk away points for me is the migration to PHRs, EHRs and HIEs. Security has to start at the very beginning and that is where a secure token and password manager combination work well together.
Medical Identity Theft in Healthcare
Publication Date: March 2010
While identity theft is a global issue that garners much media attention, most do not realize that medical identity theft is a serious and growing threat. Many authorities consider medical identity theft one of the fastest growing crimes in America. With the Read More→
Technology Companies Must Incorporate Security Engineers
Posted by: | CommentsAll technology developing companies must incorporate security engineers before bringing new products to market. Anything less is just plain irresponsible and greedy. It pains me to criticize my fellow technology brethrens, but privacy theft has to be stopped. Read More→
It’s 10pm, do you know where your PII is?
Posted by: | CommentsThe federal government recently published a guide on protection Personal Identifiable Information (PII). There are two aspects to PII that every company must be aware of:
1) What information information is considered confidential, &
2) Where this information is stored in the company. Read More→
Tufin Survey Finds One in Six New York Teenagers Hack — And Rarely Get Caught
Posted by: | Comments(NOTE from the IDProtectionExpert: Here is an article that I wanted to share. The teenage hacker is alive and well.)
Ramat Gan, Israel, April 14, 2010: Tufin Technologies, the leading provider of Security Lifecycle Management Solutions, today announced survey results that reveal the hacking habits of 1000 New York City teenagers. Exactly half (50%) of US kids sampled revealed they’d had their Facebook or email account hacked, which may explain why 75% feel hacking is wrong and 70% think it should be considered a criminal offense. However, 39% of the teens surveyed think hacking is “cool” and 16%, or roughly one in six, admitted to trying their hand at it. Only 15% of the entire sample has either been caught or knows someone who has – particularly disturbing considering 7% of young hackers reported they did so for money and 6% view it as a viable career path. Read More→
Twitter, Facebook, etc. Cyber Terrorism
Posted by: | CommentsPhishing and Shear phishing emails from unknown babes and beef cakes want to frined you and they want you to click on the link to add. These people are trying to place a virus on your computer.
Don’t friend these people.
A tip off is you see how many people are following them it usually a very low number. You also want to be sure you have a strong anti-virus program to protect your computer.
Be careful of who you friend and if you don’t know them or they are not part of your circle don’t accept them. And no matter what don’t click onto any of their links or pictures.
Employees Cause Data Security Breaches – Not Malware
Posted by: | CommentsWhen business owners look around their office and see how sensitive documents are handled it is no wonder that the weakest security link is the employee. But it is not always the employee’s fault since they have never been trained or given the security tools to protect data.
A Symantec report says that most breaches at small to midsize businesses are caused by people, not malware. Click here to read the entire article.
Look at all the four vulnerability point: Building – Employee – PC – Network and start implementing training, policies and solutions that are inexpensive and work.
FTC – A Business Guide to Protecting Data
Posted by: | CommentsThe Federal Trade Commission (FTC) offers many training documents to help businesses understand how to protect themselves from identity theft and data breaches. Since they are also the main government arm that fines businesses after a data breach, it is great that they also helping to avoid their wrath.
Recently they produced an online video chocked full of basic information that hits on many of the same topics we at IDProtectionExpert.com discuss. Click the link below to view their training video and then come back and listen to what our different experts have to say on specific areas.
Reg Flags are Coming! Red Flags are Coming!
Posted by: | CommentsEnforcement of the “Red Flag Rules” starts May, 1st 2009. The Red Flag Rules specifies that “financial institutions and creditors” protect an individual’s personal information from identity theft by raising a “red flag”. The companies must establish policies and procedures to recognize, detect, and respond to an identity theft attack. However, the scope of who has to comply may be larger than originally thought. Read More→
Security Talk #9 – Privacy Laws
Posted by: | CommentsSandy Ingrim, CEO of SmallBizPrivacy (www.smallbizprivacy.com):
Sandy discusses some of the more common employee security flaws and what the new privacy protection laws mean. This interview is intended for all business owners and executives who need to understand some basic security principles to create policies and procedures for their company. 
