Archive for January 15, 2010

RB | January 15, 2010
No comments

Paper Based Data Breaches Growing

Brian Krebs at the Washington Post’s Security Fix points out that paper-based data breaches on the rise. Krebs cites statistics for the Identity Theft Resource Center , a San Diego based nonprofit which says at least 27 percent of the data breaches disclosed publicly in 2009 stemmed from collections of sensitive consumer information printed on paper that were lost, stolen, inadvertently distributed or improperly disposed of.

The ITRC has logged 125 paper breaches of the 463 incidents  they recorded in 2009. These breaches were across all sectors, with businesses having the most followed by the government sector.

“Computers were supposed to take us to a paperless society, yet computers probably create more paper than before we had them, because now we want a hard copy as well as what’s on the computer,” ITRC co-founder Linda Foley told Security Fix. “It’s a double danger of course, because paper – especially when it’s just tossed in a dumpster somewhere – is not like data on a hard drive. It’s ready to use, it often contains the consumer’s handwriting and signatures, which can be very useful when you’re talking about forging credit card and mortgage applications.”

Stuart Ingis, a partner with the law firm Venable LLP in Washington, told Security Fix that many clients he deals with strictly speaking do not have a legal obligation to report paper-based breaches, but that most of his clients err on the side of caution.

Experts say that paper data breach  incidents come to light in large part due to a proliferation of state data breach notification laws. Some 45 states and the District of Columbia have enacted laws requiring companies that lose control over sensitive consumer data such as Social Security or bank account numbers to alert affected consumers, and in some cases state authorities. Concerned about the mounting costs of complying with so many different state breach regulations, businesses often find it easier and cheaper to adhere to the strictest state laws. The current federal data breach notification proposals will preempt state measures and will allow paper-based breaches to go unreported because they would require notification only when data stored electronically is lost or stolen and are largely silent on paper breaches. Only Massachusetts and North Carolina currently require notification whether the data breached is in electronic or paper form.

rb-
When we talk to clients about information security and not just information technology security, we ask them to consider that lost paper documents are just as damaging to a company’s reputation should they get into the wrong hands as electronic data stored in an Excel spreadsheet or database server? But data on paper is just another form of data that needs to be protected by information security policies.

Category: Security | Tags: , , ,
RB | January 6, 2010
No comments

Digital Dinner’s Debut

The Fluid Interfaces Group at MIT has developed a “personal food factory.” The scientists have created prototype 3D printer that stores, mixes, deposits, and cooks layers of ingredients that will rival your grandmother’s multi-layered lasagna according to Globalspec. The project called Cornucopia is a concept design for a personal food factory that brings the versatility of the digital world to the realm of cooking.

MIT says Cornucopia’s cooking process starts with an array of food canisters, which refrigerate and store a user’s favorite ingredients. These are piped into a mixer and extruder head that can accurately deposit elaborate combinations of food. While the deposition takes place, the food is heated or cooled by Cornucopia’s chamber or the heating and cooling tubes located on the printing head. This fabrication process not only allows for the creation of flavors and textures that would be completely unimaginable through other cooking techniques, but it also allows the user to have ultimate control over the origin, quality, nutritional value and taste of every meal.

rb-

Will work for food

Category: Fun, Hardware | Tags: , ,
RB | January 2, 2010
No comments

Personal Laptops at Work?

CIO.com is reporting on a recent survey by Gartner which claims that 10% of a firms notebook computers are employee owned.  The research firm says that companies are starting to let employees use privately owned notebook computers for work purposes, according to a  survey of 500 IT managers in the U.S., U.K. and Germany and the IT managers said they expect that percentage to creep higher next year.

Gartner says that some employees like the trend because it means they can have more-powerful notebooks and newer designs than their companies’ IT departments provide. The survey found that 47% of workplaces have banned employee-owned PCs, 43% have policies that allow the use of employee-owned PCs for work-related purposes, and 10% have no policy on the matter.

Gartner believes this trend is popular with employers because of cost. When employees bring their own hardware to work, and the employer doesn’t pay for it or maintain it.

rb-

Who was Gartner interviewing? What firm that is regulated ( SOX, PCI, HIPPA, etc.) would allow unknown  devices on their internal network. This trend needlessly exposes the company to malware and data theft risks. We encourage our clients to go in the opposite direction. We talk to them write and enforce policies to ban personal devices like USB drives and iPods for the data theft risk. We also suggest they get control of their remote access and private email on the corporate network.

This really seems to be a lax policy in this age of cyber-crime because privately-owned hardware could open the door for a hacker. What do you think?


Category: Policy, Security | Tags: ,
  Recent Entries »

Switch to our mobile site