Tag Archive for 2015

| February 17, 2015
Comments Off on Scary PII Numbers

Scary PII Numbers

Scary PII NumbersAs you may have heard by now, the second-largest health insurer Anthem gave away at least 80 million of their customers’ PII records to hackers. I say at least because these always grow as the experts dig through the wreckage. The WSJ reports the Indianapolis-based insured did not encrypt this data (I covered encryption here and here). That means customers’ social security numbers, phone numbers, and other PII were easy targets for Chinese hackers according to CNBC.

did not encrypt data

Anthem is just the latest. There are even larger targets out there. The Business Insider published some pretty scary numbers. BI reports that somehow the biggest tech companies have done a great job at convincing people that their services for sending/receiving payments and purchasing goods are trustworthy and worthwhile. The article estimates that Apple has somewhere around a billion iTunes accounts (with plenty of PII and credit cards) on file.

This chart from BI IntelligenceApple (AAPL) is nearing a billion iTunes accounts on file, and that number is likely to surge immensely. Customers in China can now link their UnionPay payment cards to their Apple IDs: For context, UnionPay is the largest card network in the world with more cards in circulation than Visa and MasterCard combined.

Amazon (AMZN) has approx. 300 million payment cards on file while PayPal has around 200 million payment cards on record.

Apple, Amazon, PayPal Payment Cards on File - Business Insider

A second BI article indicates that based on leaked Uber data charted analyzed by BI Intelligence, the ride-sharing firm has well over 12 million payment cards on file. Their closest competitor Hailo has 4.4 million payment cards on file.

Ride-Sharing Payment Cards on File - Business Insider

rb-

You have been warned. The next mega data breach could come from a tech firm like Apple or Amazon.

Data theftThe WSJ article argues that companies can use many techniques to secure their data, but those things slow companies down, sometimes to a degree they find unacceptable.

I think most victims of identity theft or credit fraud find that unacceptable.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , ,
| February 12, 2015
Comments Off on 25% of Employees Access Past Employers Work Docs

25% of Employees Access Past Employers Work Docs

25% of Employees Access Past Employers Work Doc'sMore than 25% of file-sharing service users report still having access to work documents from their previous employer, according to a “Rogue Cloud in Business” survey of 2,000 U.S. adults by Harris Interactive for Egnyte, an enterprise file-sharing platform provider.

uncontrolled file-sharingAccording to FierceITSecurity, the survey highlights the security risks uncontrolled file-sharing practices pose to the work place from these practices are obvious. An Egnyte presser claims The survey results illustrate a major exposure for today’s businesses when it comes to the transfer and storage of data through unapproved and insecure cloud-only file-sharing services.

The new survey uncovers deep issues around the rogue usage of consumer-based cloud services and illustrates the need for IT to deploy a secure enterprise-grade solution that meets the file-sharing needs of employees while protecting sensitive business data from the risks associated with insecure file sharing through the cloud

The survey found that:

  • easy to take sensitive business documents51% agree that collaborating on file-sharing services (such as Dropbox and YouSendIt) is secure for work documents;
  • 46% agree that it would be easy to take sensitive business documents to another employer;
  • 41% agree that they could easily transfer business-sensitive data outside the company using a file-sharing service;
  • 38% have used file-sharing services have transferred sensitive files on an unapproved file-sharing service to someone else at least once; 10% have done it 6 or more times;
  • 31% agree that they would share large documents that are too big for email through a file-sharing service without checking with their IT departments;
  • 27% of file-share service users report still having access to documents from that previous employer.

mobile users are willing to bypass IT policiesAnother report from Workshare paints a grimmer picture for those of us tasked with protecting a firm’s intellectual property. The report titled “Workforce Mobilization” shows the true extent to which mobile users are willing to bypass IT policies and use unsanctioned applications to share large files and collaborate on documents outside of the office.

  • 72% of workers are using free file-sharing services without authorization from their IT departments.
  • 62% of knowledge workers use their personal devices for work.
  • 69% of these workers also use free file sharing services to collaborate and access shared documents.
  • At companies with fewer than 500 employees only 24% of employees using authorized file sharing solutions.

Robert Hamilton, director of information risk management at Symantec (SYMC) in Mountain View, CA also told FierceCIO a continued threat to the company’s data comes from employees who feel like they live in a “finder’s keepers” environment.

Not encouraging

The results of the survey report, entitled “What’s Yours Is Mine,” were not encouraging to IT security professionals and IT management. According to the Symantec survey of employees:

  • "finder's keepers" environment68% of their company doesn’t take proper steps to protect sensitive work information;
  • 56% do not believe it is a crime to use a competitor’s trade secrets;
  • 40% download work files to personal devices;
  • 40% plan to use old company information in a new job role.

Symantec’s Hamilton told FierceCIO:

Employees are taking increasing amounts of data outside the company, and most people do not believe using corporate data for themselves is wrong … The attitude is that ownership lies with the person that created it, not with the company that employs them.

rb-

All three of these firms sell products they claim that can stop a firm’s intellectual property from leaking out through public file-sharing services. But before you engage any firm, some basic steps should be taken.

  1. Develop a technology acceptable use policy.
  2. Include public file-sharing services in the AUP.
  3. Incorporate the AUP in the staff handbook, and make sure staff sign it before they are given network access.
  4. Train staff on the risks associated with using public file sharing services for sharing corporate documents. Risks include HIPAA violations, PII release, Malware, PCI-DSS violations, and Government “Snooping.” Only then –
  5. Engage a service provider to implement an enterprise-approved alternative to the free file-sharing services.
What's Your is Mine

Symantec Infographic

Related articles

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , , ,
| February 10, 2015
Comments Off on Windows 7 Reaches Middle Age

Windows 7 Reaches Middle Age

Windows 7 Reaches Middle AgeNow that you have almost eliminated Microsoft (MSFT) Windows XP from your network and settled on Windows 7 it should be time to catch your breath. But NOOO!! Windows 7 has reached the end of mainstream support.  That’s right we are already 5 years into the Windows 7 era. Repeat after me… Windows 7 still has five years left … Windows 7 still has five years left … Windows 7 still has five years left.

MMicrosoft Windows 7 logoicrosoft commits to 10 years of security fixes and 5 years of feature enhancements and bug fixes for each major OS release. Windows 7 has moved from mainstream support – free help for everyone – to extended support, which means Microsoft will charge for help with the software. That will end in 2020 when Microsoft turns out the lights on Windows 7 for good.

The recent techno-flops from the boys and girls in Redmond, Vista, and Windows 8 have taught enterprises to plan for a new desktop OS every other release. This puts businesses in a bind. MSFT’s track record prevents forward-looking firms from organically growing their desktop fleet into the next cycle. There are those that argue that until Microsoft separates consumer from commercial desktops, Microsoft commercial customers will continue to skip one or more iterations of Windows, their only real answer to the high costs and disruption of upgrading.

Gregg KeizerMirosoft update cycle at ComputerWorld cites research from Gartner (IT) which prognosticates that many enterprises cannot change their processes. Many organizations will go through the same machinations they did with XP. Or maybe even balk at dumping Windows 7 at the same pace as the venerable Windows XP, making things worse. Michael Silver of Gartner told ComputerWorld that having a plan could help organizations avoid a repeat of XP’s expensive end-of-support scramble. Gartner believes that the same EOL mad-scramble we saw with XP will occur again when time is up on Windows 7. Mr. Silver claims:

[A repeat of Windows XP] is certainly likely to happen … One of the big differences that’s been under-considered is that because Vista took five years to come out [after XP], there were eight years between XP and Windows 7. So Windows XP felt pretty old. … Windows 7 won’t feel that old to people…” 

Microsoft Windows 10 logoMr. Keizer argues that the failure of Windows 8 to win enterprise hearts and minds has created an oddity: Even though Windows 7 has made middle age, Microsoft continues to let OEMs sell PCs running the Windows 7 business edition.  Microsoft has yet to name an end date for OEM sales of machines powered by Windows 7 Professional. But because it has promised a 12-month notice, those PCs can still be sold at least until early January 2016, when the OS has but four years of life left.

But if you are just finishing your last migration, then you don’t have all that much time to start planning the next one.

rb-

If you don’t like the Redmond hamster wheel, consider your alternatives. Sophos compares the Windows upgrade schedule to some other options. 10 years might be the best option out there. For example:

  • Apple’s (AAPL) OS X is supported for mystery years,
  • Apple’s mobile iOS is supported for mystery years (3?)
  • Android seems to leave it up to you, but don’t expect Google (GOOG) to commit to securing it.
  • Ubuntu LTS is supported for around 5 years, and
  • Red Hat Enterprise 13 years (with extended support).
Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , , , , , ,
| February 5, 2015
Comments Off on Spies Say Encryption Best to Protect Data

Spies Say Encryption Best to Protect Data

Updated August 01, 2019 – Trump’s top cop U.S. Attorney General William Barr rehashed the time-worn government demands for private firms to break encryption. AG Barr closed his July 23, 2019 speech at the International Conference on Cyber Security, by saying that U.S. citizens should accept encryption backdoors because backdoors are essential to our security.

Spies Say Encryption Best to Protect DataDespite what current US policy appears to be, a newly leaked document courtesy of Edward Snowden revealed that some U.S. officials are encouraging the use of encryption to protect data. GigaOm points out a 2009 document penned by the U.S. National Intelligence Council, which explained that companies and the government are prone to attacks by nation-states and criminal syndicates “due to the slower than expected adoption…of encryption and other technologies.” The report detailed a five-year prognosis on the “global cyber threat to the US information infrastructure” and stated that encryption technology is the “[b]est defense to protect data.”

750 major data breaches exposing more than 81 million private records.Seems that these spooks were right. FierceITSecurity reports there were 750 major data breaches in the U.S. last year, exposing more than 81 million private records. FierceITSecurity cites data from SysCloud, a provider of security and data backup for enterprises which provided the following infographic about data breaches.

 

SysCloud infographic

U.S.’s second-biggest health insurer Anthem Inc., lost personal information for about 80 million of its customers2015 will be worse. The WSJ reports a single data breach at the U.S.’s second-biggest health insurer Anthem Inc., lost personal information for about 80 million of its customers when attackers broke into a database. According to the WSJ, the breach exposed names, birthdays, addresses, and Social Security numbers. Anthem said in a statement that the affected (plan/brands) include Anthem Blue Cross, Anthem Blue Cross and Blue Shield, Blue Cross and Blue Shield of Georgia, Empire Blue Cross and Blue Shield, Amerigroup, Caremore, Unicare, Healthlink, and DeCare. Anthem did not encrypt the stolen PII according to reports.

GigaOm explains that encryption makes it possible for documents and messages to be unreadable to people who don’t have the proper cryptographic key.

encryption

A cryptographic key is the core part of cryptographic operations which scramble information. Cryptographic systems include pairs of operations, such as encryption and decryption. A key is a part of the variable data that is provided as input to a cryptographic algorithm to execute this sort of operation. The security of the scheme is dependent on the security of the keys used.

The spooks also encouraged multi-factor authentication, which adds another step to the security process beyond simply entering a password.

vocal opponent of encryption technologyDespite the totally porous nature of online security, GigaOm points out that the Obama administration is a vocal opponent of encryption technology. According to Bruce Schneier the gooberments opposition to encryption on phones is all bluster and sound bites.

Encryption is no doubt a hot topic in the security space. GigaOm says there’s been a wave of security start-ups focusing on encryption scoring millions of dollars in investment in recent months. Security start-ups VeradocsCipherCloud, and Ionic Security have recently landed over $100 million in investments.

Despite political pushback, it’s clear that companies won’t slow down on implementing encryption any time soon, so long as large-scale data breaches continue to occur on a seemingly weekly basis.

rb-

Is it time to go back to a cash economy?

 

Related articles
  • Crypto-Wars Escalate: Congress Plans Bill To Force Companies To Comply With Decryption Orders (thenewsdoctors.com)

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , ,
| February 3, 2015
Comments Off on ISPs – Brits Speed U.S. Squabble

ISPs – Brits Speed U.S. Squabble

ISPs – Brits Speed U.S. SquabbleBritish Telecom has announced its plan to transform the UK broadband landscape from superfast to ultrafast. CircleID reports that the company plans to deliver much faster broadband for homes and small businesses via a widespread deployment of “G.fast” (G.9701) — a technology the company will pilot test this Summer. G.fast is aimed to help BT deliver ultrafast speeds of up to 500 Mbps to most of the UK within a decade. The deployment will start in 2016–2017, BT says.

US broadbandThe day before, the FCC announced that they have re-defined the meaning of broadband in the United States. Under the new definition, US broadband has changed from a measly 4 Mbps down and 1 Mbps up to an anemic 25 Mbps down and 3 Mbps up. There will be little impact for the end-user because this is just gooberment posturing. This will put the US in some low rank internationally. While the UK global telecom giant BT sets its sites on 500 Mbps. The FCC’s presser states that the ruling is meaningless. Their own document says:

… its 25/3 benchmark as a standard to measure the progress of broadband deployment. However, the benchmark is not a minimum speed requirement and does not prevent broadband service providers from advertising or describing slower service as broadband.

Republicans blasted the new definition of broadbandNot surprisingly, 100% of US ISP’s are against this redefinition of broadband the cable lobby is opposed to the FCC’s plan. Ars Technica reports that the Telecommunications Association (NCTA) wrote in an FCC filing Thursday (PDF) that, “Customers do just fine with lower speeds.”

In addition to the CableCo lobby’s opposition, PCWorld reports that Republicans blasted the FCC report and new definition of broadband.

rb-

The Register notes how little things have changed. Haters are going to hate. In 2008, Commissioner Robert McDowell opposed increasing the speed definition of broadband from 200Kbps to 768Kbps. McDowell today represents Washington DC law firm Wiley Rein and appeared last week in Congress arguing that the FCC should not introduce net neutrality rules.

Do you want Comcast in charge of the web? Support net neutrality.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , ,
« Older Entries   Recent Entries »