Posts Tagged ‘data’

News: What Heartbleed can teach businesses about information security

There’s a great article over at Business Daily looking into the after effects of the Heartbleed bug and what it can teach business about data security.

There can be very few comparisons between historically global IT security incidents and vulnerabilities that come anywhere near to the shadowy, anxiety-provoking spotlight that is now shining firmly on the arena of information security. The impact of the OpenSSL bug known as Heartbleed – made became public on the 7th April 2014 and officially documented as bug CVE-2014-0160 – has reached far and wide since it went public on 7th April 2014. One of the most fundamental backbones of security on the Internet has been dealt a severe confidence blow.

While a lot of the security issues come down to areas of IT, software and coding, proper data destruction is also highlighted as an important area of interest and learning.

One of the most concerning facts revealed through the Heartbleed vulnerability is that it is impossible to detect if a particular service has been attached or exploited. The lack of logs and signs of this intrusion means there is no way of knowing if confidential data has indeed been leaked.

Analysis of the reliance on largely trusted security mechanisms that provide such potential risk to personal data if exposed must be considered, including identification of whether certain data should really only be protected by one layer of security in the first place. While in the case of Heartbleed there is no way of knowing first-hand whether critical data was leaked, responsibility must be in place to ensure proper auditing of personal data.

But in learning the lessons of the Heartbleed fallout, the data destruction should be an authenticated and provable event since as full disclosure when this possible increases confidence levels.

The collective concern of businesses worldwide about never knowing whether their client’s data leaked should foster determination of hardening areas that can be hardened with multiple layers of encryption mechanisms, wherever possible.

We at PC Survivors of Massachusetts can help you with any and all of your data destruction needs. For more information just click here. 

If you’re looking for a RELIABLE and RESPONSIBLE asset disposal service, PCS of Massachusetts is ready and willing to help you recycle your electronics and destroy your data.  PC Survivors of Massachusetts, L.L.C.  (R2) Certified,  86 Finnell Drive Unit 6,Weymouth, MA 02188 /Cell: 781-635-6281 /Office: 781-335-1220 / Fax: 781-335-1499 / www.pcsmass.com

30

04 2014

News: California DMV hit with possible data breach

March has been tough as far as stolen data goes.  Most recently, the California DMV announced customer infomration may have been  compromised after MasterCard sent several banks a notice saying that credit card numbers, expiration dates, and three-digit verification codes were compromised.

That full initial story can be found here at Krebs on Security.  Here’s an excerpt.

If indeed the California DMV has suffered a breach of their online payments system, it’s unclear how many card numbers may have been stolen. But the experience of one institution that received the MasterCard alert this week may offer some perspective.

The alert was tailored for individual banks, including a list of the credit and debit card numbers that each bank had potentially exposed. One California bank that received the alert said the notice included a list of more than 1,000 cards that the bank had issued to customers. To put that in perspective, this same bank had just over 3,000 cards impacted by the breach at Target late last year, and that was a break-in that ultimately jeopardized more than 40 million card numbers at banks nationwide.

A few weeks ago A data breach in the North Dakota University System was announced. School officials said the intrusion could impact hundreds of thousands of people. Check out the official statement from the school here. 

On February 7, the NDUS discovered suspicious activity on a server. Unfortunately, the impacted server housed personal information, such as names and Social Security numbers, for more than 290,000 current and former students and about 780 faculty and staff. The server was immediately locked down. The internal investigation, as well as an external forensic team, found no evidence that any personal information was accessed, copied, transmitted or printed. However, NDUS is offering identity protection services to those whose information was housed on the server as an extra precaution.

The university system says it will begin notifying those who could have been impacted and provide information on its website about free credit monitoring to those who were affected.

An interesting side note, Brian Krebs, who broke the Target story and who wrote about the California DMV breach will be the subject of a new movies.  Via the Star Tribune. 

Sony Pictures Entertainment Inc. confirmed Friday that it is working on a movie based on the security blogger who exposed TargetCorp.’s monster data security breach.

No production date has been set, a Sony spokeswoman said, but the cyberthriller will be penned by Richard Wenk, a writer and director whose credits include “The Expendables 2” and “The Mechanic.” He also wrote “The Equalizer,” a not-yet-released movie that has Denzel Washington playing a former black ops commando.

Also, a bit about Krebs from the Tribune article. Unreal.

The blogger, Brian Krebs, is an independent investigative reporter who digs into the dark Web world of hackers, malware, stolen data and cybercriminals, many from Eastern Europe. The former Washington Post reporter says he keeps a 12-gauge shotgun handy because he has been threatened so often. He was once shipped a parcel containing fecal matter.

Back to the matter at hand. Data safety. If you need your data securely destroyed you know who you can count on. Please check out our comprehensive website to select the one or all of the many data destruction and electronic recycling services we supply.

If you’re looking for a reliable asset disposal service, PCS of Massachusetts is ready and willing to help you recycle your electronics and destroy your data.  PC Survivors of Massachusetts, L.L.C.  (R2) Certified,  86 Finnell Drive Unit 6,Weymouth, MA 02188 /Cell: 781-635-6281 /Office: 781-335-1220 / Fax: 781-335-1499 / www.pcsmass.com

23

03 2014

How to Find a Responsible Electronic Recycler

With technology often evolving faster than perceived market demand, electronics have officially become the largest growing recyclable material in the U.S., with over 7 million tons of electronics equipment available for recycling each year.

Electronics recyclers must take special care to ensure that any hazardous substances or residues removed during the recycling process (such as batteries, leaded-glass, and mercury) are recovered safely and recycled. Over at Earth911, they’ve got a run down of how to recycle everything from clothes to iPods. Recently, they posted an interesting look at the Electronic Recycling industry.

Electronics Recycling Faces Regulation

As recycling is a business endeavor, these companies must do all this while trying to maximize the profit on what is collected. Herein lies the challenge – the responsible de-manufacturing of electronics costs money.

According to a report from the International Data Corporation, in 2011 the ever-growing electronics recycling industry responsibly processed between three and four million tons of used electronics equipment. However, there is an estimated 7 million tons of electronics equipment (predominately from households) available for recycling, meaning about 3 million tons are still being sent to landfills. To ensure responsible practices are used for disposal as well as  privacy, safety and environmental practice, some states have passed laws to ensure the responsible recycling of used electronics.

Half of all U.S. states now fall under some type of e-cycling or landfill ban. From manufacturer-financed end of life management to mandatory consumer take-back programs, 25 states now have laws on electronics recycling in one form or another: the common driver within each law being the increased recovery and safe recycling of used electronics.

 The Importance of Electronics Certification

A trend on the rise across the industry is the requirement for electronic recyclers to be certified by an accredited third party, which helps them conform the recycling process to a set standard of privacy and environmental compliance.

One such certification on the rise is the R2/ RIOS standard, a dual standard combing the R2 certification with the Recycling Industry Operating Standard (RIOS).

PCS of MA has a RIOS Certification pending in the fall of 2014!

The Right Way to Recycle Electronics

As a consumer, there are some important things to know or ask when preparing to recycle your used electronics.

First, are electronics covered in your city collection program? Many municipalities offer electronic recycling pickup or drop-off services as part of residential solid waste programs. If your city does not offer e-cycling, many retailers and independent recyclers can be found with a simple internet search.

Another question to look into is how to prepare your electronics for e-cycling. Many electronic recyclers will guarantee data destruction as part of their services, but others will not, meaning you would want to wipe your hard drive data before turning it over to the facility.

Or you can have PCS of Mass take care of it all for you! Learn more here.

If you’re looking for a reliable asset disposal service, PCS of Massachusetts is ready and willing to help you recycle your electronics and destroy your data.  PC Survivors of Massachusetts, L.L.C.  (R2) Certified,  86 Finnell Drive Unit 6,Weymouth, MA 02188 /Cell: 781-635-6281 /Office: 781-335-1220 / Fax: 781-335-1499 / www.pcsmass.com

 

News: 4-year long HIPAA breach uncovered in Virginia

It was reported early this year that a former employee at a 5-hospital healthcare system in Virginia accessed confidential patient records over a four year period. The massive breach of security and rivacy could end up costing the company, Riverside Health System, millions.

From September 2009 through October 2013, a former Riverside employee inappropriately accessed the Social Security numbers and electronic medical records of 919 patients. Reportedly, the employee was a licensed practical nurse, according to a Daily Press account. The breach wasn’t discovered until Nov. 1 following a random company audit.

According to a Heathcare IT article, the settlement could be incredibly expensive topping almost $50 million.

HIPAA covered entities and, more recently, business associates can be slapped with up to $50,000 fines per HIPAA violation due to willful neglect that goes uncorrected. Entities could face $10,000 per violation due to willful neglect when the violation is properly addressed.

There’s an easy solution for a problem like this: Hire PCS to come and destroy your vulnerable data on-site. At PC Survivors of Mass., we offer a seven stage solution for data destruction when we bring the equipment to you.

  1. Arrive at your Facility with our AMS-750HD Mobile Hard Drive/Data Shredder with ¾” Shred Cut/Enhanced Throughput and our Optical Media Destruction Device (OMDD) HSM 411.2 Cross Cut Shredder for CDs and DVDs.Off-site: Take Custody of your Data in Locked Containers and transport Data back to our Secure Warehouse for Destruction.
  2. Scan each individual Hard Drive Serial Number prior to destruction/All other Data items will be counted by type.
  3. Destroy each individual Hard Drive/Data by means of Mechanical Shredding.
  4. Provide the client with a USB Data Storage Device containing the individual serial numbers of each Shredded Hard Drive and final counts of all Data destroyed.
  5. Provide the client with a Video Tape Media Card of their entire Destruction Service.
  6. Provide the client with a Certificate of Data Destruction with hard copy listing of individual Hard Drive serial numbers and final counts of all Data destroyed.
  7. Provide the client with a Certificate of Recycling for the Hard Drive/Data shredded material.

If you’d like to learn more about our data destruction services, head over our PCS Mass. website here.

If you’re looking for a reliable asset disposal service, PCS of Massachusetts is ready and willing to help you recycle your electronics and destroy your data.  PC Survivors of Massachusetts, L.L.C.  (R2) Certified,  86 Finnell Drive Unit 6,Weymouth, MA 02188 /Cell: 781-635-6281 /Office: 781-335-1220 / Fax: 781-335-1499 / www.pcsmass.com

13

03 2014

News: By 2020, there will be 5,200 GB of data for every person on Earth

In a recent post looking into the future of data storage, International Data Corporation (IDC) predicted in the next eight years, the amount of digital data produced will exceed 40 zettabytes, which is the equivalent of 5,200 GB of data for every man, woman and child on Earth.

In a post over at ComputerWorld, author  breaks the numbers down a little further. To hit that enormous figure, all data is expected to double every two years through 2020.

The majority of data between now and 2020 will not be produced by humans but by machines as they talk to each other over data networks. That would include, for example, machine sensors and smart devices communicating with other devices.

So far, however, only a tiny fraction of the data being produced has been explored for its value through the use of data analytics. IDC estimates that by 2020, as much as 33% of all data will contain information that might be valuable if analyzed.

The Digital Universe study, which is sponsored by EMC, was first launched in 2005. For the first three years, it was refreshed on an annual basis. This latest update, however, marks an 18-month lag between study results — and a huge change in its predictions. For example, the last version, released in June 2011, predicted the amount of data to be produced by 2020 would be 35 zettabytes, not 40 zettabytes.

Mearian explains the boom in data will also have an effect on cloud computing.

According to IDC estimates by 2020, nearly 40% of the information in the digital universe will be “touched” by cloud computing, meaning that a byte will be stored or processed in a cloud somewhere in its journey from originator to disposal. Yet, only as much as about 15% of data will be maintained in a cloud, IDC said.

Additionally, emerging market nations will go from creating a minority of data to creating the majority, IDC said. In 2005, for example, 48% of the digital universe came from the United States and Western Europe. Emerging markets accounted for less than 20%. However, the share of data attributable to emerging markets is now 36% and will be 62% by 2020. By then, China alone will generate 21% of the bit streams entering the digital universe.

If you’re looking for a reliable asset disposal service, PCS of Massachusetts is ready and willing to help you recycle your electronics and destroy your data.  PC Survivors of Massachusetts, L.L.C.  (R2) Certified,  86 Finnell Drive Unit 6,Weymouth, MA 02188 /Cell: 781-635-6281 /Office: 781-335-1220 / Fax: 781-335-1499 / www.pcsmass.com

14

01 2014

News: Million-Year Data Storage Disk Unveiled

Recently, MIT Technology Review reported that eroen de Vries at the University of Twente in the Netherlands and a few pals have designed and built a disk capable of storing data over an enormous timescale. According to their tests, the new technology should be able to store data for 1 million years and possibly longer.

From the MIT article: “despite this huge increase in storage density and a similarly impressive improvement in power efficiency, one thing hasn’t changed. The lifetime over which data can be stored on magnetic discs is still about a decade.”

Here’s some technical jargon from the post, describing how the team created the new disk.

The disk is simple in conception. The data is stored in the pattern of lines etched into a thin metal disc and then covered with a protective layer.

The metal in question is tungsten, which they chose because of its high melting temperature (3,422 degrees C) and low thermal expansion coefficient. The protective layer is silicon nitride (Si3N4) chosen because of its high resistance to fracture and its low thermal expansion coefficient.

These guys made their disc using standard patterning techniques and stored data in the form of QR codes with lines 100nm wide. They then heated the disks at various temperatures to see how the data fared.

The results are impressive. According to Arrhenius law, a disk capable of surviving a million years would have to survive 1 hour at 445 Kelvin, a test that the new disks passed with ease. Indeed, they survived temperatures up to 848 Kelvin, albeit with significant amounts of information loss.

You can check out the entire article via the link at the top of the page.

If you’re looking for a reliable asset disposal service, PCS of Massachusetts is ready and willing to help you recycle your electronics and destroy your data.  PC Survivors of Massachusetts, L.L.C.  (R2) Certified,  86 Finnell Drive Unit 6,Weymouth, MA 02188 /Cell: 781-635-6281 /Office: 781-335-1220 / Fax: 781-335-1499 / www.pcsmass.com

14

01 2014

News: Draft RFP for NIST/NCCoE Research and Development Center Now Available

Two government agencies (the National Institute of Standards and Technology (NIST) and the National Cybersecurity Center of Excellence (NCCoE)) are looking for input regarding the establishment of a Federally Funded Research and Development Center. Recently, the two agencies released a draft RFP (request for proposals).

According to Federal Business Opporunities, “the purpose of this partial Draft RFP is to improve the understanding of Government requirements and industry capabilities, thereby allowing potential offerors to judge whether or how they can satisfy the Government’s requirements, and enhancing the Government’s ability to obtain quality services at reasonable prices, and increase efficiency in proposal preparation, proposal evaluation, negotiation, and contract award.”

Interested parties are encouraged to respond to the notice in accordance with the attached “Attachment 1- Partial Draft RFP Instructions to Interested Parties.” You can find all of that information on the FBO website.

In addition, The National Institute of Standards and Technology (NIST), National Cybersecurity Center of Excellence (NCCoE) will be hosting an Industry Day on January 8, 2014 for parties interested in the proposed Federally Funded Research and Development Center to engage vendors and federal employees in a discussion about the proposed requirement, the NCCoE, and the forthcoming Draft Request for Proposals (RFP) for the requirement.

The event will be held in Rockville, Maryland and you can find more information about that right here.

According to a release, The Industry Day will focus on the mission of the NCCoE and ongoing and future projects of the NCCoE, along with the Draft RFP for the FFRDC requirement. The Industry Day will also allow vendors to market their relevant capabilities to others in attendance. The Industry Day will first provide all attendants information on the NCCoE, its objectives and its direction.

If you’re looking for a reliable asset disposal service, PCS of Massachusetts is ready and willing to help you recycle your electronics and destroy your data.  PC Survivors of Massachusetts, L.L.C.  (R2) Certified,  86 Finnell Drive Unit 6,Weymouth, MA 02188 /Cell: 781-635-6281 /Office: 781-335-1220 / Fax: 781-335-1499 / www.pcsmass.com

30

12 2013

News: Target Woes Continue After Data Security Breach

It keeps getting worse for retailer chain Target. After the loss of account information for over 40 million people, it has know been revealed that thieves managed to gain secret PIN code numbers in addition to the previous security breach. In an article on the Huffington Post, it was revealed that Target’s reputation among consumers has taken a huge hit.

The company’s “Buzz score,” a measurement of brand popularity developed by polling site YouGov, dropped by 35 points to -9 on Dec. 20, the day after Target announced that hackers may have gotten access to 40 million customers’ credit and debit card information. On Monday it fell even further to -19. Scores range from 100 to -100.

Currently, the Justice Department is investigating the data breach. Customers affected by the Target breach complained that they had to cancel credit and debit cards just as they were rushing to buy holiday gifts. Millions of others faced bank-imposed limits on how much cash they could take out at ATMs or spend on their debit cards.

In the wake of the recent revelation that the Target data breach was worse than first reported, many customers have started to take legal action against the retailer. According to a report by CNN Money, Target is facing lawsuits from almost two dozen consumers.

Customers in from California, Oregon and Washington to Louisiana, Massachusetts and Rhode Island have filed would-be class actions in federal courts, alleging Target was negligent and did not protect their card information.

Plaintiffs in several states alleged Target “failed to implement and maintain reasonable security procedures and practices.”

Robert Ahdoot, a lawyer for the California plaintiffs, said he spoke to customers who claimed unauthorized ATM withdrawals had been made from their accounts.

“Target has an obligation to provide adequate security for the financial information they collect,” Ahdoot said.

Some suits also alleged negligence, and claimed customers would not have purchased from Target if they knew of the breach, which lasted from Black Friday through mid-December but was not disclosed until last week.

Snyder, the Target spokeswoman, said the company doesn’t “comment on pending litigation.”

In related news, the New York Times reported last week Brian Krebs, the security blogger who first broke the news that Target had been breached, said he believed he had identified a Ukranian man who he said was behind one of the primary black market sites now selling Target customers’ credit and debit card information for as much as $100 a piece.

If customers do return to Target after this massive security lapse, I can assume many will be using cash.

If you’re looking for a reliable asset disposal service, PCS of Massachusetts is ready and willing to help you recycle your electronics and destroy your data.  PC Survivors of Massachusetts, L.L.C.  (R2) Certified,  86 Finnell Drive Unit 6,Weymouth, MA 02188 /Cell: 781-635-6281 /Office: 781-335-1220 / Fax: 781-335-1499 / www.pcsmass.com

30

12 2013

NIST: The Development of Trusted Identities to Secure Critical Infrastructure

In a post on the White House blog, Michael Daniel (a Special Assistant to the President and the Cybersecurity Coordinator recently explained why “the country’s system of passwords as it exists today is hopelessly broken” and what the  the National Strategy for Trusted Identities in Cyberspace (NSTIC) is doing to fix it.

The NSTIC, Daniel says, has called for the creation of an Identity Ecosystem – an online environment in which individuals can trust each other because they follow agreed-upon standards to authenticate their digital identities.

What this means for individual users is that they will be able to choose from a variety of more secure, privacy-enhancing identity solutions that they can use in lieu of passwords for safer, more convenient experiences everywhere they go online.

The NSTIC also helps multiple sectors in the online marketplace, because trusted identities provide a variety of benefits: enhanced security, improved privacy, new types of transactions, reduced costs, and better customer service. The National Institute of Standards and Technology (NIST) is leading implementation of the NSTIC.

In October, the NIST released a preliminary version of the Cybersecurity Framework, which aims to reduce cyber risks to critical infrastructure.  Daniel explains the framework alongside an executive order from President Obama (Executive Order 13636Improving Critical Infrastructure Cybersecurity,” ) are a pathway to ultimately fixing the problem of identity theft.

While the Executive Order focuses on critical infrastructure, managing identities is a foundational enabler for cybersecurity efforts across all sectors. The NSTIC complements the goals and objectives of President Obama’s Executive Order by promoting the use of trusted identity solutions in lieu of passwords, which will help strengthen the cybersecurity of critical infrastructure. Trusted identities offer owners and operators of critical infrastructure more secure, privacy-enhancing, and easy-to-use solutions to help secure IT systems from potential attack.

This could mean in the future you’d be asked to sign in for any number of accounts or sites using anything from retinal scans, fingerprint-based passwords or most recently thrust into the spotlight with the iPhone 5, facial recognition. The ideas aren’t new, what is is the framework, currently being developed and commented on.

Currently, the NSTIC is facilitating the work of a private sector-led Identity Ecosystem steering group, which is working to develop an Identity Ecosystem Framework in which different market sectors can implement convenient, interoperable, secure, and privacy-enhancing trusted solutions for digital identity, including within critical infrastructure. This group currently has more than 200 members.

Guess what. They’re looking for your input on the preliminary Cybersecurity Framework. You can go to the Federal Register to comment by Dec. 13. (Click here for more information on how to submit comments.)

If you’re looking for a reliable asset disposal service, PCS of Massachusetts is ready and willing to help you recycle your electronics and destroy your data.  PC Survivors of Massachusetts, L.L.C.  (R2) Certified,  86 Finnell Drive Unit 6,Weymouth, MA 02188 /Cell: 781-635-6281 /Office: 781-335-1220 / Fax: 781-335-1499 / www.pcsmass.com

 

11

12 2013

10 tips to protect yourself against identity theft

With identification theft becoming more common and ID thieves becoming more ingenuous, protecting yourself is more important than ever. Over at AZCentral, Robert Anglen and Russ Wiles compiled a handy list for keeping your private information private.
With identification theft becoming more common and ID thieves becoming more ingenuous, protecting yourself is more important than ever. Over at AZCentral, Robert Anglen and Russ Wiles compiled a handy list for keeping your private information private.- Routinely check credit reports. Look for unauthorized activity or accounts that you did not open.

– Safeguard hard copies of sensitive documents (including those from family members). Shred documents, including bills and payment stubs, before throwing them away. Drop outgoing mail in secure mailboxes only.

Set up automatic transaction alerts on bank and credit-card accounts. That way, you will learn quickly if someone is attempting to use one of your accounts.

Avoid clicking on e-mail attachments from strangers. Phishing scams use unsolicited e-mail messages aimed at encouraging recipients to respond and divulge sensitive information. The messages are becoming more targeted, often involving a reference to somebody you know or an activity you’re engaged in. Phishing scams are also used to plant computer viruses.

Use strong passwords. They should involve a mix of numbers, special characters and both upper- and lowercase letters. Protect smartphones with passwords and anti-virus or malware software.

Don’t provide personal information to telephone solicitors. Phone callers promise trips, computer service or winning prize offers to get you to divulge personal information.

Be cautious with social media. Interactions on Facebook, Twitter and other sites can be used to target you.Seemingly innocent information that consumers or employees post on these websites can provide insights that criminals can then exploit.

Verify information anytime someone asks you to pay them using a wire transfer. Thieves use wire transfers in scams far more often than credit cards.

Protect your computers and laptops. Don’t leave laptops with sensitive customer records unattended. Don’t click on suspicious computer attachments.

Check your children’s credit. ID thefts involving the personal information of children often go undetected for years. Victims might not discover a problem until they are old enough to apply for a car or student loan.

If you’re looking for a reliable asset disposal service, PCS of Massachusetts is ready and willing to help you recycle your electronics and destroy your dataPC Survivors of Massachusetts, L.L.C.  (R2) Certified,  86 Finnell Drive Unit 6,Weymouth, MA 02188 /Cell: 781-635-6281 /Office: 781-335-1220 / Fax: 781-335-1499 / www.pcsmass.com

08

12 2013