Posts Tagged ‘secure infrastructure’

Four Tips to Protect your Data

Data breaches from cyber attacks are all over the news today. Although these types of security breaches are becoming more common, and more devastating, to the organizations and people involved, there is another kind of breach that is just as alarming.

Often times, informal transportation or improper storage of end-of-life electronics are the culprit. In untrained hands, sensitive information can be leaked, stolen or lost on the way to recycling centers or can be forgotten in dusty storage areas.

Consumers and businesses alike should be aware that electronic waste that is not disposed of properly poses a threat to sensitive data left on the devices. Finding a responsible electronics recycler will eliminate the risk of data breaches and grant the much-needed peace of mind that companies and individuals need.

Implementing a positive plan to combat electronic waste data breaches is the only realistic way to ensure that sensitive information remains safeguarded for end-of-life electronics.

Here are four tips to protect the valuable data contained on devices within your home, organization or business:

1. Get the best third party data destruction provider available

Laws and regulations ban dumping e-Waste into landfills and require specific methods for collection and disposal based on government guidelines.

When electronics devices reach end-of-life or are no longer wanted, relying on disposal plans managed by employees and staff for data destruction and e-Waste disposal is not effective, and leaves companies open to liability for breaches.

Instead, rely on a responsible R2/RIOS certified company with secure measures in place to handle the proper recycling of e-Waste and secure destruction of the information on hard drives and other data devices.

2. Avoid long-term storage of end-of-life devices

Long-term storage can increase the risk of loss or theft, which leads to serious data breaches. In fact, many data breach cases are the result of computers left to sit in off-site storage facilities with little or no regulation or supervision of the information contained on hard drives and storage devices.

Rather than choosing to place end-of-life devices in storage, creating an electronic waste disposal plan is the better choice. The plan should ensure that storage time is minimal or completely eliminated, thereby decreasing the risk of theft, loss or inadvertent exposure of sensitive information.

3. Know the laws on data destruction

Here in the U.S., most states with electronic recycling laws also require vendors to follow government regulations to ensure that consumer information remains safe. It is important to be aware of which guidelines apply to your organization and to organize an electronic waste disposal plan around them.

4) The best tip of all is too choose a responsible, certified electronics recycler who provides secure data destruction. This is the most effective way to ensure proper management and secure destruction of sensitive information contained on the hard drives of electronic drives.

Recycle with data security at the forefront

We live in a world where company and personal information is a highly valued commodity. It is crucial that companies do everything they can to stop their sensitive information from falling into the wrong and most devastating hands.

Recent mega-breaches by the numbers*:

Target: 40 million – The number of credit and debit cards thieves stole from Target between Nov. 27 and Dec. 15, 2013

eBay: 145 million people affected

JP Morgan Chase & Co.: 76 million households and 7 million small businesses affected

CHS Community Health Systems: 4.5 million people affected

Michael’s Stores: 2.6 million people affected

Neiman Marcus: 1.1 million people affected

The result?

Mega breaches are mega expensive! The average cost of a data breach for a company is $188 per record. Based on an average 28,765 records per US breach, one study identified a total organization cost of $5,403,644 per data breach.*

A call for change!

According to eWeek, “An alarming number of widely publicized data breaches is sparking change in the attitudes of business leaders and consumers when it comes to cyber-security. Consumers and regulators alike are demanding more communication and remedies from businesses after data breaches occur. As a result, the topic is one of the highest priorities facing businesses and regulators in 2015.”

Although the spotlight has been on infiltration by a criminal hacker, breaches can happen as a result of a company’s negligence in handling its end-of-life electronics; computers, hard drives, cell phones and all other data-bearing devices.

It is a paradox that while electronic waste is entering the waste stream at an accelerated pace, there’s little to no information on what happens to e-waste in the end – and the chaos that can ensue if not handled properly and responsibly.

By carefully reviewing an organization’s electronics and data disposal process, companies can nip the problem in the bud.

How can we do our part in helping to thwart data breaches?

Make it a top priority to outsource the management of unwanted electronics equipment to those who are qualified and experienced in handling recycling and data security management.

Be sure to use a R2/RIOS Certified, responsible recyling/data destruction company. These are highly regulated companies who achieve the highest level of excellence. Look for other certifications and compliances as well – HIPAA, DoD, NIST, NAID, NSA. For more information, check out WWW.PCSMASS.com

* According to the 2014 Ponemon Institute Report

** In May 2013, the Ponemon Institute released its 2013 Cost of Data Breach Study: Global Analysis (“Ponemon Study”),

News: Federal Government Hints at E-Scrap Data Disclosure

During a Congressional electronics recycling hearing last week, a government official said federal agencies may soon be required to publicly report how they are disposing of end-of-life electronics, a development that could have significant implications for the data-starved e-scrap industry.

The remarks came from Kevin Kampschroer, a senior sustainability officer at the U.S. General Services Agency (GSA), during a Senate committee meeting that aimed to develop ideas on how the federal government can more effectively recycle end-of-life electronics. The federal government is the nation’s single largest generator of used electronics material.

“GSA, working with other federal agencies, is considering a policy that will include a requirement for agencies to submit data for all disposed electronics,” Kampschroer said in testimony before the Senate Committee on Homeland Security and Governmental Affairs. “This data, which could be publicly available on Data.gov, would provide greater transparency into federal agencies’ performance against the goals of the [National Strategy for Electronics Stewardship].”

Though Kampschroer stopped short of outlining the specifics or timeline for such a policy, the mere mention of federal government e-scrap data caught the attention of industry leaders, including one e-scrap executive who was sitting across the room.

Since 2012, federal agencies have followed a GSA policy that encourages reuse of electronics when possible and bans those items from landfills at end-of-life. The policy, which was crafted in response to an executive order from President Obama, directs agencies to route old electronics to e-scrap recycling firms certified to R2 or e-Stewards standards. But no formal process exists to check that the guidelines are actually being followed.

If you’re looking for a reliable asset disposal service, PCS of Massachusetts is ready and willing to help you recycle your electronics and destroy your data.  PC Survivors of Massachusetts, L.L.C.  (R2) Certified,  86 Finnell Drive Unit 6,Weymouth, MA 02188 /Cell: 781-635-6281 /Office: 781-335-1220 / Fax: 781-335-1499 / www.pcsmass.com

07

04 2014

News: Target, Neiman Marcus Face Data Breaches

The news keeps getting worse for Target while the scope of holiday data breaches expands. Last week it was revealed that the Target data breach has expanded from 40 million to 70 million accounts that were compromised. Retailer giant Nieman Marcus also confirmed that they had also been the victims of hackers.

There’s a great story about that and the possibility of more retailers may have been hacked over at the Christian Science Monitor. Reuters reported Sunday that at least three other well-known US retailers faced data breaches during the holidays, citing information from unnamed sources.

“The sources said that they involved retailers with outlets in malls, but declined to elaborate. They also said that while they suspect the perpetrators may be the same as those who launched the Target attack, they cannot be sure because they are still trying to find the culprits behind all of the security breaches,” the Reuters report reads. “Law enforcement sources have said they suspect the ring leaders are from Eastern Europe, which is where most big cybercrime cases have been hatched over the past decade.”

The report didn’t say whether the Neiman Marcus breach was related to the others.

The Target cyber break-in affected customers who shopped in-store and online between Nov. 27 and Dec. 15, in the thick of the holiday season. Though Target initially said about 40 million shoppers were affected, the retailer revealed last week that the hackers stole between 70 million and 110 million shoppers’ credit card numbers, PIN numbers, e-mail and mailing addresses, and phone numbers. Target also came under fire for waiting four days to disclose the breach publicly.

As a result of the hacks Target stands to take a big hit: as much as $50 million, according to CNN Money. The retailer also announced last week it would offer free credit monitoring and identity-theft protection for worried customers.

The biggest risk, experts say, is that potential scammers could have customers’ contact information and the knowledge that they shop at Target. But that on its own isn’t enough for identity theft. “It’s bad they got a customer list, but the worst case scenario is a very targeted email phishing campaign,” said Adrian Sanabria, a security analyst, told CNN Money. “I don’t see any risk of identity theft from having that exposed.”

If you’re looking for a reliable asset disposal service, PCS of Massachusetts is ready and willing to help you recycle your electronics and destroy your data.  PC Survivors of Massachusetts, L.L.C.  (R2) Certified,  86 Finnell Drive Unit 6,Weymouth, MA 02188 /Cell: 781-635-6281 /Office: 781-335-1220 / Fax: 781-335-1499 / www.pcsmass.com

 

14

01 2014

News: Target Woes Continue After Data Security Breach

It keeps getting worse for retailer chain Target. After the loss of account information for over 40 million people, it has know been revealed that thieves managed to gain secret PIN code numbers in addition to the previous security breach. In an article on the Huffington Post, it was revealed that Target’s reputation among consumers has taken a huge hit.

The company’s “Buzz score,” a measurement of brand popularity developed by polling site YouGov, dropped by 35 points to -9 on Dec. 20, the day after Target announced that hackers may have gotten access to 40 million customers’ credit and debit card information. On Monday it fell even further to -19. Scores range from 100 to -100.

Currently, the Justice Department is investigating the data breach. Customers affected by the Target breach complained that they had to cancel credit and debit cards just as they were rushing to buy holiday gifts. Millions of others faced bank-imposed limits on how much cash they could take out at ATMs or spend on their debit cards.

In the wake of the recent revelation that the Target data breach was worse than first reported, many customers have started to take legal action against the retailer. According to a report by CNN Money, Target is facing lawsuits from almost two dozen consumers.

Customers in from California, Oregon and Washington to Louisiana, Massachusetts and Rhode Island have filed would-be class actions in federal courts, alleging Target was negligent and did not protect their card information.

Plaintiffs in several states alleged Target “failed to implement and maintain reasonable security procedures and practices.”

Robert Ahdoot, a lawyer for the California plaintiffs, said he spoke to customers who claimed unauthorized ATM withdrawals had been made from their accounts.

“Target has an obligation to provide adequate security for the financial information they collect,” Ahdoot said.

Some suits also alleged negligence, and claimed customers would not have purchased from Target if they knew of the breach, which lasted from Black Friday through mid-December but was not disclosed until last week.

Snyder, the Target spokeswoman, said the company doesn’t “comment on pending litigation.”

In related news, the New York Times reported last week Brian Krebs, the security blogger who first broke the news that Target had been breached, said he believed he had identified a Ukranian man who he said was behind one of the primary black market sites now selling Target customers’ credit and debit card information for as much as $100 a piece.

If customers do return to Target after this massive security lapse, I can assume many will be using cash.

If you’re looking for a reliable asset disposal service, PCS of Massachusetts is ready and willing to help you recycle your electronics and destroy your data.  PC Survivors of Massachusetts, L.L.C.  (R2) Certified,  86 Finnell Drive Unit 6,Weymouth, MA 02188 /Cell: 781-635-6281 /Office: 781-335-1220 / Fax: 781-335-1499 / www.pcsmass.com

30

12 2013

NIST: The Development of Trusted Identities to Secure Critical Infrastructure

In a post on the White House blog, Michael Daniel (a Special Assistant to the President and the Cybersecurity Coordinator recently explained why “the country’s system of passwords as it exists today is hopelessly broken” and what the  the National Strategy for Trusted Identities in Cyberspace (NSTIC) is doing to fix it.

The NSTIC, Daniel says, has called for the creation of an Identity Ecosystem – an online environment in which individuals can trust each other because they follow agreed-upon standards to authenticate their digital identities.

What this means for individual users is that they will be able to choose from a variety of more secure, privacy-enhancing identity solutions that they can use in lieu of passwords for safer, more convenient experiences everywhere they go online.

The NSTIC also helps multiple sectors in the online marketplace, because trusted identities provide a variety of benefits: enhanced security, improved privacy, new types of transactions, reduced costs, and better customer service. The National Institute of Standards and Technology (NIST) is leading implementation of the NSTIC.

In October, the NIST released a preliminary version of the Cybersecurity Framework, which aims to reduce cyber risks to critical infrastructure.  Daniel explains the framework alongside an executive order from President Obama (Executive Order 13636Improving Critical Infrastructure Cybersecurity,” ) are a pathway to ultimately fixing the problem of identity theft.

While the Executive Order focuses on critical infrastructure, managing identities is a foundational enabler for cybersecurity efforts across all sectors. The NSTIC complements the goals and objectives of President Obama’s Executive Order by promoting the use of trusted identity solutions in lieu of passwords, which will help strengthen the cybersecurity of critical infrastructure. Trusted identities offer owners and operators of critical infrastructure more secure, privacy-enhancing, and easy-to-use solutions to help secure IT systems from potential attack.

This could mean in the future you’d be asked to sign in for any number of accounts or sites using anything from retinal scans, fingerprint-based passwords or most recently thrust into the spotlight with the iPhone 5, facial recognition. The ideas aren’t new, what is is the framework, currently being developed and commented on.

Currently, the NSTIC is facilitating the work of a private sector-led Identity Ecosystem steering group, which is working to develop an Identity Ecosystem Framework in which different market sectors can implement convenient, interoperable, secure, and privacy-enhancing trusted solutions for digital identity, including within critical infrastructure. This group currently has more than 200 members.

Guess what. They’re looking for your input on the preliminary Cybersecurity Framework. You can go to the Federal Register to comment by Dec. 13. (Click here for more information on how to submit comments.)

If you’re looking for a reliable asset disposal service, PCS of Massachusetts is ready and willing to help you recycle your electronics and destroy your data.  PC Survivors of Massachusetts, L.L.C.  (R2) Certified,  86 Finnell Drive Unit 6,Weymouth, MA 02188 /Cell: 781-635-6281 /Office: 781-335-1220 / Fax: 781-335-1499 / www.pcsmass.com

 

11

12 2013