• USB Flash Drive Products
• Testimonials
• About Us
• Technical
• FAQs
• Bad News
• Links
• Feedback

Bad News

OK, so you've read the benefits of the SecureStix device and are probably wondering which part of your data you should protect first.

We've put together a list of articles from press around the world regarding the pitfalls of the standard unsecured USB Stick...have a read of this before you purchase, this may help you prioritise what data you want to protect first.

Do you want to become the next “bad news story”?

Bad news story 1.
"ICO blames CEOs for data leaks"

Filed under: News, Data Theft, Regulatory Compliance - July 12, 2007

The UK’s Information Commissioner, Richard Thomas, has described the lack of security measures put in place by banks, government departments and other bodies as “frankly horrifying”.
He has called on those at the top to be accoutable for the IT secruity measures across their wider organizations. In the past 12 months, the Information Commissioner’s Office (ICO) has dealt with more than 24,000 complaints and prosecuted 16 individuals and organizations.
According to the ICO’s annual report, more than a third of complaints concern a likely data breach. Organizations currently under investigation by the ICO include top high-street banks, retail giants and telecoms providers.

Bad news story 2.
"Data loss keeps IT staff awake at night"

Filed under: News, Hacking, ID theft - May 29, 2007

According to new research, while 87 percent of organizations are confident that they can deal with viruses, spam and malware, only 35 percent feel they are able to deal with the prospect of lost data.
What’s more, 73 percent of those questioned believed they could lose their jobs if a significant breach came to light. The research study, undertaken by KACE Networks, declared that frontline IT staff are not empowered or sufficiently expert to make important decisions about IT security.

Bad news story 3.
"TSA LOSES 100,000 RECORDS ON EXTERNAL HARD DRIVE"

Filed under: News, ID theft, Data Theft - May 9, 2007

The Transportation Security Agency (TSA) yesterday admitted the loss of an external hard drive containing the personal, bank and payroll information of up to 100,000 of its former and current employees who worked for the agency from January 2002 until August 2005. It was reportedly stolen from a human resources office in Crystal City, VA and the FBI and U.S. Secret Service have been drafted in to help the TSA investigate the theft. According to some sources, the TSA took more than 24 hours to notify possibly-affected staff and former employees - a delay which has caused some to criticise the agency. There is no news on security measures to protect the external hard drive, which has led to speculation that the device was not encrypted, making it much easier for unauthorized parties to access the data.

Bad news story 4.
"REMOVABLE MEDIA DEVICES CONFIRMED AS #1 SECURITY THREAT"

Filed under: News, Lifestyle Computing, Data Theft - May 4th, 2007

Research conducted by Centennial Software at this year’s Infosec event in London has found that IT managers now see removable media devices as a bigger security threat than either viruses or malware. 38.4 percent of the more than 370 respondents cited portable devices as the number one risk, up from 25.7 percent in 2006. And while more organizations in 2007 have included removable media devices in their acceptable use policies (62 percent this year compared with 54 percent in 2006), a surprising 80 percent of respondents said that their organizations did not currently have effective measures in place to combat the unauthorized use of these devices: 43.2 percent said they had no controls at all, 27.4 percent relied on managerial discretion and 8.6 percent said their company had a total ban. Only 16.4 percent of respondents said their company used a software-based solution to enforce removable media use policies. The survey also found that 67 percent of IT staff use some form of removable media device on a daily basis, and that the most popular type of device (65 percent) is the USB flash drive.

Bad news story 5.
"New York workers face ID theft risk"

Filed under: News, ID theft — February 13, 2007

Up to 32,000 workers at New York’s District Council 37 have been warned that they may be at risk of identity theft following the loss of an unspecified “computer disk” containing their names and social security numbers. The news was leaked by an Emergency Medical Service worker who recieved a notification in January 2007.

Bad news story 6.
“Another Veterans Affairs Data Breach! - Missing External Hard Drive ”

Filed under: News, Data Theft — February 6 , 2007

The Veterans Affairs is becoming the poster child for endpoint security data breaches. To add to their ongoing list of endpoint security breaches, yet another one was announced today.

An external hard drive went missing last month from the Birmingham VA Medical Center on January 22nd and is believed to have been stolen. The drive has the usual “steal my identity” information on 48,000 veterans, including names, addresses, Social Security numbers and medical information.

It is believed that only half of the data was encrypted. Although the VA has made some progress after recent data breaches by installing encryption software on all laptop and desktop machines, it looks like there are still some issues in regards to removable media.

Encrypting hard drive data on computer systems is a step in the right direction, but worthless if not implemented in a larger endpoint security policy that also takes into consideration removable media devices such as external hard drives, USB flash drives, MP3 players, cameras and other devices, not just the systems themselves.

Bad news story 7.
“UK Government Security Awareness Slammed”

Filed under: News, Data Theft — February 5 , 2007

Lieutenant general Sir Edmund Burton, a key advisor to the UK Government on information assurance issues, has strongly criticized a lack of awareness of security issues among many key public sector organizations.

In a recent report, he cited a lack of focus as the key barrier to improving security: “What keeps me awake at night is that, with some notable exceptions, across government there’s too little awareness of the scale and breadth of the risk facing us at the moment,” Burton claims that board-level directors are the key culprits in the UK’s lack of effective security measures: “The technical risks are nothing compared with ignorance at board level.”

Bad news story 8.
“UK firms warned of Arse syndrome Security risk ”

Filed under: News, BCS (British Computer Society) December 22, 2006

UK firms are being warned of the security risk posed by a growing phenomenon called Arse syndrome.
Arse syndrome, or Alcohol Related Security Emergency, is a growing trend in the UK, where employees lose portable devices containing work-related information after drinking a few too many.

Indeed, research from Centennial Software revealed that 53 per cent of UK workers have lost portable devices such as mobiles, USB drives and MP3 players containing work-related information.
More than half of these devices were lost at the drinking venue itself, whether it be the pub or at a work social event.However, taxis and public transport were also common places to lose portable gadgets.

Matt Fisher, vice president at Centennial, was quoted by Security Park saying: 'While it's understandable that people need to let their hair down over the festive period, these statistics are worrying.
'Data theft is a growing problem, and while employees need to be careful after a few too many drinks, employers also need to ensure they monitor who is connecting devices to the network and should also consider automatically encrypting data legitimately copied to mobile gadgets to ensure it is protected.

' The threat of Arse syndrome is made particularly acute by the fact that only 35 per cent of employees who have lost company information admitted it to their bosses.
Mr Fisher continued: 'If people are losing devices and not owning up to it, then organizations are in a very vulnerable position.
Not only could the customer database be sold on to the competition or organized criminal gangs, but it also opens the door to viruses.

It is very important that businesses have the necessary security to keep track of who is using which devices and why. After all, no one wants to make an Arse of themselves at Christmas.'

Bad news story 9.
“Cost of data theft soars”

Filed under: News, Data Theft — October 24, 2006

New research released by the Pone mon Institute suggests that the average cost of a single stolen or compromised data record now stands at $182, up from $138 in 2005. Of that total figure, around $128 is indirect cost, such as lost customers, compensation and the price of investigating the incident.

The Institute calculates that an average company suffers around $660,000 per data breach, with total costs of around $4.7 million per year for each of the 56 companies it interviewed.

Bad news story 10.
“U.S. Data Breach Tally Approaches 100 Million: USB flash drive loss setting trend”

Filed under: News, Data Theft — September 26 2006

TechWorld news discusses, alarming numbers released yesterday by the Privacy Rights Clearinghouse (PRC) stating that over 93 million data records of U.S. residents have been exposed due to security breaches since February 2005.

“The latest trend to show up is the loss of memory sticks,” Beth Givens Director of the PRC said, referring to portable USB Latest News about USB drives that are often used to transport data among various computers. “I don’t think it’s anything new that they are being lost or stolen. But they are now being reported, at least, and affected individuals are being notified.”

Bad news story 11.
“Increased mobility needs additional security”

Filed under: Opinion, Data Theft —August 3, 2006

With research from analyst firm Quocirca showing a 300% increase in mobile remote access to business systems in the last year, one has to question whether their security policies and enforcement mechanisms have kept pace with these developments.

While the business benefits for enabling workers to access systems while away from the office are clear, there is also a significant risk that this access could be deliberately or accidentally misused, resulting in costly and embarrassing data leaks for the organization.

The hysteria caused by the VA data loss is perhaps the perfect example of why organizations need to ensure that any data carried away from the network - whether on a laptop or, worse still, a portable storage device like a USB stick - needs to be protected against falling into the wrong hands. While the laptop at least might be password protected, the vast majority of USB sticks, portable hard disks etc feature no such security measures - making them extremely vulnerable to misuse.

As such, organizations need to start treating mobile devices, whether PCs or storage ‘gadgets’, as potential sources of data leaks which need to be proactively managed to ensure that only authorized staff can copy information and that any files transferred to devices are adequately protected against theft.

Bad news story 12.
“Aussie crime fighters put bank customers’ IDs at risk”

Filed under: News, Data Theft — June 26, 2006

Australia’s leading internet crime-fighting agency was left red-faced this week after it emerged that operatives from the Australian High Tech Crime Centre (AHTCC) managed to lose a USB memory stick containing the personal details of 3,500 customers from 18 different banks.

The device was apparently misplaced en route from Sydney to London.

The lost dossier was part of a police investigation into Russian mafia ‘phishing’ scams. A number of suspects in Australia have been arrested, but a string of others were still being hunted by police. No arrests have been made since the memory stick was lost.

According to the AHTCC, the data on the memory stick was not password encrypted or password-protected - and the officer carrying the information was doing so in violation of several policies. There is no news of any disciplinary action against the officer involved.

The loss of the computer files has sparked an as yet unsuccessful search by Australian Federal Police officers of hotels and airports in Sydney, Singapore and London. Worse still, it appears that the affected bank customers were never informed by the AHTCC.

This bungle comes at a time when consumers are increasingly fearful of identity theft.  

Bad news story 13.
“USB + Human Curiosity = Security Breach”

Filed under: News, ID theft, IT Skills, Data Theft June 9, 2006

In a recent article on darkreading.com, Steve Stasiukonis VP and founder of Secure Network Technologies Inc. discusses a recent client:

We figured we would try something different by baiting the same employees that were on high alert. We gathered all the worthless vendor giveaway thumb drives collected over the years and imprinted them with our own special piece of software. I had one of my guys write a Trojan that, when run, would collect passwords, logins and machine-specific information from the user’s computer, and then email the findings back to us.

The next hurdle we had was getting the USB drives in the hands of the credit union?s internal users. I made my way to the credit union at about 6 a.m. to make sure no employees saw us. I then proceeded to scatter the drives in the parking lot, smoking areas, and other areas employees frequented.
Once I seeded the USB drives, I decided to grab some coffee and watch the employees show up for work. Surveillance of the facility was worth the time involved. It was really amusing to watch the reaction of the employees who found a USB drive. You know they plugged them into their computers the minute they got to their desks.

Slowly data started appearing in their inbox collected from the systems where the thumb drives were inserted. Human fallibility will always be your greatest endpoint security threat.

Bad news story 14.
“Military intelligence discovered on lost USB stick”

Filed under: News, Data Theft — February 17, 2006

The Dutch military was left red-faced this month after it emerged that USB sticks carrying top secret information were lost on two separate occasions. Just weeks after the military owned up to losing one memory stick, it was confirmed that another flash drive was discovered in rental car previously hired by a captain in the Dutch air force.

Two men found the device and copied the files to a PC. Data discovered on the USB stick included battle plans for Dutch troops and details of reconnaissance missions.

The Dutch government, which admitted a similar breach last year when an intelligence operative left computer disks in a leased car, confirmed recently that the air force captain has been dismissed.

Read enough Bad News?

Don't become another statistic, purchase your protection on-line now.

 

Join the “Secure Me” Club today Free and you’ll get:

• A complimentary copy of Ashton Wood’s e-book valued at $27, titled “16 Business Destroying Security Flaws Found In Many Companies…and How to Avoid Them."
• A free copy of our ideas-packed monthly newsletter
• Special member offers and discounts.

We will never rent or sell your email address and you may unsubscribe from the newsletter at any time. You will from time to time receive specials, discount benefits and we may bring to your attention solutions that we are impressed with which you might find of value.

What our clients say!

"I have been using the Secure Stix USB Flash Drive for a number of months. I have found this drive to be an easy, effective and reliable tool to transfer files. The drive has been particularly useful for confidential client files which are too large for email (e.g. MYOB files). The security features provide peace of mind that if the drive is misplaced, confidential client information will not be compromised. The 'public' and 'secure' partitions are also an excellent innovation. I have no hesitation in recommending this product to clients and colleagues." Salvatore Russo, Chartered Accountant, Public Practice Advisory Member ICAA.