Health Records Lost in Data Breach

New years bring new opportunities but also new problems. Yesterday, a very large company in our area announced that they were on the hunt for 6 hard drives that were now missing. That probably not that big of a concern for you – or is it? If you were one of the more than 950,000 people whose personal information was on those hard drives, it suddenly becomes one of the largest problems of all-time for you.

While you may not have millions of dollars to steal, what you DO have that is likely to be stolen is your identity, which will inevitably be used to initiate fraudulent credit cards, online accounts of all kinds and more activity that will have lasting impact on you. How about the business perspective?

Are You Ready for YOUR Company to Be in the Headlines? Get Protected with EPC, Inc.This breach (with more details coming out as the hours go by) will end up costing this company millions of dollars on it’s own. Implementing credit reporting for almost a million people alone is a nightmare. Now let’s talk about the health care record monitoring that will also need to be implemented to ensure data integrity.

The price skyrockets even more.

While your company may not be as large, or as public as the one in question here, the question to ask yourself is this:

What if it was YOUR company in the spotlight?

Is YOUR company exposed? What is your company’s “Data Destruction” policy? Do you even have one? It’s time to implement a trusted, NAID-certified ITAD/Data Destruction solution now, and that solution starts with EPC, Inc. With more than 30 years in business, and 9 locations in North America, we stand ready to protect your data, your reputation and your company’s future.

Download EPC’s “IT Security Risks – Overlooked Vulnerabilities & Best Practices” White Paper

You spend thousands of dollars and untold hours of time to protect the data in your company– well. Maybe you don’t.

Whether you provide attention to your company’s security or not, be sure to take just a few minutes to download our newest tool to help you understand the important parts of what “Overlooked Security Vulnerabilities” that will change the way you provide time and budget to your company.

Shutting Down or Moving? How to Choose the Right Asset Disposition and Remarketing Partner

patrick-banner-3-6-13-enterprise

From Patrick Mann: ITAD SalesEPC, Inc.

Whether you’re a property manager, an IT or data center manager, a lessor, or a liquidation manager, when your company charges you with disposition of physical IT assets, there’s little room for error. Because of the unplanned and chaotic nature of the situations that call for IT asset disposition, you’re often up against a hard deadline and a shifting, disorganized environment.

When disposing of IT assets in these situations, your task is to mitigate the risk to your organization and get the job done quickly.

Common situations that call for quick disposition of IT assets include:

• Bankruptcy
• Consolidation
• Merger
• Data center merger
• Downsizing
• Closing a division or data center

Usually, when these situations occur, the property manager or IT manager doesn’t have much time to plan and manage the disposition. In these chaotic situations, often the best approach to asset disposition is to partner with an experienced asset disposition solution provider or equipment re-marketer with the expertise and facilities to handle the logistical challenge.

Here are three things to consider when evaluating a potential asset disposition partner:

• Expertise: Is the solution provider familiar with your equipment? A trained representative can appraise the equipment on site and tell you whether or not it’s worth removing. In some situations, understanding each party’s obligations and liability for data security and the equipment itself will determine the best disposition process. An expert in reverse logistics and asset disposition can help you sort through the different scenarios.

• Ability: It sounds the same as expertise, but it’s not. You can find people who know a lot about reselling equipment, but are they able to utilize company employees and bring in the labor to move the equipment out before your deadline? Do they have certified processes for handling and destroying data? When you’re working with a strict timetable—perhaps you’ve been allocated a certain number of days by a bankruptcy court or your company’s lease is expiring—you need a solution provider who knows the equipment and can move it out quickly and efficiently and ensure data security

• Logistics: Where is the equipment going? How is it getting there? Is it being packed and handled to prevent damage and maintain maximum resale value? Is the chain of custody clear and secure?

• Value: The financial value your organization is getting back through the asset disposition should be an important factor when deciding on a solution provider, but it should not be the only one. Consider all of your costs such as the use of internal resources, transportation to far away facilities, as well risks of data breach or environmental non-compliance. The costs could outweigh the value of the assets themselves. The right asset disposition partner will help you minimize all of the costs and the risks while maximizing the return.

When you’re under the clock because of a merger, bankruptcy, data center closing, or another similar scenario, you don’t want to make mistakes. Partnering with a responsible and experienced IT asset disposition provider can make the difference between a smooth, organized process, and a chaotic, disorganized one.

Interesting New Numbers on Data Breaches – The Numbers Will Stack Up Against YOUR Company

From Eric Levy: ITAD Sales, EPC, Inc.

EPC, Inc, now in it’s 30th year of business, continues to be a centerpiece of information in regard to Data Security. We have been offering companies of all sizes options that ensure compliance with specific industry standards to help protect companies reputation and information. A recent article from DataBreaches.Net shows just how important it is to be compliant.

“Nearly 1 in 4 data breach letter recipients became a victim of identity fraud, with breaches involving Social Security numbers to be the most damaging.”

This is a staggering number and cannot be overlooked. That means that if your company had an “average sized” Data Breach from a mishandled asset or drive of 554 leaked names*, you would have 139 customers or clients that now have had their entire identity taken from them. This is a process that can take from 3-7 years to reclaim not to mention the untold number of dollars that it will cost YOUR COMPANY to make this happen.

The next time you have retired assets that your boss told you to “get rid of” don’t just think of your potential feel good moment of running into that boss’ office and telling him you got rid of all of those “old” computers and were able to do it for no money. Think about that boss’ reaction when you have to tell him the guy that did it for free just stole you client’s identities and you now have to deal with the absolute costs associated with a breach – along with the unknown costs of lost business. EPC offers true, peace of mind and for very little time on your part. We offer fluid solutions to fit any company in any industry.

Contact EPC and learn more about our Industry-leading Data Security operations. We would love to help you review your protocols to make sure you are compliant within your industry.

*The data to describe an average size breach is from 2012. We expect the average size of a breach to continue to grow exponentially for the foreseeable future.

Please feel free to contact EPC and learn more about our Industry leading Data Security operations. We would love to help you review your protocols to make sure you are compliant within your industry.

How Many Hurdles are In Between a Thief and Your Phone’s Data?

Let’s face it: If you can rember 5 phone numbers of even your family members in today’s time (unless it’s part of a jingle), you are on the cusp of being an informational genius at this point.

Today, we as technology-addicted humans put in not just phone numbers, but intimate family-based information, account numbers to insurance and bill-paying outlets of all kinds and most importantly: PASSWORDS to the stuff that helps you and/or your company make money.

But what are you doing to protect that literal electronic treasure trove you have on your phone? A recent article over at CNN.Com (listed below) has found that only one in three smartphone users are using a password to protect their data. That means that 7 people, literally have an open-door policy to – well – anyone. Having just changed phone companies (oddly enough, to the exact same phone, just a different carrier) I realized as I was choosing the passcode for my new technological terror how as a connected IT professional, just how critical it is to have a password in place.

passcode-phone-image

At any one time, I have access to company’s websites, my own websites, personal information of every kind all within a moments touch to help me make my day more productive, and to have one, mobile, digital “place” to get all of the information right now. And THAT’s why there’s a passcode, not only to get “into” my phone, but also the information management software that’s on my phone.

What are YOU and the people (especially your sales staffs) doing to help ensure that if one of their phones, with sensitive customer information were found/stolen? Are you using a password to block instant access to your mobile phone’s content? Read the article via the link below and then tell us here what YOU and your company have implemented to prevent the true nightmare scenario…

“Three of 10 Smartphone Users Don’t Use Passwords” at CNN.Com

Are Hackers Tracking You via Your Cell Phone?

While it sounds like something from the movie Enemy of the State, new research from the University of Minnesota College of Science and Engineering indicates that attackers can capture the same information used by cellphone companies to track cellular handsets to pinpoint a target’s location. This attack leverages features of the GSM communication stack to perform location tests without the alerting the target.

These location tests are used by cellular providers to find the best path on their networks to route calls and can be accurate to a 10-block area in metropolitan areas. 3rd party access to this data usually requires a warrant. However using commodity hardware and open source technology, the researchers were able to directly capture this information. They did not have to contact the local cellular company for access.

The authors conclude that this formation could be used by oppressive regimes to track down dissidents or for thieves could target a person and identify when they were no longer at their home.

The authors have contacted carriers and phone handset manufactures, such as AT&T and Nokia to discuss mitigation techniques and are working on responsible disclosure statements for cellular service providers.

Source Article:

http://www.sciencedaily.com/releases/2012/02/120216165701.htm#.T0JUDgoV6-4.email

Playbook security hole makes personal information available

RIM PlaybookResearch in Motion just cannot catch a break with their tablet, the Playbook. Not only are sales lagging behind Apple and Android offerings, forcing RIM to cut pricing to $299; but now security researchers have discovered email and other personal information could be stolen via malware. The security weakness is exploited using Playbook Bridge, a software designed to link to a Blackberry phone via Bluetooth. While Bridge protects information in transit, a file readable by any native application on the Playbook contains the users BBM username and password. A rouge application could potentially read this file and use the contained credentials to retrieve any information stored in the user’s BBM account.

RIM has acknowledged the vulnerability and promised a fix in the upcoming Playbook OS 2.0 update, which is due to be released in early February 2011. RIM has also recommended that users avoid installing applications from untrusted sources, which will reduce the risk of exposure.

Source: CIO.com – Email, Personal Information on PlayBook Left Vulnerable to Hackers

Do you know who your friends are?

It sounds like a plot out of  a summer spy movie, but security researcher Thomas Ryan tested what would happen when posting a fake profile of a real-life Abby Scuito. The results? Over 300 “friends” in the military, information security, and intelligence fields, a few job offers, and invitations to security conferences.

Ryan, the co-founder of Provide Security, said the goal of the study was to determine how effective social networking sites like Facebook, Twitter, and LinkedIn would be as tools in covert intelligence-gathering activities. He crafted “Robin Sage”, a 25 year old Navy cyber threat analyst who graduated from MIT. Even though the profile had some red flags, like a 25 year old having “10 years experience,” it took less than a month to make connections with many in security related fields. Virtual friends shared photos, personal information, invited Robin to conferences, and a few even expressed interest in hiring her.

If Robin were a foreign agent, she would have had access to a lot of very useful information, said Ryan, who is scheduled to present his findings at the upcoming BlackHat security conference in Las Vegas.

Even if you are not in the spy game, what can you learn from this?

  • Like your momma said, “If it sounds too good to be true, it usually is.”
  • If you don’t know them, don’t friend them.
  • Always be mindful of how information posted online could be used against you by identity thieves. For example, how many answers to your security questions for your bank account can be gathered from your Facebook profile?

Social networking has the potential to bring friends together regardless of distance, just be careful who you invite to the party.

Article Inspiration: CIO.com – Fake ‘Femme Fatale’ Shows Social Network Risks

Another Internet Explorer Vulnerability (…sigh)

Well, here we are again. A few weeks after Microsoft pushed out a critical patch to all versions of Internet Explorer, Jorge Luis Alvarez Medina, a security consultant with Core Security Technologies provided details of another attack against the beleaguered browser. This time, an attacker “may be able to access files with an already known file name and location.” If that sounds a bit scary, it should. It falls into a class of attacks called “Local File Disclosure”  and can be exploited by sending the victim to a malicious site at attempts to access files stored on your computer. The attacks leverage different design features of Internet Explorer that can be combined to do serious damage. Secunia has rated this as “Moderately criticalRead more

10 Tips for Protecting Business Data

Data Privacy Day is Jan 28In honor of Data Privacy Day (January 28), Cintas published 10 tips for protecting confidential business data. This list is a good starting point to creating your own data security program. I will list the tips below with additional recommendations on each. Many of these tips are written with paper documents in mind, but nearly all apply to digital storage as well. To see the see the original list, see Cintas’ site.

  1. Implement a document management program. This falls in the category of “identify your treasures.” Make a list of the different types of documents you need to keep – invoices, receipts, contracts, etc. Next determine who needs access to these documents in order to do their job. Identify security measures needed to maintain privacy of the data. Lastly, train all employees on responsible information-handling. Many certifications like PCI and Red Flag require this secure document management training to be compliant. Read more