After the Whatsapp decision at the end of 2015, to encrypt messages sent by its users, encryption has jumped to the forefront as a topic for discussion on social media.
Data encryption techniques, however, are not all the same, and understanding the operation requires advanced knowledge of higher mathematics and analytical concepts that the average user rarely possesses. In an article published on Techbeacon.com last July, Luther Martin, software engineer of HPE, after a brief excursus in the fields of Economics, provides some useful tips to navigate the intricate world of data encryption
According to Martin, products that implement encryption are probably credence goods, that is goods whose properties cannot easily be checked, either before or after they are consumed. As well as many medicines are credence goods, because it is difficult to tell if your recovery was really due to the medication, a placebo effect, or even simply your body recovering on its own. It takes expensive and uncommon skills to verify that data is really being protected by the use of encryption, and most people cannot easily distinguish between very weak and very strong encryption. Even after you use encryption, you are never quite sure that it is protecting you.
Being a good in that you can just “believe”, is there a practical way to differentiate your offering and directing the choice towards those products that ensure more secure data protection and compliance in those areas where they are more restrictive?
There are many things to consider when selecting what type of encryption you should use and how to deploy it effectively to protect your sensitive data, but one criterion stands out as more important than all of the others: whether or not a given technology has been validated against the US government’s FIPS 140-2 standard (http://csrc.nist.gov/groups/STM/cmvp/standards.html). If you select encryption that meets this criterion, it will almost certainly be acceptable to your auditors, which is just as important as any other aspect of the technology.
(source http://techbeacon.com/software-engineers-guide-encryption-how-not-fail)
Il 75% delle aziende dichiara di aver avuto almeno un problema legato alla sicurezza dei propri dati negli ultimi 5 anni, di cui il 25% problemi che hanno causato perdite economiche.
The new European General Data Protection Regulation – effective in may 2018 – introduces important new features that will have a major impact on how organisations process personal data at their disposal (of employees, suppliers, customers) especially in the event of non-compliance. Here, we summarize briefly the main changes:
resistance of systems and services that process data;
with adequate measures to ensure availability and recovery of data access in the event of a data breach;
frequent verification of the effectiveness of the measures put in place.
Now, a number of studies have pointed out that about 90% of successful data breaches are due to human errors. Let’s consider the case of Eastern Health, one of the largest health providers in Canada’s Newfoundland and Labrador provinces,
In June 2015, Eastern Health announces that a flash drive containing the personal information of around 9,000 employees has been lost. There is nothing to suggest that the information on the USB drive will be used for a fraudulent purpose. Actually, Eastern Health is saying that they have no idea where this flashdrive is. It could be at the bottom of someone’s drawer or fell down a sewage drain, sure, but it could also have been dropped on a busy city street or left on a subway. You can’t account for who will pick up a drive that you have no clue how to locate.
Then, two months later, a very interesting development was announced . The flashdrive was found – in an office file cabinet. Eastern Health had it in their offices the entire time. A happy end, isn’t it? Yes, for sure, from the point of view of protecting the privacy of employees, but a happy ending which costs the organization, to conduct research and to check the damage, about 100,000 dollars that could be saved by adopting some basic preventive precautions and operating with less levity.
Another recent survey indicates that though 64 percent of respondents report having data sharing and usage policies, only 30 percent have Data Loss Prevention solutions in place. Yet, according to Corey Nachreiner, WatchGuard Security Strategy Director, five simple steps CIOs and IT managers could be taken to protect the organization’s critical data assets from both intetional and accidental data loss.
“SPYRUS has a strong commitment to developing the strongest possible information security hardware products on the market today. Their products are standards-based, rigorously tested and designed with the need of the high-end security customer in mind.”
Paul Raines, author Global CISO CSO Magazine
Cardwave is a globally recognised expert in solid-state media and we make it easy for companies who need to understand and use this technology in their business. We are known for our professionalism and quality of service and we handle millions of dollars worth of business and commercially sensitive data for many high-profile brands.
USB peripherals can turn into dangerous vectors of malware (the so-called BadUSB), due to an inherent vulnerability of their architecture . USB manufacturers can deal with that issue implementing “secure-by-design” USB drives.
A Windows To Go Live Drive allows your OS to boot and run from an USB flash drive or an external hard disk drive which have been certified by Microsoft as compatible, providing you with a fully manageable corporate Windows environment.
More and more sophisticated technologies and high-speed connections allow to gain access to and control machines thousand of miles far, in total security. Discover how a remote desktop software solution can improve your business.
Did you know that 91% of successful data breaches started with a spear-phishing attack? Cyber-attacks are rapidly getting more sophisticated. An adequate training can help you train your employees to better manage the urgent IT security problems of social engineering, spear-phishing and ransomware attacks.