2007 A RECORD YEAR FOR DATA BREACHES According to the Identity Theft Resource Center, 2007 saw a nearly four-fold increase in the loss or theft of personal data such as credit card and Social Security numbers. Thru Decemeber 18, the ITRC reported 79 million records compromised in the US, compared to 20 million in 2006. Attrition.org, who tracks worldwide reports, says 163 million records compromised in 2007, compared to 49 million in 2006. "A lot of the breaches are due to inadequate information handling, such as laptop computers with SSN's on them that are (stolen) or lost," said Linda Foley of the ITRC. "This is human error and something that's completely avoidable, as opposed to a hacker breaking into your computer system." According to Attrition.org, the number of incidents in 2007 actually declined to 330 from 346 in 2006. Stolen or lost laptops accounted for 33% of the incidents, followed by "Web" breaches at 18%, and Hacks at 14%. Industries that saw the most data breaches in 2007: Business at 32%, Education at 26%, Government at 29%, and Medical at 13%. The data indicates that no industry is immune from accidentally or otherwise exposing confidential customer data. Is it time to review your data security practices? See the AP article here. See Prat Moghe's spreadsheet of attrition.org's data at his blog. Prat is the founding CEO of Tizor, a data auditing firm.
	INFORMATION SECURITY REPORTING: TIPS TO GET STARTED When developing management reports, regardless of your discipline, collecting data is the easy part. Translating the data into actionable business information requires more work. But we persist in writing them because we want to justify our existence, increase our visibility, and gain management support for our next project that will bring us fame and fortune, or at least another resume entry. We pulled these tips from a Forrester report by Khalid Kark, and comments from the securityfocus community. Include benchmarking data of your organization against others in the same industry or of similar size. Identifying trends and events put security in context. For example, report the number of security breaches in your industry and include "war stories" and anecdotes about other companies. Use them to emphasize a concern or communicate a key risk. In addition to quantitative data, also use qualitative metrics and assessments. "An opinion, for example, on the degree of risk a firm faces" will be well received, as long as there's some justification. ROI can't always be established. "For certain things, the cost of failure is so high that you have to do them, and in such cases, a risk-benefit-cost analysis is more appropriate." Report on residual risk: "After a risk assessment, management has the choice of mitigating, transferring, or accepting the risks. Report on those risks that have not been completely mitigated and those that have been accepted as tolerable." "Approach the report, not from your security perspective, but answer the question, "what would management be interested in?" Include business-relevant facts that report the dollars spent and what the company got for its money. Management isn't interested in how well the firewall works and how much spam has been filtered. And most important, management loves charts!
	DISC ENCRYPTION FOUND VULNERABLE BY PRINCETON RESEARCH TEAM Just when you thought your Full Disc Encryption (FDE) solution solved all your data security needs, a team of researchers led by Princeton's Edward Felten showed it's possible to access the secret encryption keys after all. "It was widely believed that when you cut the power to the computer that the information in the RAM would disappear, and what we found was that was not the case," said professor Edward Felten. See the BBC news story, or view Princeton University's report (and video).
	BANKS AND TELECOM FIRMS GET HIT MOST BY ID THEFT A just released study details Banks and Telecom firms receiving the most ID theft complaints from 2006, information only recently made available from the Freedom of Information Act. The report, authored by Berkeley Center for Law and Technology's Chris Hoofnagle and cited by Dark Reading Senior Editor Kelly Jackson Higgins, uses data "based on bad guys setting up fraudulent accounts or tapping victim's accounts". Bank of America averaged 1,117 events per month, followed by AT&T with 763, and Sprint/Nextel with 698. Read the whole Dark Reading story, or download the 16 page PDF report.
	NOTEBOOK PC MARKET GROWS BY 41% IN 2007 According to DisplaySearch, HP remained number one in the notebook market for the sixth consecutive quarter. They also report the worldwide notebook PC market grew 14% for the quarter, and 41% for the year. Q4 2007 shipments were 33 million units. Every major manufacturer grew in double digits for the year, including HP at 42%, Apple at 38%, and Lenovo at 38%. Unlike the US economy, portable computing doesn't appear to be slowing down anytime soon. See the Digitimes story at Jack Schofield's blog at The Guardian on March 3rd.
FEDERAL AGENCY SAVES MONEY WITH PC GUARDIAN Often times, government agencies are criticized for wasting money. In this case, an agency selected the PC Guardian Master Coded Combo System with its combination retrieval component, the ComboGenie, to save money! This customer deploys a lock with each laptop issued to new staff in training. At the end of the training period, everyone turns in their locks, and inevitably, someone forgets their combination. If the trainee can't go home with the laptop to conduct agency business, the agency loses a lot of money. In these cases, our customer saves the day and uses the ComboGenie to open the lock. The customer reports she was "cutting off locks left and right before the ComboGenie came along." They have deployed 5,800 laptops over the last few years and said they are way ahead in saving money for the US Government, and getting their work done. Bravo!		SECURITY MANAGEMENT SIMPLIFIED WITH FREE ONLINE REGISTRATION TOOLS Heather Neidlinger, PC Guardian's Mid Atlantic regional sales manager told us about a Security manager at a Hunt Valley, MD firm who needed to secure 45 new Lenovo M55 desktops. "He Googled 'computer security' and landed on www.pcguardian.com. Preferring not to manage a keyed solution, he looked at our Ezolution Preset Combination lock. After receiving them, he said, 'They work perfectly, and I especially like having secure access to the combinations online (pcguardian.com) as well as in a secure file on my machine. This way I never have to worry about discarding a lock because of a lost combination.' Leaving nothing to chance, this hands-on manager even deployed the locks himself, and eventually wants to standardize his whole company on our locks." Congratulations Heather for simplifying security management one customer at a time.
LAST SURVEY RESULTS AND WINNER The winner of last quarter's drawing for a Kodak Digital Picture Frame was Sybase's B. Domondon of San Ramon, CA. Congratulations! Last Quarter Survey Results: Do you currently use PC Guardian Products: 87% Yes, 13% No Please rank security product features in order of importance: a. Performance, strength and security, b. Ease of use, c. Mobility, d. Product Support What other assets would you like to protect besides computers? a. A/V equipment, b. External hard drives, c. Photo/Video Camera d. Portable music players Where, or what location are you most concerned with PC and digital asset security? a. Hotels, b. Airports, c. Cars, d. Offices, e. Tradeshows Industries represented in survey responses: Government & US Army; Banking, Healthcare; Manufacturing, and Software
PC Guardian computer security products can be found at the following resellers:
This e-mail was sent by PC Guardian, located at 2171 E. Francisco Bl, Suite G, San Rafael, CA 94901 (USA). You are receiving this email because you are either a current PC Guardian customer, or you have opted in to receive our newsletter and periodic updates. If you are receiving this email in error or wish to unsubscribe for any reason, please do so here.