1. The LOK-IT Secure Flash Drive – an encrypted flash drive that offers hardware authentication, maintaining security from key loggers and other malware.  The LOK-IT Secure Flash Drive requires a PIN to be keyed into the PIN pad before plugging into a port.  It automatically locks when it is unplugged from the USB slot.  The devices is platform independent, works on any operating system.
2. ioSafe Rugged Portable SSD – The ioSafe Rugged Portable SSD is crush resistant (up to 2,500 pounds) and is optimized for protection against data loss for drops of up to 20 feet.  It is made from a solid piece of aluminum and can hold up under water and chemicals.  It also has a fast Intel 320 SSD and is equipped with a USB 3.0 interface.
3. Kensington ClickSafe Keyed Twin Laptop Lock – With many data breaches happening due to lost or stolen laptops, using the Kensington ClickSafe Keyed Twin Laptop Lock will secure a laptop in any hotel room or conference center.  The lock system provides a quick and easy way to secure up to two devices.  The lock is tamper-proof and has carbon strengthened steel cables.

Here are a few other tips and tricks to for use when traveling to keep personal information and data safe and secure.

1. On any mobile device, make certain the software is up to date.  Before any trip be certain to check the device manufacturer’s website for any updates.  Do the same for your operating system.  Most will provide software patches for any known security vulnerabilities.
2. Be sure to password protect your devices and use strong passwords.  Use favorite songs, pet names or foods that you only know.
3. Encrypt your data on your laptop and smartphone. Encryption is the most effective way to achieve data security.  In order to read an encrypted file a secret key or password has to be enabled so it can be decrypted.
4. Avoid unencrypted public wireless networks.  With no passwords to log in, anyone, including data thieves can log in and begin the process of stealing personal and company data and information.
5. Use a VPN to access your company’s network.  This layer of protection will be helpful if you are working in a hotel business center or local coffee shop.
6. Consider adding a tracing/GPS application to your laptop and smartphone so that it can be tracked if it does get lost or stolen.
7. Be certain to remove any personal information on your laptop before you travel.  Do you have copies of tax returns, health records on your computer?  Do you have information of other employees or clients that would be valuable to a data thief?  Remove them to be extra certain that it won’t be breached.

These are a few gadgets and ideas to keep your data and digital files safe when traveling.  Hopefully having data secured will provide one less worry for traveling and allow travelers to focus on other matters.

A quick Google search of the latest headlines under data security/breaches and it’s clear that the battle seems to shift from one side to the next in the ongoing war.  For example, Anonymous launched attacks on China, as well as on two telecom/technology trade groups working with new tactics.  At the same time, the next generation of cyber security managers was among teams from 10 universities competing in the 7^th annual National Collegiate Cyber Defense Competition.  These collegiate competitors are ready to join the fight against data theft.  Each side makes a move and the other side makes a counter move.

It is clear that many industries and enterprises have made great strides in protecting their data.  For example, financial services firms have always been ahead of the game when it comes to data security.  The very nature of the data that they collect and store makes them a prime target for cyber thieves.  And with the wave of crimes by groups like Anonymous and the big data breach that affected Visa, MasterCard and American Express, the public has become more aware and is applying pressure on firms to step up their security efforts.

“The reality is that the people who are looking to commit fraud are targeting anybody who has Internet access to applications that allow money to be moved,” comments Ben Knieff, Director of Nice Actimize, a company that provides financial crime, risk and compliance solutions to the banking and credit industries. Outside of the retail banking area, hackers could target asset managers, wealth managers, even investors who have access to online assets, relates Knieff.

Other experts have weighed in on the subject of who is winning the cyber war.  On the side that the “bad guys” are winning is Steven Sprague.  Steven Spraque, CEO of Wave Systems recently stated, “Over the past year, the heads of the Nuclear Energy Regulatory Commission (NERC), the Defense Department’s new Cyber Command and other top officials across government and industry have flatly stated that they can’t protect their IT systems from unauthorized intrusion. U.S. intelligence agencies have actually named China and Russia as the main sources of cyber attacks and alleged which groups in China actually performed attacks – diplomatic and economic consequences be damned.”

And on the side of the “good guys” winning the war is Chirantan Desai, Senior Vice President of the Enpoint & Mobility Group at Symantec.  Chirantan stated in a NetworkWorld article, that “… we are winning when you consider the headlines are driven by a tiny fraction of successful attacks while the vast majority of attempts are nipped in the bud.  Security professionals are like the police – we don’t expect the police to eradicate crime altogether, but they play a critical role in preventing criminals from winning that war.”

It definitely seems that as one side gets more sophisticated the other must as well.  At this point, it seems as though the battle is still waging and no one side has fully won the war against data theft.  And as businesses and society continue the move to increased digital mobility,  there will be more ways for hackers to obtain data, and new battles will be waged, strategies updated and tactics undertaken.

It is clear that a mobile flash drive like LOK-IT is a tactic that many organizations have already instituted in their ongoing battle against data breaches.  Whether healthcare entities, governments or large enterprises, many are using encrypted flash drives with strong protection.  Unlike other drives that are reliant upon software authentication, LOK-IT does not require entering the password with a keyboard or mouse attached to the host computer.

On the LOK-IT drive, authentication is securely managed through entry of a user PIN via a PIN-pad residing on the device itself. There is no software at all, so there’s no need for an unlocked partition to contain that software. Therefore LOK-IT drives have a significant advantage in security; the host computer never sees – and absolutely cannot see – the user’s PIN.

For starters, what is Big Data? According to Wikipedia, Big Data “consists of data sets that grow so large that they become awkward to work with using on-hand database management tools. Difficulties include capture, storage, search, sharing, analytics, and visualizing. This trend continues because of the benefits of working with larger and larger data sets allowing analysts to “spot business trends, prevent diseases, and combat crime.”

All of this data means that it is valuable to businesses and governments. Businesses and governments want to quickly dissect and understand this information and then utilize it in a “predictive” rather than a “reactive” manner. The value is in using it to predict future behavior, past purchasing patterns, etc. But the more valuable it is to these entities, it can be assumed all of that data is also valuable to cyber criminals as well. And with high interest and value placed on Big Data, come the many questions about privacy, security and how the tech industry will collect, use, store and regulate the ever-increasing amount of data.

McKinsey Global Institute, Big Data Report, May 2011

A recent survey by Echelon One, a security and risk services business found that 200 IT managers they interviewed, “49% said they were somewhat or very concerned about managing big data, and 38% acknowledged that they do not have a clear understanding of what big data is. A majority of the respondents, 59%, lack the tools required to manage data from the company’s IT systems, resorting to using separate, disparate systems and even spreadsheets. Although the survey did not ask respondents to classify the types of data they manage, 62% of the respondents manage over one terabyte of data, and over two-thirds, or 67%, said that managing log and IT data was either important or extremely important.”

The root of the security problem is that businesses take a very piecemeal approach to overall data security. Companies use antivirus software to stop malware and firewalls to keep the cyber criminals out, but none of these systems talk to each other in an intelligible way. When meaningful messages do appear, it’s too late, data has been stolen, and secrets taken or customer information becomes compromised.

Accessing Big Data will continue to happen via desktop and mobile devices so having a secure entry point into Big Data will always be important. LOK-IT is the first encrypted flash drive with enterprise-level security that can be used with any operating system since it doesn’t require software for user authentication or encryption. To gain access to the drive and data within, LOK-IT users just punch a pin code into a 10-key PIN-Pad, much like an ATM. In addition to working on many new tablets and smartphones, LOK-IT works with all USB compatible devices, including scanners, projectors, copiers, DVR’s and other specialized equipment.

It is clear that data security in the era of Big Data is going to drive security efforts in all organizations and institutions. It will likely raise the concerns of average consumers about who has access to their personal information, how are they maintaining it, what are they doing with it and how can they prevent it from being compromised. As Big Data evolves, it is clear that how it is stored, used, and protected will be on the minds of not only those in business and government, but also the average consumer as well.

The Kroll report is their third installment of a bi-annual survey of U.S. healthcare providers.  The survey asked 250 professionals in the industry to participate in the study.  Those healthcare professionals represented the gamut of individuals involved in healthcare data security, respondents included:  compliance officers, senior IT executives, health information management directors, privacy officers and chief security officers.

The 2012 report found that those surveyed rated their preparedness for confronting data security risks at a 6.40 ranking (on a scale of 1 to 7).  This was up from 6.06 in 2010 and 5.88 in 2008.  A healthy 96% responded that they had conducted a “formal risk analysis in the past 12 months.  However, these numbers were in stark contrast to the increasing number of respondents who reported experiencing a security breach in the past 12 months.  27% reported a breach for the 2012 survey, this is up from 19% in 2010 and 13% in 2008.  And even more shocking was that 69% of those reporting a breach had experienced more than one breach!

“When it comes to long-term prevention of data security incidents, it appears that the healthcare industry is not taking its own medicine,” said Brian Lapidus, Senior Vice President for Kroll Advisory Solutions. “There’s no question that HIPAA, HITECH and Red Flags have raised the base standard for protecting patient data, but combating the industry’s biggest security threats requires the essential combination of compliance and sound security measures. It’s like nutrition and exercise as the dynamic duo of weight loss. The magic happens when the two overlap.”

From the survey, it is clear that human error is the greatest threat to data security. Next, is the mobility of the data, which is the next biggest threat behind human error. In 2012, 79% of respondents reported that an employee caused a security breach. The mobility of patient data is also a leading factor in security breaches. 31% of survey’s respondents indicated that data available on a mobile device was a factor in data breaches.

“With the understanding that everyone from cafeteria workers to surgeons will come into contact with patient data and that they will do so in even more ways – from work computers, through paper records, via mobile devices and more – it becomes clear that evolving threats will always outpace even the most thorough regulatory requirements,” said Lapidus. “For that reason, organizations will need to constantly assess their security risk levels and evolve their policies and procedures to ensure that they are in the best possible position to protect their patients and their bottom lines.”

The top medical centers in the United States use LOK-IT in myriad ways, including transfer of medical records and patient data from ultrasound equipment, within the training department, and by the IT staff.  As well, medical device manufacturers trust LOK-IT and how its flexibility provides easy access to data on CT scanners, imaging equipment and cardiac monitors.

In many of these cases, there has been no masked cyber thief that secretly stole data, instead, the culprits are the practices and procedures of large organizations that provide a lax corporate culture when it comes to the use of computers, mobile devices and network servers. The guilty parties in these cases are most often the inadvertently lost or stolen laptop, cell phone or digital tablet. As well, other sources of these leaks can be found via applications like email, IM/chat, or social media.

A survey by IDC found that the exposure of corporate data in inadvertent ways was considered by IT professionals to be the primary threat for data leaks. This survey also found that the most common data that was exposed was intellectual property. The IDC survey also found that 81% of the respondents stated their most important function was to protect and control (e.g., monitoring, encrypting, filtering and blocking) all corporate data either at rest, in motion or in use. This shows that the majority of IT Managers are already taking steps to protect these inadvertent releases of data.

So, the challenge to prevent data leaks in the corporate setting is clear. But the question that most security professionals have to ask is whether all available solutions at the company’s disposal are being utilized? Here’s a checklist to begin the initial assessment process:

1. Where does the most important data reside, how is it transmitted and who has access? Are there ways to limit the access? Should access be limited?

2. Does the company have adequate protection of its email gateway and server? This would include tools that scan content in messages and attachments (e.g., scan for sensitive data like credit card numbers, Social Security numbers or other sensitive corporate information). Make certain there are controls placed on accessing certain types of files. Utilize encryption methods to protect data if an email or file is exposed inadvertently.

3. Are there adequate protections over the web gateway so that corporate users aren’t able to access various websites or applications that could put the company at risk for data leaks? Have protections been installed or enforced to limit or stop P2P file sharing, Internet chat and IM as well as employees accessing various applications via social media (e.g., Spotify, Instagram, etc.)

4. Are there procedures and policies in place to protect the network from unauthorized wireless network connections, smartphone synchs and are portable devices that hold or handle corporate data encrypted?

Utilizing peripherals such as a secure flash drive is one way to make certain that mobile devices have an added layer of protection if data is leaked due to a lost or stolen computer, tablet or phone. Peripherals that have the ability to connect to any of these devices, no matter what the operating system, are badly needed. LOK-IT is one of the few secure devices that can operate in this BYOD strategy. Additionally, the LOK-IT encrypted flash drive provides a simple way to secure mobile content.

The Redspin’s 2011 PHI Breach Analysis utilized information from the U.S. Department of Health and Human Services’ (HHS) documents. They looked at HHS files for health related data breaches between October 2009 and November 2011. The company’s analysis showed that of the 385 breaches during this time period, 39% took place via a laptop computer or some other portable device. Another 25% happened on a desktop PC or a network server. The largest percentage was from malicious intent either to steal or to view. This was 60%.

“It makes logical sense that as more protected health information is digitized, it becomes structured data maintained in databases and is easier to access and transfer to a laptop or portable storage device, which then gets lost or stolen,” Redspin’s president and CEO Daniel Berger told InformationWeek Healthcare. “Now you can have one million patient records stolen in one incident as opposed to someone walking out the door with a file folder of 30 patient records.”

In this case, use of a secure flash drive such as LOK-IT would eliminate this liability when using portable storage devices.

The study took note that this rise is due to the adoption of electronic health records and also the usage of new technologies like tablets and smaller laptops by the healthcare industry. On top of this increase in mobile device usage, healthcare IT departments haven’t been able to create policies to prevent data breaches.

“The proliferation of portable devices and media within all IT environments that store PHI increase the likelihood of breach geometrically. Few healthcare employees could tell you what corporate IT security policies are in place; it is even rarer to find security awareness training programs,” the report states.

Self-policing may not be enough. States like New York are establishing governing bodies to oversee implementation of best practices for securing PHI. New York state health officials announced the establishment of the Statewide Health Information Network of New York (SHIN-NY) Policy Committee to improve protection of personal health information. In light of recent high profile data breaches in the health care industry, other states are focusing efforts as well.

“We believe strongly that if security is not made a top priority the health security trust model could fail. We think it’s time for another round of federal regulations to take things a step further and say that all PHI should be encrypted if it’s on portable devices,” Berger said. “The importance of the adoption of electronic health records is so critical to the industry that it’s time for the regulations to be more prescriptive.”

The Symantec Honey Stick Project found what you might expect, that the majority of those who picked up the lost phone snooped. The temptation to look at photos, emails and other private information was great enough that 89% viewed some type of personal data. Symantec remotely monitored all the human interactions with the phones. The research team equipped each of the 50 handsets with software to record what files and apps were accessed. As well, GPS tracking was turned on to monitor the device’s physical location.

With none of the devices password protected, people accessed sensitive personal and business data stored on them. They viewed password files, private photos and email messages. Even though 50% of the finders tried to return the devices to the owners listed in the contact file, they still were enticed to snoop around beforehand, Symantec said. Around 89% of the finders viewed personal data and 83% accessed business-related data stored on lost smartphones, Symantec found.

With the BYOD culture continually infiltrating corporate and government entities, a lost or stolen phone is a serious security threat. The finder or thief has unlimited time to gain access to its data. As noted from the Symantec study, even casual finders, not thieves will scan the phone’s contents. It is clear that personal information should not be stored in any unsecured application on a smartphone. It is important that critical data be stored in a digital wallet or password manager with strong encryption.

Further data from the study showed that about 57% of people who found the phones viewed a file named “saved passwords”. About 60% of the smartphone finders checked personal email inboxes and accessed social networking tools on the phone, and 72% opened a folder marked “private photos.”

Considering that only half of the devices were ever returned, users need to consider that if they ever lose their phones, they would wind up exposing all their information, accounts and business data to strangers. Everyone should place engage password protection on their smartphone and should consider a means to encrypt the data that is on the phone.

These small businesses engaged in the food, healthcare, financial services and legal industry and fields collect or update sensitive customer data. This information most likely includes financial data, social security numbers or bank information.  Required to collect the information for a variety of business needs, the storage, handling and protection of this data seems to be falling to the bottom of the prioritization list.

In a recent report by the Ponemon Institute shows just how vulnerable small and medium sized businesses are to data theft. The Human Factor in Data Protection report from Ponemon, which was sponsored by cloud security specialist Trend Micro, demonstrates that small and midsize businesses in particular are at a greater risk of their employees mishandling data than large multinational enterprises.  This comes from Ponemon’s separate analysis of the overall respondents from organizations with less than 100 employees.

Overall, small businesses have a slightly higher rate of data breaches – 81% vs. 78% when comparing to large corporations.  This variation is mainly due to small business employees mishandling of sensitive data.

The majority (65%) of smaller organizations say that, in general, their organizations’ sensitive or confidential business information is not encrypted or safeguarded by data loss protection technologies such as USB encryption. Further, employees are less likely to spend time on data protection or have the proper technologies in place to stop data loss: 62% of small businesses believe they are not protected. Of these respondents, 65% say it is because technologies are too expensive and 54% say they are too complex.

The primary target for most data breaches remains customer records according to a Trustwave Spider Labs report.  The Trustwave 2012 Global Security Report shows that despite the high profile political cyber hacks, 89% of data breaches investigated by the company involved the theft of customer information.  Of course the main reason for this focus is money. And with limited protections and inadequate employee policies, small businesses become easy targets for cyber thieves.

The cyber hackers are targeting those small businesses that store thousands of customer data records but have inadequate data protection technologies.  These targets are primarily companies that process the most credit cards or other financial data that will allow a thief to syphon off cash.

The Trustwave survey showed that the food, beverage, retail and hospitality industry accounts for an incredible 85% of data breaches.  Cyber thieves see these establishments as easy prey.  Whether the lone cyber hack or well organized cyber crime rings, they all target the most vulnerable.  The retail, beverage, food and hospitality industry is well known for its payment system vulnerabilities and lax security practices.  Often times these companies lack the resources for proper IT monitoring and outsource to a third party vendor.  These venders in turn use remote access to monitor the security, which has its own inherent vulnerabilities.

These security lapses are multiplied thousands of times over in the franchised food industry.  It is easy for a thief to find one vulnerable area to enter into a retail network, and then they’ve hit the jackpot. Because every franchise location uses similar or standardized computer systems and networks.  If a data hack is able to break into one restaurant or retail franchise, they are very likely able to hack into thousands of restaurants from the same franchise.

Three recommendations from security experts for protecting small businesses against data theft are first to find a secure procedure to back-up their customer data.  Next, these companies should use technologies like encryption to protect that data whether it is one a PC or located in a back-up system.  Finally, they can work to educate their employees about data security, good use of passwords and avoiding risky Internet/email actions while in the work place.

On the corporate side, these redundant devices can be a very serious matter. Lost or stolen data from a phone or computer that somehow became missing or that is resold can potentially result in millions of dollars in damage to a corporation.

The recently released “Global Study on Mobility Risks” shows that 51% of Organizations lose sensitive data through mobile device loss or theft. The survey found that 59% of employees overtly dodge corporate security controls, such as password maintenance. Of the respondents, 76% believe that mobile devices put their organizations at risk, so the knowledge and understanding are there, however, only 39% have the necessary security controls to address the risk.

Obviously, this is a serious issue for both individuals and businesses. Most businesses have the tools to address this issue, but what can individuals do to prevent the misuse of data from theft, resale or accidental loss?

Most often, the device is not properly wiped in order to delete any sensitive data that would have been easily available on it. This seems like an easy task to accomplish, but one recent true example was a news report that Motorola sold refurbished devices that still contained personal data and information of the previous owners.

Below are some steps a consumer and even corporate IT departments can take be certain to protect themselves from a data breach once they no longer use or control their old device:

1. Change passwords often. If user data is somehow mysteriously intact after both users and the manufacturer refreshes a device, another tool to help in protecting data is to change up your password. For example, change email, bank and other online account passwords every month. This way, even if someone gets an old device that has data stored on it, they probably won’t be able to access to the information.

2. Factory reset. This reset will remove all the account data from all the apps, removes user-downloaded apps, and returns the device’s software to an “as-new” condition.

3. Erase the memory card. This can be easy to forget. There’s a little check box in the factory-reset process (but only some of the time) permits the erasure of the memory card. Make sure to check it. That way, apps that moved to the memory card–as well as photos, music files, documents, etc.–are erased. Pull the memory card out, stick it into a computer and reformat it.

4. Another method but not practical for most is to physically destroy the device. Obviously is the goal is to resell it, this step won’t be helpful. However, holes drilled through the hard drive or the device in order to break the silicon inside will work to render it useless.

5. The best and most effective way to protect data on any device is to encrypt. Not all devices offer encryption, encrypting the device is available through the security settings. Even after a device is reset, there could be data left on it. If it has been encrypted any data still on the device would be jumbled and unusable.

As our lives become more and more digital and online, there is obviously an increase risk for theft or loss of digital data. However, given the number of vulnerabilities, it is best to assume any device could become compromised, lost or stolen at any point of ownership. Follow the steps above and perhaps realize that protecting data is best through a practice of secure storage offline, via encryption and in the future via the Cloud.

Data leakage is the subtler of the two ways that an organization can lose data.  Data leakage can happen quite easily with any mobile or portable device that comes into contact with an organization’s network or computers.  In the past it was floppy disks, but today that contact comes in the form of digital cameras, smart phones, digital tablets and USB storage devices.  Any of these can be used to copy data from a network and onto the memory of the portable device.

The challenge is that protecting against data leakage is a tough security challenge.  You can’t fill up all the USB ports with cement in order to keep portable devices from accessing the computer.  Unfortunately the computing industry has moved to the USB port standard for everything from routers to printers.  Stopping leakages is very different from blocking access to data.  The challenge is how to control the data that multiple people have access to via portable devices.

The first way to meet this challenge is to determine how any data could potentially be leaked.  There are several ways that data can be leaked and each will have a differing solution that can be utilized by organizations to stop the leakage of sensitive data.  Keep in mind that each organization is different and the solution will be unique to that organization.

One of the largest sources of data leakage is via mobile devices.  These have a continual access to the network due to email messages, calendar and schedule updates, contacts access and even large documents.  One of the methods to prevent data leaks via these devices is to have an effective security policy in place.  Several simple procedures could be put into place.  One, require that all devices have a complex password in order to be accessed.  As well, require that these devices become locked after a few minutes of inactivity, that way if taken or accessed by an unauthorized person, there is little chance to steal data.  Some features in Microsoft’s Device Manager can provide you with a remote “wipe” if for some reason the device is stolen or lost.  This will reset the phone or tablet to the factory default settings and erase all the data.

The other large source of data leaks and probably the biggest is the USB storage device.  At any store that sells electronics, you can easily find a USB hard drive that will store up to 250GB of data.  For a purchase of less than $50, anyone can easily steal hundreds and hundreds of GB of sensitive data.  The USB storage device is very simple too.  All that is necessary is for the device to be inserted into the USB port and it most cases, it will be recognized and the theft of data can begin simply and quickly, then removed, slipped into a pocket and taken off the premise.

How does an organization protect itself from this type of simple data theft or even small data leaks?  One solution could be to utilize the Group Policy settings to control USB access. Some organizations have created policies that block all hardware but allow exceptions for hardware devices that are deemed to be necessary or reliable.  But these types of policies can be both tedious and it is also easy to make a mistake that seriously affects a PC.

A better solution is to use a third-party product that’s specifically designed to prevent USB storage devices from being used.   The Lok-it secure flash drive is a great example.  This encrypted flash drive provides a strong level of security in any organization.

Remember that there are other ways that data can be taken or leaked.  The hard drive can be easily removed by a thief that knows how to access it and remove it.  Other devices such as cameras and even printers can be used to access and download data.  The key is to be constantly aware, establish and update policies and procedures about what and who can download data or have access to it.  Try to think like a thief in order to prevent a thief from gaining access to sensitive and valuable data.