in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Encryption is a Key Ingredient when Limes and Wires Mix

Looks like another bank has been struck by a data breach.  The victim in this case is Citigroup, more specifically the ABN Amro Mortgage Group unit.

 

An employee at the mortgage unit inadvertently leaked the Social Security numbers and credit information (not “credit card” information) of 5208 customers.  How did the data breach happen?  The information was leaked via a peer-to-peer file-sharing network.  Apparently the employee had LimeWire running on her computer, although it’s not possible to tell from the article whether the leached file was on a personal or a company computer.  Along with the customer data, the employee’s personal data was exposed as well.

 

Could Citi’s breach have been prevented?  Based on the press release, it sounds like Citi already had policies in place dictating that confidential information must be stored on devices managed by the company.  I’m sure they must have other policies in place designed to prevent data breaches and other forms of security lapses.  After all, a company with over 300,000 employees worldwide cannot afford to be exposed to data theft, internal or external.  They can’t afford accidents either, but contingency plans that cover all accidents are impossible to design.

 

Nevertheless, there might have been steps that Citi could’ve taken.  I am hoping that they have taken them, since these are some of the more basic steps to be taken. 

 

One, is the encryption of sensitive files themselves.  Anything that includes Social Security numbers, for example, should be encrypted no questions asked.  There are plenty of programs out there that make it easy to encrypt files.  With services offered by AlertBoot, an administrator can specify whether all files of a certain type (e.g., extension of *.doc) are automatically encrypted, as well as have end-users encrypt files on an individual basis. 

 

Two, ensure that unauthorized devices can not connect to company computers.  Software programs allowing an administrator to enforce port control is available as well.  This way, if somebody wants to hook up their iPod to the computer, and perhaps use the hard disk utility to copy company files, she won’t be able to. 

 

Three, assuming that the data breach happened from a company-issued computer, there should have been an application control module.  Application control defines which software programs are authorized to run on a device.  In the Citigroup case, LimeWire, as well as any other external P2P file-sharing programs, would have been blacklisted because it is a huge security issue. 

 

Plus, I think it’s safe to say that most companies of Citi’s size do not have a legitimate use for your run-of-the-mill P2P applications such as LimeWire.  Aren’t most of the files offered mostly pirated movies and music?  And when a company deals mostly with private and confidential information, the last thing that they want to be installing in their computers is an application that would allow them to easily share that data with the outside world.  I’m pretty sure Citi’s IT department would have nixed the idea of installing P2P applications or having internal files anywhere close to a device with such an application installed.

 

So…another instance of an employee not following company policies?  Sounds like it.

 
<Previous Next>

Who Protects Those Who Police Us? Law Enforcement Needs File Encryption In More Ways Than Expected

A Mobile Office Requires Endpoint Security

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.