As the new year begins, it’s typically time for lists, including lists of top security threats.  BitDefender suggests netbooks, mobile operating systems and social networks are among the vulnerable.  ZDNet proposes Mac and iPhones are facing increased vulnerability because of their growing popularity.  McAfee includes cybercriminal activity targeted to Adobe Reader and Flash in its list of security threats.  For an overview of security threats, Network World has a review of many of the 2010 predictions from multiple sources.  Overall, social networking appears to be one of the most frequently mentioned security exposures for 2010.  But social networking isn’t necessarily a new threat as it was also listed as one of the top security exposures in 2008. 

Click to read more ...

There’s a new virus infecting iPhones in Australia that replaces the phone owner’s own wallpaper choice with a pic of Rick Astley.  The photo features a message;  “ikee is never gonna give you up.”  Interestingly, the virus only affects an iPhone if it has had its built-in security system altered, which Apple disallows in its developer program licensing agreement.  The virus works by exploiting users who have not changed the phone’s default password.  While this virus appears more irritating (amusing?) than harmful, it is a reminder of the importance of quality passwords, or at least a reminder not to use the default one that comes with the phone or whatever software or system.  Further, for third party security insurance coverages, it’s a reminder that security threats can impact more than an office computer or network. So, looking for security coverage that contemplates mobile devices is prudent.  Sometimes, the failure to prevent introduction of malicious code or virus policy language will be limited to computer systems or networks and an expansion to include other media containing content is necessary.  For a refresher on additional security issues, read LJ’s lists of what to watch out for.

A survey of about 500 companies conducted by Imperva and Ponemon Institute studied the level of compliance with the Payment Card Industry’s Data Security Standard (PCI DSS).  The results show that 71 percent of the companies surveyed do not view data security as “a strategic initiative across the enterprise.” Further about half of the companies surveyed indicated that they are not “proactive in managing privacy and data protection risks.”  Twenty-five percent of the respondents said they are not currently compliant with PCI DSS requirements. The other 75 percent had varying levels of compliance.

Click to read more ...

Entities covered by HIPPA (Health Insurance Portability and Accountability Act) are facing new regulations governing data breach notification requirements. Part of the regulation allows the HIPPA entity to be exempt from the notification requirement if the lost health information was encrypted according to the guidance set by the FTC and U.S. Department of Health and Human Services. This exemption for encrypted personal data is not uncommon, with the majority of state data breach notification laws including a provision for it.

Click to read more ...

In June, The Identity Theft Resource Center (ITRC) reported that more than 25% of data breaches it has tracked year to date are paper breaches. While we frequently discuss the cost of security breaches and the legislation regarding protecting private data, the ITRC raises an important issue: not all breaches involve electronic data. Sometimes, identity theft arises from plain old paper.

Click to read more ...

What is cloud computing

The definition varies depending upon who you ask but it can be described as purchasing hardware and software as a utility service. Meaning a company does not actually own, install or maintain its own software on its own hardware but instead outsources the entire deal, using virtual servers over the internet. It is that different from grid computing or utility computing? Again, opinions vary. Certainly the concept continues to generate some buzz akin to the Web 2.0 mania.

Click to read more ...

Mass. General is facing a possible class action lawsuit because one of its employees took private patient information home for the weekend and left it on the train.

The California Department of Public Health assessed an administrative penalty of $250,000 on Kaiser Foundation Hospital in Bellflower for allowing employees and physicians unauthorized access to a patient’s medical records. The penalty was assessed under a new medical privacy provision of California’s Health and Safety Code.

Click to read more ...