Data encryption tool maker: Antivirus has become ineffective
The following commentary is by Mark Smail, the CTO of Onix International, which distributes a data encryption tool called EncryptStick, designed to work with USB thumb drives. This is not an advertisement; Betanews is merely presenting Mr. Smail's point of view.
Consumers are growing increasingly comfortable storing sensitive information on their computers, USB flash drives, and external hard drives, as well as using Web-based solutions to automate regular tasks such as shopping for holiday gifts, paying bills, and tracking financial portfolios. The push from vendors encouraging their customers to move toward e-billing has also played a major role in more personal information being stored locally on personal computers.
To put the magnitude of this problem into perspective, consider this: Over 600,000 laptop thefts occur annually in the US alone, resulting in an estimated USD$5.4 billion loss of proprietary information, according to the Ponemon Institute. Over 90% of these laptops are never recovered.
At the same time, cybercriminals are developing increasingly savvy techniques to access and exploit sensitive information -- such as usernames, passwords and credit card details -- for personal gain.
There are two very easy methods available to protect consumers from identity theft at a relatively inexpensive cost. The first is to encrypt any data containing personal information, and the second is to utilize password manager tools to store online logins, passwords and banking information.
Exposing your data
There are two common situations in which people expose themselves on a regular basis. The first is using systems that rely on automated antivirus software protection and the second is using public or borrowed PCs to connect to the Internet.
Most consumer facing Web sites have now implemented robust security features, such as SSL certificates that display an "https" URL instead of "http," to alert users that their e-commerce pages are secure. However, the proliferation of public Wi-Fi hotspots and online social networks has created new opportunities for thieves to spread Trojan viruses such as keyloggers, to phish for passwords, and to sniff out packets of sensitive information as they pass through a network.
All too often, I hear from consumers who have picked up viruses on their PCs because they relied on their antivirus software to update automatically in the background or they used free shareware antivirus programs to protect themselves. These approaches can provide a false sense of security. Protection can be compromised if their antivirus application runs past the expiration date or stops updating. To remedy this, I recommend that everyone should do manual software updates on a regular basis and thoroughly review any errors they receive while performing this task.
The other common complaint I hear from customers is that they picked up a virus on their USB drive while using a public or borrowed PC on a vacation or business trip, which has then infected their personal PC. This can be avoided by encrypting your data on your USB flash drive, as viruses can't penetrate encrypted data.
Scary facts about data theft
- Business travelers lose more than 12,000 laptops per week in US airports alone;
- 1 laptop is stolen every 53 seconds;
- Computer viruses cost US businesses $55 billion annually; and
- 25% of all PC users suffer from data loss each year.
Common techniques used by hackers and thieves for data theft include harvesting information from stolen laptops and USB flash drives, and employing keystroke logging and phishing to steal sensitive online passwords.
Keystroke-logging -- often used to steal information such as online bank account credentials -- accounts for 76% of all online threats, according to a recently published Symantec Internet Security Threat report. In this instance, hackers use software capable of recording an unsuspecting victim's keystrokes, which can reveal their online passwords and credit card numbers, as well as information being passed by email or recorded into Word documents.
Lock down your data
The great news for consumers is that data encryption software solutions are available to address these important security concerns by enabling the user to lock down sensitive information in secured folders (vaults) on their computers, removable hard drives, and USB memory sticks.
These data security products use pairs of complex algorithms, known as "ciphers" in the field of cryptology, capable of quickly encrypting and decrypting just about any type data file, whether it's a document, video or photo. Essentially, these algorithms scramble the data so it would be unintelligible and therefore useless to a hacker or thief. Once encrypted, these files cannot be infected by viruses or opened without knowing the user's personal password.
In the event that your laptop or desktop crashes and needs repair, these types of data encryption tools can prevent the people at your local computer repair shop from accessing your personal information, photos, videos, medical and financial records. When you're at the coffee shop using their wireless network to get online, these same tools prevent would-be snoops from gaining access to sensitive files stored on your machine.
Hackers are always developing new tools and techniques to crack passwords and exploit vulnerabilities in weaker encryption software. I recommend that people exercise due diligence and investigate the encryption software they are using to ensure it has not been hacked, and that tools aren't readily available through search engines like Google to hack the software they are using.
Secure your passwords
The more advanced encryption software solutions also enable the user to securely log into sensitive Web sites, providing advanced algorithmic protection while sensitive passwords are entered. The data entered into the password managers should be encrypted in case of theft or loss of the PC, laptop or USB flash drive it is stored on.
These types of password-protection features are also capable of storing and managing secure passwords so you can maintain unique IDs for each Web site, without having to remember them each time you log on to do online banking, surf the social networks, or check your e-mail.
With the increasing instances of physical theft and cybercrime, it's imperative that we all understand the potential threats of data theft in our personal and professional lives. By using simple data encryption and password protection tools, you can ensure that your personal information and online identities remain secure and private.
© 2010 ECT News Network. All rights reserved.
© 2010 BetaNews.com. All rights reserved.