Businesses are no more immune to disaster than individuals are. That’s why organizations opt for insurance such as property, workers compensation and business disruption coverage. But, one of the most damaging events a business can experience is the loss or theft of sensitive information. This may be proprietary information about the organization itself, or personal details about its customers. Either way, a data breach can cause millions of dollars in damages.

It’s no wonder then, that businesses are talking more about data breach insurance. This coverage is designed to provide businesses with compensation for legal costs and other expenses incurred in the aftermath of a data breach, such as identifying the source of the leak and notifying those whose information may have been compromised.

Usually when the topics of security and coffee are raised in the same sentence, one of two thoughts comes to mind:

1. Very late nights in the past resolving a security incident
2. Stalking (i.e. hackers breaching free Wi-Fi hot spot services at local coffee shops)

I strongly believe there should be a third:

3. Leveraging a simple cup of coffee as a mechanism for breaking the ice and building a relationship with the leaders of business units within your organizations

Too many times I’ve walked in early to a customer meeting to find the IT Security group introducing themselves to the leaders of other departments within their own organizations for the first time.

This event is typically driven by an upcoming project to secure item “XYZ” which involves a new application or process.  Although this is a less than perfect situation, it is better than the alternative where the business does not consult IT security until the organization suffers a breach, possibly from this new project.

A couple weeks ago, a preview for a new movie by a famous actor playing himself as both the lead man and woman caught my attention. I like this actor and his movies are pretty funny, but it got me thinking…How many of these same movies have there been in the past with just a slight variation? How many people have paid to see, rent or own roughly the same movie with some alterations to make it seem new – either the actors change, the motivation for the characters change, the plot is slightly different? And, if this happens with movies then what about TV, music and books? I continued to ponder this, then it hit me that the same can be said for most of these art forms. We’ve seen countless TV shows about a group of friends living in close proximity to each other sharing life’s events, songs with the same message or similar notes and rhythms, books about spies, double crosses, wizards, vampires, but the stories all have strong commonalities.

In today’s business world, information is as valuable as cash. In fact, industrial espionage costs U.S. businesses more than $250 billion each year. [i] This has organizations scrambling to shore up their defenses against all manner of outside attacks.  At the same time, companies of all sizes may be neglecting one of the most important perpetrators of intellectual property (IP) theft: their employees.

In order to assess this often underrated threat, Symantec asked forensic psychologists Eric D. Shaw and Harley V. Stock to examine various factors leading to insider IP theft. While most research is put into the development of technology-based security measures, their white paper focuses on the behavioral and environmental issues that can lead to theft of corporate data.

Who Is the Typical IP Thief, and What Are They Stealing?

The average data thief is 1) a current employee; 2) male; and 3) 37 years old, on average. They serve mainly in technical positions such as programmer, engineer or scientist. [ii]

Imagine for a moment that someone stole the key for your bicycle lock. But since it’s locked safely in your garage anyway, it’s no big deal, right?

Now imagine that, for convenience, you had previously rekeyed every other lock you have so you could use that bike lock key in all of them. Your front door, your car, your mailbox and your safe deposit box at the bank are only secure if you keep that one key safe. Now how would you feel if you lost it?

Of course, nobody would be so careless as to make one key fit every lock, right? Well, take a moment to consider how many dozens of online accounts you have. How many of them use the same password? Think about what would happen if just one of those sites was hacked, and someone got a hold of your login information.

When it comes to healthcare, accuracy and attention to detail are not only important, they can mean the difference between life and death. Preventing misdiagnoses or mistreatment is taken very seriously.

Today, not only are patient lives on the line, but also, their information is increasingly online—on the hospital’s IT system, on private networks and even on the Internet. Mishandling of this data, or unauthorized use of it, can result in the wrong medical treatment, identity theft, data breaches and more. At the same time, more people need access to this information than ever before and from a variety of devices. The proper administration of healthcare data should be taken very seriously.

Just as clinicians use the “Five Rights of Medication Administration” to ensure proper patient care, the digitization of healthcare records and patient information means healthcare providers need to adopt best practices for ensuring proper security and privacy for patient data. To help organizations better understand their role in the administration of patient data Symantec has outlined specific best practices to ensure that patient information is kept secure regardless of where it is.

The enormous popularity of the iPad and other tablet devices signals a significant shift in how employees access sensitive information. IThe analyst firm IDC recently raised its forecast for the number of tablets that will be shipped this year by 17 percent, from 53.5 million to 62.5 million (click here to read the IDC press release). That’s in marked contrast to its gloomy forecast for PC shipments, which it predicts will grow by less than three percent this year. This signals a new trend for IT professionals, who are under increasing pressure to enable employees to use their tablets for business purposes. Symantec conducted an informal poll on its Facebook page, asking followers if they use their tablets for business use and what, if any, security measures are in place to prevent data loss. The answers were both alarming and not terribly surprising: 100 percent are using their tablets for business, and a significant majority (63 percent) acknowledges that doing so somewhat or significantly decreases security. However, most are not following security best practices to protect sensitive and confidential information. Helping our customers strike that balance between letting employees use their tablets for business without sacrificing security is the driving force behind an announcement we will make October 4th at our annual Vision Barcelona conference.

A few figures released over the last week paint a dismal picture of the state of information protection in the healthcare industry. More than 20,000 patient medical records were exposed in yet another hospital data breach. A report from the Health and Human Services Department (HHS) found that more than 7.8 million people had their medical information compromised in more than 30,500 breaches since the enactment of HITECH , while a report from the Digital Forensics Association shows that disclosure of health industry data breaches has increased markedly during this same timeframe.

By the numbers, it would seem that the healthcare industry is in crisis when it comes to protecting patient data, and it’s costing them. According to the Ponemon Institute 2011 U.S. Cost of a Data Breach study, sponsored by Symantec, health data breaches cost $301 per lost record, which is 40 percent higher than average. Contributing to the higher cost is compliance with data protection regulations that requires health organizations to do more to find, disclose and fix breach-related problems. In addition to disclosure laws in 49 states, healthcare organizations also must comply with HIPAA and HITECH.

An end user survey on personal and business tablet trends

Like smartphones before them, tablet devices are making their way into the enterprise whether IT wants them or not.  They are yet another tool that keeps us connected both personally and professionally.

What’s unique about tablets is that they give us greater computing power on a smaller device that can be just as effective as a desktop or laptop computer. Tablets certainly increase worker productivity, but they can cause headaches for IT departments. Particularly, the comingling of our personal and corporate data is not without risk.

Symantec has developed a short survey to get tablet end users’ perspectives on this trend in business computing. We’d like to learn more about how you use your tablet for work, for personal use and how your employer is managing the growing use of tablets. The quick three minute survey can be found here.

Recently a friend of mine lost her smartphone. She sent out a message to all her friends in her social network about how she wouldn’t have a phone for a few days. She also did the right thing and went to her mobile carrier and reported it lost, turning the service off. Unfortunately though she wasn’t using any smartphone feature to find her phone or remote wipe it. But at least she was able to make sure it had no access to rack up her phone bill.

All good right?

Unfortunately, her smartphone did not require a passcode to access the apps. Ugh. I asked her about this and she replied back that it was no big deal because she didn’t have any really private information on there, and if so, the phone had no 3g access anymore to send anything off of it. Also her password would be required to sync the data off of it.