Tag Archives: device security

Guidance on Disposing Sensitive Data-Storing Devices

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently released their July 2018 newsletter entitled: Guidance on Disposing of Electronic Devices and Media(Guidance) , which provides suggestions for properly disposing technology that may contain sensitive data – such as financial or protected health information (PHI). While directly applicable to the healthcare sector, this guidance is best practice for all organizations.

OCR’s Mission

Part of OCR’s mission is to provide guidance to health care providers, insurers and other stakeholders on cybersecurity issues like properly disposing equipment that contains sensitive information. This equipment includes desktops, laptops, tablets, copiers, servers, smartphones, hard drives, USB drives and other type of electronic storage devices.

Improper disposal of devices can lead to a data breach that can be costly to an organization, both financially and reputationally. Some of the financial costs include notifications, investigations, lawsuits, consultants, legal counsel, fees paid to security specialists and loss of clients. Continue reading Guidance on Disposing Sensitive Data-Storing Devices

BLU Settles with FTC Over Privacy and Data Security Claims

Phone manufacturer BLU reached a settlement with the Federal Trade Commission (FTC) over allegations BLU allowed a Chinese third-party service to harvest user data without user knowledge or consent. This data harvesting was first brought to light in 2016, when security firm Kryptowire reported that BLU phones were sending information to China using software from Shanghai Adups Technology Company (ADUPS), a contracted third party of BLU.

What Data Was Harvested

According to the FTC’s press release, BLU contracted with ADUPS to issue security and operating system updates to BLU products. However, the BLU devices were also sending large amounts of data – more than BLU told its users – to ADUPS in China.

The harvested data included full text messages, location-tracking, call and text logs with corresponding phone numbers and contact lists, and a breakdown of applications installed on the BLU devices.

BLU’s Response Continue reading BLU Settles with FTC Over Privacy and Data Security Claims

Four Reasons Millennials are an Organization’s Biggest Data Security Risk

Absolute Software’s recent study on U.S. mobile security shows that Millennials represent the greatest risk when it comes to data security over other age groups. Millennials (adults ages 18-34) have surpassed Generation X (adults ages 35-50) to make up the largest share of the American workforce. According to the study, Millennials do not compare favorably against other age groups in several data security areas:




Compromise IT Security



Modify Default Settings



Use Work Device for Personal Use



Not Safe for Work



Organizations need to reevaluate their security policies and adapt to the changing mobile behaviors and trends that are coming from the Millennial group, who have grown up in a society driven by social media and mobile applications.

Here’s a closer look at the greater risk for data security from Millennials compared to the older age groups:

  1. Millennials are more willing to admit to compromising the organization’s security because they assume that security is IT’s responsibility.
  2. Millennials are generally more tech-savvy and find ways to go around a device’s default settings to meet their wants. This could look like jail-breaking a device or downloading an unauthorized application.
  3. Across all age groups it’s common for employees to use their work device for personal use. The difference lies in the type of use and how that affects the organization’s risk. Millennials are more apt to use social media apps without privacy settings in place or do online banking on their work devices instead of things that carry less risk like checking sports scores.
  4. Along the same lines, Millennials access more Not Safe for Work content on their work devices, which include sites most notorious for malware like social media sites, gaming sites, online shopping, etc.

Training, training, training. Make sure your employees are aware of mobile security best practices and the organization’s policies towards mobile device security.