US Lags Behind Safeguarding Against Cyberattacks
Experts say that it will take several more years for the government to fully install high-tech systems to block cyber-attacks, which is a drawn-out timeline that enables criminals to become better at stealing sensitive data. Experts suggest that technology already may be passing Department of Homeland Security moves to secure approximately 2,400 network connections used every day by millions of federal workers around the globe. The department that is responsible for securing government systems other than military sites is slowly moving all the government’s’ Internet and e-mail traffic into secure networks that eventually will be guarded by intrusion detection and prevention programs. Read the full RedOrbit post here.

Demilitarizing Cybersecurity (Q&A)
As if the wars on terror and drugs weren’t keeping U.S. officials busy enough, the drum beats of cyberwar are increasing. There were the online espionage attacks Google said originated in China. Several mysterious activities with Internet traffic related to China. The Stuxnet worm that experts say possibly targeted Iranian nuclear centrifuges. An attack on the WikiLeaks site after it released classified documents damaging to U.S. foreign policy. And don’t forget the Internet attack on Estonia from a few years ago. To deal with the geopolitical dramas that are projected in the online world, the U.S. is using military strategy and mindset to approach cybersecurity, creating a Cyber Command and putting oversight for national cybersecurity under the auspices of the Department of Defense. Read the full CNET article here.

Senate Passes Red Flags Exemptions
The Senate, by unanimous consent, on Tuesday approved legislation that its sponsors say would exempt “small businesses,” including physician practices, from the Identity Theft Red Flags Rule. The bill now goes to the House, which approved similar legislation last year. Sens. John Thune, R-S.D., and Mark Begich, D-Alaska, introduced the measure, S 3987. Unlike an earlier bill the two senators introduced in May, the latest version approved by the full Senate does not spell out that certain professionals with 20 or fewer employees are exempt. Instead, it uses more general terms to more narrowly define the term “creditor” so that, in effect, far fewer organizations must comply with the Red Flags Rule. Read the full BankInfoSecurity post here.

ID Theft: It’s Who You Know
Most cases of identity theft can be traced back to an employee, family member or friend, says Kirk Nahra, a privacy expert and attorney. When financial institutions and businesses store Social Security numbers in databases, they run the risk of exposing their customers to insider threats. And when consumers carry their Social Security cards with them, they run the risk of exposing their information to relatives and friends who are more than happy to take advantage of their trust. Read the full BankInfoSecurity post here.

Small Businesses Do Not See Themselves as Cybercrime Targets
Small business owners increasingly believe investments in cybersecurity are not justified by actual online threats and the majority of cybercrime is focused on attacking large companies, found a new study sponsored by Visa Inc. and the National Cyber Security Alliance (NCSA). Nearly 50 percent of all small business owners believe the high cost in time and money to fully secure their business is not justified by the threat. This attitude is manifested in practice as 75 percent of owners said their employees have received less than three hours of network and mobile device security training in the past year, with 47 percent saying their employees received zero hours of training. Read the full press release here.

Court: Texas Worker Birth Dates Not Public Record
The birth dates of about 145,000 state workers are not public record and should be protected to help them avoid identity theft, the Texas Supreme Court ruled Friday. The 5-2 ruling overturned previous decisions by Texas Attorney General Greg Abbott’s office and trial and appeals courts. The case stems from a 2005 dispute between the Dallas Morning News and the state comptroller’s office when the newspaper requested an updated state employee payroll database. Read the full AP story here.

Happy Monday!

- 64% of respondents have not made an online purchase from a specific website because of cybersecurity concerns.
- 60% said it was because they were not sure if the specific web site was secure.
- 51.4% expressed worry about providing information requested.
- 48.4% felt a website requested more information than was necessary for the transaction.

“The Internet is a fabulous, convenient resource for gift givers to get a jumpstart on their holiday shopping and bargain hunting, but people need to stay aware and alert about the risks,” said NCSA Executive Director Michael Kaiser. “If there is any doubt about the security or authenticity of a website, hold off making the purchase.”

Read the full USA Today article here.

Awareness about Cyber Security Needs to be Enhanced
A national survey conducted by Heart + Mind Strategies for the National Cyber Security Alliance, referred to as NCSA , and the Anti Phishing working Group, referred to as APWG, was conducted as part of a public-private messaging convention to increase awareness of cyber- security related messaging for the general public. According to the results released by NCSA, the majority of Americans felt that personal online actions contributed greatly to online safety. Almost 96 percent of those surveyed felt that exercising individual responsibility was an important factor for ensuring their personal online security, and 93 percent said that exercising individual responsibility was not only a key factor to ensure the safety of friends and family, but it also made the Web safer for everyone else. Read the full TMCNet article here.

FCC Charts ‘Cybersecurity Roadmap’ With Public’s Help
The Federal Communications Commission wants help in developing its plan for dealing with vulnerabilities of core Internet protocols and technologies, as well as online threats to consumers, businesses and government agencies. The FCC posted a public notice Aug. 9 requesting comments on the role the commission should play in cybersecurity programs. Those comments will be used as the commission develops its cybersecurity plan or “Cybersecurity Roadmap.” The road map was called for in the FCC’s overall plan to expand broadband access in the United States. That overall strategy, called the National Broadband Plan (NBP), was released by the commission in March. Read the full FCW blog post here.

Software Upgrade Leads to Student Info Leak
More than 20,000 South Florida college students were put at risk of identity theft. Broward College officials say a third party used to store students’ personal information leaked the information for almost a week. Now, the company responsible is telling students to be on alert. Broward College student Alaysia Harris is one of 24,000 students now finding out that their personal information could be in the wrong hands. “This morning my mom called me and let me know,” she said, so she immediately called her bank. In a letter, the College Center for Library Automation, based in Tallahassee, admits it leaked summer school students’ information over the Internet for five days. It happened during a software upgrade. Now students worried about identity theft. Read the full NBC Miami story here.

VA Posts Data Breach Reports Online
Once again showing that it’s serious about transparency, the Department of Veterans Affairs (VA) has begun posting reports about data breaches on its website. The monthly reports, which the agency compiles for Congress, list different ways the VA has lost data, such as through lost hardware or misdirected emails. For example, a report (PDF) from July 5 to Aug. 1 shows the agency lost two PCs, 13 BlackBerry devices and six laptops. It also reported 103 of so-called “mis-mailed” incidents, and 90 “mis-handling” incidents. All of the lost laptops were encrypted, according to the report. Read the full InformationWeek story here.

Paper Data Breach Hits Four Hospitals
Four community hospitals in Massachusetts and their associated pathology practices are investigating major breaches after tens of thousands of paper pathology records were found at a recycling station by a Boston Globe photographer who was dropping off his trash. The hospitals are Carney Hospital, Holyoke Medical Center, Milford Regional Medical Center and Milton Hospital. The records were dumped by the former owner of a billing company who sold the company around June 1, with the new owner retaining only records from 2010, according to the newspaper. The dumped records appear to be pathology reports from 2007 to early 2010, which include names, addresses, dates of birth, diagnoses, insurance policy numbers and Social Security numbers. Read the full Health Data Management article here.