Cost Of Data Breaches Continues To Climb

Data breach incidents cost U.S. companies $204 per compromised customer record in 2009, compared to $202 in 2008, according to a new study from the Ponemon Institute and security firm PGP.

Even with an overall drop in the number of reported breaches (498 in 2009 vs. 657 in 2008), the average total per-incident costs in 2009 were $6.75 million compared to an average of $6.65 million in 2008.

Highlights from the study include:

 

•   Careless insider breaches have decreased in number and cost most likely resulting from training and awareness programs having a positive affect on employees' sensitivity and awareness about the protection of personal information. Additionally, 58 percent have expanded their use of encryption up from 44 percent last year.
•   Organizations are spending more on legal defense costs which can be attributed to increasing fears of successful class actions resulting from customer, consumer or employee data loss.
•   Average abnormal churn rates across all incidents in the study were slightly higher than last year (from 3.6 percent in 2008 to 3.7 percent in 2009), which was measured by the loss of customers who were directly affected by the data breach event (i.e., typically those receiving notification). The industries with the highest churn rate were pharmaceuticals, communications and healthcare (all at 6 percent), followed by financial services and services (both at 5 percent).
•   Third-party organizations accounted for 42 percent of all breach cases, dropping from 44 percent of all cases in 2008. These remain the most costly form of data breaches due to additional investigation and consulting fees.
•   The most expensive data breach event included in this year's study cost a company nearly $31 million to resolve.  The least expensive total cost of data breach for a company included in the study was $750,000.

"In the five years we have conducted this study, we have continued to see an increase in the cost to businesses for suffering a data breach," said Dr. Larry Ponemon, chairman and founder of The Ponemon Institute.

"With a variety of threat vectors to contend with, companies must proactively implement policies and technologies that mitigate the risk of facing a costly breach."

> Spam Is Getting More Malicious

>Stealth Phishing Attack Looks Like Internal Email

>Security A Concern For Online Holiday Shoppers

 

Facebook Puts Privacy Policy in Users’ Hands

Earlier this year, Facebook launched its new system of governance for the social network's policies. The system lets users comment and vote on proposed changes to governing policies. The company is now using this system with its Privacy Policy, and has made it available for review and comment.

"Our primary goals remain transparency and readability, which is why we've used plain language and included numerous examples to help illustrate our points," says Facebook's Elliot Schrage. He points to an example about how they explain users' options for modifying or deleting info or content. Here is the section in  the current policy:

When you update information, we usually keep a backup copy of the prior version for a reasonable period of time to enable reversion to the prior version of that information. ...
... Even after removal, copies of User Content may remain viewable in cached and archived pages or if other Users have copied or stored your User
Content. ...
Access and control over most personal information on Facebook is readily available through the profile editing tools. Facebook users may modify or delete any of their profile information at any time by logging into their account. Information will be updated immediately. Individuals who wish to deactivate their Facebook account may do so on the My Account page. Removed information may persist in backup copies for a reasonable period of time but will not be generally available to members of Facebook.

Here's how the section reads in the new proposed policy:

Viewing and editing your profile. You may change or delete your profile information at any time by going to your profile page and clicking "Edit My Profile." Information will be updated immediately. While you cannot delete your date of birth, you can use the setting on the info tab of your profile information page to hide all or part of it from other users. ...

Deactivating or deleting your account. If you want to stop using your account you may deactivate it or delete it. When you deactivate an account, no user will be able to see it, but it will not be deleted. We save your profile information (friends, photos, interests, etc.) in case you later decide to reactivate your account. Many users deactivate their accounts for temporary reasons and in doing so are asking us to maintain their information until they return to Facebook. You will still have the ability to reactivate your account and restore your profile in its entirety. When you delete an account, it is permanently deleted. You should only delete your account if you are certain you never want to reactivate it. You may deactivate your account on your account settings page or delete your account on this help page.

Limitations on removal. Even after you remove information from your profile or delete your account, copies of that information may remain viewable elsewhere to the extent it has been shared with others, it was otherwise distributed pursuant to your privacy settings, or it was copied or stored by other users. However, your name will no longer be associated with that information on Facebook. (For example, if you post something to another user's profile, and then you delete your account, that post may remain, but be attributed to an "Anonymous Facebook User.") Additionally, we may retain certain information to prevent identity theft and other misconduct even if deletion has been requested.

Backup copies. Removed and deleted information may persist in backup copies for up to 90 days, but will not be available to others.

Facebook has restructured the document with key points and links for jumping to different sections. They've added sections on current practices and a new concept around Facebook Ads.

Users can read more about Facebook's proposed changes to its policies here. The comment period ends at 12:00 p.m. PST on November 5. At that point, Facebook will review the feedback and update users on the steps that will follow.

Have You Read This?

> Facebook Reminds Users How to Handle Death

> Facebook Poke Leads To An Actual Arrest

> Facebook Readies Next Steps in Governance

Social Networks Leaking Users Data To Tracking Sites

Many popular social networking sites typically make personal information available to companies that track users' browsing habits and allow them to link anonymous browsing habits to specific people, according to a new study by the Worcester Polytechnic Institute (WPI).

"When you sign up with a social networking site, you are assigned a unique identifier," says Craig Wills, professor of computer science at WPI.

"This is a string of numbers or characters that points to your profile. We found that when social networking sites pass information to tracking sites about your activities, they often include this unique identifier. So now a tracking site not only has a profile of your Web browsing activities, it can link that profile to the personal information you post on the social networking site. Now your browsing profile is not just of somebody, it is of you."

Social networks use third-party tracking sites to learn about the browsing habits of their users. Cookies are managed by a browser and contain information that allows tracking sites to build profiles of the websites visited by a user. Each time a user visits a new website, the tracking site can review those cookies to offer ads that might be relevant to the user.

Wills says social networks go to far by allowing the transmission of unique identifiers. "Users put a lot of information about themselves on social networking sites," said Wills.

"A lot of that information can be seen by other users, by default. There are mechanisms users can use to limit access to their information, but we found through previous research that most users don't take advantage of them."

With a unique identifier tracking sites could gain access to a users personal information. Wills says this could lead to having one's identity linked to inaccurate browsing profiles, depending on how many people use the same computer.

"Tracking sites don't have the ability to know if, for example, a site about cancer was visited out of curiosity, or because the user actually has cancer," said Wills. "Profiling is worrisome on its own, but inaccurate profiling could potentially lead to issues with employment, health care coverage, or other areas of our personal lives."

"Once someone is in possession of your unique identifier, there is so much they can learn about you. And even if tracking sites do not use the information themselves, can they guarantee that it will never find its way into other hands? For these reasons, we feel this issue is something that we should to be concerned about."
 

PPC Appraisal Program: Leave Your Computer On And Earn Money

This program is very simple to download, entirely free and really works!

Requiring no sponsoring, no costs at all to join, once it has been set up, the only thing you do is leave your computer on and the system will just automatically run and you can trace your income by the second.

This program operates comparable to “click on a search engine and get paid” programs, with the exception of the following:

1. It is run automatically similar to auto surf, so there is no need for you to click on any link.

2. It does not provide you with only one search engine, but there are at least twenty one now running.

If you continually run your computer for twenty four hours a day, you may earn up to fifteen dollars a day. At the end of the month, when they will be adding up to two hundred more search engines, you may earn up to sixty dollars a day, not doing anything, just be online.

In addition, you get another five percent of your referrals running time; these referrals could go as far as four levels.

Every search engine builds up an independent total of your time surfing. You must reach sixty dollars before payment be done by each of the search engine.

Normally, when you are running your computer online for twenty four hours each day, without any referral, for you to reach sixty dollars, it would more or less take you up to two months, with the now running twenty four search engines. Now consider this, sixty multiplied by twenty four will equal to one thousand four hundred forty. This is how much you will make in two months, of doing nothing.

Signing up:

http://www.ppcappraisal.com/

1. Go to http://www.ppcappraisal.com/register.php and fill out the form.

2. Where it is asking for the company name, put PPC appraisal

For the URL, put ppcappraisal.com

For tax ID, put N/A

Fill the rest of the form with your personal information

Take note that ppc appraisal does not accept any email address with full stops or non alphabetic characters in it. If you are in need of a new email address just for this intention, you can register at www.hotmail.com ; they offer a free account.

3. Log in (this will take you on to a menu)

4. Hit select all at the pages’ bottom.

5. Go back again to the bottom of the page and hit “select all” then “request”

6. There will be more than two pages that will appear. Do the same for all of the pages.

7. Go to your PPC account and click on “statistics” and observe the entire search engines appear and your total earnings.

8. Download “test 33” (go to http://66.84.56.206/ppc/test33.exe) and make sure you save it to the desktop.

9. Log in to PPC appraisal, select campaigns on the menu.

10. Write down a copy of your portal URL

11. In the test33 browser, go to tools, analyst, act, setup; you will see two squares that are empty; on the lower left side, click append and wait for the pop up window to appear open.

12. Inside that window, type in set 1 and hit OK.

13. After which, it will fade away.

14. Go back to tools, analyst, act, hit set 1 and the url will load.

15. Go to tools, analyst and hit loop and then click on navigation.

16. At the bottom, click on the word “six” and this will open up six different search engines.

17. Now the test 33 will start on clicking all search engines.

18. Do not adjust any settings. You can minimize the window and still work on your normal computer wok. It will just continue on clicking the search engines and will never interfere with what you do. These are search engines that use up or get a run through this particular program. They are doing this and making payments to improve or increase their numbers so they can have a better chance to compete with google or yahoo.