A question that every records manager and information professional needs to ask is, “how secure are my information assets?” The way this question is tackled takes on different forms depending on what kind of information you are dealing with. Regardless, let this statistic humble you with the task ahead of us.

According to Blackberry, “A study of protected health information (PHI) breaches found that 59 percent of all breaches involved a business associate.”

At Verizon there was a security breach that few saw coming.

Apparently the scheme was discovered accidentally. Verizon received a request from the US company asking for help in understanding anomalous activity it was witnessing in its VPN logs: an open and active connection from Shenyang, China.

This was alarming because the company had implemented two-factor authentication for these VPN connections, the second factor being a rotating token RSA key fob. Yet somehow, although the developer whose credentials were being used was sitting at his desk staring into his monitor, the logs showed he was logged in from China.

This unnamed company initially suspected some kind of unknown (0-day) malware that was able to initiate VPN connections from Bob’s desktop workstation via external proxy, route that VPN traffic to China, and then back. When Verizon investigated, it eventually noticed that the VPN connection from Shenyang was at least six months old, which is how far back the VPN logs went, and it occurred almost daily and occasionally spanned the entire workday…

Although the technical security infrastructure was in place, what Verizon did not see coming was for an employee to physically FedEx their RSA token to China. The only way that Verizon was tipped off to this was through cyber forensics discovering hundreds of PDF invoices from a Chinese consulting firm. You can read the fully story at thenextweb.com
If you would like to learn more about security types I have included a video from AIIM’s Information Professional Certification video series on IT security below.