Android: How To Protect Against Malware and Viruses For Free

Posted on 28 Jan 2013 in Android, ArmorText, Awareness, Cyber Security, Gryphn Secure Text Messaging, Security 0 Comments

Brand New Android: How To Protect Against Malware and VirusesBrand New Android: How To Protect Against Malware and Viruses

Unlike the iOS App Store, the Google Play store is a much more open and accessible marketplace. This makes it easier to develop for Android, but it also means that users are vulnerable to malware and viruses posing as useful or fun apps.

Even if you haven’t  downloaded an app from the Play store yet, your phone is still extremely vulnerable to loss or theft. It’s likely you keep personal data, business correspondence, or even banking information on your device. How can you protect that data if the device goes missing?

People are trusting their devices with more personal data, while at the same time malware and viruses are becoming more ambitious and common. These two trends have been met with the rise of mobile security apps, protecting users from these exact threats.

Below are three apps that keep the user safe from most of threats to their data and mobile device.
Brand New Android: How To Protect Against Malware and Viruses

Lookout Mobile Security (Free, with a Premium option)

The main threats for Android users exist on the Google Play store, which is why apps like Lookout exist. During setup, it scans your old apps for malware and viruses. After initial setup, it runs in the background, scanning new apps as they are downloaded.

Not only does Lookout provide basic malware protection, it also comes with several other security and peace-of-mind features. Upon logging in to your Lookout account on their website, you can locate the device on a map or make your phone or tablet “scream” (much louder than your ringer and works even if your phone is on silent). Premium users ($2.99/mo or 29.99/year) can also lock the device and wipe all data if it is permanently lost or stolen.

Lookout even backs up contacts, pictures and call history to the web portal, although picture and call history backups are only available to premium users.

Brand New Android: How To Protect Against Malware and Viruses

Avast! Mobile Security (Free)

Where Lookout provides simplicity and ease of use, Avast! Mobile Security provides an utterly exhaustive feature set. In addition to securing you from malware and virus threats, you can locate the device, sound a siren, lock the device, wipe the device, call the device, send a message to the device and much more, right from the Avast! portal.

Unlike Lookout, Avast! places a heavy emphasis protecting you and your data if your device is lost or stolen. Avast! Anti-Theft features allow a user to force the data connection to stay active so the device can be tracked, lock the phone settings, and prevent USB debugging (which is often used by thieves to reset a device to factory settings after it has been stolen).

Avast! also tries to keep its users aware of privacy and permission settings of the different apps on their device. Privacy Advisor shows you which apps have access to which areas of your device, but as far as I can tell does nothing to help you limit that access from within the app. Network Meter tracks how much data each app is using, which is helpful for those of us who aren’t using unlimited data plans.

Because it has most of the features Lookout has, Avast! could be used as a replacement for lookout, but if used together, they present a very thorough security solution for Android devices.

Brand New Android: How To Protect Against Malware and Viruses

Gryphn Secure Text Messaging (Free)

Lookout protects the information on your device from falling prey to malware and viruses on the Google Play store, while Avast! is a great solution for preventing your data from getting into the wrong hands if the phone is lost or stolen, but what about the contents of your text messages, on the phone and coming and going from your device?

Gryphn Secure Text Messaging replaces your stock texting app and encrypts text, picture and video messages, both on your device and in transit. Even if you do have the misfortune to download malware or come into contact with a virus, neither of these will be able to access any of your messages, images or any other texting content.

After the quick setup process you are greeted by a clean interface (based on the stock Android Jelly Bean messaging app) and all of your old text conversations, ready to continue them in a safer environment.

If you have friends, family or colleagues who have the app, you can enable encryption for those conversations, meaning your messages are encrypted in transit and decrypted by their device on the other end. Even your wireless carrier, which usually stores your text messages for anywhere from 3 months to a year, can’t read what you are saying. Only the sender and the recipient can read encrypted messages.


Gryphn Trumps Sexting with Security

Posted on 22 Jan 2013 in Awareness, BYOD, Cyber Security, Press, Security 0 Comments

We had some fantastic questions and comments in response to our press this week that deserved public answers. As a security company we recognize that people trust us when they use our product. We want to reciprocate this trust by offering transparency in our processes. Please feel free to add any more comments or questions  you may have

“Great idea – my wife is a middle school principal. It’s amazing the things teens are sending via SMS and their ignorance about its lasting impact and potential for broad distribution. Snapchat is clearly targeted to this younger group and if it (Gryphn) can save just one person from disastrous embarrassment, I’m all for it.” – Shopilly (TechCrunch)

Protecting teens from sexting mistakes? Sure, we can roll with that. The same security that protects a soldier’s mission critical image from being intercepted in transit, downloaded to a computer, forwarded, saved, screenshot-ed, decrypted or shared will also protect a teen from having their ill-advised image uploaded to Facebook.

“And this is necessary for life because why exactly? So teens can sext each other. Wow, I want to invest in this company. Where do I put my money? Maybe the company founders just want to see a lot of user generated porn.” – Darth (Business Insider)

User generated porn? This is (by far) our favorite comment. Our users include SWAT, local law enforcement and first responders. While we’re sure there’s a fetish for that, we don’t hold the keys to decrypt people’s messages. Or have the ability to see them. Or to give anyone access to them. Even under duress. Our patent-pending public/private encryption key exchange makes it impossible for ANYONE other than the sender and recipient to access or view the contents of even one single message encrypted and sent through our app. Yes, even if it’s porn. Yes, even if it’s really good porn.

“(This works) until people start taking pictures of their phones with other peoples’ cameras…” – Evan (Business Insider)

Yes. Absolutely true. For healthcare, financial and law enforcement (and eventually government), the concern is in knowing who is accessing these images. In whose hands does the phone rest? We achieve this currently through a passcode on the app itself and, eventually, with technology that… has already been used in beta by some of you. This last point in particular is, perhaps, proof that, despite the amusing moniker that some of our press bestowed upon us, our target market is not those looking to macgyver a sexting app, but those who are required to encrypt digital messaging to satisfy the legal requirements of their regulated industry.

“If this is developed in the US, it must be CALEA-compliant, and in that case the company has to store either plaintext conversations, or decryption keys, on its servers, to furnish to law enforcement whenever asked. In that case the first successful break-in into their infrastructure would give the attacker keys to information that is thought to be secure.” – prostoalex (Pandodaily)

Actually – your conversations never flow through Gryphn’s servers, and the encryption is performed by you, the individual, and not by Gryphn. Gryphn maintains Public Keys, but the corresponding Private Keys reside with the user. From: http://paranoia.dubfire.net/2011/02/deconstructing-calea-hearing.html (and other sources) — “US law is surprisingly clear on the topic of encryption — companies are free to build it into their products, and if they don’t have the decryption key, they can’t be forced to deliver their customers’ unencrypted communications or data to law enforcement agencies

These are good questions, comments and thoughts, but this is only the beginning. Please add any other questions you would like to see answered in the comments below.

Secure messaging with Gryphn’s app:

“Go from unsure to secure in 60 seconds or less — with the ‘year’s most innovative startup for national security

Follow @GryphnCo on Twitter & Like Us on Facebook

States Can’t Agree on Smartphone Privacy: Businesses Protect Themselves (continued)

Posted on 26 Dec 2012 in Android, Apple, ArmorText applications, BYOD, Enterprise, News, Security, State Texting Laws 0 Comments

States can't agree on smartphone security law use armortext encrypted text messaging

Continued from last week…

Overcoming uncertainty

To view the mobile security and privacy problem in management terms, consider that businesses generally dislike uncertainty of any kind.  But the mobile revolution and resulting patchwork quilt of search and seizure laws across borders suggests plenty of businesses have zero certainty about whose hands their data could fall into.  Once an unencrypted device is imaged, there is no going back.  It is impossible to know with certainty how law enforcement authorities here or anywhere will parse patent drawings; budget spreadsheets or acquisition plans while searching for evidence.  There are too many variables. Even if we assume authorizes will act in good faith and take measures to respect confidentiality, encryption is a far better bargain for applying controls over information, particularly if you are a lawyer worried about attorney-client privilege or work in an industry subject to tough data protection regimes.  As mobile device searches become increasingly routine enterprise data swept up in evidence searches – “caught in the crossfire,” if you will – may have to be deemed “compromised,” if only for practical purposes.  

The way forward

Companies need to monitor the global regulatory picture closely.  The best defense, of course, is to compartmentalize access and information.  A salesperson headed overseas does not need to carry your patent portfolio through border crossings.  But except for these kinds of obvious cases, reconfiguring devices and networks around today’s shifting job roles and travel is tedious and impractical.  Plus, when you strip-down handhelds to the point where they become safely “expendable” you start to offset the business value of all these great tools and connectivity.  Why not build a standardized mobile security profile with encryption instead and let users bring the apps they need to be productive?  Senior executives need to lay the foundation here by looking at requirements, risks that can be tolerated and mitigating them as far as possible.

On the technology side, mobile encryption is a powerful tool to tactically deploy in your plan.  To securely harden many common types of smartphones quickly, look for encryption tools that to not require cumbersome hardware accessories or multi-tasking between apps just to read e-mail. Such ease of deployment positively empowers users and helps different types of devices in a company to benefit from consistent protection.  Users of different hardware that all run some version of Android, for example, can in most cases go to the same app storefront and pull down their own security software.   As technology rewrites our legal and societal perceptions of trust, privacy and security, businesses and consumers should expect continued legal dust-ups and uncertain times.  Often the only recourse is to seize the initiative by taking proactive control.  In this spirit, armoring-up your smartphone is easily done and could spare your company and career from needless future worry and pain.

 

Secure messaging with Gryphn’s app:

“Go from unsure to secure in 60 seconds or less — with the ‘year’s most innovative startup for national security

Follow @GryphnCo on Twitter & Like Us on Facebook

States Can’t Agree on Smartphone Privacy: Businesses Protect Themselves

Posted on 21 Dec 2012 in ArmorText, ArmorText applications, Awareness, Evidence, Security, State Texting Laws 0 Comments

States laws on texting: New York TImes ArmorText encrypted text messaging

What’s in your phone?

Mounting uncertainty around warrantless device searches means mobile encryption is becoming even more essential for businesses  

Laws are trying to keep up with technology, particularly in areas like privacy and information security.  Many of the keystone regulations and legal precedents the government and private sector live by in this arena were conceived well before smartphones, tablets, and today’s Web itself were even imaginable.

In a perfect example, the New York Times recently published a survey of courts and legislatures in various states and how they have addressed the legal uncertainty surrounding warrantless cell phone searches conducted by law enforcement authorities. (We offer a state by state synopsis beginning here).  Judges and state legislatures delivery complimentary, contradictory and downright oppositional rulings on the conditions necessary for law enforcement to perform cell phones searches. Is a warrant required? What if the phone is on your person? Is your location data the property of the providers? Years ago the data on your phone might have been limited to scrolling through call logs and contacts.  However, the ramifications are much greater with today’s smartphones, which are repositories of, not only our calendars and contacts, but the apps we use and data we send through them, as well as Web histories, multimedia libraries and geo-location data.  All this before we even consider the confidential corporate data many of us keep in our personal devices.  (See a State by State breakdown of cell phone privacy laws)

Everyone wants a peek

The phenomenal growth of mobile devices around the world is triggering disruptive and unpredictable regulatory issues for monitoring communications and searching devices.  The smartest business strategy, accordingly, for companies worried about new risks to sensitive information is strong encryption tools, for communications security and safeguarding sensitive workplace information that inevitably ends up on mobile.   This is much broader issue than U.S. domestic concerns. In recent years India, the United Arab Emirates and other countries pressured Research in Motion to grant their state authorities access to BlackBerry users’ BBM and e-mail traffic within their borders. In a similar vein, there have been concerns over whether U.S. and other countries’ border security screenings compromise business secrets if and when laptops and other media are searched.  In these and other examples, the more portable and indispensable devices become, the more exposure they have to these issues.

More devices, more problems

The current “bring your own device” (BYOD) movement introduces more mobiles to business settings. The usability of these devices means it is only a matter of time before confidential office information starts flooding into these handhelds.  Employees copy files to them.  They intentionally (or inadvertently) activate file-sync and back-up apps that replicate confidential files to the cloud and to every gadget they own. These and many other actions risk exposing sensitive information to unauthorized publics.  After all, the more copies of something you have, the more likely one copy stands to be lost or viewed by others. Yet, if a business does not have the legal grounds or employee buy-in to dictate precisely how mobiles are configured and used, they must (uncomfortably) rely on uneven user awareness and habits to keep handhelds away from malicious code, thieves – and now evidence lockers, too.   It is one thing for a company to get a call from authorities explaining why an employee’s device (that is hypothetically central to an investigation) needs to be unlocked, since this is a matter that can be appropriately handled with corporate counsel and dialogue.  But it’s quite another case when you have a searched device handed back to you after the fact – knowing encryption was not in place to prevent data from being viewed, copied or altered – and worry about what might have been exposed.

To Be Continued…

 

Secure messaging with Gryphn’s app:

“Go from unsure to secure in 60 seconds or less — with the ‘year’s most innovative startup for national security

Follow @GryphnCo on Twitter & Like Us on Facebook

Snapchat: Unprotected Teen Sexting

Posted on 12 Dec 2012 in Android, Awareness, Cyber Security, Media Roundup, Security 0 Comments

A new site entitled “SnapChat Sluts” has caused a stir, collecting naked images of women sent via the app and captured through a screenshot (this website has since been removed).

SnapChat unprotected teen sexting For Secure and encrypted text messaging see ArmorText

If you’re not familiar, SnapChat is #12 on the free iOS photo app charts in the U.S. and has received a fair amount of media attention, including an article in the NY Times. Approximately 1000 photos are being shared per second using the app, roughly the same number as are posted using Instagram. SnapChat allows for a “self-destruct” timer to be attached to the photograph, from one to ten seconds, setting a viewing window that suggests protection against saving, forwarding or posting of the image by the viewer… except the simple push of a button provides a screenshot saved outside the app that the sender no longer has any control over.

SnapChat enables new context, new phrasing for digital interactions, but does not provide the security necessary to protect private information or personal photos in these interactions. Its ‘Mission Impossible’ vanishing message feature needs to be explained to users as the faux privacy protection that it is.

SnapChat Is For Kids

There is particular consternation on the part of parents in regards to this app as it appears to be targeted towards teens. The majority of users are between the ages of 13 and 24.

SnapChat provides an environment that seems friendly to private or potentially compromising texting activities. In previous posts we have dealt with the security failures of Whatsapp for the general public as well as the security issues with BlackBerry’s BBM and security issues of iMessage that make it inappropriate for use in regulated industry. Each of these messaging services has their strengths and their pitfalls, SnapChat being no different. A student, Marilyn Feldman, told a story of texting pictures of red flowers on campus to her mother, flowers they used to enjoy together while she was still living at home. “It’s subtly different even from taking a picture on my iPhone and sending that,” Feldman said. “It’s more immediate and even more casual. Almost like, ‘thinking of you.’ Picture of a red rose in the neighborhood. I didn’t even send her a message, just a picture of the red rose, and (my mother) knew what that meant.” Co-founder of SnapChat, Evan Spiegel, reiterates the same idea, stating that the app is “not about ‘privacy,’ per se,”

SnapChat - Unprotected teen sexting Gryphn ArmorText Encrypted Text Messaging

SnapChat Is NOT A Privacy App

A quote from SnapChat’s privacy policy:

“Although we attempt to delete image data as soon as possible after the message is transmitted, we cannot guarantee that the message data will be deleted in every case. Consequently, we are not able to guarantee that your messaging data will be deleted in all instances. Messages, therefore, are sent at the risk of the user.”

In this case education plays the largest component. SnapChat is not a danger in and of itself unless it is incorrectly categorized as a security app or as having security measures that protect against, well, anything. Education surrounding its use should follow similar guidelines to that of Facebook security or regular texting.

Gryphn, with our partners StaySafeOnline, promotes education and standardization of security measures that intuitively and automatically protect daily behaviors of, not only teens, but digital participants of all ages.

 

Secure messaging with Gryphn’s app:

“Go from unsure to secure in 60 seconds or less — with the ‘year’s most innovative startup for national security

Follow @GryphnCo on Twitter & Like Us on Facebook
UPDATE: SnapChat adds Video and  a new layer of questions about privacy and security.
UPDATE: SnapChat opinion article – it’s not a sexting or security app, it’s a new way of communicating.

Text Messages As Evidence? Missouri and Washington

Posted on 19 Nov 2012 in ArmorText, Evidence, Security, State Texting Laws 0 Comments

In this next segment of text messages as evidence in court, we will take a look at Missouri and Washington. The U.S. Supreme Court has yet to rule on this issue, though when they do, they will likely pull information from previous cases handled state by state.

Missouri

This state, like Ohio and Rhode Island, holds that text messages should have an expectation of privacy. In the case State v. Clampitt, the defendant was charged with involuntary manslaughter and investigators subpoenaed his text messages in hopes they would find a profession of guilt. The prosecutor claimed that “the text messages were records that were in possession of a third party,” and he attempted to argue that a search warrant would not have been necessary. The court disagreed and threw out the text messages as evidence and the Missouri Court of Appeals upheld the original ruling.

“[A]s text messaging becomes an ever-increasing substitute for the more traditional forms of communication, it follows that society expects the contents of text messages to receive the same Fourth Amendment protections afforded to letters and phone calls.”

Washington State

Like Florida, Georgia, and California, Washington also has allowed text messages as evidence in court without a search warrant or subpoena. Police officers arrested a man for dealing drugs, during his arrest the officers seized his cell phone. A text message was received, on the confiscated cell phone, from someone attempting to buy drugs. The police responded to the message, posing as the dealer and set up a buy. When the man arrived, he was immediately arrested for trying to buy heroin. The text messages were allowed in court because the grand jury voted that it was legal. Their ruling considers text messages to be public domain, which may set a precedent for other cases in the future.

This Washington Court deemed “that text messages are not private and any message a user sends, or in some cases receives, can be used against them in a court of law.”

ArmorText

For states that allow text messages as evidence in court without a search warrant or subpoena, ArmorText circumvents this and protects text message privacy. In the Washington case, the arrestee’s phone only had one password to unlock the phone, which allowed the officers to see incoming texts. If the arrestee had his phone setup to require a password entry before reading any text messages, then the officers would have been forced to obtain a court order or search warrant. Regardless of what may be on your phone, everybody has the right to privacy and should take advantage of this right.

Stay tuned as we continue the state by state texting exposé!

 

Secure messaging with Gryphn’s app:

“Go from unsure to secure in 60 seconds or less — with the ‘year’s most innovative startup for national security

Follow @GryphnCo on Twitter & Like Us on Facebook

BYOD Security Alert! Malware Apps That Attack Company Data

Posted on 16 Nov 2012 in Android, Apple, ArmorText, Cyber Security, Enterprise, Security 0 Comments

Mobile Device Management companies ban a list of malware apps that could snatch company data; customer contacts, and e-mail history. Below are a few apps that should be added to these lists.

mobile malware apps attack company data - use Gryphn armorText encrypted text messaging app

Mobile Malware Apps

The News: Companies need to have a defense plan to protect their mobile devices against the rising mobile security threats. There are more than 175,000 dangerous applications on the Android OS. Many believed that the iPhone was safe from these mobile malwares, but it appears that any jailbroken iPhone is susceptible to malware. Other malicious apps that have made their way into the App Store that affect more than just the jailbroken phones.

The App: Loozfon, Android Malware
The Threat: It poses as a work-from-home, opportunity; it promises the user that they can earn money by simply clicking a link and sending an email. Once the user clicks the link, the malware is downloaded to the phone and can steal contact information from the device.

The App: FinFisher, attacks Android, iPhone, Windows, Blackberry, and Symbian
The Threat: This malware poses as a system update, when the user clicks the link in the fake text message or email it uploads the virus. It is spyware that can remotely control and monitor your phone.

The App: Find and Call, found in Apple’s iOS App Store and Google Play
The Threat: It claims to be an app that will simplify your contact list, instead when you download this malicious app it uploads your entire phonebook and proceeds to send email and text spam to each contact.

The App: Trojan FakeLookout.A
The Threat: It acts as an update for the Lookout Security app in Google Play. The malware can remotely control and monitor the phone, access text messages and upload them to their server. It can also download files to the phone that threaten the user’s privacy and access their private information.

View More Mobile Malware Apps…

Security Apps

The News: With the rise of mobile malware, spyware, trojans, and viruses that can unknowingly be downloaded to our mobile devices, it is important to download security apps to your device. Security apps are important for protecting your mobile device, but your device may require more than one. Combining these security apps with a secure text messaging app, like ArmorText, will help ensure your mobile device is protected on all levels.

The App: Lookout Mobile Security, is available on iPhone and Android, protects your device from the multitude of security threats that exist. It can also locate your lost or stolen device.
The Threat: No threat! It helps you avoid mobile risks!

 

Secure messaging with Gryphn’s app:

“Go from unsure to secure in 60 seconds or less — with the ‘year’s most innovative startup for national security

Follow @GryphnCo on Twitter & Like Us on Facebook

DoD App Store Coming To A Smartphone Near You

Posted on 14 Nov 2012 in ArmorText, BYOD, Cyber Security, Enterprise, News, Security 0 Comments

 

 

Back in July, we discussed Mobile Device Solutions for the Department of Defense (DoD). We are still waiting for the DoD to release its mobile device implementation plan, but the Defense Information System Agency (DISA) has announced they are looking for a mobile device management (MDM) software and an enterprise mobile application store that will be able to support more than 250,000 mobile devices. The military has a longstanding relationship with DISA as their network service provider

“The mobility implementation plan is a way for the DoD to take advantage of where the rest of the world is going with mobile communications,” Air Force General Robert E. Wheeler said.

The benefits of BYOD driving many industries to implement such plans remains the same: reduced costs, increased security, and a productivity boost. This new strategy could completely enhance the functionality of the DoD, “allowing the department to move faster, make decisions quicker, stay ahead of adversaries, and make better business decisions.” This is all well and good as long as security concerns are appropriately managed. One security breach on a national or international level would nullify all cost savings and productivity gains.

The DoD’s enterprise-wide mobile strategy will center around DISA. DISA claims that the MDM and app store will eventually be able to meet all of the military’s requirements. To go along with the MDM, the DoD has categorized three types of devices that will go through the authorization process.

  1. Devices that never need to connect to the DoD network, for example this may include tablets used by a pilot that contain checklists and charts.
  2. Devices that connect to the unclassified networks, for example commercially available devices like iPhone and Android.
  3. Devices that connect to the classified network; some of the previous devices may meet this requirement as well.

The mobile devices available to have the public have countless applications and if approved by DoD standards, users will be available to use one phone on the DoD classified and unclassified networks. The approved devices would also have the ability to download any mandatory apps from a DoD app store.

The DoD has a strong desire to adapt to commercial mobile technology, by having its own app store. Specialized apps for critical communications or processes could be approved, developed and deployed within three months.

“As new technology comes out we need to take advantage of that new technology and move with that new technology to keep our stuff more secure,” Wheeler said. “So, waiting two, three, four years to approve something is something that would actually hurt our ability to do the mobility implementation plan.”

ArmorText is a new technology that could be beneficial to the DoD app store and the DISA MDM Plan. It is a secure text messaging app that can be used regardless of “security clearance” associated with classified and nonclassified networks. Every employee at the DoD should be using ArmorText to encrypt their text messages.

 

Secure messaging with Gryphn’s app:

“Go from unsure to secure in 60 seconds or less — with the ‘year’s most innovative startup for national security

Follow @GryphnCo on Twitter & Like Us on Facebook

Doctors: Be Cautious Of Mobile Device HIPAA Violations

Posted on 12 Nov 2012 in ArmorText, BYOD, Enterprise, Healthcare, HIPAA, Security 0 Comments

Mobile devices provide doctors a quick and easy way to communicate with patients, nurses, and other doctors. Misuse of these same devices can also threaten doctors with a hefty fine or prison time, if the use of these devices leads to a Health Insurance Portability and Accountability Act (HIPAA) violation. The most common violation is unencrypted data stored on lost or stolen devices.

 

VIOLATION TYPE MINIMUM PENALTY MAXIMUM PENALTY
Individual didn’t know they violated HIPAA $100/violation; annual max of $25,000/repeat violations $50,000/violation; annual max of $1.5 million
Reasonable cause and not willful neglect $1,000/violation; annual max of $100,000/repeat violations $50,000/violation; annual max of $1.5 million
Willful neglect but corrected within time $10,000/violation; annual max of $250,000/repeat violations $50,000/violation; annual max of $1.5 million
Willful neglect and is not corrected $50,000/violation; annual max of $1.5 million $50,000/violation; annual max of $1.5 million

 

Maximum Penalties in Mobile Device HIPAA violations:

2012: Massachusetts Ear and Eye Infirmary (MEEI) settled with the U.S. Department of Human Health Services (HHS) and agreed to pay a fine of $1.5 million for violations against the HIPAA of 1996 Security Rule. They also promised to take the necessary steps to upgrade the measures they take to protect the privacy and security of their patients’ protected health information (PHI). MEEI reported the theft of an unencrypted personal laptop that contained electronic PHI of their patients and research subjects, including patient prescriptions and clinical data.

    1. Mobile Device Stolen
    2. Unencrypted Data
    3. Not Password Protected

Uncorrected, willful neglect with an unsecured, unencrypted mobile device. Situations like these cannot be repaired retroactively.

2012: South Shore Hospital admitted a security breach that affected 800,000 patients. The hospital shipped three boxes of backup tapes, containing patients’ personal information and medical records, to Archive Data Solutions to be erased and resold. Only one of the boxes made it to destination and the other two were not located. South Shore was fined a total of $750,000 for not encrypting the sensitive data and for not informing Archive Data that the tapes contained PHI or verifying that they would be able to securely handle this private information.

    1. Unencrypted Data
    2. Not Protecting PHI

South Shore received the maximum penalty for neglecting to encrypt their patient’s information, for losing two-thirds of the data, and for failing to protect their data when they sent it to an off-site location.

2011: Georgetown University Hospital reported a missing unencrypted USB thumb drive that contained data for 1, 526 patients. The patient information on the drive included their names, medical record number, birthday, blood type, blood test results, brief medical history, and physician’s name.

    1. Mobile Device Lost/Stolen
    2. Unencrypted Data
    3. Not Password Protected

Again, no retroactive policy can repair the damage of the careless handling of unencrypted, unsecured mobile devices.

2010: Cincinnati Children’s Hospital Medical Center reported a stolen laptop that was password-protected, but the data was not encrypted. The laptop was stolen from an employee’s car, which was parked in front of her house. This security breach affected 61,000 records and included personal information about the patients: names, medical record numbers, and health treatment.

    1. Mobile Device Stolen
    2. Unencrypted Data

The laptop did utilize a password, but the information on the laptop was not encrypted and the employee left the laptop unattended, demonstrating that password-protection is not sufficient in guarding patient data.

Avoid HIPAA Violations With ArmorText

Although there aren’t any HIPAA security breaches or violations based solely on ePHI sent via text message, more than 70% of doctors have admitted to texting on the job. By implementing preventative actions, doctors can safely text without violating HIPAA. ArmorText was designed to help doctors and other healthcare industry workers securely text by encrypting their messages, both on the phone and in transit. Even if your mobile device is lost or stolen, your messages are guarded individually through encryption and overall with an app-specific password. It protects your text messages at every level. Leave it to ArmorText to keep all your texting communications protected, so you can communicate freely.

Click here to see security breaches affecting 500+ people: http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/postedbreaches.html

 

Secure messaging with Gryphn’s app:

“Go from unsure to secure in 60 seconds or less — with the ‘year’s most innovative startup for national security

Follow @GryphnCo on Twitter & Like Us on Facebook

Text Messages Are Not Private Under The Freedom Of Information Act

Posted on 8 Nov 2012 in ArmorText, Enterprise, FOIA, Press, Security 0 Comments

 

If you hold public office, your text messages with your wife, your husband, or your children are public property. Any text message you send, personal or business related, is accessible to the public under the Freedom of Information Act (FOIA). When the FOIA was enacted in 1966, it could not account for today’s technological advances, especially concerning text messages.

FOIA In The United States

Politicians and other public figures have had their text messages exposed as a result of FOIA. The political scandal involving Detroit Mayor Kwame Kilpatrick, in 2007, made headlines when The Detroit Free Press requested all records, including text messages sent from his government-issued device, be released to the public under FOIA. Information obtained from his text messages revealed an on-going affair with his Chief of Staff, Christine Beatty and their use of city funds for their romantic getaways. The messages disclosed how they conspired to fire Police Chief Brown, who was investigating Kilpatrick’s illegal activities and the corruption in his office, including racketeering, bribery, conspiracy, and extortion.

FOIA Reveals All

With the public’s right to access records, it has exposed the wasteful spending of our government in numerous documents. E-mails obtained through FOIA revealed that the Solicitor General’s office planned to groom Elana Kagan to ascend to the Supreme Court. A ruling in Illinois determined that text messages on government-issued or personal phones are considered public record, if business is conducted on their personal phone. According to the FOIA, all written text is public property.
In the Kilpatrick scandal, the public deserved to know how their elected official was running their government. Our elected officials are people too and should have the right to privacy in their personal and family lives, despite their career. In cases like these, there needs to be a way to distinguish between what information the public has the right to access and what information must remain private.

Freedom of Information Is World-Wide

The idea of Freedom of Information is not just a U.S. law that affects our elected officials, but it spans internationally as well. The latest scandal involves, British Prime Minister, David Cameron, who has been urged to publish his text messages with News International Chief Executive, Rebekah Brooks. Several of his personal messages were made public, stemming from a 2009 phone-hacking inquiry from Rebekah Brooks herself. The Prime Minister was granted some right to privacy since they didn’t publish the messages that could be embarrassing to P.M. Labour MP Chris Bryant stated that ordinary public members would consider all of the text messages sent by the Cameron to be relevant in determining the nature of their relationship. As a result, no text message would be safe from public record.

ArmorText Protects You and Your Loved Ones

Gryphn’s ArmorText is the secure solution for elected officials to keep their personal life private. Our secure, text-messaging app erects a barrier between your personal and professional communications, so you can conduct both appropriately on a single phone. FOIA requests that pull data from text messages on carrier servers would only have access to the encrypted version of your texts. As a public official, you have the right to privacy in your personal and family life. With the help of ArmorText, you can shield your family’s personal communications on the same phone you use to fulfill your public duties.

 

Secure messaging with Gryphn’s app:

“Go from unsure to secure in 60 seconds or less — with the ‘year’s most innovative startup for national security

Follow @GryphnCo on Twitter & Like Us on Facebook