This month we’re announcing two new features on your Alertsec admin console. You can now add extra administrators to help coordinate deployment and manage users. In addition, Alertsec now supports two-factor authentication for administrators. Two-factor authentication adds a second layer of security to help prevent unauthorized access. In light of the recent report that revealed the average cost of a data breach is now $4million, we strongly recommend that this added security be activated for all administrators. You can enforce the policy for new administrators if required. More details about how to enable these two new features, and about the increasing cost of a data breach, are provided below.
Also please read below the important guidance about the new Windows 10 and macOS upgrades. If you have any questions about upgrading your computers or the new Web Account login features, please contact our Helpdesk.
Windows 10 and macOS upgrades
Two new O/S upgrades have just been released by Microsoft and Apple. If you are planning to upgrade your computers please read this important guidance note first.
Windows 10 “Anniversary update" aka "Redstone": we advise that you do not upgrade to "Redstone" yet as there is a compatibility issue with Alertsec Full-Disk Encryption (FDE). Normally a Windows update would not affect Alertsec’s system, and this is very unusual. We are working with CheckPoint to release a solution as soon as possible and we will keep you informed of progress via email and directly on your web account. If you do need to upgrade your Windows 10 operating system, decrypt your machine first, upgrade to Redstone, and then re-encrypt the device.
macOS “Sierra”: this new version from Apple is not supported by Alertsec yet. CheckPoint is working on a new release that we expect to be available in October/ November. We strongly recommend NOT to upgrade to macOS Sierra (10.12) until a supported version is available.
You can now enable other administrators to login to your Web Account. For example, additional coordinators can help to manage users for different groups in the organization; or a company director may need access to confirm deployment status for compliance.
Each coordinator will have their own login credentials and any alterations made are logged to ensure full traceability.
To enable: Only the main administrator is able to add other admin accounts. Login to your Web Account as normal and go to “Manage Coordinators” at the top of the page and follow the instructions.
You can now step-up security with two-factor authentication for anyone logging-in to your Web Account. Two-factor authentication provides extra protection in addition to your normal ID and password. It works with your mobile phone and there is no need to download any apps.
Once enabled, every time you login to your Alertsec Web Account you will receive an SMS message with a one-time passcode. Simply type in the code to verify your identify. Each administrator can activate two-factor authentication or you can enforce the policy if required.
To enable: Login to your web account as normal and go to “Account Information”. At the bottom of the page, click on the green “Enable” button and follow the instructions.
A study published in June by the Ponemon Institute reported that the average cost and consequences related to a data breach have increased to $4million. A data breach is now considered to be a permanent risk for organizations.
The biggest financial consequence of a data breach is lost business. Highly regulated industries such as health care and financial services have the most costly data breaches because of fines and the higher-than-average rate of lost business and customers. However, the report showed a reduction in costs for organizations that invested in prevention controls such as encryption and endpoint security.
Stolen password leads to data breach
A laptop computer containing the PHI of 1,400 patients was recently stolen from a U.S. HealthWorks employee. The laptop was encrypted and while this would not usually result in a breach notification, in this case the employee had written down the password to access the device and decrypt data. The password was kept with the laptop and it was also stolen.
Emails on the device contained sensitive information on patients including names and medical information, health insurance information and some social security numbers.