Posts Tagged ‘encrypt’

Hey, Developers! Save Privacy in the IoT Explosion

Thursday, July 2nd, 2015

I’ve been concerned with and writing about the information security and privacy risks involved with the data created, transmitted and processed by smart devices in the Internet of Things (IoT) for several years since they first started emerging (e.g., here) and will likely be writing on it even more in the coming months and years. According to a new IDC research report, the IoT market will grow from $655.8 billion in 2014 to $1.7 trillion in 2020 with a compound annual growth rate (CAGR) of 16.9%. Will privacy die in this IoT explosion? If IoT developers and manufacturers take action now, I’m optimistic that they can save privacy in the IoT explosion. (more…)

NSA is not the Only One Getting to Your App Data

Wednesday, February 26th, 2014

Do you think the NSA is the biggest threat to your privacy? Certainly they are collecting a significant amount of personal data. And from the looks of it, with their new facility that may hold up to 12 exabytes (that’s 12,000,000,000,000,000,000 bytes) of data, they appear to be planning to continue collecting, and keeping, more data. This is an important topic, and I’ll look at in more depth in an upcoming blog post. But for now, you need to know and understand that there are many other entities that are collecting data from you and your mobile apps in the same way as NSA is slurping it up, along with several other ways. (more…)

Organizations Need to Use More Than One Type of Encryption

Tuesday, December 3rd, 2013

Encryption has been talked about a lot lately.  I’ve gotten at least a couple dozen questions from my Compliance Helper clients in the past month.  They can pretty much be boiled down to this question:

What encryption solution should we use?

Many of the small and mid-size businesses I help, and many start-ups of any size, are under the assumption that if they get one encryption solution, it will (more…)

Ever Feel like Somebody is Watching You? They Are!

Tuesday, October 1st, 2013

“Sometimes I feel like…somebody’s watching me! And I have no privacy!”

(The Rockwell hit from…quite appropriately…1984.)

Each day, we are tracked by the ‘smart’ systems, mobile apps, personal communication devices and other surveillance platforms that have become commonplace in our daily lives. In an effort to educate more people, and businesses, about the data trails they are leaving behind (and the companies, data bureaus and marketers who are sniffing out that trail), I created this new infographic (more…)

Use Encryption despite Your NSA Snooping Fears

Thursday, September 26th, 2013

I’ve received numerous questions from various news outlets, clients and colleagues since the published revelation that the NSA was getting the assistance of encryption vendors to decrypt messages throughout a very wide range of activities. A lot of folks are now throwing their hands in the air, claiming that encryption is now no longer effective, and planning to use something completely different.  Hmm…wait! Don’t throw out the encryption baby with the unsafe practices bathwater yet. Encryption is still an effective, and necessary, information security control to use. The following are (more…)

Top 4 Reasons Encryption Is Not Used

Friday, August 30th, 2013

Over the past week a few reporters who were following up on a recent breach of 9 million patient records for stories they were writing asked me basically the same question amongst all their others, “What are the barriers that stop healthcare organizations from encrypting their devices?” One of the resulting stories, by Marianne McGee, has been posted at HealthCareInfosecurity.  During my work with a wide range of small to large organizations, in a wide range of industries, I’ve found there are some common reasons why encryption is not implemented. Here are the top four I’ve run across. (more…)

Encryption: Myths and Must Knows

Friday, March 2nd, 2012

I am looking forward to the day when we can look at the news headlines and not see some report about a lost or stolen computing device or storage device that contained unencrypted personal information and/or other sensitive information.  And, I also want to stop seeing stories reappear about such an incident, such as the stolen NASA laptop with the clear text Space Station control codes that was stolen last year, but is making the headlines yet again today.  NASA is a large enough, and tech savvy enough, organization to know better!  However, there are many organizations that simply don’t understand what a valuable information security tool encryption is.   I work with many small to medium sized businesses (SMBs), all of which have legal obligations (such as through HIPAA and HITECH, along with contractual requirements) to protect sensitive information, such as personal information.  Over the past year I’ve heard way too many of them make remarks such as… (more…)

Business Info Fact Of The Day: Most Personnel Do Not Protect Laptop Information

Monday, January 19th, 2009

The Ponemon Institute seems to have been busy doing surveys throughout the world recently!
According to three separate research surveys they did in the U.S., Canada and the U.K. they report within the BNA Privacy and Security Law Reports (subscription required) about “The Human Factor in Laptop Encryption” many interesting findings. The following are some of the high-level summary statements; see the full reports for some very interesting statistics and analysis:

(more…)

Business Info Fact Of The Day: Smart Business Leaders Encrypt PII

Friday, January 16th, 2009

If you are a business leader you must know and understand that encrypting personally identifiable information (PII) protects that PII from being used for identity theft and other crimes should it fall into the hands of a crook. Business leaders need to know this, but unfortunately too many do not really know what encryption is, let alone how it can be used to protect PII, along with the business.

(more…)

Laptop Theft: PII About 1,000 W.Va. Air National Guard Members

Wednesday, December 6th, 2006

A report in the Air Force Times indicates a laptop containing personally identifiable information (PII) about 1,000 West Virginia Air National Guard members was stolen during a training trip in November. The spokesperson for the Air National Guard indicated:

“The Air Force uses some of most sophisticated encryption processes to safeguard information on government computers”

…implying the data on the laptop was encrypted, but not coming right out and saying it was.

(more…)