Posts Tagged ‘privacy’

Are Smart Homes Security Dumb?

Tuesday, March 8th, 2016

There are fascinating and potentially very helpful smart gadgets being introduced every day into the consumer market. Particularly to create “smart homes” that will make refrigerators, lights, doors, and anything else that can be connected online (so basically anything) Wi-Fi enabled so that you can control, check on, record, and lock them, just to name just a few of the possibilities, from anywhere with a handy dandy app or mobile device. (more…)

The Internet of Medical Things: Health Data Privacy

Thursday, March 3rd, 2016

Note: This was written in early January for part of International Data Privacy Day and Iowa Data Privacy Day activities. It is just now being published due to some unforeseen delays.

Do you have any type of wearable health device, like a fitness tracker? Or maybe an implanted or attached medical device, like an insulin pump or pacemaker? If they connect with apps or other computers through wireless connections, they are most likely collecting and sending huge amounts of data. Have you considered all that data, and how it is secured and who is getting it? (more…)

Data Predictions: Looking Ahead to 2016

Wednesday, January 13th, 2016

In November, some of my friends contacted me, saying they thought I did a pretty good job with my 2015 predictions, and wanted to know what I am predicting for 2016. So here are some good possibilities for the year to come, along with a rewind to see how close I hit the 2015 predictions. (more…)

No Those Messages Will Not Completely Self-Delete

Friday, October 30th, 2015

A childhood friend of mine, who does not have a technology or information security background, recently asked me whether or not apps that promise messages, photos, videos, and anything else sent through them will completely disappear were to be trusted. She referenced several different proclaimed “disappearing messages” apps that are currently available and asked, “So what do you think of these disappearing apps?  The messages are not really gone?” She is responsible for the care of an adult relative, and wanted to be able to communicate with his healthcare providers securely, and to not have any of the communications to linger and had been using one of these apps. (more…)

Four Things to Do for National Cyber Security Awareness Month

Friday, October 16th, 2015

Since this is National Cyber Security Awareness Month (NCSAM) it seems appropriate to give some examples and tips for how everyone can improve upon security, and better protect their privacy, this month. (more…)

Be Aware of Risks with Outsourcing to Other Countries

Saturday, October 3rd, 2015

Businesses must be aware of risks with outsourcing to other countries activities involving personal information. Over the past couple of months I’ve heard over a dozen organizations express their opinion that if they hire organizations outside the U.S. to do work for them, then those organizations are not bound by U.S. laws. Most were from small to midsized organizations and startups. But it was somewhat surprising to hear also hear this sentiment from an organization with multiple locations and thousands of employees. This has been an incorrect belief of far too many organizations for decades.

I’ve also had clients in other countries ask about the need to comply with U.S. laws, such as for HIPAA compliance, when they provide services for U.S individuals and/or businesses.  Many believe they do not need to. (more…)

Small Businesses Must Address Security and Privacy

Friday, September 18th, 2015

I’ve been working with hundreds of businesses over the past fifteen years, and I’ve found many common challenges that they are always trying to address, as well as some common, dangerously incorrect, beliefs about security and privacy. There are some common misconceptions that are unique to one-person to small businesses.

Here are four common recurring incorrect information security and privacy beliefs of small businesses, and the facts that these businesses need to know: (more…)

Use Movies to Raise Privacy and Security Awareness

Tuesday, September 1st, 2015

I’ve noticed an uptick in online discussions about information security and privacy awareness ideas. I don’t know what provoked the increased buzz, but I’m happy to see it, and more sincere consideration of actually doing activities to truly raise awareness.

  (more…)

Organizations Must Stay Vigilant Against Insider Threats

Tuesday, September 1st, 2015

I started my career as a systems engineer at a large multinational financial and healthcare corporation. I was responsible for creating and maintaining the applications change management system. The purpose of the system was to ensure that after the programmer finished coding, the code could be moved, with the approval of the manager, to a different area to test. After testing was complete it would be moved back to the development area if changes were needed, or a different manager would approve it to be moved to the live/production area for widespread use.

By requiring different individuals/roles other than the programmer (who did her own testing while creating the program) to test the program, it accomplished two primary goals: (more…)

Never Judge an Information Security Professional Solely by their Security Certifications

Thursday, July 30th, 2015

Recently I attended a gathering where a litigation lawyer was giving a presentation and made the statement, “The defendant’s information security officer did not have any type of security certification, such as a CISSP (Certified Information Systems Security Professional) or CISM (Certified Information Security Manager), which demonstrated lack of qualification for her position, and negligence on the part of the hospital system that had hired her to fill that position.” (more…)