Training & awareness Archives -

Archive for the ‘Training & awareness’ Category

Four Things to Do for National Cyber Security Awareness Month

Friday, October 16th, 2015

Since this is National Cyber Security Awareness Month (NCSAM) it seems appropriate to give some examples and tips for how everyone can improve upon security, and better protect their privacy, this month. (more…)

Tags:Dell, Information Security, IT compliance, Keywords: National Cyber Security Awareness Month, ncsam, policies and procedures, power more, powermore, privacy, privacy awareness, privacy professor, privacyprof, Rebecca Herold, risk management, security awareness
Posted in Training & awareness | No Comments »

Use Movies to Raise Privacy and Security Awareness

Tuesday, September 1st, 2015

I’ve noticed an uptick in online discussions about information security and privacy awareness ideas. I don’t know what provoked the increased buzz, but I’m happy to see it, and more sincere consideration of actually doing activities to truly raise awareness.

(more…)

Tags:Dell, Information Security, IT compliance, policies and procedures, power more, privacy, privacy professor, privacyprof, risk management, security awareness, security training Rebecca Herold, toprank
Posted in Information Security, Training & awareness | No Comments »

Stay Alert for Stegoloader and Rombertik Malware Threats

Friday, July 17th, 2015

Recently a friend of mine sent me a photo of the image on his computer screen. It was a Windows firewall warning message that his computer had been infected with malware. He said that when he tried to re-boot the computer it got into an endless loop and he could not get it to do anything. He finally took it to the computer repair shop, and they had to reload a new system. Thankfully he had a complete, clean, backup of all his files, so he didn’t lose anything. I asked what the repair folks said the problem was, and he indicated that they didn’t tell him anything specific, only that he “probably had bad malware.” (more…)

Tags:anti-malware, Dell, Information Security, IT compliance, malware, policies and procedures, power more, powermore, privacy, privacy compliance, privacy professor, privacyprof, program changes, risk management, Rombertik, security awareness, security training Rebecca Herold, Stegoloader, toprank
Posted in Information Security, Training & awareness | No Comments »

6 Actions Businesses Should Take During Cyber Security Awareness Month

Tuesday, October 21st, 2014

October is National Cyber Security Awareness Month. It would seem the breaches announced virtually every day of this month so far were orchestrated to highlight the need for organizations to beef up their information security efforts and improve their controls.

Sadly instead, cyber incidents seem to have become de rigueur these days. Consumers are getting fed up, and government agencies are proposing more laws. The tide is turning, and soon organizations will be held accountable for more effectively protecting their systems and information, or they will likely face much steeper fines and penalties than ever before. So, now’s the time to take action! Here are six actions you to take this month to start improving your organization’s information security program and associated efforts. (more…)

Tags:awareness, compliance, compliance documentation, documentation, HIPAA, IBM, Information Security, information security risks, infosec, midmarket, national cyber security awareness month, ncsam, policies, privacy, privacy professor, privacy risks, privacyprof, procedures, Rebecca Herold, SIMBUS, training
Posted in Information Security, Training & awareness | No Comments »

Time to Focus on Privacy Every Day

Friday, January 31st, 2014

This week January 28 was recognized around the world at International Data Privacy Day. Data Privacy Day is the perfect time to think about all things privacy. For example, consider all the computing devices and gadgets you use, including smartphones and tablets. Many folks don’t realize these devices are continually collecting personal information about (more…)

Tags:audit, awareness, compliance, Data Privacy Day, data protection, IBM, Information Security, information security policy, infosec, Iowa Data Privacy Day, midmarket, non-compliance, outsourcing, personal information, personal information identifier, personal information item, policies, privacy, privacy laws, privacy policy, privacy professor, privacyprof, Rebecca Herold, risk assessment, risk management, security, security procedure, training, vendor
Posted in privacy, Training & awareness | No Comments »

6 Questions to Ask before Posting to Social Networks

Friday, August 31st, 2012

Every day I see yet another (often another dozen) situation where employees misused, abused or otherwise accused social media sites to the chagrin of their employers. Businesses need to make a coordinated effort, using a combination of policies, training and technology to mitigate the risks (to personnel as well as the business) of workers using social media sites. Today let’s consider what organizations should be telling their workers about social media information security and privacy. (more…)

Tags:awareness, breach, bullying, compliance, cyberbullying, e-mail, electronic mail, email, facebook, IBM, Information Security, information technology, infosec, IT security, lawsuits, Linked In, messaging, midmarket, non-compliance, online posting, personal information, personally identifiable information, PII, policies, privacy, privacy breach, privacy professor, privacyprof, Rebecca Herold, security, sensitive personal information, social media, SPI, systems security, training, tweet, twitter
Posted in Social Media, Training & awareness | 5 Comments »

Are Emails of Public Company Execs Private or Public?

Thursday, August 16th, 2012

At the end of July, Twitter suspended the account of Guy Adams, a reporter for the UK’s Independent, after he posted the corporate email address of Jim Bell, Producer of NBC Olympics, and said less than flattering things about his expectations for how NBC would do in their Olympics coverage. Adams reportedly claimed that he felt the email account was open to public use since it showed up in Google search results. However, privacy concerns were widely expressed over his decision to share the executive’s contact details, and thus his account was suspended. Apparently NBC complained, Twitter listened, and Guy’s account was shut down. After a bit of hullabaloo, Twitter then changed heart and re-activated his Twitter account. I received several great questions related to this, collectively boiling down to the following five: (more…)

Tags:awareness, breach, compliance, CSO Online, e-mail, electronic mail, email, Guy Adams, IBM, Information Security, information technology, infosec, IT security, Jim Bell, lawsuits, messaging, midmarket, NBC, non-compliance, Olympics, online posting, personal information, personally identifiable information, PII, policies, privacy, privacy breach, privacy professor, privacyprof, Rebecca Herold, security, sensitive personal information, social media, SPI, sue, systems security, training, tweet, twitter
Posted in Social Media, Training & awareness | No Comments »

Not Providing Education Is THE Dumbest Idea for Information Security and Privacy Efforts

Monday, August 6th, 2012

Every year or so, an otherwise smart information security professional publishes some really bad information security advice about how awareness and training is a waste of time and money. The latest proclamation at CSO Online has generated a small bit of a firestorm since it was published.

As time goes on, and more and more information security incidents and privacy breaches occur, and more information is put into the hands, and care, of more and more end-users who have no background in information security or privacy, such statements are simply bad, bad, bad advice. Making such statements also makes it harder for information security and privacy pros to do their job as effectively as possible when business leaders believe such hogwash and then wind up cut funding for information security and privacy education as a result. I’ve been in the information security and privacy compliance profession for a very long time, have built such programs and assisted many organizations in building theirs, and I could fill a book with examples of how training and awareness activities have improved their information security and privacy efforts and outcomes. Others in this profession with hands one responsibilities for the full lifecycle of information protection could also write their own books with such examples.

I wrote a blog post about this topic in 2009, and now is a good time to write another and point out that there is greater need than ever before for organizations, of all sizes, to make the comparatively small investment in information security and privacy education for their workers.

5 flawed arguments against information security and privacy education (more…)

Tags:awareness, breach, compliance, CSO Online, e-mail, electronic mail, email, Information Security, information technology, infosec, IT security, Keywords: personal information, messaging, midmarket, non-compliance, personally identifiable information, PII, policies, privacy, privacy breach, privacy professor, privacyprof, Rebecca Herold, security, sensitive personal information, SPI, systems security, training
Posted in Laws & Regulations, Training & awareness | 4 Comments »

Messaging Mishaps Have Collateral Damage

Thursday, August 2nd, 2012

A few weeks ago I wrote about recent situation in which the Des Moines public school system superintendent’s career was brought to a standstill (it is yet to see whether it is temporary or permanent) by using the public school email system to exchange 115 personal messages, and including at least 40 cases sexually explicit messages, with her lover, married with children highly decorated Army Captain Hintz. Since that time he has been fired from his position as head of Army Recruiting Command, a Des Moines-based recruiting company. So not only was one person’s misuse of her employer’s email system the cause of her own career downward detour, it also has had ripple effects and derailed the career of the man who was corresponding with her, and likely also further ripples out to damage his family.

More privacy and security lessons

In addition to the lessons from my earlier post, this provides additional lessons: (more…)

Tags:awareness, breach, compliance, Des Moines, e-mail, electronic mail, email, IBM, Information Security, information technology, infosec, Iowa, IT security, messaging, midmarket, non-compliance, Omaha, personal information, personally identifiable information, PII, policies, privacy, privacy breach, privacy professor, privacyprof, public school, Rebecca Herold, Sebring, security, sensitive personal information, SPI, systems security, training
Posted in privacy, Training & awareness | No Comments »

Messaging Misjudgment Kills Careers

Monday, June 18th, 2012

June 22 update to this topic: Today the judge refused to block the release of the emails as Sebring and her lover requested. See http://www.desmoinesregister.com/article/20120622/NEWS/120622012/Judge-announces-decision-on-Sebring-email-release

In the past few weeks the use of emails at work has been in the news a lot in central Iowa, and the news quickly spread around the globe because of the sex and intrigue involved. Basically, approximately four months before the end of school, the Des Moines Superintendent of Schools at the time, Dr. Sebring, started sending what would end up being over 40 very personal and sexually explicit messages to

(more…)

Archive for the ‘Training & awareness’ Category

Four Things to Do for National Cyber Security Awareness Month

Use Movies to Raise Privacy and Security Awareness

Stay Alert for Stegoloader and Rombertik Malware Threats

6 Actions Businesses Should Take During Cyber Security Awareness Month

Time to Focus on Privacy Every Day

Not Providing Education Is THE Dumbest Idea for Information Security and Privacy Efforts

Messaging Mishaps Have Collateral Damage

Messaging Misjudgment Kills Careers

Search Privacyguidance

Categories

Archives

Blogroll

Meta

Syndicate