Archive for the ‘Uncategorized’ Category
Thursday, March 3rd, 2016
Note: This was written in early January for part of International Data Privacy Day and Iowa Data Privacy Day activities. It is just now being published due to some unforeseen delays.
Do you have any type of wearable health device, like a fitness tracker? Or maybe an implanted or attached medical device, like an insulin pump or pacemaker? If they connect with apps or other computers through wireless connections, they are most likely collecting and sending huge amounts of data. Have you considered all that data, and how it is secured and who is getting it? (more…)
Tags:Data Privacy Day, data security, Internet of Things, IoT, medical devices, privacy
Posted in privacy, Uncategorized | No Comments »
Thursday, July 2nd, 2015
I’ve been concerned with and writing about the information security and privacy risks involved with the data created, transmitted and processed by smart devices in the Internet of Things (IoT) for several years since they first started emerging (e.g., here) and will likely be writing on it even more in the coming months and years. According to a new IDC research report, the IoT market will grow from $655.8 billion in 2014 to $1.7 trillion in 2020 with a compound annual growth rate (CAGR) of 16.9%. Will privacy die in this IoT explosion? If IoT developers and manufacturers take action now, I’m optimistic that they can save privacy in the IoT explosion. (more…)
Tags:access logs, awareness and training, Dell, encrypt, encryption, Information Security, Internet of Things, IoT, IT compliance, malware, medical device, policies and procedures, power more, privacy, privacy compliance, privacy professor, privacyprof, program changes, risk management, security awareness, security logs, security training Rebecca Herold, toprank
Posted in Uncategorized | No Comments »
Thursday, March 12th, 2015
“Everyone knows that hackers only go after big organizations!” the wearable medical device representative shouted at me after my presentation on the need to build security and privacy controls into such devices, as well as having policies and procedures governing their use within the business organization. “It is a waste of our time, effort and money to establish and build in such security and privacy controls!”
This one person’s strong opinion is one that I’ve heard many times over the years about implementing security and privacy controls in general. And it is becoming more dangerous from a security and privacy perspective to not only those using wearable devices of all kinds (medical, fitness, tracking, etc.), but wearables also bring significant risk to the organizations whose employees are wearing them. (more…)
Tags:cybersecurity, Dell, FTC, Information Security, Internet of Things, IoT, privacy, privacy professor, privacyprof, Rebecca Herold, smart device, TechPage, wearable, wearables
Posted in Internet of Things, Uncategorized | No Comments »
Wednesday, December 3rd, 2014
I am intrigued by the new social collaboration tool, Verse, which IBM just released that is reportedly intended to reinvent email. Quite a lofty, but worthwhile, goal considering email hasn’t significantly changed since the move from a mainframe based character viewing system to client-based file attachment capabilities! I decided to take a quick look at the issues in the description of Verse that would most impact security and privacy. After a cursory look at the Verse site and a news release about it, here are some of my thoughts. (more…)
Tags:awareness, IBM, Information Security, information security risks, infosec, midmarket, privacy, privacy professor, privacy risks, privacyprof, Rebecca Herold, Verse
Posted in Uncategorized | No Comments »
Monday, July 21st, 2014
Early this month I was happy to discuss synthetic identity theft on the Great Day show. I briefly talked about how synthetic identity theft was also committed in the U.S. using business employer identity numbers (EINs). Crooks often target small and midsize businesses for this type of crime. After the show I got a lot of questions asking for more information about synthetic EIN identity theft. (more…)
Tags:business identity theft, EIN theft, Great Day, IBM, ID theft, identity theft, Information Security, infosec, midmarket, privacy, privacy professor, privacy risks, privacyprof, Rebecca Herold, synthetic identity theft
Posted in identity theft, Uncategorized | No Comments »
Thursday, June 26th, 2014
Big data analytics are being used more widely every day for an even wider number of reasons. These new methods of applying analytics certainly can bring innovative improvements for business. For example, retail businesses are successfully using big data analytics to predict the hot items each season, and to predict geographic areas where demand will be greatest, just to name a couple of uses.
The power of big data analytics is so great that in addition to all the positive business possibilities, there are just as many new privacy concerns being created. Here are ten of the most significant privacy risks. (more…)
Tags:big data, big data analytics, IBM, Information Security, infosec, Internet of Things, IoT, midmarket, privacy, privacy professor, privacy risks, privacyprof, Rebecca Herold
Posted in privacy, Uncategorized | No Comments »
Friday, April 25th, 2014
Heartbleed has certainly been the security and privacy mistake/incident of April, if not of 2014. There has been a lot written about it, much good and much bad. I’ve gotten dozens of questions about it and provided an explanation in layman’s terms on the Great Day morning news show. Here are the most common questions, and associated answers, that I’ve received from several of my small- to midsized clients about Heartbleed that have involved the most confusion; let’s clear up that misunderstanding! (more…)
Posted in Uncategorized | No Comments »
Thursday, March 20th, 2014
It seems that right now phone scam season is going strong! Last week I posted about some common scams targeting businesses. Those same scams are also targeting the general public, so please be on the lookout for them. In addition to those, here are some others that seem to be targeting primarily individuals and the general public. (more…)
Tags:awareness, compliance, cybercrooks, cybersecurity, data protection, IBM, Information Security, infosec, Keywords: phone scams, midmarket, non-compliance, personal information identifier, personal information item, phishing, PI, PII, policies, privacy, privacy laws, privacy professor, privacyprof, Rebecca Herold, risk assessment, risk management, robocall, security, social engineering, surveillance, training
Posted in Uncategorized | No Comments »
Friday, March 14th, 2014
It seems that right now phone scam season is going strong! I got 2 calls last week from scammers. I got another scammer call during a meeting last night. Two of my LinkedIn contacts got calls in the past week that they asked me about. A local newspaper columnist got a call from a scammer. As folks are becoming more aware of phishing attempts via email and other types of malware, they are also becoming more lax about spotting phone scams, often stating the belief that most crooks are using online phishing scams instead of any other type of rip-off. (more…)
Tags:awareness, compliance, cybercrooks, cybersecurity, data protection, IBM, Information Security, infosec, Keywords: phone scams, midmarket, non-compliance, personal information identifier, personal information item, phishing, PI, PII, policies, privacy, privacy laws, privacy professor, privacyprof, Rebecca Herold, risk assessment, risk management, robocall, security, social engineering, surveillance, training
Posted in Uncategorized | 1 Comment »
