I have a blog problem…there are way too many things I want to blog about and not enough hours in the day to do it! Throughout each day I note news items from the TV, or website news articles, or research, or reports, or just observations while at businesses or in public, and I only have a chance to blog about a small fraction of them. Today I think I’ll just briefly mention five of the topics I’ve planned to blog about, along with a brief note about each, and then maybe I’ll be able to revisit them sometime in the near future and discuss them at greater length.
* From August 20: Your data’s less safe today than two years ago: Crooks are outpacing prevention efforts; ID theft is up 50% since 2003
No kidding! Look at how many new technologies are developed all the time. Look at how much more mobile working occurs. Look at the ever-increasing databases of personally identifiable information (PII). Look at all the new vulnerabilities that continue to emerge. Look at all the new threats that continue to emerge. Two years from now your data will be even less safe than it is today. All the more need for dedicated information security and privacy professionals, all the more need for building security in, all the more need for effective security and privacy practices, and all the more need for ongoing information security and privacy awareness and training.
* From August 22: USERS OUTWIT IT WHEN DEPLOYING CONSUMER APPS
Yes, if workers think they can run their favorite fun software on your network without getting caught, many to most will do it. If they think they can go to sites that their employer said not to without getting caught, many to most will do it. The Wall Street Journal is happy to show them how.
* From IEEE Security and Privacy: Encryption: Security Considerations for Portable Media Devices
This is a nice paper by Faith Heikkila about what you should know about encrypting data on mobile computing and storage devices. Faith provides some great tips and considerations, along with some product sources. The issues are clearly explained and it is easy to read. Check it out.
* From September 21: Ethical hacking courses for sale on eBay
Why is anyone surprised? Considering there have been thousands of these hacking kits sold at these hacking schools; it was inevitable that some of the people taking the courses…of course all the people who have ever taken or will take these courses are completely trustworthy never to share them ;)…would want to sell them to make a little bit of money that they needed to pay for more advance hacking tools, or to try and recoup some of the money that their employers surprisingly did not reimburse to them to take the course, or, whatever…
Whenever a vendor is offering this kind of course, they have to expect that their products will be re-sold…a security company offering these courses should understand the insider threat is real by now. Even if they send the names of their participants to the FBI.
* From October 16: A CNN video report, “Out of voicemail jail”
Bill Gates basically wants to replace the phone companies and have everyone switch to “unified communications” using his computers and technologies. I bet he does!
But it’s in our best interest…according to Mr. Gates it will allow us no downtime so we can be more productive, more efficient, the system allows for face to face communications, and is oh, gosh, ever so neat! Mr. Gates projects 100 million people will be using unified communications in 3 years and that voice mail will become a “thing of the past.”
UGH! That’s all we need…more expectations that we will be available 24/7 to do work!
I am told I already spend too much time working and not enough down time. I know there are millions of others who are also told that. I don’t even have a Blackberry…I refuse to become a slave to my email. But I still seem to be working 7 days a week.
And…I like talking to people on the phone and not worrying about what I look like! Sometimes I want to make a business call after a 5-mile run, while I’m still all red, sweaty and wearing a slightly holey t-shirt and wrinkled shorts…hey, I can think more clearly and creatively after a run! It doesn’t matter what people doing business on the phone look like as long as the conversation and communications are good and productive. I sure don’t want to have to get office-looking-ready just to communicate with someone over the computer/phone.
Besides just time and practical issues, there are so many security and privacy issues involved. Where will all these “unified communications” transmissions be stored? Copied to? Who will be listening and/or looking in on them? What are the e-discovery issues involved? Are the communications all being archived somewhere? How do we really know what folks are on the other end of the transmission listening in that may not be visible on the screen? Hmm…
Tags: awareness and training, Bill Gates, cybercrime, encryption, Faith Heikkila, hackers, ID theft, Information Security, insider threat, IT compliance, mobile computing, personally identifiable information, PII, policies and procedures, privacy, risk management, security awareness