Do Employers Need GPS And Logs When They Have YouTube and Facebook To Monitor Employees?

November 29th, 2007

I don’t know why I continue to be surprised at the stupid things some people do, but apparently some people will never realize how much of themselves they are giving away when they post their pictures and other personal information on the Internet. My friend Alec (thanks again, Alec!) pointed me to a perfect example of what a growing number of people are doing…apparently thinking their employers are not savvy enough to be able to use the Internet.

Read the rest of this entry »

Email is for “Old People”: Do Lack of Laws Make IM and Texting Ripe for Exploiting Children & Teens?

November 28th, 2007

My 13-year-old-niece wrote an article for me about social engineering, and I got a chuckle out of her writing, “Maybe I’m old-fashioned, but I only use email. I don’t have my own FaceBook site.”
Can you imagine email being old-fashioned?! Gosh, my hand-written letters must be prehistoric!

Read the rest of this entry »

6 “Scary Stuff” Privacy Terms IT, Info Sec and Privacy Folks Should Know

November 27th, 2007

Robert Ellis Smith sent me an email yesterday to let me know about his most recent article in Forbes magazine, “Scary Stuff.”
It’s a very interesting read and highlights some terms that, to date, I have not seen in print that much. However, they are some terms that information security, privacy and IT pros needs to acquaint themselves with:

Read the rest of this entry »

Information Security and Privacy Leaders, Get Your Elevator Speeches Ready For Your CxOs!

November 26th, 2007

My father was the superintendent of the public school district where I grew up in Missouri. He was a very hands-on type of leader; when he was not filling out forms, writing reports, making plans, or in meetings he was out in the hallways seeing what was up with the students and teachers and making sure that all was well. And then the evenings were busy with basketball games, concerts or other school events. Those school employees, parents and students that were able to talk with him during opportune times in the hallway or in the bleachers during time-outs, and get their concerns or points stated succinctly and clearly, made a positive impression with my dad. He appreciated that they communicated their ideas and concerns clearly, and got right to the point.
If you had an opportunity to speak for a few minutes with your CEO, CFO, or other CxO, would you be prepared to communicate succinctly and clearly your concerns and state your points regarding the importance of your information security and privacy initiatives?

Read the rest of this entry »

Another Approach To Licensing Compliance

November 25th, 2007

My blog posting from earlier talked about how the MPAA is trying to combat movie piracy.
I just visited the LinkedIn site and was intrigued to find an ad from the Business Software Alliance (BSA) offering up to $1,000,000…yes, US $1 million …for reporting illegal software and copyright infringements by organizations, by a distributor, or over the Internet.

Read the rest of this entry »

Don’t Throw Away The Privacy Of All And Jeopardize Network Security To Run A Compliance Tool

November 25th, 2007

Many times software designed to enforce legal compliance, or find network users who are breaking laws, bring along with them greater risks to information security and privacy.

Read the rest of this entry »

Show “Home Alone” To Raise Social Engineering Awareness

November 24th, 2007

I hope those of you who celebrated Thanksgiving had a great one! I spent a very nice day with my family at my brother’s house. After getting back home we decided to watch some Christmas movies, so we spent the evening watching one of my very favorites, “A Christmas Story” and then “Home Alone.”

Read the rest of this entry »

Show Your CFO and CEO the Potential Financial Impact of a Privacy Breach

November 23rd, 2007

My central Iowa Infragard president, Tom Conley sent all our members a note on Wednesday with a link to a site that contains 9 variables to help demonstrate the range of financial impact to organizations that experience an incident involving personally identifiable information (PII).

Read the rest of this entry »

7 More Reasons Why Sending Cleartext IM and Email Is *NOT* Secure Even If Your Doc Says It Is…Part 2

November 21st, 2007

As a continuation of my blog posting from Monday, here are 7 additional reasons to add to the previous 4 for why sending cleartext instant messages (IMs) and email is not secure:

Read the rest of this entry »

Sending Cleartext IM and Email Is *NOT* Secure Even If Your Doc Says It Is…Part 1

November 19th, 2007

I got some interesting comments and questions, and lots of good direct feedback, about my blog post on sending cleartext patient information last week, “HIPAA: Beware Doctors Who Claim They Don’t Have To Follow Safeguard and Privacy Requirements” so I wanted to take this opportunity to discuss the topic a little more.

Read the rest of this entry »