Posts Tagged ‘awareness’

No Those Messages Will Not Completely Self-Delete

Friday, October 30th, 2015

A childhood friend of mine, who does not have a technology or information security background, recently asked me whether or not apps that promise messages, photos, videos, and anything else sent through them will completely disappear were to be trusted. She referenced several different proclaimed “disappearing messages” apps that are currently available and asked, “So what do you think of these disappearing apps?  The messages are not really gone?” She is responsible for the care of an adult relative, and wanted to be able to communicate with his healthcare providers securely, and to not have any of the communications to linger and had been using one of these apps. (more…)

How to Protect Against Virulent Ransomware

Sunday, January 4th, 2015

In early December, there were several reports about yet another type of ransomware, VirRansom, the next evolution of ransomware. It combines the ransomware feature of making data unavailable and locking up your computer until you pay the crooks a ransom with the feature of a virus, which allows it to spread to others. This basically means that not only will the ransomware take your computer hostage, it could also take all the other computers you communicate with hostage.

Some key points about VirRansom: (more…)

Addressing Mobile Risks in 2015

Wednesday, December 24th, 2014

Last week fellow IBM Midsize blogger Jason Hannula wrote about Gartner’s prediction that by 2018 more than 50% of all folks will use their mobile computing devices in the workplace before, or instead of, using a desktop or laptop. That’s just three short years away. We already have an abundance of mobile devices being used in a wide range of industries. (more…)

The 3 Necessary Elements for Effective Information Security Management

Thursday, December 11th, 2014

Seeing all these really bad information security incidents and privacy breaches, often daily, are so disappointing.  Let’s consider these four in particular.

  1. The Sony hack that seems to continue to get worse as more details are reported.
  2. An ER nurse using the credit cards of patients.
  3. Breaches of Midwest Women’s Healthcare patient records due to poor disposal practices at the Research Hospital.
  4. TD Bank’s outsourced vendor losing two backup tapes containing data about 260,000 of their customers.

And the list could continue for pages.

These incidents, and most others, probably could have been prevented if an effective information security and privacy management program existed that was built around three primary core elements: (more…)

Privacy Awareness: Moving from “I have nothing to hide” to “Oh dear!”

Wednesday, December 10th, 2014

The day before Thanksgiving here in the U.S. I had the great pleasure of speaking with a couple of consumate information security experts from across the pond in England and Norway, Kai Roer and Mo Amin, on an episode of their Security Culture TV! We chatted about how to get folks to be more aware of privacy risks, and how to change their mindset to a more privacy proactive stance. You can see this episode here.

When you look at recent breaches, it is clear that awareness of information security and privacy risks, and how to mitigate them, is not getting the attention necessary by leaders of organizations. Why else would (more…)

Preliminary Thoughts about IBM’s New Social Collaboration Tool

Wednesday, December 3rd, 2014

I am intrigued by the new social collaboration tool, Verse, which IBM just released that is reportedly intended to reinvent email. Quite a lofty, but worthwhile, goal considering email hasn’t significantly changed since the move from a mainframe based character viewing system to client-based file attachment capabilities! I decided to take a quick look at the issues in the description of Verse that would most impact security and privacy. After a cursory look at the Verse site and a news release about it, here are some of my thoughts. (more…)

You Need to Know about Ransomware

Monday, November 24th, 2014

When was the last time you made a backup of all your data? How often do you make incremental backups? Do you keep these backups on a separate storage device and disconnected (or firewalled away from) the rest of your network?

“Say, why do you ask?”

The primary reason I’m asking right now is because ransomware is growing rapidly in occurrences; over 700% from last year.  Three of the best ways you can help defend against it is by: (more…)

6 Actions Businesses Should Take During Cyber Security Awareness Month

Tuesday, October 21st, 2014

October is National Cyber Security Awareness Month. It would seem the breaches announced virtually every day of this  month so far were orchestrated to highlight the need for organizations to beef up their information security efforts and improve their controls.

Sadly instead, cyber incidents seem to have become de rigueur these days. Consumers are getting fed up, and government agencies are proposing more laws. The tide is turning, and soon organizations will be held accountable for more effectively protecting their systems and information, or they will likely face much steeper fines and penalties than ever before. So, now’s the time to take action! Here are six actions you to take this month to start improving your organization’s information security program and associated efforts. (more…)

Rx for Incorrect Compliance Claims and XP

Thursday, April 10th, 2014

In the past couple of weeks I’ve gotten a couple dozen questions from my clients that are small to midsized covered entities (CEs) or business associates (BAs) under HIPAA, in addition to several small to midsized start-ups that provide services in other industries.  And, while some of these concerns are arising out completely erroneous advice, regrettably, some of the questions resulted from my own mea culpa of writing a confusing sentence in my last blog post, for which I’ve since provided a clarification within. (Lesson: I need to spend more time double-checking/editing text prior to posting after doing edits to cut the length.) I apologize for any confusion or alarm that may have arisen as a result.

However, this does provide a good opportunity to examine in more depth the compliance issues related to Windows XP use, and the related questions I’ve received.  The following are the most common questions I’ve answered in the past several days. (more…)

Will the Demise of XP Shut Down Your Business…or Heart?

Tuesday, March 25th, 2014

If you haven’t heard yet, Windows XP will no longer be supported after April 8, 2014. That’s just a couple of weeks away! Why should you even care? Well, because you may have an important, or even mission-critical, computing device you use for your business, or for personal use, that is running on Windows XP. According to NetMarketShare at the end of February, 2014, 30% of all folks using Windows desktop computers were still running Windows XP.  This is around ½ a BILLION computers, folks!  After support ends, (more…)