Posts Tagged ‘cybersecurity’
Friday, May 8th, 2015
What does the past teach us about how to #befutureready in BYOD?
During the last half of the 1990s there was concern for the growing use of employees’ own home desktop computers to dial-in to the corporate network from home. Thousands of articles and hundreds of conference sessions discussed the associated risks, and then how to mitigate them through documented policies and the use of new tools. Soon after 2000 passed the concerns expanded to employees using their personally owned laptops, not only outside of the office, but even bringing them into the facilities to use instead of the corporate-issued computers. Thousands more articles, and hundreds more conference sessions discussed how to address the risks. (more…)
Tags:befutureready, cybersecurity, Dell, employee, future ready, high tech, Information Security, insider threat, Internet of Things, mobile working, policies, privacy, privacy professor, privacyprof, procedures, Rebecca Herold, risk management, toprank
Posted in Information Security, Miscellaneous | No Comments »
Monday, March 30th, 2015
I started my career as a systems engineer at a large multi-national financial and healthcare corporation. I identified a vulnerability in how one of the major back office systems was designed and had an idea for how to mitigate it. I went to my new manager at the time, described my idea and sketched it out on the whiteboard in his office. He wasted no time telling me that it was a horrible idea, that none of the business unit heads would ever agree to do something so drastically different that had never before been done, and that they would likely view it just as more work for them. So I explained how it would actually be less work for them, after which he literally yelled at me, “Stop! Your idea is bad! Quit wasting my time!” I considered quitting that day, but didn’t. Two months later at the IT-wide quarterly meeting the IT Director announced a great new innovative idea that my manager had proposed to the business heads, who embraced the idea and were already doing actions to get it implemented. They also announced my manager had been promoted and would be moved to a different department for his fabulous idea, which they described…and turned out to be my idea, right down to the drawings I made on his white board. I learned many valuable lessons from that situation. I have often wondered since then how often similar types of situations have occurred. (more…)
Tags:ada lovelace, cybersecurity, Dell, grace hopper, hedy lamarr, Information Security, innovation, privacy, privacy professor, privacyprof, Rebecca Herold, technology, toprank, walter isaacson
Posted in Women in Tech | No Comments »
Thursday, March 12th, 2015
“Everyone knows that hackers only go after big organizations!” the wearable medical device representative shouted at me after my presentation on the need to build security and privacy controls into such devices, as well as having policies and procedures governing their use within the business organization. “It is a waste of our time, effort and money to establish and build in such security and privacy controls!”
This one person’s strong opinion is one that I’ve heard many times over the years about implementing security and privacy controls in general. And it is becoming more dangerous from a security and privacy perspective to not only those using wearable devices of all kinds (medical, fitness, tracking, etc.), but wearables also bring significant risk to the organizations whose employees are wearing them. (more…)
Tags:cybersecurity, Dell, FTC, Information Security, Internet of Things, IoT, privacy, privacy professor, privacyprof, Rebecca Herold, smart device, TechPage, wearable, wearables
Posted in Internet of Things, Uncategorized | No Comments »
Friday, February 20th, 2015
Still relevant lessons in security economics
I started working in the information security and privacy space in 1988 at a large multi-national financial and healthcare organization. Imagine trying to get security and privacy controls implemented at a time when there were no regulations requiring organizations to do so. Yes, I faced some challenges. And many since. Some examples: (more…)
Tags:cybersecurity, Dell, Edith Ramirez, Federal Trade Commission, FTC, Information Security, Internet of Things, IoT, Joshua Wright, Julie Brill, Maureen Ohlhausen, privacy, privacy professor, privacyprof, Rebecca Herold, smart device, TechPage, Terrell McSweeny
Posted in Internet of Things | No Comments »
Sunday, January 4th, 2015
In early December, there were several reports about yet another type of ransomware, VirRansom, the next evolution of ransomware. It combines the ransomware feature of making data unavailable and locking up your computer until you pay the crooks a ransom with the feature of a virus, which allows it to spread to others. This basically means that not only will the ransomware take your computer hostage, it could also take all the other computers you communicate with hostage.
Some key points about VirRansom: (more…)
Tags:awareness, cybersecurity, Dell, malware, privacy professor, ransomware, Rebecca Herold, VirRansom
Posted in Cybersecurity | No Comments »
Monday, December 22nd, 2014
Too many businesses have poor information security controls in place (e.g,. demonstrably Sony, Staples, and a seemingly infinite number of other companies) and are basically giving their intellectual property, and the personal information they are responsible for, away.
A recent Sailpoint survey reveals that: (more…)
Tags:breach, cybersecurity, Dropbox, Google Docs, hack, hacker, HIPAA, HITECH, Information Security, privacy, privacy awareness, privacy training, Rebecca Herold, security awareness, security incident, security training
Posted in Cybersecurity, Information Security | No Comments »
Wednesday, December 10th, 2014
The day before Thanksgiving here in the U.S. I had the great pleasure of speaking with a couple of consumate information security experts from across the pond in England and Norway, Kai Roer and Mo Amin, on an episode of their Security Culture TV! We chatted about how to get folks to be more aware of privacy risks, and how to change their mindset to a more privacy proactive stance. You can see this episode here.
When you look at recent breaches, it is clear that awareness of information security and privacy risks, and how to mitigate them, is not getting the attention necessary by leaders of organizations. Why else would (more…)
Tags:awareness, compliance training, cyber security awareness, cybersecurity, cybersecurity awareness, financial security training, FISMA, GLBA, healthcare security training, HIPAA, HIPAA security training, Information Security, information security awareness, information security training, Kai Roer, Mo Amin, PIA, privacy, privacy awareness, privacy impact assessment, privacy professor, Rebecca Herold, training
Posted in privacy, privacy impact assessment, Privacy Incidents | No Comments »
Wednesday, May 21st, 2014
Even with the number of privacy breaches increasing, and with numbers of privacy sanctions coming from the FTC and other regulatory agencies and courts snowballing for companies doing irresponsible things with personal information, putting growing numbers of individuals at risk of identity fraud as well as physical safety risks, companies are still asking for way too much unnecessary and sensitive personal information purely for their marketing purposes.
And too many online media outlets, often reporting on or promoting these marketing efforts, are perpetuating these very bad privacy practices. Then, so they will not upset their advertisers, they actually are deleting comments that point out how bad those marketing and data collection practices are. I recently just experienced such a situation with (more…)
Tags:ABC News, birth certificate, children’s identity theft, cybersecurity, Dairy Queen, data protection, Disney, IBM, identity theft, Information Security, infosec, marketing, midmarket, Pierson Grant, privacy professor, privacyprof, Rebecca Herold, risk assessment, risk management
Posted in Marketing, PIA, privacy | No Comments »
Thursday, April 10th, 2014
In the past couple of weeks I’ve gotten a couple dozen questions from my clients that are small to midsized covered entities (CEs) or business associates (BAs) under HIPAA, in addition to several small to midsized start-ups that provide services in other industries. And, while some of these concerns are arising out completely erroneous advice, regrettably, some of the questions resulted from my own mea culpa of writing a confusing sentence in my last blog post, for which I’ve since provided a clarification within. (Lesson: I need to spend more time double-checking/editing text prior to posting after doing edits to cut the length.) I apologize for any confusion or alarm that may have arisen as a result.
However, this does provide a good opportunity to examine in more depth the compliance issues related to Windows XP use, and the related questions I’ve received. The following are the most common questions I’ve answered in the past several days. (more…)
Tags:awareness, compliance, cybersecurity, data protection, HIPAA, IBM, Information Security, infosec, midmarket, non-compliance, PCI DSS, personal information identifier, personal information item, PI, PII, policies, privacy, privacy laws, privacy professor, privacyprof, Rebecca Herold, risk assessment, risk management, security, surveillance, training, upgrade, Windows XP, XP upgrade
Posted in HIPAA | No Comments »
Tuesday, March 25th, 2014
If you haven’t heard yet, Windows XP will no longer be supported after April 8, 2014. That’s just a couple of weeks away! Why should you even care? Well, because you may have an important, or even mission-critical, computing device you use for your business, or for personal use, that is running on Windows XP. According to NetMarketShare at the end of February, 2014, 30% of all folks using Windows desktop computers were still running Windows XP. This is around ½ a BILLION computers, folks! After support ends, (more…)
Tags:awareness, compliance, cybersecurity, data protection, IBM, Information Security, infosec, midmarket, non-compliance, personal information identifier, personal information item, PI, PII, policies, privacy, privacy laws, privacy professor, privacyprof, Rebecca Herold, risk assessment, risk management, security, surveillance, training, upgrade, Windows XP, XP upgrade
Posted in Information Security | 1 Comment »
