Posts Tagged ‘encrypt’
Thursday, July 2nd, 2015
I’ve been concerned with and writing about the information security and privacy risks involved with the data created, transmitted and processed by smart devices in the Internet of Things (IoT) for several years since they first started emerging (e.g., here) and will likely be writing on it even more in the coming months and years. According to a new IDC research report, the IoT market will grow from $655.8 billion in 2014 to $1.7 trillion in 2020 with a compound annual growth rate (CAGR) of 16.9%. Will privacy die in this IoT explosion? If IoT developers and manufacturers take action now, I’m optimistic that they can save privacy in the IoT explosion. (more…)
Tags:access logs, awareness and training, Dell, encrypt, encryption, Information Security, Internet of Things, IoT, IT compliance, malware, medical device, policies and procedures, power more, privacy, privacy compliance, privacy professor, privacyprof, program changes, risk management, security awareness, security logs, security training Rebecca Herold, toprank
Posted in Uncategorized | No Comments »
Wednesday, February 26th, 2014
Do you think the NSA is the biggest threat to your privacy? Certainly they are collecting a significant amount of personal data. And from the looks of it, with their new facility that may hold up to 12 exabytes (that’s 12,000,000,000,000,000,000 bytes) of data, they appear to be planning to continue collecting, and keeping, more data. This is an important topic, and I’ll look at in more depth in an upcoming blog post. But for now, you need to know and understand that there are many other entities that are collecting data from you and your mobile apps in the same way as NSA is slurping it up, along with several other ways. (more…)
Tags:awareness, compliance, cybercrooks, cybersecurity, data protection, encrypt, encryption, IBM, Information Security, infosec, midmarket, Mobile apps, mobile device, non-compliance, NSA, personal information, personal information identifier, personal information item, PI, PII, policies, privacy, privacy laws, privacy professor, privacyprof, Rebecca Herold, risk assessment, risk management, security, surveillance, training, wearable device, wireless
Posted in Information Security, mobile computing, privacy | No Comments »
Tuesday, December 3rd, 2013
Encryption has been talked about a lot lately. I’ve gotten at least a couple dozen questions from my Compliance Helper clients in the past month. They can pretty much be boiled down to this question:
What encryption solution should we use?
Many of the small and mid-size businesses I help, and many start-ups of any size, are under the assumption that if they get one encryption solution, it will (more…)
Tags:awareness, breach, cloud, compliance, cryptography, data protection, encrypt, encryption, HTTPS, IBM, information management, Information Security, information technology, infosec, IT security, midmarket, non-compliance, personal information, personal information identifier, personal information item, PHI, PII, policies, privacy, privacy breach, privacy laws, privacy professor, privacyprof, Rebecca Herold, risk assessment, risk management, security, SSL, systems security, TLS, training
Posted in Information Security | No Comments »
Tuesday, October 1st, 2013
“Sometimes I feel like…somebody’s watching me! And I have no privacy!”
(The Rockwell hit from…quite appropriately…1984.)
Each day, we are tracked by the ‘smart’ systems, mobile apps, personal communication devices and other surveillance platforms that have become commonplace in our daily lives. In an effort to educate more people, and businesses, about the data trails they are leaving behind (and the companies, data bureaus and marketers who are sniffing out that trail), I created this new infographic (more…)
Tags:awareness, big data, breach, compliance, data protection, encrypt, encryption, IBM, Information Security, information technology, infosec, Internet of Things, IT security, midmarket, monitoring, NIST, non-compliance, NSA, personal information identifier, personal information item, PHI, PII, policies, privacy, privacy breach, privacy laws, privacy professor, privacyprof, Rebecca Herold, risk assessment, risk management, security, social network, surveillance, systems security, training
Posted in Miscellaneous, privacy | No Comments »
Thursday, September 26th, 2013
I’ve received numerous questions from various news outlets, clients and colleagues since the published revelation that the NSA was getting the assistance of encryption vendors to decrypt messages throughout a very wide range of activities. A lot of folks are now throwing their hands in the air, claiming that encryption is now no longer effective, and planning to use something completely different. Hmm…wait! Don’t throw out the encryption baby with the unsafe practices bathwater yet. Encryption is still an effective, and necessary, information security control to use. The following are (more…)
Tags:awareness, BA, BAA, breach, business associate, CE, compliance, covered entity, data protection, encrypt, encryption, HIPAA, HITECH, IBM, Information Security, information technology, infosec, IT security, midmarket, monitoring, NIST, non-compliance, NSA, Omnibus, personal information identifier, personal information item, PHI, PII, policies, privacy, privacy breach, privacy laws, privacy professor, privacyprof, Rebecca Herold, risk assessment, risk management, RSA, security, social network, surveillance, systems security, training
Posted in government, Information Security | No Comments »
Friday, August 30th, 2013
Over the past week a few reporters who were following up on a recent breach of 9 million patient records for stories they were writing asked me basically the same question amongst all their others, “What are the barriers that stop healthcare organizations from encrypting their devices?” One of the resulting stories, by Marianne McGee, has been posted at HealthCareInfosecurity. During my work with a wide range of small to large organizations, in a wide range of industries, I’ve found there are some common reasons why encryption is not implemented. Here are the top four I’ve run across. (more…)
Tags:awareness, BA, BAA, breach, business associate, CE, compliance, covered entity, data protection, encrypt, encryption, HIPAA, HITECH, IBM, Information Security, information technology, infosec, IT security, midmarket, monitoring, non-compliance, Omnibus, personal information identifier, personal information item, PHI, PII, policies, privacy, privacy breach, privacy laws, privacy professor, privacyprof, Rebecca Herold, risk assessment, risk management, security, social network, surveillance, systems security, training
Posted in HIPAA, Information Security | No Comments »
Friday, March 2nd, 2012
I am looking forward to the day when we can look at the news headlines and not see some report about a lost or stolen computing device or storage device that contained unencrypted personal information and/or other sensitive information. And, I also want to stop seeing stories reappear about such an incident, such as the stolen NASA laptop with the clear text Space Station control codes that was stolen last year, but is making the headlines yet again today. NASA is a large enough, and tech savvy enough, organization to know better! However, there are many organizations that simply don’t understand what a valuable information security tool encryption is. I work with many small to medium sized businesses (SMBs), all of which have legal obligations (such as through HIPAA and HITECH, along with contractual requirements) to protect sensitive information, such as personal information. Over the past year I’ve heard way too many of them make remarks such as… (more…)
Tags:BA, business associate, CE, covered entity, encrypt, encryption, HIPAA, HITECH, IBM, medium business, midmarket, PHI, privacy, privacy professor, privacy rule, privacyprof, protected health information, Rebecca Herold, safeguards, security, security rule, small business, SMB, W-2, W2
Posted in Information Security | 1 Comment »
Monday, January 19th, 2009
The Ponemon Institute seems to have been busy doing surveys throughout the world recently!
According to three separate research surveys they did in the U.S., Canada and the U.K. they report within the BNA Privacy and Security Law Reports (subscription required) about “The Human Factor in Laptop Encryption” many interesting findings. The following are some of the high-level summary statements; see the full reports for some very interesting statistics and analysis:
(more…)
Tags:awareness and training, encrypt, encryption, Information Security, IT compliance, IT training, laptop security, Larry Ponemon, policies and procedures, Ponemon Institute, privacy training, risk management, security training
Posted in Information Security, Lost & Stolen Laptops | 1 Comment »
Friday, January 16th, 2009
If you are a business leader you must know and understand that encrypting personally identifiable information (PII) protects that PII from being used for identity theft and other crimes should it fall into the hands of a crook. Business leaders need to know this, but unfortunately too many do not really know what encryption is, let alone how it can be used to protect PII, along with the business.
(more…)
Tags:awareness and training, encrypt, encryption, identity theft, Information Security, IT compliance, IT training, personally identifiable information, PII, policies and procedures, privacy training, risk management, security training
Posted in Information Security, Laws & Regulations, Privacy and Compliance | No Comments »
Wednesday, December 6th, 2006
A report in the Air Force Times indicates a laptop containing personally identifiable information (PII) about 1,000 West Virginia Air National Guard members was stolen during a training trip in November. The spokesperson for the Air National Guard indicated:
“The Air Force uses some of most sophisticated encryption processes to safeguard information on government computers”
…implying the data on the laptop was encrypted, but not coming right out and saying it was.
(more…)
Tags:awareness and training, credit reports, encrypt, encryption, Information Security, IT compliance, laptop security, laptop theft, PII, policies and procedures, privacy
Posted in Lost & Stolen Laptops, Privacy and Compliance | 2 Comments »
