Posts Tagged ‘midmarket’
Wednesday, December 24th, 2014
Last week fellow IBM Midsize blogger Jason Hannula wrote about Gartner’s prediction that by 2018 more than 50% of all folks will use their mobile computing devices in the workplace before, or instead of, using a desktop or laptop. That’s just three short years away. We already have an abundance of mobile devices being used in a wide range of industries. (more…)
Tags:awareness, BYOD, computing devices, Dropbox, Google Docs, IBM, Information Security, information security policies, information security risks, information security training, infosec, midmarket, privacy, privacy policies, privacy professor, privacy risks, privacy training, privacyprof, Rebecca Herold, risk management
Posted in mobile computing | No Comments »
Thursday, December 11th, 2014
Seeing all these really bad information security incidents and privacy breaches, often daily, are so disappointing. Let’s consider these four in particular.
- The Sony hack that seems to continue to get worse as more details are reported.
- An ER nurse using the credit cards of patients.
- Breaches of Midwest Women’s Healthcare patient records due to poor disposal practices at the Research Hospital.
- TD Bank’s outsourced vendor losing two backup tapes containing data about 260,000 of their customers.
And the list could continue for pages.
These incidents, and most others, probably could have been prevented if an effective information security and privacy management program existed that was built around three primary core elements: (more…)
Tags:awareness, BA management, healthcare, IBM, Information Security, information security policies, information security risks, information security training, infosec, midmarket, outsourcing, privacy, privacy policies, privacy professor, privacy risks, privacy training, privacyprof, Rebecca Herold, risk management, Sony, TD Bank, vendor management
Posted in Information Security, privacy | No Comments »
Wednesday, December 3rd, 2014
I am intrigued by the new social collaboration tool, Verse, which IBM just released that is reportedly intended to reinvent email. Quite a lofty, but worthwhile, goal considering email hasn’t significantly changed since the move from a mainframe based character viewing system to client-based file attachment capabilities! I decided to take a quick look at the issues in the description of Verse that would most impact security and privacy. After a cursory look at the Verse site and a news release about it, here are some of my thoughts. (more…)
Tags:awareness, IBM, Information Security, information security risks, infosec, midmarket, privacy, privacy professor, privacy risks, privacyprof, Rebecca Herold, Verse
Posted in Uncategorized | No Comments »
Monday, November 24th, 2014
When was the last time you made a backup of all your data? How often do you make incremental backups? Do you keep these backups on a separate storage device and disconnected (or firewalled away from) the rest of your network?
“Say, why do you ask?”
The primary reason I’m asking right now is because ransomware is growing rapidly in occurrences; over 700% from last year. Three of the best ways you can help defend against it is by: (more…)
Tags:awareness, Cryptolocker, IBM, Information Security, information security risks, infosec, malware, midmarket, privacy, privacy professor, privacy risks, privacyprof, ransomware, Rebecca Herold, training
Posted in Information Security | No Comments »
Tuesday, November 4th, 2014
Earlier this year after a session I gave at a conference, an attendee who was new to information security, and had just been assigned this responsibility at a mid-sized organization in the healthcare industry, asked if he could visit with me for a while about risk management. Well, of course! During the course of our conversation I learned that he had gotten some very bad advice about risk management in general, and risk assessments in particular. I know from reading various comments throughout the social media discussion sites that bad advice is becoming far too common, with many (more…)
Tags:compliance, compliance documentation, documentation, HIPAA, Information Security, information security risks, infosec, midmarket, policies, privacy, privacy professor, privacy risks, privacyprof, procedures, Rebecca Herold, risk assessment, risk management, risks, SIMBUS, training
Posted in Information Security | No Comments »
Tuesday, October 21st, 2014
October is National Cyber Security Awareness Month. It would seem the breaches announced virtually every day of this month so far were orchestrated to highlight the need for organizations to beef up their information security efforts and improve their controls.
Sadly instead, cyber incidents seem to have become de rigueur these days. Consumers are getting fed up, and government agencies are proposing more laws. The tide is turning, and soon organizations will be held accountable for more effectively protecting their systems and information, or they will likely face much steeper fines and penalties than ever before. So, now’s the time to take action! Here are six actions you to take this month to start improving your organization’s information security program and associated efforts. (more…)
Tags:awareness, compliance, compliance documentation, documentation, HIPAA, IBM, Information Security, information security risks, infosec, midmarket, national cyber security awareness month, ncsam, policies, privacy, privacy professor, privacy risks, privacyprof, procedures, Rebecca Herold, SIMBUS, training
Posted in Information Security, Training & awareness | No Comments »
Tuesday, September 30th, 2014
Were you surprised to hear about the worker at the Chicago O’Hare airport last Friday? Certainly I was. Who would have ever thought someone working in the control center would light the hardware on fire, and then try to commit suicide? Unimaginable, right? However, what I was more surprised about was that there was no roll-over contingency operations center in place in the event something catastrophe took out the O’Hare operations center. After all, Chicago is in an area with a wide range of weather events, from blizzards and ice to severe storms and tornadoes, and everything in between. Not to mention that all airports are considered to be a target of a wide number of terrorist groups.
Just two days prior to the incident (more…)
Tags:BCP, business continuity, business resiliency, Chicago O’Hare, compliance documentation, data protection law, disaster recovery, documentation, DR, DR/BCP, facebook, IBM, Information Security, information security risks, infosec, marketing, midmarket, O’Hare fies, privacy, privacy law, privacy professor, privacy risks, privacyprof, Rebecca Herold, social media, twitter
Posted in Information Security | No Comments »
Monday, September 22nd, 2014
Most of the 250+ organizations I’ve audited, and the hundreds of others I’ve had as clients, hate documentation. At least creating documentation. So, they don’t do it, or they do it very poorly. Or, they document things they don’t need to, and fail to document the important things. And then, considering all that documentation, they often don’t retain it long enough, or forget where they put it.
Last year I wrote an article about legal retention length requirements. Now I’m focusing on the types of compliance activities organizations need to document, and then the need to retain that documentation for the appropriate periods of time. (more…)
Tags:BA management, compliance documentation, data protection law, documentation, facebook, HIPAA, Information Security, information security risks, infosec, marketing, midmarket, privacy, privacy law, privacy professor, privacy risks, privacyprof, Rebecca Herold, social media, twitter, vendor management
Posted in HIPAA, Privacy and Compliance | No Comments »
Friday, August 29th, 2014
Over the past few months I’ve been creating some social media marketing privacy guidelines and requirements for a couple of my large clients. Today I read a post from a fellow IBM Midsize Insider contributor, Jason Hannula, “Social Media: Enterprise Content or Customer Relationship Information?” It stated that “93% of marketers are using social media for business.” A large number of these are from small and midsize organizations. It is important for these organizations to not only keep Jason’s suggestions in mind, and follow the business’s data governance requirements, but also to make sure privacy is also appropriately addressed. Many, perhaps most, small to midsize businesses do not yet have social media privacy requirements in place. (more…)
Tags:data protection law, encryption, facebook, IBM, Information Security, information security risks, infosec, marketing, midmarket, privacy, privacy law, privacy professor, privacy risks, privacyprof, Rebecca Herold, social media, twitter
Posted in Marketing, privacy, Social Media | No Comments »
Monday, August 25th, 2014
Many marketing professionals have a common temptation; they want to send as many marketing messages to as many people as possible, and they would love to send it to all folks who have ever been customers or clients of their business, and often times actually want to simply send to everyone whose email address they can obtain in any way.
Privacy professionals make many efforts to guide marketers on what is acceptable and not acceptable. After all, (more…)
Tags:choice, data protection law, FIPs, GAPP, IBM, Information Security, information security risks, infosec, marketing, marketing privacy, midmarket, notice, OECD, PbD, privacy, Privacy by Design, privacy law, privacy principles, privacy professor, privacy risks, privacyprof, Rebecca Herold
Posted in Marketing, privacy | No Comments »