Posts Tagged ‘midmarket’
Thursday, July 31st, 2014
What is the difference between security and privacy?
Many of my clients are small and midsized businesses. They often express confusion over what each of these terms (neither of which have a universally-accepted definition) actually means, how they are different, and how they are similar. This is important for business leaders to understand so they can make appropriate decisions within their information security and privacy management programs. Especially in small and midsize businesses, where there may not be a specific position to address either of these important topics. Let’s start with considering at a high level the differences between information security and privacy. (more…)
Tags:data protection law, encryption, FIPs, GAPP, IBM, Information Security, information security risks, infosec, midmarket, OECD, PbD, privacy, Privacy by Design, privacy law, privacy principles, privacy professor, privacy risks, privacyprof, Rebecca Herold
Posted in privacy | No Comments »
Monday, July 21st, 2014
Early this month I was happy to discuss synthetic identity theft on the Great Day show. I briefly talked about how synthetic identity theft was also committed in the U.S. using business employer identity numbers (EINs). Crooks often target small and midsize businesses for this type of crime. After the show I got a lot of questions asking for more information about synthetic EIN identity theft. (more…)
Tags:business identity theft, EIN theft, Great Day, IBM, ID theft, identity theft, Information Security, infosec, midmarket, privacy, privacy professor, privacy risks, privacyprof, Rebecca Herold, synthetic identity theft
Posted in identity theft, Uncategorized | No Comments »
Thursday, June 26th, 2014
Big data analytics are being used more widely every day for an even wider number of reasons. These new methods of applying analytics certainly can bring innovative improvements for business. For example, retail businesses are successfully using big data analytics to predict the hot items each season, and to predict geographic areas where demand will be greatest, just to name a couple of uses.
The power of big data analytics is so great that in addition to all the positive business possibilities, there are just as many new privacy concerns being created. Here are ten of the most significant privacy risks. (more…)
Tags:big data, big data analytics, IBM, Information Security, infosec, Internet of Things, IoT, midmarket, privacy, privacy professor, privacy risks, privacyprof, Rebecca Herold
Posted in privacy, Uncategorized | No Comments »
Wednesday, June 11th, 2014
In the past couple of weeks I’ve spoken with five different small to mid-size organizations who have had a software or hardware vendor basically tell them, “Our product is HIPAA compliant! Use it and you will also be fully HIPAA compliant!” How can that be? In three words; it can’t be. Here’s what is most likely going on with those claims. (more…)
Tags:10X Medical Devices, compliance, data protection, encryption, firewalls, HIPAA, IBM, Information Security, infosec, midmarket, privacy professor, privacyprof, Rebecca Herold, risk assessment, risk management
Posted in HIPAA, Marketing, Privacy and Compliance | 1 Comment »
Tuesday, June 3rd, 2014
There are many new small and mid-size business start-ups who are offering a wide range of online services, mobile apps, and smart devices. There are also many businesses that have been around a long time that see an opportunity and so are expanding into these areas. I’ve spoken with many such businesses, and they often make two common privacy mistakes: (more…)
Tags:data protection, IBM, Information Security, infosec, marketing, midmarket, PIA, privacy, privacy impact assessment, privacy professor, privacyprof, Rebecca Herold, risk assessment, risk management
Posted in privacy, privacy impact assessment, Privacy Incidents | No Comments »
Wednesday, May 21st, 2014
Even with the number of privacy breaches increasing, and with numbers of privacy sanctions coming from the FTC and other regulatory agencies and courts snowballing for companies doing irresponsible things with personal information, putting growing numbers of individuals at risk of identity fraud as well as physical safety risks, companies are still asking for way too much unnecessary and sensitive personal information purely for their marketing purposes.
And too many online media outlets, often reporting on or promoting these marketing efforts, are perpetuating these very bad privacy practices. Then, so they will not upset their advertisers, they actually are deleting comments that point out how bad those marketing and data collection practices are. I recently just experienced such a situation with (more…)
Tags:ABC News, birth certificate, children’s identity theft, cybersecurity, Dairy Queen, data protection, Disney, IBM, identity theft, Information Security, infosec, marketing, midmarket, Pierson Grant, privacy professor, privacyprof, Rebecca Herold, risk assessment, risk management
Posted in Marketing, PIA, privacy | No Comments »
Thursday, April 10th, 2014
In the past couple of weeks I’ve gotten a couple dozen questions from my clients that are small to midsized covered entities (CEs) or business associates (BAs) under HIPAA, in addition to several small to midsized start-ups that provide services in other industries. And, while some of these concerns are arising out completely erroneous advice, regrettably, some of the questions resulted from my own mea culpa of writing a confusing sentence in my last blog post, for which I’ve since provided a clarification within. (Lesson: I need to spend more time double-checking/editing text prior to posting after doing edits to cut the length.) I apologize for any confusion or alarm that may have arisen as a result.
However, this does provide a good opportunity to examine in more depth the compliance issues related to Windows XP use, and the related questions I’ve received. The following are the most common questions I’ve answered in the past several days. (more…)
Tags:awareness, compliance, cybersecurity, data protection, HIPAA, IBM, Information Security, infosec, midmarket, non-compliance, PCI DSS, personal information identifier, personal information item, PI, PII, policies, privacy, privacy laws, privacy professor, privacyprof, Rebecca Herold, risk assessment, risk management, security, surveillance, training, upgrade, Windows XP, XP upgrade
Posted in HIPAA | No Comments »
Tuesday, March 25th, 2014
If you haven’t heard yet, Windows XP will no longer be supported after April 8, 2014. That’s just a couple of weeks away! Why should you even care? Well, because you may have an important, or even mission-critical, computing device you use for your business, or for personal use, that is running on Windows XP. According to NetMarketShare at the end of February, 2014, 30% of all folks using Windows desktop computers were still running Windows XP. This is around ½ a BILLION computers, folks! After support ends, (more…)
Tags:awareness, compliance, cybersecurity, data protection, IBM, Information Security, infosec, midmarket, non-compliance, personal information identifier, personal information item, PI, PII, policies, privacy, privacy laws, privacy professor, privacyprof, Rebecca Herold, risk assessment, risk management, security, surveillance, training, upgrade, Windows XP, XP upgrade
Posted in Information Security | 1 Comment »
Thursday, March 20th, 2014
It seems that right now phone scam season is going strong! Last week I posted about some common scams targeting businesses. Those same scams are also targeting the general public, so please be on the lookout for them. In addition to those, here are some others that seem to be targeting primarily individuals and the general public. (more…)
Tags:awareness, compliance, cybercrooks, cybersecurity, data protection, IBM, Information Security, infosec, Keywords: phone scams, midmarket, non-compliance, personal information identifier, personal information item, phishing, PI, PII, policies, privacy, privacy laws, privacy professor, privacyprof, Rebecca Herold, risk assessment, risk management, robocall, security, social engineering, surveillance, training
Posted in Uncategorized | No Comments »
Friday, March 14th, 2014
It seems that right now phone scam season is going strong! I got 2 calls last week from scammers. I got another scammer call during a meeting last night. Two of my LinkedIn contacts got calls in the past week that they asked me about. A local newspaper columnist got a call from a scammer. As folks are becoming more aware of phishing attempts via email and other types of malware, they are also becoming more lax about spotting phone scams, often stating the belief that most crooks are using online phishing scams instead of any other type of rip-off. (more…)
Tags:awareness, compliance, cybercrooks, cybersecurity, data protection, IBM, Information Security, infosec, Keywords: phone scams, midmarket, non-compliance, personal information identifier, personal information item, phishing, PI, PII, policies, privacy, privacy laws, privacy professor, privacyprof, Rebecca Herold, risk assessment, risk management, robocall, security, social engineering, surveillance, training
Posted in Uncategorized | 1 Comment »