Posts Tagged ‘powermore’

No Those Messages Will Not Completely Self-Delete

Friday, October 30th, 2015

A childhood friend of mine, who does not have a technology or information security background, recently asked me whether or not apps that promise messages, photos, videos, and anything else sent through them will completely disappear were to be trusted. She referenced several different proclaimed “disappearing messages” apps that are currently available and asked, “So what do you think of these disappearing apps?  The messages are not really gone?” She is responsible for the care of an adult relative, and wanted to be able to communicate with his healthcare providers securely, and to not have any of the communications to linger and had been using one of these apps. (more…)

Tags:, , , , , , , , , , , , , , , , , ,
Posted in privacy | No Comments »

Four Things to Do for National Cyber Security Awareness Month

Friday, October 16th, 2015

Since this is National Cyber Security Awareness Month (NCSAM) it seems appropriate to give some examples and tips for how everyone can improve upon security, and better protect their privacy, this month. (more…)

Tags:, , , , , , , , , , , , , ,
Posted in Training & awareness | No Comments »

Be Aware of Risks with Outsourcing to Other Countries

Saturday, October 3rd, 2015

Businesses must be aware of risks with outsourcing to other countries activities involving personal information. Over the past couple of months I’ve heard over a dozen organizations express their opinion that if they hire organizations outside the U.S. to do work for them, then those organizations are not bound by U.S. laws. Most were from small to midsized organizations and startups. But it was somewhat surprising to hear also hear this sentiment from an organization with multiple locations and thousands of employees. This has been an incorrect belief of far too many organizations for decades.

I’ve also had clients in other countries ask about the need to comply with U.S. laws, such as for HIPAA compliance, when they provide services for U.S individuals and/or businesses.  Many believe they do not need to. (more…)

Tags:, , , , , , , , , , , , , , , ,
Posted in BA and Vendor Management, Information Security, Privacy and Compliance | No Comments »

Small Businesses Must Address Security and Privacy

Friday, September 18th, 2015

I’ve been working with hundreds of businesses over the past fifteen years, and I’ve found many common challenges that they are always trying to address, as well as some common, dangerously incorrect, beliefs about security and privacy. There are some common misconceptions that are unique to one-person to small businesses.

Here are four common recurring incorrect information security and privacy beliefs of small businesses, and the facts that these businesses need to know: (more…)

Tags:, , , , , , , , , , , , ,
Posted in Information Security, privacy, Privacy and Compliance | No Comments »

Stay Alert for Stegoloader and Rombertik Malware Threats

Friday, July 17th, 2015

Recently a friend of mine sent me a photo of the image on his computer screen. It was a Windows firewall warning message that his computer had been infected with malware. He said that when he tried to re-boot the computer it got into an endless loop and he could not get it to do anything. He finally took it to the computer repair shop, and they had to reload a new system. Thankfully he had a complete, clean, backup of all his files, so he didn’t lose anything. I asked what the repair folks said the problem was, and he indicated that they didn’t tell him anything specific, only that he “probably had bad malware.” (more…)

Tags:, , , , , , , , , , , , , , , , , ,
Posted in Information Security, Training & awareness | No Comments »

It is Time to Set Social Media Rules

Sunday, June 28th, 2015

Over the past couple of weeks, I have spent a lot of time speaking with one of my clients about social media and posts from employees and contractors that may have a negative impact on the business. And the client is right to be concerned.

Most businesses are now using social media sites to communicate with their customers, potential customers, patients, employees, and everyone in between. However, such communications can often go awry at best, and result in privacy and security violations at worst. Here are just a few examples of what can go wrong. (more…)

Tags:, , , , , , , , , , , , , , , , , ,
Posted in Social Media | No Comments »

Will Your Contractors Take Down Your Business?

Thursday, May 21st, 2015

Do you know how well your vendors, business associates, contracted third parties (who I will collectively call “contractors”) are protecting the information with which you’ve entrusted them to perform some sort of business activity? You need to know.

Late last year, a study of breaches in the retail industry revealed 33 percent of them were from third party vendor access vulnerabilities. The largest healthcare breach in 2014 was from a business associate (the contractor of a hospital system) and involved the records of 4.5 million patients.

The list of breaches caused by contractors throughout all industries could fill a large book. The damage that your third parties can cause to your business can be significant. Do you know the risks that your contractors and other third parties bring to your organization? Or, will your contractors take down your business because of their poor security and privacy practices? (more…)

Tags:, , , , , , , , , , , , , , ,
Posted in BA and Vendor Management | No Comments »

Organizations Must Consider Privacy Harms

Tuesday, May 12th, 2015

The expanding use of smart gadgets in the Internet of Things (IoT) is creating many more privacy risks than ever before encountered. Many businesses are also (finally!) starting to address privacy. And interest in how to establish privacy programs and how to perform privacy impact assessments (PIAs) to identify privacy risks are increasing. The privacy risks to the business that can occur include such things as: (more…)

Tags:, , , , , , , , , , , , , , , , , , , , ,
Posted in PIA, privacy | No Comments »