Posts Tagged ‘privacy professor’
Sunday, June 28th, 2015
Over the past couple of weeks, I have spent a lot of time speaking with one of my clients about social media and posts from employees and contractors that may have a negative impact on the business. And the client is right to be concerned.
Most businesses are now using social media sites to communicate with their customers, potential customers, patients, employees, and everyone in between. However, such communications can often go awry at best, and result in privacy and security violations at worst. Here are just a few examples of what can go wrong. (more…)
Tags:awareness and training, change controls, Dell, facebook, Information Security, IT compliance, policies and procedures, power more, powermore, privacy, privacy compliance, privacy professor, privacyprof, program changes, risk management, security awareness, security training Rebecca Herold, social media, toprank
Posted in Social Media | No Comments »
Friday, June 5th, 2015
In the past week I helped a client whose programming staff had just caused a business disruption for the fifth time in two months because of the changes they made in the program code of their online service. The programmers, and so many of my other clients, have expressed the opinion that they can just code something and plop it out into production, without testing. And then they try to tell me that is “agile programming.” No, it is not. It is unsecure and, quite frankly, lazy programming. (more…)
Tags:awareness and training, change controls, Dell, Information Security, IT compliance, policies and procedures, power more, privacy, privacy compliance, privacy professor, privacyprof, program changes, risk management, security awareness, security training Rebecca Herold, toprank
Posted in Information Security | No Comments »
Thursday, May 21st, 2015
Do you know how well your vendors, business associates, contracted third parties (who I will collectively call “contractors”) are protecting the information with which you’ve entrusted them to perform some sort of business activity? You need to know.
Late last year, a study of breaches in the retail industry revealed 33 percent of them were from third party vendor access vulnerabilities. The largest healthcare breach in 2014 was from a business associate (the contractor of a hospital system) and involved the records of 4.5 million patients.
The list of breaches caused by contractors throughout all industries could fill a large book. The damage that your third parties can cause to your business can be significant. Do you know the risks that your contractors and other third parties bring to your organization? Or, will your contractors take down your business because of their poor security and privacy practices? (more…)
Tags:business associate, contractor, Dell, Information Security, outsourcing, policies, powermore, privacy, privacy professor, privacyprof, procedures, Rebecca Herold, risk management, risks, toprank, vendor management
Posted in BA and Vendor Management | No Comments »
Tuesday, May 12th, 2015
The expanding use of smart gadgets in the Internet of Things (IoT) is creating many more privacy risks than ever before encountered. Many businesses are also (finally!) starting to address privacy. And interest in how to establish privacy programs and how to perform privacy impact assessments (PIAs) to identify privacy risks are increasing. The privacy risks to the business that can occur include such things as: (more…)
Tags:Dell, employee, future ready, high tech, Information Security, insider threat, Internet of Things, IoT, mobile working, PIA, policies, powermore, privacy, privacy harm, privacy impact assessment, privacy professor, privacy risk, privacyprof, procedures, Rebecca Herold, risk management, toprank
Posted in PIA, privacy | No Comments »
Friday, May 8th, 2015
What does the past teach us about how to #befutureready in BYOD?
During the last half of the 1990s there was concern for the growing use of employees’ own home desktop computers to dial-in to the corporate network from home. Thousands of articles and hundreds of conference sessions discussed the associated risks, and then how to mitigate them through documented policies and the use of new tools. Soon after 2000 passed the concerns expanded to employees using their personally owned laptops, not only outside of the office, but even bringing them into the facilities to use instead of the corporate-issued computers. Thousands more articles, and hundreds more conference sessions discussed how to address the risks. (more…)
Tags:befutureready, cybersecurity, Dell, employee, future ready, high tech, Information Security, insider threat, Internet of Things, mobile working, policies, privacy, privacy professor, privacyprof, procedures, Rebecca Herold, risk management, toprank
Posted in Information Security, Miscellaneous | No Comments »
Monday, March 30th, 2015
I started my career as a systems engineer at a large multi-national financial and healthcare corporation. I identified a vulnerability in how one of the major back office systems was designed and had an idea for how to mitigate it. I went to my new manager at the time, described my idea and sketched it out on the whiteboard in his office. He wasted no time telling me that it was a horrible idea, that none of the business unit heads would ever agree to do something so drastically different that had never before been done, and that they would likely view it just as more work for them. So I explained how it would actually be less work for them, after which he literally yelled at me, “Stop! Your idea is bad! Quit wasting my time!” I considered quitting that day, but didn’t. Two months later at the IT-wide quarterly meeting the IT Director announced a great new innovative idea that my manager had proposed to the business heads, who embraced the idea and were already doing actions to get it implemented. They also announced my manager had been promoted and would be moved to a different department for his fabulous idea, which they described…and turned out to be my idea, right down to the drawings I made on his white board. I learned many valuable lessons from that situation. I have often wondered since then how often similar types of situations have occurred. (more…)
Tags:ada lovelace, cybersecurity, Dell, grace hopper, hedy lamarr, Information Security, innovation, privacy, privacy professor, privacyprof, Rebecca Herold, technology, toprank, walter isaacson
Posted in Women in Tech | No Comments »
Thursday, March 12th, 2015
“Everyone knows that hackers only go after big organizations!” the wearable medical device representative shouted at me after my presentation on the need to build security and privacy controls into such devices, as well as having policies and procedures governing their use within the business organization. “It is a waste of our time, effort and money to establish and build in such security and privacy controls!”
This one person’s strong opinion is one that I’ve heard many times over the years about implementing security and privacy controls in general. And it is becoming more dangerous from a security and privacy perspective to not only those using wearable devices of all kinds (medical, fitness, tracking, etc.), but wearables also bring significant risk to the organizations whose employees are wearing them. (more…)
Tags:cybersecurity, Dell, FTC, Information Security, Internet of Things, IoT, privacy, privacy professor, privacyprof, Rebecca Herold, smart device, TechPage, wearable, wearables
Posted in Internet of Things, Uncategorized | No Comments »
Friday, February 20th, 2015
Still relevant lessons in security economics
I started working in the information security and privacy space in 1988 at a large multi-national financial and healthcare organization. Imagine trying to get security and privacy controls implemented at a time when there were no regulations requiring organizations to do so. Yes, I faced some challenges. And many since. Some examples: (more…)
Tags:cybersecurity, Dell, Edith Ramirez, Federal Trade Commission, FTC, Information Security, Internet of Things, IoT, Joshua Wright, Julie Brill, Maureen Ohlhausen, privacy, privacy professor, privacyprof, Rebecca Herold, smart device, TechPage, Terrell McSweeny
Posted in Internet of Things | No Comments »
Sunday, January 4th, 2015
In early December, there were several reports about yet another type of ransomware, VirRansom, the next evolution of ransomware. It combines the ransomware feature of making data unavailable and locking up your computer until you pay the crooks a ransom with the feature of a virus, which allows it to spread to others. This basically means that not only will the ransomware take your computer hostage, it could also take all the other computers you communicate with hostage.
Some key points about VirRansom: (more…)
Tags:awareness, cybersecurity, Dell, malware, privacy professor, ransomware, Rebecca Herold, VirRansom
Posted in Cybersecurity | No Comments »
Saturday, January 3rd, 2015
Yesterday I read a news story about how a woman, Mrs. Anita Chanko, saw an episode of the Dr. Oz show “NY Med” that included video of her husband, who had died 16 months earlier, in the hospital receiving care after being hit by a truck while crossing the street. She did not know that such a video even existed.
The picture was blurred, but the woman knew it was her recently deceased husband because she recognized his voice when he spoke, the conversation topic, the hospital where the care was occurring, along with other visual indicators. She heard her husband ask about his wife; her. She then watched his last moments of life, and then his death on television. (more…)
Tags:ABC, Chanko, Dr. Oz., HIPAA, HITECH, Information Security, infosec, medical devices, NewYork-Presbyterian Hospital, NY Med, patient information, personal information, PHI, privacy, privacy professor, privacy risks, privacy rule, privacyprof, protected health information, Rebecca Herold, security rule
Posted in HIPAA, PHI, Privacy and Compliance | No Comments »
