|
|
This kind of underdog victory reminds us that anything is possible when we really put our minds to it. There are data security and privacy leaders out there who feel completely overwhelmed by the challenges of today. I also hear from general consumers every day. They all ask, "I
s trying to secure my data useless?"
Absolutely not. P
lease don't give up trying; the challenges we face are not
reason
s
to succumb.
Know your vulnerabilities. Stay aware of the threats. Be focused, be confident, and take it one play at a time. Victory can be yours!
IN THIS ISSUE
|
|
If Google Can Get It Wrong...
|
|
In October, a tech blogger uncovered a pretty big flaw in the freshly revealed Google Home Mini speaker. It was secretly recording the conversations of its owners. And those owners happened to be reporters. Big mistake!
This incident, and countless others, underscores the importance of bringing your security and privacy teams in early. Any time you are considering a new product or solution that involves connected technology or personal information, you have got to make the effort to get your experts around the table.
The speed of innovation is a very real challenge for innovators. No one wants to add more time to the product roadmap. But, it's worth it. Consider the potentially HUGE ramifications for your business if you were to release a product with this kind of flaw.
Google's reputation may be able to survive a privacy fumble like this, but that doesn't mean your brand's will.
|
|
Your input will help improve the Tips Message.
Thank you!
Related privacy info for this survey...
We've made the answers to this survey anonymous.
No names or email addresses will be associated with any of your answers.
IP addresses will be temporarily maintained until you've submitted your answers, to establish continuity of your session in the event the connection is interrupted.
|
|
Changing Minds about Security Compliance
|
|
Policies and procedures grow business
Security compliance gets a bad rap. As Koen Maris points out, it's often seen as a stifling force. By association, data security and privacy policies and procedures inspire their fair share of eye rolls and deep sighs.
This has to change!
More business owners, executives and other management-level leaders need to consider the transformative effect of these powerful documents. They exist to help improve (and grow!) the business.
The key to reaping the value of policies and procedures is three fold:
1)
Make sure everyone is aware of them;
2)
Make sure everyone is held accountable for following them;
3)
Share the success stories that come from following them!
Storytelling is powerful. Recognition of a job well done is also a powerful motivator. When a fraud is caught, an intrusion detected or some other business-saving outcome is realized by an employee who was following procedures, tell everyone. Give kudos to everyone on top of their security game. Spread the word so we can change the stigma.
Information security and privacy policies and procedures that mitigate risks grow business!
ONE THING EVERYONE CAN DO: It's very gratifying to learn more members of the public are questioning the companies they do businesses with. Join them!
Ask every business with whom you share your data: "Are you doing all you can to keep my data secure?"
|
|
What service do you recommend for identity theft protection?
For personal and family use, IDShield is good. The solution connects you with licensed fraud investigators from Kroll, and for a reasonable price. I also like that they cover children as part of the overall price.
IdentityForce is also good, and provides more alerts and offerings than IDShield. However, they do not have a family plan. For individuals without children who are looking for more bells and whistles, this may be a good fit.
I'm not a fan of LifeLock. In my opinion, they make what I see as misleading and unrealistic statements and overpromise for what they can actually deliver. Plus, comparatively speaking, they are pricey.
I would also advise against using identity theft services from Experian, Equifax or Transunion. These organizations collectively contain unfathomable hordes of personal data, and fallout from the Equifax breach alone will continue to trickle out for many years. Paying them to keep you safe would be akin to paying a fast food restaurant for a diet plan. Sweet deal for them; not so much for you.
NOTE:
I am not professionally associated with any of the above organizations. These are my opinions based on my research and observations.
|
|
Fresh Phish: Real-life examples of phishing emails
|
|
Just a couple of the ones to have hit my inbox recently...
Check these out. Do you see the red flags that indicate these are scams? Send to your friends and work colleagues to see if they can spot them. Drop me a note to let me know how strong your defenses are!
|
|
3 Things You Have to Know about Wi-Fi
|
|
Must reads for every Wi-Fi user
The world has gotten a little too comfortable with the perceived security of Wi-Fi networks. That must be why cybersecurity coaches have sought to teach us a few lessons. See below for three must-reads to keep you safe while connecting through the Wi-Fi networks in your life.
|
|
HEALTH CARE SPOTLIGHT
|
|
Patient X-Rays Held Hostage
Picture this: You're lying in a hospital gown, IV in place, relaxed and ready to go in for surgery. You've worried, you've fasted, you've made arrangements for your recovery. In a word, you're all set.
The doctor comes into the room, ready to give you those last words of encouragement. Wait, that's not what she's here for. She has really bad news. The surgery will have to be rescheduled. And here's why...
... ransomware attackers are holding your Xrays hostage!
How do you feel? Scared? Vulnerable? Is the confidence you had in your doctor or the hospital shaken? Will it ever be restored?
If you work for a hospital, clinic or other health care provider, please understand your patients' information is like gold to cyber crooks. Not only do they value it (because it can be sold for a pretty penny on the dark web); but they know how much you value it (you can't treat patients without it). Holding it ransom is an easy way to make a quick buck.
THINGS ARE GETTING WORSE: Chatting with information security and privacy professionals at three events over the past two months, I heard from many how much they value information, education and awareness building. They shared personal stories of health care security and privacy incidents that have impacted their lives or the lives of their friends and family. Health care security and privacy risks are continuing to increase; let's work together as a team to raise awareness, and lessen the risks!
|
|
Privacy Professor On The Road & In the News
|
|
|
I highly recommend SecureWorld events.
Thanks to
Kerry Nelson and your team for
including
me in your 2017
Detroit (shown here) and 2018 events!
|
One of my favorite things to do is visit with leaders in different industries - health care and managed systems providers to insurance and energy (and beyond!). Below are a few of the events I have scheduled for the upcoming season.
Privacy Professor In the news...
Credit Union Times
Healthcare Info Security
Health Data Management
Naked Security
SecureWorld
Security Boulevard
TechTarget
The morning TV broadcast regularly covers privacy and security tips with their guest, the Privacy Professor! Each is a brief 10-15 minutes and covers topics ranging from insider theft to connected vehicles. Check out
this online library to watch recent episodes.
|
|
Know your vulnerabilities. Stay aware of the threats. Be focused. Be confident.
It works in sports and security, allowing you to strongly defend your personal privacy.
As you watch your favorite teams overcome the odds, be inspired. You can do the same!
To all my fellow fans, enjoy what remains of the exciting U.S. football season!
Rebecca
Rebecca Herold
The Privacy Professor
|
|
|
|
|
|
|
|