One Play at a Time
 
A football team in my home state is beating all the odds, one play at a time. The Iowa State Cyclones were not on the radar of many people at the beginning of the season. But after two big-time wins against a pair of top-five teams in one month, they are making headlines and winning new fans.
 
This kind of underdog victory reminds us that anything is possible when we really put our minds to it. There are data security and privacy leaders out there who feel completely overwhelmed by the challenges of today. I also hear from general consumers every day. They all ask, "I s trying to secure my data useless?" 

Absolutely not. P lease don't give up trying; the challenges we face are not  reason s  to succumb.
 
Know your vulnerabilities. Stay aware of the threats. Be focused, be confident, and take it one play at a time. Victory can be yours!


IN THIS ISSUE
 
hot If Google Can Get It Wrong...

...anyone can. 
 

 
In October, a tech blogger uncovered a pretty big flaw in the freshly revealed Google Home Mini speaker. It was secretly recording the conversations of its owners. And those owners happened to be reporters. Big mistake!
 
This incident, and countless others, underscores the importance of bringing your security and privacy teams in early. Any time you are considering a new product or solution that involves connected technology or personal information, you have got to make the effort to get your experts around the table.
 
The speed of innovation is a very real challenge for innovators. No one wants to add more time to the product roadmap. But, it's worth it. Consider the potentially HUGE ramifications for your business if you were to release a product with this kind of flaw.
 
Google's reputation may be able to survive a privacy fumble like this, but that doesn't mean your brand's will. 
Your input will help improve the Tips Message. 


Thank you!

Related privacy info for this survey...
 
We've made the answers to this survey anonymous.
No names or email addresses will be associated with any of your answers.
IP addresses will be temporarily maintained until you've submitted your answers, to establish continuity of your session in the event the connection is interrupted.

jan
Changing Minds about Security Compliance

Policies and procedures grow business

Security compliance gets a bad rap. As Koen Maris points out, it's often seen as a stifling force. By association, data security and privacy policies and procedures inspire their fair share of eye rolls and deep sighs. 

This has to change!
 
More business owners, executives and other management-level leaders need to consider the transformative effect of these powerful documents. They exist to help improve (and grow!) the business.
 
The key to reaping the value of policies and procedures is three fold:
1)      Make sure everyone is aware of them;
2)      Make sure everyone is held accountable for following them;
3)      Share the success stories that come from following them!
 
Storytelling is powerful. Recognition of a job well done is also a powerful motivator. When a fraud is caught, an intrusion detected or some other business-saving outcome is realized by an employee who was following procedures, tell everyone. Give kudos to everyone on top of their security game. Spread the word so we can change the stigma. 

Information security and privacy policies and procedures that mitigate risks grow business!

ONE THING EVERYONE CAN DO: It's very gratifying to learn more members of the public are  questioning the companies they do businesses with. Join them!  Ask every business with whom you share your data: "Are you doing all you can to keep my data secure?" 

fav
READER QUESTION
 
 
 

What service do you recommend for identity theft protection?


For personal and family use, IDShield is good. The solution connects you with licensed fraud investigators from Kroll, and for a reasonable price. I also like that they cover children as part of the overall price.
 
IdentityForce is also good, and provides more alerts and offerings than IDShield. However, they do not have a family plan. For individuals without children who are looking for more bells and whistles, this may be a good fit.
 
I'm not a fan of LifeLock. In my opinion, they make  what I see as misleading and unrealistic statements and overpromise for what they can actually deliver. Plus, comparatively speaking, they are pricey.
 
I would also advise against using identity theft services from Experian, Equifax or Transunion. These organizations collectively contain unfathomable hordes of personal data, and fallout from the Equifax breach alone will continue to trickle out for many years. Paying them to keep you safe would be akin to paying a fast food restaurant for a diet plan. Sweet deal for them; not so much for you.

NOTE:  I am not professionally associated with any of the above organizations. These are my opinions based on my research and observations.

 
ransom
Fresh Phish: Real-life examples of phishing emails
  
 
 
 
  
Just a couple of the ones to have hit my inbox recently...

Check these out. Do you see the red flags that indicate these are scams? Send to your friends and work colleagues to see if they can spot them.  Drop me a note to let me know how strong your defenses are!






 
thre 3 Things You Have to Know about Wi-Fi

Must reads for every Wi-Fi user
 
 
   
 
 
 
The world has gotten a little too comfortable with the perceived security of Wi-Fi networks. That must be why cybersecurity coaches have sought to teach us a few lessons. See below for three must-reads to keep you safe while connecting through the Wi-Fi networks in your life.
 
 
 

health2HEALTH CARE SPOTLIGHT
 
 
 

Patient X-Rays Held Hostage
 

 
Picture this: You're lying in a hospital gown, IV in place, relaxed and ready to go in for surgery. You've worried, you've fasted, you've made arrangements for your recovery. In a word, you're all set.
 
The doctor comes into the room, ready to give you those last words of encouragement. Wait, that's not what she's here for. She has really bad news. The surgery will have to be rescheduled. And here's why...
 
... ransomware attackers are holding your Xrays hostage!
 
How do you feel? Scared? Vulnerable? Is the confidence you had in your doctor or the hospital shaken? Will it ever be restored?
 
Folks, this very thing is happening in real life.
 
If you work for a hospital, clinic or other health care provider, please understand your patients' information is like gold to cyber crooks. Not only do they value it (because it can be sold for a pretty penny on the dark web); but they know how much you value it (you can't treat patients without it). Holding it ransom is an easy way to make a quick buck. 


THINGS ARE GETTING WORSE: Chatting with information security and privacy professionals at three events over the past two months, I heard from many how much they value information, education and awareness building. They shared personal stories of health care security and privacy incidents that have impacted their lives or the lives of their friends and family. Health care security and privacy risks are continuing to increase; let's work together as a team to raise awareness, and lessen the risks!
PPInewsPrivacy Professor On The Road & In the News  
  
 

On the road...
I highly recommend SecureWorld events. Thanks to Kerry Nelson and your team for including me in your 2017 Detroit (shown here) and 2018 events!

One of my favorite things to do is visit with leaders in different industries - health care and managed systems providers to insurance and energy (and beyond!). Below are a few of the events I have scheduled for the upcoming season.

January 12, 2018:  Panel discussion session, " HIPAA Protections for Cannabis Patients and Dispensary Profits ," at The Cannabis Business Executive Convention in Washington, D.C.


Privacy Professor In the news...

Credit Union Times


Healthcare Info Security

The morning TV broadcast regularly covers privacy and security tips with their guest, the Privacy Professor! Each is a brief 10-15 minutes and covers topics ranging from insider theft to connected vehicles. Check out this online library to watch recent episodes.

Here is my most recent visit to the studio in October, during which we discussed National Cyber Security Awareness Month and data security hack attacks on some schools in the Des Moines, Iowa, metro area.  You can catch up on all my visits to CWIowa Live with my on-demand library on YouTube .

Questions? Topics?

Have a topic I should discuss on the  CWIowa Live morning show? Or, a question I can answer in my next monthly Tips? Let me know!


Know your vulnerabilities. Stay aware of the threats. Be focused. Be confident. 

It works in sports and security, allowing you to strongly defend your personal privacy.  As you watch your favorite teams overcome the odds, be inspired. You can do the same!
 
To all my fellow fans, enjoy what remains of the exciting U.S. football season!

Rebecca
Rebecca Herold
The Privacy Professor
Need Help?


Permission to Share

Want to repurpose the information contained in this Tips? Yes, please forward in its entirety. 

If you prefer to use only excerpts, please use this attribution:

Source: Rebecca Herold, Founder, The Privacy Professor®, privacyprofessor.org, privacyguidance.com, SIMBUS360.com, rebeccaherold@rebeccaherold.com 

NOTE: Permission for excerpts does not extend to images.
 
 
The Privacy Professor
Rebecca Herold & Associates, LLC
SIMBUS, LLC 
Mobile: 515.491.1564

Visit my blog    Follow me on Twitter