There's a Holiday for Everything
No matter if you're a poodle enthusiast, a cheese lover or an advocate for cell phone courtesy, there's an observation holiday for you.
In the month of April alone, there are more than 50 holidays recognizing everything from the wacky (Don't Go To Work Unless It's Fun Day on April 2) to the serious (Community Service Month).
For me, three April holidays really stand out. Can you guess why?
- Mathematics Awareness Month
- National Cannabis Awareness Month
- National Inventor's Month
If you guessed privacy, you're a winner!
- Math is the root of every cryptography and security method ever developed (It's also one of my college degrees and the inspiration for this months' Tips graphics.).
- Leaders in the cannabis industry are some of the most passionate privacy advocates I've encountered. Don't believe me? Listen to a few of my recent radio shows on this topic:
- Inventors are on the front lines of privacy controls with the greatest potential to make sweeping changes to the way innovations are engineered.
Go April! Love this month! Read on to learn more about privacy, including where society is winning and losing in the fight to keep our personal data private.
|
|
Data Security & Privacy Beacons
|
People and places making a difference**
CUNA
, the Credit Union National Association, is advocating for legal privacy protections. Historically, industry associations have lobbied to avoid laws, insisting that privacy be a self-governed activity. This is a nice break from the norm.
A University of Minnesota student
is fighting hard to change his school's student data records policy. It all started when he found home addresses and phone numbers publicly available on a university-owned online database. He began educating classmates and taking his concerns to the college's president and the board of regents. His work has added momentum to the university's focus on the issue.
A Georgia school district enabled two-factor authentication (2FA), and the move saved the organization more than $2 million in potential fraud losses! Hackers, enacting a targeted attack, breached the school district's security and gained access to employee's private banking information. However, 2FA prevented any funds from actually being transferred to the hackers' accounts.
The U.S. Department of Education is working to resolve what it calls "substantial misunderstanding" among local officials and educators around school-based threat to student data security and privacy. It recently issued a set of FAQs to help raise schools' and districts' awareness of the guidelines it published in December 2018. Kudos to them, as there is no such thing as overcommunicating privacy guidance. We look forward to seeing more privacy protection actions from them in the near future.
**P
rivacy beacon shout-outs do not necessarily indicate an organization or person is addressing all of their privacy protection activities perfectly (no one is). It simply highlights a noteworthy example that is, in most cases, worth emulating.
|
|
It's like an antibiotic for ransomware
Folks, ransomware attacks are getting worse and more frequent. It's more likely a question of
when, not
if you will be approached by an attacker who at least claims to have encrypted your data and insists on getting paid to release it back to you.
Your best weapon against losing time, data and money to these criminals is making frequent, consistent, regimented backups. It's an absolute must.
Have you performed a full backup of your important files lately? Like within the past month? Or perhaps the past week for those preparing financials and income taxes?
If you're unsure what to back up, ask yourself:
If I lost this forever, would I be heartbroken or in legal or contractual trouble? If the answer is yes, back it up! P
hotos, videos, tax data, emails, anything that has emotional or practical value, back it up.
Installing an automatic solution that backs up for you in the best way to make sure you stay on top of this, but if that's not right for you, set a calendar reminder. Works like a charm. And, if you have the means, back up to an external hard drive... just remember to disconnect it from your computer when it's not in operation... you don't want those ransomware creeps finding their way into it, too.
WORLD BACKUP DAY IS MARCH 31!
|
|
Low Unemployment Creates Ideal Environment for Job Scammers
|
Before you consider a new job, look closer
As you listen to the above recording, keep in mind I never
requested any information, as the caller stated. Trying to make their calls seem legitimate is a common tactic among scammers attempting to head off complaints of unsolicited calls.
Fake Amazon Jobs: Candidates are promised six-figure earnings for working with Amazon vendors.
Fake Seed Money: Candidates are sent a check and encouraged to return some of the money to the scammer and use the rest to get supplies they need to start their business. When the bank discovers the check is fake, the victim is on the hook for the money.
Fake Secret Shoppers: A check and a job offer arrive in the mail. The recipient is asked to "secret shop" a Walmart or similar store's money transfer service using some of the money from the check. The rest is for them to keep. Except the check is fake, and just like with the scam above, the secret shopper is now on the hook with the bank.
Fake Purchasing Clerk Jobs: Scammers contact jobseekers who have posted their resumes online to offer a unique opportunity to them based on where they live, often a state with no sales tax. The scammers convince the victim their "company" will save money by running purchases through them. The victim is asked to use their personal credit card for the local purchases, but not to worry... the "company" will reimburse... just send along your bank's routing and account number, and they'll deposit the funds. Of course, that never happens, and now the scammers have unfettered access to the victim's bank account.
|
|
New NIST Privacy Framework needs input from everyone
I'm very proud to be among the privacy advocates working on a new privacy framework for businesses, non-profits, government agencies, inventors / innovators / developers and anyone else who has or will hold personal data.
It's called the NIST Privacy Framework. NIST is the National Institute of Standards and Technology. It's their mission to provide the technology, measurement and standards that drive all kinds of innovations, from the smart electric power grid to atomic clocks.
The agency, which is a part of the U.S. Department of Commerce, is very intentional about co-creating standards and measurements with the people who will one day use them or be impacted by them in some way. And when it comes to privacy, that's you; wherever you are located in the world!
My colleagues and I would very much appreciate your review of our drafts and your sharing of feedback. Are we hitting the target for what needs to be included within a privacy framework? Where are we falling short?
Looking forward to hearing your thoughts!
|
|
U.S. Senate Gives Equifax a Dressing Down
|
Always interesting to hear legislators' take on cybersecurity
As news of security incidents continue to hit mainstream media at a break-neck pace, legislators are increasingly pressured to get involved. After all, what concerns their constituents concerns them, and more voters than ever before are paying attention to the security and privacy of their personal information.
When Equifax revealed its 2017 breach, one of the largest the world had ever seen, U.S. Senators promised to look into the incident. After investigating, a Senate panel concluded the breach was caused by an "
institutional neglect toward cybersecurity" within Equifax.
Lawmakers around the world, at local and federal levels, are becoming much more proactive in pushing for laws and regulations to better protect personal information. Organizations that handle (collect, use, share, secure, etc.) personal data can expect more hearings, penalties and new, more comprehensive regulations to come in the near term.
|
|
READER QUESTION
|
|
Rebecca, would I make a good data security and privacy professional?
I get this question a lot, and even more so recently. Our industry and the advocacy around it is generating a great deal of interest, and I'm so proud to be among the leaders who get to field questions like this from aspiring privacy pros and their family members.
The one thing I know FOR SURE is the information security and privacy industries could use more diversity.
New threats, vulnerabilities and risks are being identified every day, requiring the development of inventive and effective solutions. We can achieve that much more quickly with a broader set of perspectives.
That's why I love getting this question from people who are unsure about their potential to thrive in data security and privacy careers. Those are the people we often need the most. They may not have the traditional background or education, but that's okay. Heck, it may even be GREAT.
It is always advisable to be an expert in emerging areas (or at least the person who became knowledgeable before others). There are so many developing areas within the disciplines of security and privacy, so my advice would be to find a niche that inspires you and go after it with gusto. Just a few of these are artificial intelligence (AI), Internet of Things (IoT), cryptography and surveillance.
Two other pointers:
Effective communications can be an important differentiator. Consider developing your talents by taking courses on business writing or speech and debate.
Look into joining an industry association, such as ACM, IEEE, ISACA, IAPP and/or ISSA. Not only do they have fantastic training opportunities, but the networks available will be incredibly valuable as you work to develop inroads with potential employers and mentors.
Best of luck!
|
|
Where to Find the Privacy Professor
|
|
In the classroom...
On the road...
If you're looking for an experienced speaker who knows how to bring data security and privacy risks to life... on stage, on the airwaves or over the internet,
please get it touch
.
On the air...
HAVE YOU LISTENED YET?
I'm so excited to be hosting the radio show
Data Security & Privacy with The Privacy Professor on the
VoiceAmerica Business network
. All episodes are available for on-demand listening on the VoiceAmerica site, as well as iTunes, Mobile Play, Stitcher, TuneIn, CastBox, Player.fm and similar apps and sites.
Hear the perspectives of incredible guests as they talk through a wide range of hot topics.
Some of the many topics we've addressed...
SPONSORSHIP OPPORTUNITIES: Are you interested in being a sponsor or advertiser for my show? It's quickly growing with a large number of listeners worldwide. Please get in touch! There are many visual, audio and video possibilities.
In the news...
Healthcare Info Security
ISACA
SecureWorld
Tech Target
|
|
3 Ways to Show Some Love
The
Privacy Professor Monthly Tips is a passion of mine and something I've offered readers all over the world for since 2007 (Time really flies!). If you love receiving your copy each month, consider taking a few moments to...
1) Tell a friend! The more readers who subscribe, the more awareness we cultivate.
3) Share the content. All of the info in this e
mail is sharable (I'd just ask that you follow
|
|
The readers of this tips message are passionate; I hear from so many of you often, and I'm so grateful.
Please continue to send emails with your thoughts and tag me in social posts with your experiences. It's one of my great pleasures, and provides such reassurance that we're all in this together!
Have a lovely April,
Rebecca
|
|
|