Why Are You Getting This?


You signed up to receive The Privacy Professor Tips, initiated contact to stay in touch with Rebecca and/or Privacy & Security Brainiacs (PSB) or consented to receive the Tips. Please read our Privacy Notice & Communication Info at the bottom of this message for more information. You may unsubscribe from there as well.  

Designed by Freepik

Every Day Needs to be Back to Security and Privacy School!

Preschoolers to doctoral students have all been heading back to the books to formally resume their learning after many of them had the summer off. However, people of all ages can never take time off from learning about, and staying aware of, the latest security and privacy threats, vulnerabilities, scams and attacks. Everyone needs to be a lifelong privacy and security learner.


Our goal in starting this free Privacy Professor Tips monthly publication in 2005 was to support ongoing awareness and education about these issues to help both businesses and individuals, of all ages, to help identify risks throughout their daily lives, and to help them know how to prevent security incidents, privacy breaches, and to keep from being a victim of scams. We hope you learn at least one new thing in this month’s issue, but anticipate you will learn many things! As well as in all our other Tips!


Speaking of lifelong security and privacy education, we are currently planning the 2025 editions of our “Cybersecurity for Grandparents” series of books; starting with a title change to, “Cybersecurity for Grandparents…And Everyone Else.” Generally, security and privacy topics everyone needs to be aware of throughout their daily lives. Do you have a topic to suggest we include? Please, let us know! We are striving to get the first of the 2025 editions published in early December, in time for holiday gift-giving.


Do you have stories, examples, or concerns about the topics covered in this issue of our Tips that you would like to provide feedback on? Have questions for us to answer in our questions and tips section? Send them over! We may discuss them in an upcoming Tips.


We hope you are finding all this information valuable. Let us know! We always welcome your feedback and questions. 



Thank you for reading!

Rebecca


We would love to hear from you!

September Tips of the Month


  • News You May Have Missed
  • Privacy & Security Questions and Tips 
  • Data Security & Privacy Beacons*
  • Where to Find the Privacy Professor

News You May Have Missed

We love your positive feedback about our news items! We continue to find more unique news stories to share with you. We also share news items that we believe are important for most folks to know, but that often do not get much mention in traditional news, or even in security and privacy news outlets.

 

We’ve provided just a few of the news stories we discovered throughout the past month that provide a wide range of interesting security and privacy related news that demonstrate that such types of risks exist basically anywhere in the world, and that everyone needs awareness.

 

This month we are going to limit the list to 15 news items, and then put them, and a long list of other interesting news items, into a post to our Privacy & Security Brainiacs blog. Here are the 15 such articles, most with associated quotes included, that our Privacy & Security Brainiacs team found interesting throughout the past month, in no particular order. Sometimes we will also include a few sentences about the situation to provide some advice or additional insights. Read next month for even more. Do you have interesting, unusual, bizarre or odd stories involving security and privacy? Or questions about any of the notes we included for the stories we listed this month? Let us know!

Photo by mdjaff

1.   Obituary spam hurts families, and adtech makes it possible, and AI-generated ‘fake obituaries’ publishing incorrect information about deceased online. NOTE: This is a growing problem. Not only for the additional hurt to survivors of the deceased, but also additional problems created by scammers creating obituaries, often pretending to be the funeral home, and indicating addresses and other ways to donate to the survivors or some charity, when the funds actually go to the obituary scam criminals.

2.   Privacy tops patients’ concerns about home monitoring technology, survey finds. 40% of patients named privacy concerns as the top issue they have related to remote patient monitoring (RPM).

3.   No, the NFL isn't using facial recognition software to monitor fans. Multiple posts claimed the Cowboys and the NFL would use facial recognition to monitor fans. The fan cam video is nothing new. The Cowboys and other sports franchises allow fans to go online, pick a game date and locate and tag themselves. But in this case, it was used out of context. The NFL’s facial recognition system, Wicket, is completely separate. It’s for people with secure credentials, like media, vendors and mage day personnel, who have already submitted photo IDs. It is powered by artificial intelligence. It was tested last season with six NFL teams and now will be at 32 stadiums.

4.   Former CU Teller & Member Charged in Theft From Elderly Member's Account. A former credit union teller and a member of the $18.7 million Waco Federal Credit Union in Texas allegedly stole more than $35,000 from an elderly member's account. NOTE: This is an example of an insider threat, where a workforce member with authorized access to customer accounts exploits that trusted access to steal from the customer. This is one of the reasons why logging such access is important.

5.   Major technology companies, including Google, Apple, and Discord, have been enabling people to quickly sign up to harmful “undress” websites, which use AI to remove clothes from real photos to make victims appear to be “nude” without their consent. More than a dozen of these deepfake websites have been using login buttons from the tech companies for months. While bots and websites that create nonconsensual intimate images of women and girls have existed for years, the number has increased with the introduction of generative AI. This kind of “undress” abuse is alarmingly widespread, with teenage boys allegedly creating images of their classmates.

6.   Ford’s new tech turns police cars into high-tech watchdogs. The patent, “Systems and Methods for Detecting Speeding Violations,” describes a system that could turn Ford vehicles into mobile speed detectors capable of reporting other drivers to the police. The patent application was filed with the United States Patent and Trademark Office (USPTO) in January 2023. However, it was formally published by the USPTO on July 18, 2024. NOTE: HT to Tom Conley for submitting this news item. Also, you may hit a paywall depending on how many other articles at this site you have visited.

7.   This summer, Apple gave websites more control over whether the company could train its AI models on their data. Major publishers and platforms like Facebook, Instagram, Craigslist, Tumblr, The New York Times, The Financial Times, The Atlantic, Vox Media, the USA Today network, and WIRED’s parent company, Condé Nast, are among the many organizations opting to exclude their data from Apple’s AI training.

8.   Surveillance pricing, as the FTC defines it, is “pricing products and services that incorporate data about consumers’ characteristics and behavior.” Retailers have more access than ever to consumer data, including location, demographics, credit history and browsing. Under surveillance pricing, prices are set based on the shopper’s personal data, like shopping habits or web browsing history.

9.   This Wearable AI Notetaker Will Transcribe Your Meetings and Someday, Your Entire Life. Plaud’s AI-powered NotePin records and transcribes all the conversations around you. The company envisions using that data in the future to construct your digital twin. The cloud transcription and summarization service is encrypted by default, but the device itself is not. If a user loses a device and someone else snatches it up, any recordings stored on the device could be accessed if they connect it to their computer.

10. Robert Williams was wrongfully arrested after facial recognition software incorrectly identified him as the person responsible for a 2018 shoplifting spree. Detroit, Michigan, police jailed Williams for more than 30 hours, even after it became clear that he was not responsible for the crime. The Detroit Police Department's decision to seek an arrest warrant for Williams was primarily based upon the results of an inquiry using facial recognition technology. Williams ultimately sued. The case was settled, with Williams set to receive a $300,000 payout for his wrongful arrest.

11. What to know about airline impersonation scams.

12. Plaintext passwords may have struck again. A website linked to National Public Data’s massive breach was storing passwords for its back-end database in a file that anyone could’ve accessed.

13. How a cybersecurity researcher befriended, then doxed, the leader of LockBit ransomware gang. Jon DiMaggio used sockpuppet accounts, then his own identity, to infiltrate LockBit and gain the trust of its alleged admin, Dmitry Khoroshev.

14. Enzo Biochem agreed to pay a $4.5 million penalty and adopt measures to strengthen its cybersecurity practices following a 2023 data breach that affected 2.4 million people. At the time of the cyberattack, Enzo's data security program was deficient in several areas, an August 8 OAG document stated. For example, files stored on shared network space and a database were not encrypted at the file level. Enzo also did not maintain comprehensive records of user and network activity, and the company did not have a system or process in place to monitor for, or provide notice of, suspicious activity. Also, Enzo's process for evaluating potential risks to its information systems was "informal."

15. OpenAI revealed in a safety analysis they released that this anthropomorphic voice may lure some users into becoming emotionally attached to their chatbot. The risks explored in the new system card are wide-ranging, and include the potential for GPT-4o to amplify societal biases, spread disinformation, and aid in the development of chemical or biological weapons. It also discloses details of testing designed to ensure that AI models won’t try to break free of their controls, deceive people, or scheme catastrophic plans. Anthropomorphism might cause users to place more trust in the output of a model when it “hallucinates” incorrect information.

 

Check out our Privacy & Security Brainiacs blog page for more unique security and privacy news items. Have you run across any surprising, odd, offbeat or bizarre security and/or privacy news? Please let us know! We may include it in an upcoming issue.

Privacy & Security Questions and Tips

Rebecca answers hot-topic questions from Tips readers

September 2024

We continue to receive a wide variety of questions about security and privacy. Questions about HIPAA and personal health data are also increasing. Thank you for sending them in! This month in addition to our Question of the Month we’ve included four Quick Hits questions.

 

Are the answers interesting and/or useful to you? Please let us know! Keep your questions coming!

Designed by Freepik.

Question of the Month:



Q1: I saw a recent news story about a woman who discovered an Apple AirTag on her car, which she claims was placed there without her knowing. Why is this happening so much? What can people do to counter it? How can they check to see if any devices are tracking them?


A1:


Why is this happening so much?


The use of air tags and other such tracking technologies for stalking has also occurred multiple times here in central Iowa throughout the past few years. A couple of the trackers ultimately ended up costing the stalkers their businesses (restaurants and bars) as an indirect result. See examples, “Two metro bar owners charged with using GPS device to stalk woman” and “Zora owner Edwin Allen III faces foreclosures with almost $3 million in unpaid debts.”


Stalking people using such technologies is increasingly happening for a wide variety of reasons. Usually, though, it’s because these tiny tracking tools are inexpensive, very easy to use, very easy to hide on the targeted stalking victims, and are also rarely detected. This type of tracking tag stalking can easily occur anywhere in the world.


Along with the risks, such tracking technology can certainly be used for benefits. For example, to keep track of your own luggage while traveling, or to help locate a pet, or a young child.


However, as these stalking cases demonstrate, they can also be used for harmful and criminal actions. They have in some instances resulted in physical harms, and even murder; e.g., “Apple AirTags causing major security [safety] concerns over reports of stalking.


There have been many times when these types of tracking devices were planted in the victim’s clothing (e.g. coat pocket), purse, billfold, car glove box, wheel wells, and other places in situations where the assaulters knew that the victim likely wouldn’t think to look, such as in a toy, or some other location. When considering other types of smart devices, often when the assaulter gives them as a gift to the victim, or someone in the victim’s family, they set up the account before gifting, so they then have access to all the tracking, video, audio and other associated data. Plus, stalkers and assaulters use the vulnerabilities within home and mobile wi-fi connections to also track victims.


A few actions people can take to counter it being a victim of tracker stalking include:

a.   Be aware of the growing problem.

b.   Listen to your worries, and pay attention when someone threatens you, or makes statements that could infer that the person has intentions to surveil you in some way.

c.    Be aware of your surroundings and what people nearby are doing.

d.   In crowded areas (airports, sporting events, bars, entertainment venues, etc.), if you feel a tug on your bag, on your jacket, a bump against your shoulder, arm, back, etc., check your clothing and carried items for any hidden trackers. Make sure you check all pockets, billfolds, and also those zippered and snapped areas as well. Surveillance stalkers can be very adept at quickly and/or surreptitiously opening a closed compartment, inserting a tiny tracker, and then closing it. 

e.   Ask lawmakers to pass or improve upon laws making digital stalking a crime that has significant penalties. The digital tracking laws that exist in most states do not have penalties against digital stalking, or the penalties are so insignificant that they have no deterrence impact.

f.     Use one of the tools (described below) when going to public places, using a rideshare or taxi service, when using a rental car, after parking in a public location, throughout traveling, etc.

g.   When going out to public areas, especially those where it may be crowded and people are being jostled, don’t wear clothing or carry bags/purses/etc., with pockets with loose openings easy for others to put trackers into.

h.   Be cautious accepting gifts from strangers, such as at conferences where there are many tchotchkes made available for attendees to pick up.

i.     Don’t use and keep items found in public, such as USB thumb drives, billfolds, or other items that could have trackers put within them.

j.     Provide these tips to those who have told you they may be being surveilled in some way.

 

How can I check to see if any devices are tracking me?


There are many tools available to use to locate the majority of such current trackers. There are also actions to take. Here are a few of them:


  • Tools:
  • In May of this year (2024), Apple and Google announced an industry specification called “Detecting Unwanted Location Trackers” (DULT) for Bluetooth tracking devices such AirTags, moto tags, and similar trackers. DULT enables sending alerts to users of both iOS (version 17.5 and later), and Android (available for Android 6 and later) devices if the device identifies such a tracker in the vicinity of the individual who has the phone. The alert would be sent to the device and say something like, “[tag description] Found Moving with You.” The person receiving the alert can then look for the tracking device. Here are some links describing how you can use DULT and the associated apps, and more information as it is published about discovering digital trackers.
  • See the yahoo!tech article, “How to Find Hidden or Missing Airtags (and Other Bluetooth Trackers)
  • IETF 120: Detecting Unwanted Location Trackers (DULT) 2024-07-23. A deep dive! Almost two hours. 
  • Occasionally check the IETF Detecting Unwanted Location Trackers (DULT) page for more information as it is released.
  • There are also a wide range of physical tools you can get on many retail sites. These can be used to detect digital trackers in your vicinity. For example, trackers that may have been planted on your vehicle, in your bags, luggage, pockets, or other locations that you don’t normally check that often. If you have a reason to believe you, or a friend or family member, is being, or may be, tracked, it could be a very smart move to invest in a digital tracker detector; it may keep you safe and prevent physical harms. There are many kinds of tracker detectors. Some go for as low as USD $40 - $50 range, and work well. Professional strength detector devices are available in the USD $150 - $250 range. You can see more about these in my business’s “Privacy & Security Brainiacs Privacy and Security Gifts” list; see “Privacy and Security Gifts: 2023 – 2024,” item 19. NOTE: Privacy & Security Brainiacs does not sell these; we just list a wide range of tools to raise awareness of what is available, that people can consider, and then purchase elsewhere.
  • Actions:
  • Use one of the tools previously described when going to public places, using a rideshare or taxi service, when using a rental car, after parking in a public location, throughout traveling, etc.
  • When going out to public areas, especially those where it may be crowded and people are being jostled, don’t wear clothing or carry bags/purses/etc. with pockets with loose openings easy for others to put trackers into.
  • Be cautious accepting gifts from strangers, such as at conferences where there many tchotchkes made available for attendees to pick up. It is easy for some of those to have been planted by others attending the event that may have had such a tracker inserted within them.
  • Don’t use or keep items found in public, such as USB thumb drives, billfolds, or other items that could have trackers put within them; some may be sewn within layers and hard (if even possible) to easily find.


For even more guidance and tips about these issues, here are some more of our resources: Visit our webpage; check out our blog; subscribe to our YouTube channel; follow us on LinkedIn.

Quick Hits:


Here are four more questions we are answering at a comparatively high level. We provide more in-depth information and associated details about these topics in separate blog posts, videos on our YouTube channel, in infographics and e-books, LinkedIn posts to our business page, and within our online training and awareness courses.

Image from US CISA

Q2: How will integrating MFA with zero trust strengthen security measures? What are the challenges to integrating MFA with zero trust?


A2:

First, here are some brief descriptions of MFA and zero trust to establish a common ground of understanding for our readers.


MFA: This initialism stands for “multi-factor authentication.” MFA is authentication using two or more factors for authentication. Factors can include: (i) something you know (e.g. password/personal identification number (PIN)); (ii) something you have (e.g., cryptographic identification device, token); or (iii) something you are (e.g., biometric).


Zero trust: Zero trust is a cybersecurity strategy that includes a collection of concepts and ideas generally designed disallow every type of action within a system or application by default, and to enforce least privilege per-request access decisions in information systems and services.

 

Here are two ways that integrating MFA with zero trust strengthens security:

  • This prevents cybercrooks that have obtained datasets of compromised passwords from using them to authenticate into systems or applications. By having more than one authenticator, it reduces the likelihood that a cyber intruder will gain access to digital assets from using just a single password to authenticate.
  • It helps to defeat phishing tactics that are trying to trick the recipient into providing a password, which would not be sufficient with MFA to allow access into a system or application.

 

In short, MFA is kind of like a zero trust form of authentication, since a single password is not trusted on its own to allow access into an application or system.

 

Even though MFA is a part of zero trust architecture, there are a few challenges to integrating MFA within a business digital ecosystem that is converting to zero trust. A few of the common such challenges include:

  • Resistance from those who are authenticating. Most people already hate entering one password. Some will revolt and be quite vocal about moving to using additional authentication steps.
  • Related to resistance is the often-additional perspective (whether it is true or not) that it will take too long to authenticate with more steps involved.
  • Some applications and systems, especially legacy systems, are configured specifically for single-factor authentication. So, integration with those will require creative, knowledgeable expertise.
  • Increased risk of losing systems and/or applications access. If the MFA service, or servers, go down, then users may not be able to get into the applications and servers. With a single authenticator, most commonly a password, password resets typically do not need separate authentication servers or services.
  • Other security practices may get scrapped or ignored. Many think that MFA provides comprehensive security protections throughout the full digital ecosystem; which of course it does not. MFA is only securing authentication.

Q3: How are recent advancements in AI and machine learning impacting the management of patient data privacy, and what best practices should HIPAA compliance officers implement to address these challenges?

 

A3:

AI and ML are tools to consider, and show great promise for bringing benefits to the many ways in which the provision of healthcare occurs. However, before using AI/ML tools, every healthcare provider needs to first ensure the tools have security and privacy capabilities built within them, and that they have been comprehensively tested, for the full breadth of possibilities, to help mitigate unauthorized PHI data use and sharing, identification of bias in results, and identification of algorithmic inaccuracies, to name a few factors to consider.

 

A key privacy problem is using real patient data to train AI. Typically, when a healthcare provider uses an AI tool to support patient care, that data is also being used at the same time to train the AI tool; a tool that may be utilized in many other healthcare organizations. Lack of security and privacy controls could then lead to unauthorized access by other CEs to the PHI used to train the tools. This is a common problem with using AI supported chatbots to answer patient questions via apps, websites, and other types of interactive tools.

 

Another common problem is that most organizations using such tools do not realize that the AI tool provider is a business associate due to the access to PHI. Providers, and other types of CEs, are obligated to ensure all their BAs are complying with HIPAA requirements; this is for all of the Security Rule, Breach Response Rule, and whatever Privacy Rule requirements apply to the associated BA based upon their services and/or products.

 

These are just two common patient privacy problems that using AI and ML tools create.


We will be providing a 2-minute Warning video this month about best practices that healthcare organizations can implement to address these challenges. We also have this on our course list to create to do a deep dive into each of the best practices.

Image from US FAA.GOV

Q4: The FAA recently announced that it is proposing new cybersecurity rules for airplanes and aviation equipment to combat cybersecurity threats that target aircrafts, engines, and network aviation systems. What these proposed rules mean for the aerospace industry, and what are the roles that connected systems play in cybersecurity? 


A4: The rules are generally emphasizing the need for organizations throughout the aerospace industry to have cybersecurity rules established that are context based. This is good! That is the way it should always have been. Every organization, in any industry, needs to establish context-based safeguards of all types. This means, the safeguards chosen and implemented must mitigate to acceptably low levels each organization’s own unique business ecosystem, and associated unique risks. All organizations are different, and have different security vulnerabilities and threats within their digital ecosystems. Security controls and associated actions and protections should be risk-based. For far too long organizations have been trying to boil down what is necessary to short checklists, which don’t take into consideration the context of each ecosystem.


The FAA’s proposal will strengthen cybersecurity throughout the aerospace industry, if each organization thoughtfully, and comprehensively, considers its own unique threats and vulnerabilities, and then establishes the protections appropriate to the contexts of their operations to mitigate the risks to acceptably low risk levels.


The vast and growing number and types of devices connected to internal or external data networks and services, that are used to make significant decisions and to take specific actions throughout the air traffic ecosystem, makes it absolutely necessary to ensure more comprehensive cybersecurity protections are implemented throughout the airline industry, including throughout the edge devices. If they are not, there will be increasingly more flight incidents, and tragedies, including loss of life.


It is absolutely necessary for any entity in the airline industry to have not only a risk analysis plan, but to also have it included as part of the larger, comprehensive security risk management plan. This is necessary not only to identify as many potential threats as possibly, but also just as importantly to identify as many vulnerabilities as possible. For example, any of the applications, systems, or devices that use vulnerable Log4j code create risks that need to be identified in all locations, and then removed. Within having a comprehensive risk management program, there are the very real risks of adverse effects not only on the safety of the airplane, but also the health, safety, and literally lives, of those flying and passengers on the aircrafts.

Image from macrovector.

Q5: How are wearable technologies impacting the security market?


A5: The types of wearables are exponentially increasing with no sign of slowing down. Before looking at the market impacts, it is important to first recognize that there are unlimited types of wearables that are available with more  emerging on a continuous basis. All those wearables are being engineered in vastly different ways, with vastly different security and privacy capabilities. More often than not, they do not even have any such capabilities built within them. Now consider some of the factors that create not only security risks, but also privacy risks. The name, “wearables,” is quite literal; anything a person can wear in any way can be digitized and computerized: jewelry, clothing, safety equipment, eye glasses, hearing aids, tattoos, wireless mics, and more.


Wearables can be engineered to do a wide range of possible capabilities. They can listen and record audio, record video, take photos, change settings for not only other internet of things (IoT) products within their digital ecosystem, but also activate other computing and digital products, and perform a wide range of processing activities. Increasingly more wearables run on System on Chip (SoC) technologies, which integrate many different functions into a tiny chip. This, very simply put, make a wearable a mainframe on a person’s body. The more wearables you have, the more mainframes you are carrying around, and the more ways in which you can be targeted, and the ways the vast number of associated privacy and security risks exploited. Recognize that those with wearables can be entering and exiting  many different types of wireless networks and associated ecosystems throughout the course of their day. Wearables cannot be effectively secured with traditional security tools, including long-used types of firewalls and DMZs.


The stage is set for a vast range of security, as well as privacy risks, that wearables enable in ways that traditional security products do not currently address. This impacts the security market significantly because traditional security products are not engineered, and do not have the capabilities, to identify, mitigate, and effectively block all the risks that wearables bring. I’ve seen many vendors trying to convince potential customers that their product will fully protect wearables. However, significant vulnerabilities are not addressed in many security products, and privacy protections are not engineered within such solutions. Security manufacturers who want to gain a market share from those using wearables need to recognize these facts, and update their solutions to address these new types of risks. Otherwise they will need to find other manufacturers of security solutions for components of wearables that they can partner with and integrate within their solutions to fill these gaps in security and privacy protections that currently exist in their security offerings.

Data Security & Privacy Beacons*

People and Places Making a Difference

We get many suggestions for beacons from our readers and Rebecca’s podcast/radio show listeners; thank you! We include many of them when the suggestions are for businesses other than the suggester’s. Typically for those, the suggester feels deserve recognition for noteworthy data security and privacy actions. However, we do not include businesses, organizations, or people trying to promote themselves to get free marketing, and we do not take payments to put organizations or people on this list. We try to contact as many as possible after publishing our Tips to let them know we put them on our beacons list, though. If you have someone or an organization to suggest, let us know! We may include them in an upcoming Tips issue.

Image from vectorjuice.

*Privacy Beacons do not necessarily indicate that an organization or person is addressing every privacy protection perfectly. It simply highlights a noteworthy example of privacy-aware practices.

Check It Out!

Check It Out!


We have published the episode 4 of our “2-Minute Warning” security and privacy videos.

PSB 2-Minute Warning Episode 4: Harms Caused by Posting Personal Data to Online Sites

This month will be publishing the next episode of our 2-Minute Warning videos.

 

For a limited time only! Get an end of summer discount on our courses. Including, “HIPAA Basics for Business Associates: 2024 Edition.” Check it out at our site. This month we will be publishing our new online course, “HIPAA Basics for Covered Entities: 2024 Edition.”

 

Coming in October!

 

We will be holding a live event with Dr. M.E. Kabay, our inaugural Master Expert! In addition to his new course, Secure Coding, his latest book, “The Expert in the Next Office: Tools for Managing Operations and Security in the Era of Cyberspace,” was just published. Dr. Kabay will be answering your questions about his course, his book, and anything else you’d like to know about information, computer and cybersecurity. Follow our Privacy & Security Brainiacs page on LinkedIn to see the date and attendance information when it has been established.

 

What topics would you like to see us create online courses for? Let us know!

 

Have questions about our education offerings? Contact us!

Where to Find The Privacy Professor

On September 19, Rebecca will deliver the IANS Research event, Create a Privacy Executive Dashboard. Rebecca is an IANS faculty member. Here is the overview:

 

Continued proliferation of comprehensive privacy laws—and subsequent litigation—has pushed privacy awareness into the C-suite. Providing adequate visibility into performance of your privacy initiatives can help security teams obtain and maintain business buy-in. An effective executive metrics dashboard is key here. In this symposium, we discuss:

 

Partnering with the privacy team to identify shared metrics and KPIs that tell a cohesive story of how security drives privacy gains.

Collaborating with business leaders to understand the privacy risks that are most concerning to them.

Setting maturation goals that show progress in mitigating the risks that matter to the business.

Distilling your shared privacy metrics and KPIs into an executive-ready view that provides a valuable snapshot of your program.

Audience

 

This event is for IANS clients and invited guests — there is no vendor sponsorship or presence.

 

On August 28, Rebecca provided the ending keynote for the SecureWorld virtual Manufacturing & Retail conference. Her talk, “Navigating the Future: Privacy and Cybersecurity Challenges in the Era of an All-Connected World,” was recorded and available to view now. Register here to view the recording. 

Plan Ahead!

Plan now to attend Rebecca’s 2-day course with EPIC live, online training November 21. “Cybersecurity for Engineers and Technical Professionals.

The Privacy Professor | Website

Privacy & Security Brainiacs| Website
Facebook  Twitter  Linkedin  

Permission to Share



If you would like to share, please forward the Tips message in its entirety. You can share excerpts as well, with the following attribution:


Source: Rebecca Herold. September 2024 Privacy Professor Tips

www.privacysecuritybrainiacs.com.


NOTE: Permission for excerpts does not extend to images.


Privacy Notice & Communication Information


You are receiving this Privacy Professor Tips message as a result of:

 

1) subscribing through PrivacyGuidance.com or PrivacySecurityBrainiacs.com or

2) making a request directly to Rebecca Herold or 

3) connecting with Rebecca Herold on LinkedIn


When LinkedIn users invite Rebecca Herold to connect with them, she sends a direct message when accepting their invitation. That message states that in the spirit of networking and in support of the communications that are encouraged by LinkedIn, she will send those asking her to link with them her monthly Tips messages. If they do not want to receive the Tips messages, the new LinkedIn connections are invited to let Rebecca know by responding to that LinkedIn message or contacting her at rebeccaherold@rebeccaherold.com

 

If you wish to unsubscribe, just click the SafeUnsubscribe link below.

The Privacy Professor | 625 42nd Street | Des Moines, IA 50312 US

Unsubscribe | Update Profile | Constant Contact Data Notice

Constant Contact