The Short List: Tips and Tools for Data Security Beginners

Lately we’ve been focusing on free resources that are available to help bring IT admins up to speed on security matters. Along these lines, I put together a short list of essential tips and tools to let you hit the ground running — actionable ideas and software that will make you productive on Day 1….

Women in Data Security, Compliance, and Privacy You Should Follow on Twitter

There are many articles lately lamenting the lack of women in technology. I’m happy we’re having this discussion and that groups are working towards fixing the problem, but I’d like to shift the focus to the women that are in technology. The good news is that female technologists in data security, compliance, and privacy do…

Privacy-Practices-2

Privacy by Design Cheat Sheet

Privacy by Design (PbD) has been coming up more and more in data security discussions. Alexandra Ross, the Privacy Guru, often brings it up in her consultations with her high tech clients. Its several core principles have been adopted by U.S. government agencies and others as de facto best practices polices. PbD is about 20…

Windows 10’s Security Reboot, Part III: FIDO and Beyond

FIDO’s Universal Two Factor (U2F) is intended to make it easy for companies to add a strong second factor to their existing crypto infrastructure. Most of us are probably not ready to leap ahead to the password-less Universal Authentication Factor (UAF), which I touched on in the previous post in this series. So U2F is…

health-insurance-and-wearable

What if Fitness Wearables Affected Our Health Insurance Rates?

Fitness wearables have been very popular, but sadly not very sticky. After 3-4 months, consumers tend to put them in a drawer and never wear them again. Many companies in this space think the solution might be to increase the value of the data that these fitness wearables collect. For instance, companies like FitBit started…

Interview With Alexandra Ross, The Privacy Guru

Alexandra Ross is not your ordinary attorney practicing privacy law. Her CV includes a stint as Associate General Counsel for Wal-Mart Stores, where she built this giant retailer’s privacy policies and procedures from the ground up. She is San Francisco based and consults with many Bay area tech companies. Her point of view on privacy…

US Healthcare and Pharmaceutical Companies Are Vulnerable

A recent survey conducted by the Ponemon Institute suggests that more than half of U.S. healthcare and pharmaceutical employees believe that their organizations do not place a high priority on the protection of sensitive data. Commissioned by Varonis, the Ponemon survey looked at internal security risks as seen by IT employees. When examining the results…

Ontario_Wa-31

How to Detect Dropbox on Your Network

The University of Liverpool recently found over 3,000 individual instances of Dropbox running on their network. These unmanaged file sharing points throughout their network were causing an ever growing list of increasingly serious complaints from their users: It was difficult to establish who owned which documents (an important issue when writing your dissertation). It was…

password-sos1

Windows 10’s Security Reboot, Part I: Authentication

There’s incredible excitement about the Windows 10 release. If you completely quantum leap over Windows 9, you’d expect big things. In December, I was talking with NYU-Poly’s Professor Justin Cappos. He’s a security expert and had nothing but high praise for Microsoft’s security group. But he added their cutting-edge research doesn’t necessarily make it into…

iamyourcustomer

Timely Cybercrime Analysis from FINRA

Hackers stealing passwords, credit card and social security numbers, and health insurance IDs can lead to significant dollar losses. But let’s think the unthinkable: hackers getting access to our retirement, 401(k), and brokerage accounts. Of course, that’s where the real money is. The Financial Industry Regulatory Authority (FINRA), an independent watchdog group, recently published a…