Privacy-Practices-2

Privacy by Design Cheat Sheet

Privacy by Design (PbD) has been coming up more and more in data security discussions. Alexandra Ross, the Privacy Guru, often brings it up in her consultations with her high tech clients. Its several core principles have been adopted by U.S. government agencies and others as de facto best practices polices. PbD is about 20…

Windows 10’s Security Reboot, Part III: FIDO and Beyond

FIDO’s Universal Two Factor (U2F) is intended to make it easy for companies to add a strong second factor to their existing crypto infrastructure. Most of us are probably not ready to leap ahead to the password-less Universal Authentication Factor (UAF), which I touched on in the previous post in this series. So U2F is…

health-insurance-and-wearable

What if Fitness Wearables Affected Our Health Insurance Rates?

Fitness wearables have been very popular, but sadly not very sticky. After 3-4 months, consumers tend to put them in a drawer and never wear them again. Many companies in this space think the solution might be to increase the value of the data that these fitness wearables collect. For instance, companies like FitBit started…

Interview With Alexandra Ross, The Privacy Guru

Alexandra Ross is not your ordinary attorney practicing privacy law. Her CV includes a stint as Associate General Counsel for Wal-Mart Stores, where she built this giant retailer’s privacy policies and procedures from the ground up. She is San Francisco based and consults with many Bay area tech companies. Her point of view on privacy…

US Healthcare and Pharmaceutical Companies Are Vulnerable

A recent survey conducted by the Ponemon Institute suggests that more than half of U.S. healthcare and pharmaceutical employees believe that their organizations do not place a high priority on the protection of sensitive data. Commissioned by Varonis, the Ponemon survey looked at internal security risks as seen by IT employees. When examining the results…

Ontario_Wa-31

How to Detect Dropbox on Your Network

The University of Liverpool recently found over 3,000 individual instances of Dropbox running on their network. These unmanaged file sharing points throughout their network were causing an ever growing list of increasingly serious complaints from their users: It was difficult to establish who owned which documents (an important issue when writing your dissertation). It was…

password-sos1

Windows 10’s Security Reboot, Part I: Authentication

There’s incredible excitement about the Windows 10 release. If you completely quantum leap over Windows 9, you’d expect big things. In December, I was talking with NYU-Poly’s Professor Justin Cappos. He’s a security expert and had nothing but high praise for Microsoft’s security group. But he added their cutting-edge research doesn’t necessarily make it into…

iamyourcustomer

Timely Cybercrime Analysis from FINRA

Hackers stealing passwords, credit card and social security numbers, and health insurance IDs can lead to significant dollar losses. But let’s think the unthinkable: hackers getting access to our retirement, 401(k), and brokerage accounts. Of course, that’s where the real money is. The Financial Industry Regulatory Authority (FINRA), an independent watchdog group, recently published a…

crypto

How to Detect and Clean CryptoLocker Infections

CryptoLocker is by now a well known piece of malware that can be especially damaging for any data-driven organization. Once the code has been executed, it encrypts files on desktops and network shares and “holds them for ransom”, prompting any user that tries to open the file to pay a fee to decrypt them. For…

Inside the World of Insider Threats, Part IV: Conclusions

We’ve covered a lot of ground in this series of posts on insider threats. To quickly review, insiders who commit IT sabotage or theft of sensitive information are more technical employees with a predisposition to destructive behavior. However, there’s usually a trigger event associated with a job or career disappointment that puts them over the…