By now, you've probably seen the ad that Pepsi released to the world and then quickly withdrew when it became obvious how tone deaf it was.I don't have anything to say about the ad that hasn't been said already, but I do want to examine the conditions that led to an ad of such obliviousness to be released. Why? Because Pepsi’s failed attempt to promote itself may have some lessons for those anxious to keep their company from experiencing a similar calamity when it comes to the release of personal data. I’d like to use this post to explore how the Privacy By Design approach to improving organizational awareness about data protection may offer a way to avoid such pitfalls.To read this article in full or to leave a comment, please click here
By now, you've probably seen the ad that Pepsi released to the world and then quickly withdrew when it became obvious how tone deaf it was.I don't have anything to say about the ad that hasn't been said already, but I do want to examine the conditions that led to an ad of such obliviousness to be released. Why? Because Pepsi’s failed attempt to promote itself may have some lessons for those anxious to keep their company from experiencing a similar calamity when it comes to the release of personal data. I’d like to use this post to explore how the Privacy By Design approach to improving organizational awareness about data protection may offer a way to avoid such pitfalls.To read this article in full or to leave a comment, please click here
I spoke to a 5th grade class about identity theft the other day. I quickly discovered that these kids were struggling with EXACTLY the same problems most of us struggle with in our workplace and our personal lives. They were swimming in a sea of dubious information, not able to tell what was real and what was not, or if they were being scammed or by whom.“Sometimes I’m gaming,” said one kid, “and someone asks ‘What’s your real name?’ and I’m like, why does he need to know?”“I was on this chat board, and I could just tell this person was totally fake, but I didn’t know what to do,” said another kid.+ Also on Network World: What fake news means for IT—and how IT security can help fight it +
The truth is, every day, in every possible way, we get bombarded with fake information. It doesn’t matter how old we are, how smart we are, whether we’re at home or at work. The world is full of falsity, whether it’s phishing, fake news or some weirdo trying to learn more about us when we’re playing a video game.To read this article Continue reading
I spoke to a 5th grade class about identity theft the other day. I quickly discovered that these kids were struggling with EXACTLY the same problems most of us struggle with in our workplace and our personal lives. They were swimming in a sea of dubious information, not able to tell what was real and what was not, or if they were being scammed or by whom.“Sometimes I’m gaming,” said one kid, “and someone asks ‘What’s your real name?’ and I’m like, why does he need to know?”“I was on this chat board, and I could just tell this person was totally fake, but I didn’t know what to do,” said another kid.+ Also on Network World: What fake news means for IT—and how IT security can help fight it +
The truth is, every day, in every possible way, we get bombarded with fake information. It doesn’t matter how old we are, how smart we are, whether we’re at home or at work. The world is full of falsity, whether it’s phishing, fake news or some weirdo trying to learn more about us when we’re playing a video game.To read this article Continue reading
While this blog is nominally mine, I don’t come up with ideas in a vacuum. This article on W-2 scams sprung from a conversation I had with my colleague Steve Williams, who ended up being my co-author. Check out more about him at the end of this piece.Multiple times each year, LinkedIn feeds and information security forums light up with examples of the latest and greatest versions of phishing attacks. Most recently the hot stories have been about a simple targeted request that avoids links, attachments, and malware, plays friendly with email filters, and appears extremely urgent to the recipient. This form of phishing is known as the W-2 scam.To read this article in full or to leave a comment, please click here
While this blog is nominally mine, I don’t come up with ideas in a vacuum. This article on W-2 scams sprung from a conversation I had with my colleague Steve Williams, who ended up being my co-author. Check out more about him at the end of this piece.Multiple times each year, LinkedIn feeds and information security forums light up with examples of the latest and greatest versions of phishing attacks. Most recently the hot stories have been about a simple targeted request that avoids links, attachments, and malware, plays friendly with email filters, and appears extremely urgent to the recipient. This form of phishing is known as the W-2 scam.To read this article in full or to leave a comment, please click here
Remember that moment when you really committed yourself to solid security and privacy practices? The moment when you committed to never clicking on a link you weren’t sure about, to always checking for badges on people coming in the door, to always using your password manager to create a complex password? If you do, you reached your “cybersecurity tipping point.”For many, that moment has not yet come. And if you are reading this article, it might be your job to get your employees to hit that point. And you already know that the hard part is figuring out how.To read this article in full or to leave a comment, please click here
Remember that moment when you really committed yourself to solid security and privacy practices? The moment when you committed to never clicking on a link you weren’t sure about, to always checking for badges on people coming in the door, to always using your password manager to create a complex password? If you do, you reached your “cybersecurity tipping point.”For many, that moment has not yet come. And if you are reading this article, it might be your job to get your employees to hit that point. And you already know that the hard part is figuring out how.To read this article in full or to leave a comment, please click here
I admit it: I sometimes suffer from “security fatigue,” and I bet you do, too.If you’ve ever reused a password for a new site login, thinking the site isn’t that important, you suffer from it. If you’ve clicked on a tempting email offer or social media request, even if it looked sketchy, you’ve got it. And if you’ve sent a business document to your private email so you can keep working on it at home, you’ve definitely got it.+ Also on Network World: The CSO password management survival guide +
You’re not alone. Security fatigue is a bug the majority of us have. A NIST study recently reported that most people don’t do the right thing when it comes to cybersecurity because they are too lazy, too hurried, or not convinced that they are a target for cybercrime.To read this article in full or to leave a comment, please click here
I admit it: I sometimes suffer from “security fatigue,” and I bet you do, too.If you’ve ever reused a password for a new site login, thinking the site isn’t that important, you suffer from it. If you’ve clicked on a tempting email offer or social media request, even if it looked sketchy, you’ve got it. And if you’ve sent a business document to your private email so you can keep working on it at home, you’ve definitely got it.+ Also on Network World: The CSO password management survival guide +
You’re not alone. Security fatigue is a bug the majority of us have. A NIST study recently reported that most people don’t do the right thing when it comes to cybersecurity because they are too lazy, too hurried, or not convinced that they are a target for cybercrime.To read this article in full or to leave a comment, please click here
I wouldn’t wish a ransomware attack on anyone. A particularly destructive form of malware, ransomware has made a name for itself this year as one of the internet’s top threats. A recent survey revealed that half of companies had responded to a ransomware attack, with 85 percent reporting three or more. If it locks down your personal computer, it’s a royal pain. But if it gets onto a network drive at your work, that pain is multiplied by the number of employees and more.Systematically locking down every computer on the network, ransomware puts your entire workforce out of work and sends your IT guys to the mats trying to find the money to pay the ransom or the backups to bring the network back online. Long story short: Ransomware is bad news!To read this article in full or to leave a comment, please click here
I wouldn’t wish a ransomware attack on anyone. A particularly destructive form of malware, ransomware has made a name for itself this year as one of the internet’s top threats. A recent survey revealed that half of companies had responded to a ransomware attack, with 85 percent reporting three or more. If it locks down your personal computer, it’s a royal pain. But if it gets onto a network drive at your work, that pain is multiplied by the number of employees and more.Systematically locking down every computer on the network, ransomware puts your entire workforce out of work and sends your IT guys to the mats trying to find the money to pay the ransom or the backups to bring the network back online. Long story short: Ransomware is bad news!To read this article in full or to leave a comment, please click here
Tom Pendergast