Posts about Cybersecurity by Professor Daniel J. Solove for his blog at TeachPrivacy, a privacy awareness and security training company.
Why do phishers waste their time with such obvious phishing scams when they can do so much better? One possible answer: They don’t have to do better. They send out so many emails that they only need a very low percentage of people to click. And people always do. In fact, if phishing emails became […]
Contracting with cloud service providers has long been a world shrouded in fog. Across various organizations, cloud service agreements (CSAs) are all over the place, and often many people entering into these contracts have no idea what provisions they should have to protect their data.
A recent article in Wired argues that it is time to kill password recovery questions. Password recovery questions are those questions that you set up in case you forget your password. Common questions are: In what city were you born? What is your mother’s maiden name? Where did you go to high school?
I have good news and bad news about ransomware. First, the good news — here’s a cartoon I created. I hope you enjoy it, because that’s the only good news i have. Now, for the bad news . . . The Bad News: Be Afraid, Very Afraid Everyone seems to be afraid of ransomware these […]
Here’s a cartoon I created to illustrate the importance of security awareness training. I hope you find it amusing.
Security experts are sounding the alarm bell as ransomware attacks continue to increase rapidly since my last post on the subject.
There is a significant degree of confusion and lack of awareness about attorney confidentiality and cybersecurity obligations. This issue is especially acute when it comes to using the cloud to store privileged documents. A common myth is that storing privileged documents in the cloud is a breach of attorney-client confidentiality. In other instances, many attorneys […]
In previous posts, I have listed some of my favorite novels and movies about privacy and security issues. I don’t want to leave out TV, as there are some great TV series too.
I recently created a new resource page — How to Make Security Training Effective. The page contains my advice for how to make security training memorable and effective in changing behavior. Training the workforce is an essential way to protect data security, but not all training endeavors are successful. Poor training is akin to shouting […]
What laws require security awareness training? What topics do the laws require to be covered? What should be covered? How frequently should training be given? I recently created a new resource page — Security Awareness Training FAQ — to answer the above questions and more. I discuss various legal and industry requirements for security awareness […]