PRIVACY + SECURITY BLOG

News, Developments, and Insights

high-tech technology background with eyes on computer display

Cartoon: Devils of Data Security

Cartoon Devils of Security - TeachPrivacy Security Awareness Training 02 medium

I hope you enjoy my latest cartoon about data security — a twist on the angel on one shoulder and devil on the other.  Humans are the weakest link for data security.  Attempts to control people with surveillance or lots of technological restrictions often backfire.  I believe that the most effective solution is to train […]

Read More…

Phishing Cartoon: Signs of a Phishing Scam

Misspelled words and bad grammar are tell-tale signs of phishing.   Why don’t phishers learn spelling and grammar?  Can’t they afford a copy of Strunk and White? Phishers don’t need to spell better because their poorly-written schemes still fool enough people.  It’s just math for the phishers — a numbers game.   If you handle IT […]

Read More…

Phishing Cartoon: Why Do Phishers Keep Sending Obvious Scam Emails?

Phishing Cartoon

Why do phishers waste their time with such obvious phishing scams when they can do so much better? One possible answer: They don’t have to do better.  They send out so many emails that they only need a very low percentage of people to click.  And people always do.  In fact, if phishing emails became […]

Read More…

Phishing Your Employees: 3 Essential Tips

Phishing Training

A popular way some organizations are raising awareness about phishing is by engaging in simulated phishing exercises of their workforce.  Such simulated phishing can be beneficial, but there are some potential pitfalls and also important things to do to ensure that it is effective. 1. Be careful about data collection and discipline Think about the data […]

Read More…

PCI Training: Reducing the Risk of Phishing Attacks

PCI Training Payment Card Data Risks

The Payment Card Industry (PCI) Security Standards Council recently released a helpful short guide to preventing phishing attacks.  Merchants and any other organization that accepts payment cards most follow the PCI Data Security Standard (PCI DSS).  One of the requirements of the PCI DSS is to train the workforce about how to properly collect, handle, […]

Read More…

New Security Training Program: Social Engineering: Spies and Sabotage

I am pleased to announce the launch of our new training program, Social Engineering: Spies and Sabotage. This course is a short module (~7 minutes long) that provides a general introduction to social engineering. After discussing several types of social engineering (phishing, baiting, pretexting, and tailgaiting), the course provides advice for avoiding these tricks and […]

Read More…

The High Cost of Phishing and the ROI of Phishing Training

A study recently revealed that nearly 25% of data breaches involve phishing, and it is the second most frequent data security threat companies face.  Phishing is an enormous problem, and it is getting worse. In a staggering statistic, on average, a company with 10,000 employees will spend $3.7 million per year handling phishing attacks. […]

Read More…

Mr. Robot: My Review of the New TV Series

by Daniel J. Solove I’ve really been enjoying the new TV series Mr. Robot on USA. Network.  It presents highly-engaging depictions of hacking and social engineering, and it is great entertainment for privacy and security  geeks. The protagonist is Elliot Alderson (played by Rami Malek), a tech who works at a cybersecurity firm in New York City.  […]

Read More…

Cybersecurity in the Boardroom

by Daniel J. Solove A few days ago, I posted about how boards of directors must grapple with privacy and cybersecurity.   Today, I came across a survey by NYSE Governance Services and Vericode of 200 directors in various industries. According to the survey, about two-thirds of directors are less than confident about their company’s cybersecurity.  […]

Read More…

The Terrifying Math of Phishing

by Daniel J. Solove Although we are seeing increasingly more sophisticated attempts at phishing, it appears as though many phishers still haven’t been able to get their hands on a program with spell check.  Why are we still seeing the $10 million lottery winning emails?  Or the long lost relative of yours living in Fiji […]

Read More…