PRIVACY + SECURITY BLOG

News, Developments, and Insights

high-tech technology background with eyes on computer display

The Funniest Hacker Stock Photos

stock photos

By Daniel J. Solove

 

I produce computer-based privacy and data security training, so I’m often in the hunt for stock photos. One of the hardest things in the world to do is to find a stock photo of a hacker that doesn’t look absolutely ridiculous.

I’ve gone through hundreds of hacker stock photos, and I’ve discovered some that are so absurdly funny that they are true classics and deserve to be celebrated in a hall of fame. So I bought some of these gems to share them with you — because if there’s any sense of justice in the universe, when so much thought, creativity, and effort goes into a stock photo, it deserves to be sold.

Continue Reading

The Worst Password Ever Created

worst password ever created

by Daniel J. Solove

People create some very bad passwords. In the list of the most popular passwords of 2014, all of them are terrible. Just look at the top 10:

  1. 123456
  2. password
  3. 12345
  4. 12345678
  5. Qwerty
  6. 123456789
  7. 1234
  8. baseball
  9. dragon
  10. football

Continue Reading

The $500,000 Value of Data Security Awareness Training

data security awareness training

by Daniel J. Solove

It has long been difficult to quantify the ROI of data security awareness training.

But finally, I have been able to locate a number. According to a 2014 PricewaterhouseCoopers study: “The financial value of employee awareness is even more compelling. Organizations that do not have security awareness programs—in particular, training for new employees—report significantly higher average financial losses from cybersecurity incidents. Companies without security training for new hires reported average annual financial losses of $683,000, while those do have training said their average financial losses totaled $162,000.”

Continue Reading

Verifying Identity: From One Foolish Way to Another

Social Security Numbers

For quite some time, banks and financial institutions have been using people’s Social Security Numbers (SSNs) to verify their identities. Suppose you want to access your bank account to check your balance, change addresses, or close out the account. You call the bank, but how does the bank know it’s really you? For a while, banks were asking you for your SSN. Your SSN was used akin to a password. If you knew this “secret” number, then it must be you. Of course, as I have written about at length, a SSN is one of the dumbest choices for a password. Not only is it a password that can readily be found out, but it is a password that’s very hard to change. Not a wise combination. People’s SSNs are widely available, and the data security breaches in the past two years exacerbated the exposure. A lot of legislative attention has focused on the leakers of the data, and rightly so, but not enough attention has been focused on the businesses that use people’s SSNs as passwords. If SSNs weren’t used in this way, leaking them wouldn’t cause the harm it does.

Continue Reading