Posts about Data Security Best Practices by Professor Daniel J. Solove for his blog at TeachPrivacy, a privacy awareness and security training company.
I recently created a new resource page — How to Make Security Training Effective. The page contains my advice for how to make security training memorable and effective in changing behavior. Training the workforce is an essential way to protect data security, but not all training endeavors are successful. Poor training is akin to shouting […]
What laws require security awareness training? What topics do the laws require to be covered? What should be covered? How frequently should training be given? I recently created a new resource page — Security Awareness Training FAQ — to answer the above questions and more. I discuss various legal and industry requirements for security awareness […]
I’ve been going through my blog posts from 2015 to find the ones I most want to highlight. Here are some selected posts about security: The Worst Password Ever Created Should the FTC Kill the Password? The Case for Better Authentication
A popular way some organizations are raising awareness about phishing is by engaging in simulated phishing exercises of their workforce. Such simulated phishing can be beneficial, but there are some potential pitfalls and also important things to do to ensure that it is effective. 1. Be careful about data collection and discipline Think about the data […]
The Payment Card Industry (PCI) Security Standards Council recently released a helpful short guide to preventing phishing attacks. Merchants and any other organization that accepts payment cards most follow the PCI Data Security Standard (PCI DSS). One of the requirements of the PCI DSS is to train the workforce about how to properly collect, handle, […]
Recently, the FTC issued a short guide to what organizations can do to protect data security. It is called Start with Security (HTML) — a PDF version is here. This document provides a very clear and straightforward discussion of 10 good information security measures. It uses examples from FTC cases.
By Daniel J. Solove A recent New York Times article discusses the issue of what happens to your personal data when companies go bankrupt or are sold to other companies: When sites and apps get acquired or go bankrupt, the consumer data they have amassed may be among the companies’ most valuable assets. And […]
by Daniel J. Solove There are certainly many hackers with sophisticated technical skills and potent malicious technologies. These threats can seem akin to Leviathan — all powerful and insurmountable. It can be easy to get caught up focusing on the Leviathan and miss the low-hanging fruit of cybersecurity. This low-hanging fruit consists of rather simple […]
By Daniel J. Solove The recent breach of the Office of Personnel Management (OPM) network involved personal data on millions of federal employees, including data related to background checks. OPM is now offering 18 months of free credit monitoring and identity theft insurance to victims. But as experts note in a recent Washington Post article, […]
by Daniel J. Solove According to a survey commissioned by Thales e-Security, the use of encryption by organizations is increasing. Ten years ago, only 15% had an enterprise-wide encryption strategy. Now, 36% have such a strategy. Some other interesting findings from the survey also found, according to a ZDNet article: