PRIVACY + SECURITY BLOG

News, Developments, and Insights

high-tech technology background with eyes on computer display

Cybersecurity vs. Humans: The Human Problem Requires a Human Answer

Data Security Human Error - Security Awareness Training

According to a recent Ponemon Institute study, the odds of an organization having a data breach are 1 in 4.  The study also found that the average cost of a data breach is $3.62 million in 2017.  That’s a drop of 10%, but the size of data breaches has increased. The Human Problem The vast […]

Read More…

Law Firm Cybersecurity: An Industry at Serious Risk

Last year, major incidents involving law firm data breaches brought attention to the weaknesses within law firm data security and the need for more effective plans and preparation. An American Bar Association (ABA) survey reveals that 26% of firms (with more than 500 attorneys) experienced some sort of data breach in 2016, up from 23% in 2015. […]

Read More…

Epilogue to the St. Louis Cardinals Baseball Hacking Case

St Louis Cardinals Hacking Baseball

A while ago, I wrote about a case involving a member of the St. Louis Cardinals baseball team staff who improperly accessed a database of the Houston Astros.   There is now an epilogue to report in the case.  The individual who engaged in the illegal access — a scouting director named Chris Correa — […]

Read More…

Ransomware: A Cartoon to Brighten More Bad News

Ransomware cartoon

I have good news and bad news about ransomware.  First, the good news — here’s a cartoon I created.  I hope you enjoy it, because that’s the only good news i have.  Now, for the bad news . . . The Bad News: Be Afraid, Very Afraid Everyone seems to be afraid of ransomware these […]

Read More…

Is a Ransomware Attack a HIPAA Data Breach?

Ransomware - Security Awareness Training

As ransomware escalates and poses serious security risks for healthcare institutions, many privacy experts and legislators have called for more specific guidance from the U.S. Department of Health and Human Services (HHS). A few weeks ago, HHS responded to these calls with a detailed fact sheet to explain ransomware and provide advice.  Although most of […]

Read More…

Passwords Cartoon – Security Awareness Training

Cartoon Passwords - TeachPrivacy Security Awareness Training 01

Here’s a cartoon I created to illustrate the importance of security awareness training.  I hope you find it amusing. […]

Read More…

New Resource Page: How to Make Security Training Effective

Effective Security Training

I recently created a new resource page —  How to Make Security Training Effective.  The page contains my advice for how  to make security training memorable and effective in changing behavior. Training the workforce is an essential way to protect data security, but not all training endeavors are successful.  Poor training is akin to shouting […]

Read More…

New Resource Page: Security Awareness Training FAQ

Security Awareness Training FAQ 01

What laws require security awareness training?  What topics do the laws require to be covered?  What should be covered?  How frequently should training be given? I recently created a new resource page — Security Awareness Training FAQ — to answer the above questions and more.  I discuss various legal and industry requirements for security awareness […]

Read More…

6 Reasons to Visit the TeachPrivacy Booth at the IAPP Summit 2016

TeachPrivacy privacy and security awareness training 03 IAPP

Please stop by the TeachPrivacy booth at the expo at the IAPP Summit.   1. Play our new game.  See if you can spot all the privacy and data security risks in this scene.  Pick up a copy of the scene, see our poster, and try out our interactive module. […]

Read More…