Posts about Data Security Training by Professor Daniel J. Solove for his blog at TeachPrivacy, a privacy awareness and security training company.
Ransomware is on a rampage! Attacks are happening with ever-increasing frequency, and ransomware is evolving and becoming more powerful. Several major media sites, such as the New York Times, BBC, AOL, and the NFL, were recently infected with malware that directed visitors to sites attempting to install ransomware on their computers. Ransomware has the potential […]
Back by popular demand, it’s time for another round of the funniest hacker stock photos. Because I create information security awareness training (and HIPAA security training too), I frequently find myself in need of a good hacker photo. But good hacker photos are hard to find. I often browse through countless images, each one more […]
I created a new poster about information security training, which is debuting at the RSA conference. This poster is based on the fact that the vast majority of information security incidents and data breaches occur because of human mistakes. Information security is only in small part a technology problem; it is largely a human problem. […]
I’m pleased to announce a new training program: Spot the Risks: Privacy and Security. The program is a Where’s Waldo style risk-spotting game that takes about 5 minutes to complete. Trainees are asked to spot the risks in an office. Feedback is provided about each risk so trainees learn many of the most important best […]
I created some new training programs last year, and here are some of the highlights: The Ransomware Attack (~5 mins) This short program (~5 minutes) consists of an interactive cartoon vignette about malware. The program is highly interactive, and trainees engage with a scenario involving ransomware. Although this program involves ransomware, the lessons it teaches […]
I’ve been going through my blog posts from 2015 to find the ones I most want to highlight. Here are some selected posts about security: The Worst Password Ever Created Should the FTC Kill the Password? The Case for Better Authentication
Ransomware is one of the most frightening scourges to hit the Internet. Ransomware is a form of malware (malicious code) that encrypts a person’s files and demands a ransom payment to decrypt them. If the money isn’t paid, the encryption keys are destroyed, and the data is lost forever. Ransomware began to emerge in 2009, […]
A popular way some organizations are raising awareness about phishing is by engaging in simulated phishing exercises of their workforce. Such simulated phishing can be beneficial, but there are some potential pitfalls and also important things to do to ensure that it is effective. 1. Be careful about data collection and discipline Think about the data […]
The Payment Card Industry (PCI) Security Standards Council recently released a helpful short guide to preventing phishing attacks. Merchants and any other organization that accepts payment cards most follow the PCI Data Security Standard (PCI DSS). One of the requirements of the PCI DSS is to train the workforce about how to properly collect, handle, […]
I am pleased to announce the launch of our new training program, Social Engineering: Spies and Sabotage. This course is a short module (~7 minutes long) that provides a general introduction to social engineering. After discussing several types of social engineering (phishing, baiting, pretexting, and tailgaiting), the course provides advice for avoiding these tricks and […]