PRIVACY + SECURITY BLOG

News, Developments, and Insights

high-tech technology background with eyes on computer display

The Terrifying Math of Phishing

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
June 11, 2015

Fish 1210-1242156850ss7a pub domain pictures

by Daniel J. Solove

Although we are seeing increasingly more sophisticated attempts at phishing, it appears as though many phishers still haven’t been able to get their hands on a program with spell check.  Why are we still seeing the $10 million lottery winning emails?  Or the long lost relative of yours living in Fiji who is leaving you $4 million?

A recent article explains that for the phishers, it is all a numbers game:

“So, if 97 per cent of phishing attempts are unsuccessful, why is it such a large issue? Because there are 156 million phishing emails sent worldwide daily. . . . Of the 156 million phishing emails sent daily, 16 million get through filters. Another eight million are opened by recipients. 800,000 click on the link provided, and 80,000 provide the information requested.”

Continue Reading

Chart of the Largest Data Breaches in the World

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
June 9, 2015

by Daniel J. Solove

Over at the website, Information Is Beautiful, is this amazing chart of the biggest data breaches in the world

Who knew data breaches could be so beautiful?  For those who have suffered from their data being lost in a data breach to those who have suffered because they had to clean up after a data breach, there is a larger meaning to all your pain — it was for art!

This chart is so cool that it would almost be worth all the pain.

Data Breaches Security Training 02Continue Reading

Troublesome Password Practices and the Need for Data Security Training

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
June 8, 2015

login password on lcd screen macro

By Daniel J. Solove

A recent study by TeleSign revealed that many people engage in some troublesome password practices. Some of the most alarming findings from the report include:

— 73% of accounts use duplicate passwords.

— Nearly half of consumers have a password they haven’t changed in 5+ years

— “Consumers have an average of 24 online accounts, but use only 6 unique passwords.”

— “Only 30 percent of consumers are confident that their passwords will protect the security of their online accounts.”

These findings demonstrate why better authentication is needed. Enforcing good password practices is tremendously difficult. People have so many passwords that they must memorize, and if they must be long and complex, this compounds the challenge.  Alternative means of authentication — such as two-factor authentication — should be explored, as they can be affordable and efficient.

Continue Reading

Health Data Security in Crisis, Phase 2 Audits, and Other HIPAA Privacy + Security Updates

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
June 8, 2015

title image

By Daniel J. Solove

Co-authored with Professor Paul Schwartz

This post is part of a post series where we round up some of the interesting news and resources we’re finding. We have split the health/HIPAA material from our updates on other topics. To see our updates for other topics, click here.

For a PDF version of this post, and for archived issues of previous posts, click here.

Continue Reading

5 Great Novels About Privacy and Security

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
June 3, 2015

title

I am a lover of literature (I teach a class in law and literature), and I also love privacy and security, so I thought I’d list some of my favorite novels about privacy and security.

I’m also trying to compile a more comprehensive list of literary works about privacy and security, and I welcome your suggestions.

Continue Reading

Big Data, Big Data Breaches, Big Fines and Other Privacy + Security Updates

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
May 26, 2015

title image

By Daniel J. Solove
Co-authored by Professor Paul Schwartz

This post is part of a post series where we round up some of the interesting news and resources we’re finding. This post includes developments from the first part of 2015. For a PDF version of this post, and for archived issues of previous posts, click here.

NOTE: Health privacy and security issues will now be covered in a separate update post. 

Continue Reading

Is the NSA’s Big Data Program Authorized? Key Quotes from a Major Court Ruling

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
May 14, 2015

title image

By Daniel J. Solove

The U.S. Court of Appeals for the 2nd Circuit just issued a 97-page ruling limiting the NSA’s power to sweep up data about people’s phone calls. The case is ACLU v. Clapper, and the court held that the USA Patriot Act Section 215 doesn’t authorize the kind of sweeping collection of phone call metadata that the NSA has been engaging in. The court’s holding is limited to statutory interpretation — the scope of data collection authorized by Section 215. The court doesn’t base its holding on the Fourth Amendment, though it does note the uncertain status of current Fourth Amendment law.

The bottom line is that the NSA has been gathering a lot more data than it has been authorized to gather.

Continue Reading

If the Empire in Star Wars Had Big Data

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
May 6, 2015

Star Wars Privacy and Security Awareness Darth Vader

. . . the Empire would have won. A search of records would have revealed where Luke Skywalker was living on Tatooine.  A more efficient collection and aggregation of Jawa records would have located the droids immediately.  Simple data analysis would have revealed that Ben Kenobi was really Obi Wan Kenobi. A search of birth records would have revealed that Princess Leia was Luke’s sister. Had the Empire had anything like the NSA, it would have had all the data it needed, and it could have swept up the droids and everyone else, and that would have been that.

There is an important lesson to be learned from Star Wars: If you are trying to establish and maintain a ruthless Empire, you can greatly benefit from better data aggregation and analysis.

Continue Reading

Law Firm Cyber Security and Privacy Risks

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
April 30, 2015

Title image

By Daniel J. Solove

Law firms are facing grave privacy and security risks. Although a number of firms are taking steps to address these risks, the industry as a whole needs to grasp the severity of the risk. For firms, privacy and security risks can be significantly higher than for other organizations. Incidents can be catastrophic. On a scale of 1 to 10, the risks law firms are facing are an 11.

This is not time for firms to keep calm and carry on. The proper response is to freak out.

Continue Reading

Why We Should Persuade and Train with Stories

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
April 27, 2015

title image

By Daniel J. Solove

 

Once upon a time, there was a teacher who wanted to train people. At first, the teacher stated a list of things to do and not do. But this had little effect. The teacher was upset and started to doubt whether he could ever get through to people. But then the teacher tried a new approach – using stories. People remembered the stories, and the training started to change people’s behavior. And the teacher and everyone he taught lived happily ever after.

Continue Reading