I am pleased to announce the launch of our new training program, Social Engineering: Spies and Sabotage. This course is a short module (~7 minutes long) that provides a general introduction to social engineering. After discussing several types of social engineering (phishing, baiting, pretexting, and tailgaiting), the course provides advice for avoiding these tricks and […]
Tag: Data Security
Archive of all posts about data security by Professor Daniel J. Solove for his blog at TeachPrivacy, a privacy awareness and security training company.
The High Cost of Phishing and the ROI of Phishing Training
A study recently revealed that nearly 25% of data breaches involve phishing, and it is the second most frequent data security threat companies face. Phishing is an enormous problem, and it is getting worse. In a staggering statistic, on average, a company with 10,000 employees will spend $3.7 million per year handling phishing attacks.
The FTC Has the Authority to Enforce Data Security: FTC v. Wyndham Worldwide Corp.
by Daniel J. Solove The U.S. Court of Appeals for the 3rd Circuit just affirmed the district court decision in FTC v. Wyndham Worldwide Corp., No. 14-3514 (3rd. Cir. Aug. 24, 2015). The case involves a challenge by Wyndham to an Federal Trade Commission (FTC) enforcement action emerging out of data breaches at the Wyndham. […]
Should the FTC Kill the Password? The Case for Better Authentication
Co-authored by Professor Woodrow Hartzog. Authentication presents one of the greatest security challenges organizations face. How do we accurately ensure that people seeking access to accounts or data are actually whom they say they are? People need to be able to access accounts and data conveniently, and access must often be provided remotely, without being […]
OPM Data Breach Fallout, Fingerprints, and Other Privacy + Security Updates
By Daniel J. Solove Co-authored by Professor Paul Schwartz This post is part of a post series where we round up some of the interesting news and resources we’re finding. For a PDF version of this post, and for archived issues of previous posts, click here. We cover health issues in a separate post. News […]
Security Experts Critique Government Backdoor Access to Encrypted Data
by Daniel J. Solove In a recent report (link no longer available), MIT security experts critiqued calls by government law enforcement for backdoor access to encrypted information. As the experts aptly stated: “Political and law enforcement leaders in the United States and the United Kingdom have called for Internet systems to be redesigned to ensure […]
Mr. Robot: My Review of the New TV Series
by Daniel J. Solove I’ve really been enjoying the new TV series Mr. Robot on USA. Network. It presents highly-engaging depictions of hacking and social engineering, and it is great entertainment for privacy and security geeks. The protagonist is Elliot Alderson (played by Rami Malek), a tech who works at a cybersecurity firm in New York City. […]
Going Bankrupt with Your Personal Data
By Daniel J. Solove A recent New York Times article discusses the issue of what happens to your personal data when companies go bankrupt or are sold to other companies: When sites and apps get acquired or go bankrupt, the consumer data they have amassed may be among the companies’ most valuable assets. And […]
Baseball’s “Hacking” Case: Are You a Hacker Too?
By Daniel J. Solove I’m a St. Louis Cardinals fan, so I guess it is fitting that my favorite team becomes embroiled in a big privacy and data security incident. At the outset, apologies for the feature photo above. It pulled up under a search for “baseball hacker,” and as a collector of ridiculous […]
The OPM Data Breach: Harm Without End?
By Daniel J. Solove The recent breach of the Office of Personnel Management (OPM) network involved personal data on millions of federal employees, including data related to background checks. OPM is now offering 18 months of free credit monitoring and identity theft insurance to victims. But as experts note in a recent Washington Post article, […]