PRIVACY + SECURITY BLOG

News, Developments, and Insights

high-tech technology background with eyes on computer display

Passwords Cartoon – Security Awareness Training

Cartoon Passwords - TeachPrivacy Security Awareness Training 01

Here’s a cartoon I created to illustrate the importance of security awareness training.  I hope you find it amusing. […]

Read More…

New Resource Page: How to Make Security Training Effective

Effective Security Training

I recently created a new resource page —  How to Make Security Training Effective.  The page contains my advice for how  to make security training memorable and effective in changing behavior. Training the workforce is an essential way to protect data security, but not all training endeavors are successful.  Poor training is akin to shouting […]

Read More…

New Resource Page: Security Awareness Training FAQ

Security Awareness Training FAQ 01

What laws require security awareness training?  What topics do the laws require to be covered?  What should be covered?  How frequently should training be given? I recently created a new resource page — Security Awareness Training FAQ — to answer the above questions and more.  I discuss various legal and industry requirements for security awareness […]

Read More…

Information Security Training: Focus on the Human Problem

Information Security Awareness Training Plan B

I created a new poster about information security training, which is debuting at the RSA conference.  This poster is based on the fact that the vast majority of information security incidents and data breaches occur because of human mistakes.   Information security is only in small part a technology problem; it is largely a human problem. […]

Read More…

Spot the Privacy and Security Risks Training Game

Spot the Risks Privacy and Information Security Awareness Training

I’m pleased to announce a new training program:  Spot the Risks: Privacy and Security. The program is a Where’s Waldo style risk-spotting game that takes about 5 minutes to complete.  Trainees are asked to spot the risks in an office.  Feedback is provided about each risk so trainees learn many of the most important best […]

Read More…

Cybersecurity in the Boardroom

by Daniel J. Solove A few days ago, I posted about how boards of directors must grapple with privacy and cybersecurity.   Today, I came across a survey by NYSE Governance Services and Vericode of 200 directors in various industries. According to the survey, about two-thirds of directors are less than confident about their company’s cybersecurity.  […]

Read More…

The Terrifying Math of Phishing

by Daniel J. Solove Although we are seeing increasingly more sophisticated attempts at phishing, it appears as though many phishers still haven’t been able to get their hands on a program with spell check.  Why are we still seeing the $10 million lottery winning emails?  Or the long lost relative of yours living in Fiji […]

Read More…

Does Training Really Work? Can It Reduce Data Security Breaches?

by Daniel J. Solove According to a recent report by Enterprise Management Associates, 56% of employees are not receiving any sort of data security awareness training. This is a rather distressing statistic. It is particularly distressing because according to another study, “when specific employee behaviors are addressed in a meaningful way to bring about a […]

Read More…

10 Biggest Data Breaches: Facts and Lessons

  by Daniel J. Solove Recently, hackers from China stole 4.5 million records of patients from a hospital chain in Tennessee. Do you think that’s big? As a Bloomberg article notes, however,” they haven’t come close to entering the ranks of the biggest breaches of all time. In fact, they haven’t even cracked the top […]

Read More…

Is Data Security Awareness Training Effective?

by Daniel J. Solove A recent article in CIO explores the question: Is data security awareness training effective? The answer: Yes. The article points to an ISACA study that seeks to measure the effectiveness of data security awareness training. The study concludes: “Security awareness training is a vital nontechnical component to information security. As such, […]

Read More…