Are you at IAPP – International Association of Privacy Professionals P.S.R. #PSR18 in Austin? If so, please come to our Thursday 10:30 – 11:30 session on Vendor Risk Management: Maintaining Relationships While Limiting Liability in Lone Star Ballroom A, Level 3. It should be great as I get to be with great panelists Tami Dokken and Melissa Krasnow and we will have Mark Smith as our moderator.
While you’re there pick up your copy of Bloomberg BNA’s Domestic Privacy Profile: Texas!
The 2015 Anthem data breach affected 79 million people and was the largest health-care data breach in U.S. history. The affected consumers sued Anthem in a case that settled for a record $115 million. Now the U.S. Dept. of Health and Human Services’ Office of Civil Rights has reached a settlement with Anthem for a record $16 million — an amount that is almost three times the next-largest OCR data breach settlement of $5.55 million.
While these numbers are interesting, what is the takeaway for business leaders?
It all started with an employee opening and responding to a phishing email:
Anthem discovered cyber-attackers had infiltrated their system through spear phishing emails sent to an Anthem subsidiary after at least one employee responded to the malicious email and opened the door to further attacks. (HHS Press Release)
President Trump and Kanye West put a big ‘ole Texas-sized exclamation point on the [need for?] #CyberAware campaign with Kanye’s password demonstration while on national tv in the Oval Office.
Politicos will spin this a million ways. Security folks will go back and forth between laughing and crying — and maybe do both at the same time. But, the important thing is that we learn from this and use it as an example to help educate others. I thought there was no better way to do that than by putting “Trump”, “Kanye West”, “Password”, “Cybersecurity”, and “#CyberAware” in the title — how’s that for getting a wide range of attention? 🙂
All joking aside, what are the most important lessons you take away from this example and can you use this lightning rod example to help educate your team, family, and friends about good cyber hygiene?
Dear friends who keep talking about “hacked Facebook accounts”:
When there is an account that is pretending to be your account on Facebook (or other social media platforms) that is sending friend requests to others, in most cases, this does not mean that your account has been “hacked” (i.e., inappropriately accessed by someone other than you).
In most cases, nothing has happened to your account. Rather, someone is attempting to “clone” your account by making a new account that appears to be you by using your information and pictures. When this happens, your account has not been “hacked”!
If this happens to you, go to the profile pretending to be you and report it to Facebook. The pictures below show you how to do it.
Given all of the hysteria about this right now, just do not accept new request from people on Facebook immediately and let them sit for a while — give it a few days before accepting them because if the account is reported to Facebook and then taken down, the illegitimate friend request will disappear.
If you’re interested to learn more about the real “Facebook Hack”, you can listen to these radio segments where I discussed it: