Tag Archives: data security

Lost Unencrypted USB of Heathrow Airport Security Files Exemplifies Poor Cyber Hygiene

Basic cyber hygiene has been a hot topic in cybersecurity, and for good reason. Most of the incidents that impact companies start with failures of basic cyber hygiene, not the super-sophisticated stuff of the movies. See Start with Cybersecurity Basics: Confirmed by Verizon’s 2016 Data Breach Report. One of the most fundamental rules of cyber hygiene is …

Continue reading “Lost Unencrypted USB of Heathrow Airport Security Files Exemplifies Poor Cyber Hygiene”

Incident Response – 3 Takeaways from the Equifax Breach

The SecureWorld News Team talked with Shawn Tuma about many of the lessons that can be learned from the Equifax data breach and winnowed it down to the following 3 takeaways that are discussed more thoroughly in the article: We need a uniform national breach notification law in the United States. When it comes to …

Continue reading “Incident Response – 3 Takeaways from the Equifax Breach”

Key Points of Delaware’s New Data Breach Notification Law

Delaware recently amended its data breach notification law to include the following requirements:Expanded definition of “personal information” to include biometric data, medical information, passport numbers, routing numbers for accounts, individual taxpayer identification numbers and usernames in addition to the traditional forms of PII such as birth date and social security numbers.Notice to affected individuals within …

Continue reading “Key Points of Delaware’s New Data Breach Notification Law”

FUD and Voting Machine Hacking: An Important Point and Important Lesson

This morning I am doing radio interviews as a Fox News Radio contributor. My topic? The DEFCON Voting Village demonstration of hacking voting machines that have been, or may currently be, used in US elections. Here are a couple of the news stories if you are unfamiliar: Hacking a US electronic voting booth takes less than …

Continue reading “FUD and Voting Machine Hacking: An Important Point and Important Lesson”

Invitation for 2 Webinars: Protecting Data Exchanged in Discovery and Securing IoT Data

I thought you may like an invitation to attend two complimentary webinars that I will be doing this coming week: YOURS, MINE, OURS: Protecting the Data Gathered and Exchanged in Litigation, Association of Certified E-Discovery Specialists (ACEDS) Monday, August 7, 2017 @ 12:00 CDT LINK for more information FULL VIDEO (see below) Securing IoT Data: Compliance, …

Continue reading “Invitation for 2 Webinars: Protecting Data Exchanged in Discovery and Securing IoT Data”

Are Smaller Healthcare Practices Required to Report a #Ransomware or Potential Data Breach?

Does the HIPAA Breach Notification Rule apply to all Covered Entities and Business Associates, Even Smaller Ones? To many of you reading this post this question seems ridiculous. You know the answer. However, I get asked this question so frequently that I decided to answer it with a blog post to save time next time …

Continue reading “Are Smaller Healthcare Practices Required to Report a #Ransomware or Potential Data Breach?”

Critical Steps Companies Must Take to Comply with New York’s Cybersecurity Rules – Ethical Boardroom

New York’s Cybersecurity Regulations went into effect on March 1, 2017 and their impact could reach farther than you think — including to small and mid-sized companies that do not do business in New York and are not in the financial services industries. And, they require direct involvement by the Board of Directors. Is your …

Continue reading “Critical Steps Companies Must Take to Comply with New York’s Cybersecurity Rules – Ethical Boardroom”

WHDT World News Interviews Shawn Tuma about WikiLeaks’ CIA Vault7

See also:  WIKILEAKS’ VAULT7 CIA HACKING TOOLS RELEASE CONUNDRUM: THE POLITICIZATION OF INTELLIGENCE WIKILEAKS AND CIA’S RUSSIAN HACKING TOOLS & TECHNIQUES: WAS IT REALLY THE RUSSIANS? https://youtu.be/MR1G6JO0is0

WikiLeaks’ Vault7 CIA Hacking Tools Release Conundrum: The Politicization of Intelligence

For most Americans, the WikiLeaks Vault7 release of the CIA’s hacking tools, techniques, and capabilities has created quite a conundrum. Here is how I see it: Cyber has become the primary weapon for warfare, revolutions, and politics. As a nation, those responsible for protecting our nation must maintain superiority in that realm vis-a-vis other nations, …

Continue reading “WikiLeaks’ Vault7 CIA Hacking Tools Release Conundrum: The Politicization of Intelligence”

Insider Misuse of Computers: No Big Deal? It Can Be a Data Breach, Ask Boeing

Insider misuse triggers a breach just like outside hackers. When a company’s information is compromised because of insider[1] misuse of computers or information, regardless of insider’s intentions, the result for the company and the data subjects of that information is often the same as if it were an attack by an outside adversary – it …

Continue reading “Insider Misuse of Computers: No Big Deal? It Can Be a Data Breach, Ask Boeing”