Valuable insights and thought leadership.
- Breadcrumb News
- In The News
Data breaches and hacks of U.S. government networks, once novel and unheard of outside of spy movies, have become a common ‘breaking news’ story over the past few years. So it makes sense that a recently released report ranked U.S. state and federal governments at 16 out of 18 in a ranking of industries, ahead of only telecommunications and education.
The US Food and Drug Administration (FDA) has recalled almost half a million pacemakers because they were found to be vulnerable to cyber threats. The recall comes months after the FDA conducted an investigation into the affected devices that revealed a number of non-compliance issues. Threats include flaws in cybersecurity that could allow hackers to run the batteries down or even alter the heartbeats of 465,000 patients.
If asked to describe your cybersecurity awareness training program, what would you say? What does your training consist of? How often does training occur? Are employees engaged in the training? How often do you update the content? Do you follow up on what was taught after the training concludes?
If you were asked to answer any of these questions, you may quickly realize that your cybersecurity awareness training is inadequate. Worse yet, you may recognize that your training plans are a massive waste of time and resources.
Millions of people worldwide fly with a commercial airline every day. Less than two-thirds of those airline passengers utilize mobile boarding passes; meaning the majority of passengers still use printed boarding passes.
Many of those passengers end up leaving that boarding pass on the plane or discarding it at their destination. In the age of social media, posting a photo of your boarding pass is a great way to make all your friends jealous of your European vacation. In fact, a simple Instagram search of #boardingpass, returns over 91,000 results.
So what’s the big deal with posting or throwing away your boarding pass? Well, the information printed on airline boarding passes may jeopardize your privacy or even cause trip disruptions down the road.
In the wake of Hurricane Harvey, American’s have rushed to issue support for those victimized by the devastating storm. People all over the country are donating to Harvey disaster relief efforts, but law enforcement officials and consumer watchdogs urge caution. When tragedy strikes, criminals invariably prey on people’s best intentions.
The Justice Department’s National Center for Disaster Fraud (NCDF), which was established to crack down on scams following Hurricane Katrina, released a statement on Wednesday warning of post-Harvey charity fraud. Scammers have been using Hurricane Harvey-themed messages to trick people into opening phishing emails and links on social media sites, which can steal login information, infect machines with malware, or con victims out of money.
Security comes down to three things: people, process, and technology. Process and technology, are largely handled by senior management and the IT department. Yet, people remain the leading cause of data and security breaches, with human error responsible for 52 percent of such incidents.
While this high rate of incidence is largely due to a lack of training – which we’ll discuss in our next post – the process must begin by developing a company culture that values data security.
The responsibility for protecting the company’s assets, including employee and customer data, is one that must begin to be seen as shared rather than assigned.