Many organizations are trying to define who is responsible for information security. Many have hired a Chief Privacy Officer (CPO) or a Chief Information Security Officer (CISO) and tasked that person (or both) with the job. In most organizations, IT still has a lot of the responsibility for information security, so that points to the CIO. After all, most people view security as related to technology, so IT gets the job.
The reality is that everyone needs to make sure that the data they use remains secure. If you deal with sensitive information on a daily basis, make sure you know how to keep it away from prying eyes. Don’t just think about electronic information. Think about paper documents too. Security is not just about technology, but about how we act too.
Read the rest of this entry »
Last Friday I went hiking in the White Mountains in NH. I needed some time to myself. I didn’t want to see pixels on a screen. I didn’t want to see bits flying by. I work hard in front of a computer all day and needed to see what all that working is about. I needed to recharge.
What I Did
I walked. I sweated. I took pictures. I chatted with other hikers.
I saw animals. I saw beautiful foliage. I saw water. I saw a blue sky.
What I Didn’t Do
I didn’t Tweet.
I didn’t go on Facebook.
I didn’t read or send email.
Read the rest of this entry »
The headlines on eDocument Sciences website this week makes reference to a fairly minor theft of healthcare records at a Los Angeles Clinic. The incident involved a janitor selling 14 boxes of computer reports for $40. The theft exposed 30,000 patient records. Although minor, this incident highlights several major issues that we have covered in our blogs over the last several months.
First, the possibility of a data breach caused by a trusted employee should be on every CEO’s list of threats that could cause significant harm to their business. The 2010 Verizon Data Breach Report states that 48% of data breaches occur as a result of employees stealing confidential information. That’s a 26% increase from 2009. The primary motivation for stealing highly confidential information is typically personal financial gain. There should be little doubt that many employees are feeling the impact of the recession and selling confidential information to your competitors or other more sinister buyers such as organized crime could provide a means for holding off the creditors.
Read the rest of this entry »
I just came across a new extension for Firefox that helps improve security and privacy while surfing the web. HTTPS Everywhere is a Firefox extension that is a collaboration between The Tor Project and the Electronic Frontier Foundation (EFF). It encrypts your communications with a number of major websites by invoking HTTPS whenever it’s available. With all the web surfing we do from insecure places, like coffee shops and airports, having more secure communication is a great idea. That last thing I want is my login and password going in clear text from a Starbucks.
Some sites, like GMail, let you configure them so whenever you access it through any browser, it defaults to using HTTPS. That’s a great idea, unfortunately most sites don’t let you do this.
The HTTPS Everywhere extension is currently in beta, but so far it works well for me. I’ve installed it on both Windows and Mac and the experience is the same. I don’t notice any slow down when using it, which is a common complaint when using HTTPS versus HTTP. I try to use HTTPS when available on a website, but I don’t always remember to type it. The beauty of this is that it automatically invokes HTTPS without me having to think about it. Computers that actually do the thinking for me. What a concept.
Read the rest of this entry »
I was listening to This Week in Tech (TWit) earlier this week as Leo Laporte and crew were discussing a recent ruling by the US Court of Appeals for the 9th Circuit. The case was VERNOR v. AUTODESK, INC. and involved Timothy Vernor trying to resell used copies of AutoCAD on eBay. Vernor claimed that he had the right to resell the software since he was the rightful owner. Autodesk maintained that their EULA (End User License Agreement) prevented him from doing so. The court ruled that according to the EULA, no one can resell the software even though they have legitimately purchased it. The AutoCAD EULA says that you purchase the software with a license to use it and it is non-transferable.
I am not going to debate whether this is fair or reasonable, but it got me thinking about Software as a Service (SaaS). The court ruling applied to shrink-wrapped software. Most of us probably assume that if we purchase software, then we own it. Most EULAs state that the company is not selling it to us, but licensing the software to use. Given all the new releases, patches and updates that everyone goes through with shrink-wrapped software, do we really want to own it?
Read the rest of this entry »
Many organizations are trying to define who is responsible for information security. Many have hired a Chief Privacy Officer (CPO) or a Chief Information Security Officer (CISO) and tasked that person (or both) with the job. In most organizations, IT still has a lot of the responsibility for information security, so that points to the CIO. After all, most people view security as related to technology, so IT gets the job.
