MY TAKE: As phishers take aim at elections, why not train employees to serve as phishing police?

The Last Watchdog

Today, the most common way to utilize attachments is via regular encrypted and encoded scripting in Office documents. For Cofense, the solution goes beyond security training but to fruitful immersion. If there is a data breach or some other cybersecurity incident, a phishing attack was probably involved. Over 90 percent of incidents begin with a phishing email. One of the more infamous hacks in recent years, the DNC data breach , was the result of a phishing attack.

Facebook Will Shift to Emphasize Encrypted Ephemeral Messages, Zuckerberg Says: eDiscovery Trends

eDiscovery Daily

In a post to Facebook last week, founder Mark Zuckerberg outlined a vision of the future that includes end-to-end encryption and an ephemeral lifespan for private messages and photos.

Be Aware of Non-Obvious Healthcare Cybersecurity Threats


I cannot imagine any organization having a health IT system that does not have appropriate encryption. If you do not make sure the people in your organization are well trained, then all the technology in the world will not help you against things like phishing attacks. Plus, many organizations are doing their own internal phishing efforts as a way to train their employees on phishing breaches.

GDPR: What’s the difference between personal data and sensitive data?

IT Governance

As with personal data generally, it should only be kept on laptops or portable devices if the file has been encrypted and/or pseudonymised. Avoid a regulatory fine with GDPR training . EU GDPR GDPR GDPR training personal data sensitive data


Safely adopting technology in the hospitality industry

IT Governance

They also offer other compelling benefits, such as unlimited data storage, encryption, technical support and reduced demand for internal hardware. . Cyber Resilience Cyber Security Data Protection PCI DSS Retail Staff Awareness Training hospitality hotels

Transferring personal data under the GDPR

IT Governance

Pseudonymisation and encryption. The GDPR advises organisations to pseudonymise and/or encrypt all personal data. According to Gemalto’s Breach Level Index , only 4% of data breaches since 2013 have involved encrypted data. Implementing encryption.


The GDPR: Do you know the difference between personal data and sensitive data?

IT Governance

As with personal data generally, it should only be kept on laptops or portable devices if the file has been encrypted and/or pseudonymised. GDPR training. You can avoid these kinds of mistakes by enrolling on one of our GDPR training courses.


GUEST ESSAY: 3 key ingredients to stress-free compliance with data handling regulations

The Last Watchdog

Encryption provides an extra layer of security and control over your data, as well as the systems holding and transmitting your data. Data encryption also allows your employees to continue sharing files through familiar systems like email. For complete control of your encrypted data, you must have sole access to your encryption keys. Train employees.

Payroll Provider Gives Extortionists a Payday

Krebs on Security

19, Apex was alerted that its systems had been infected with a destructive strain of ransomware that encrypts computer files and demands payment for a digital key needed to unscramble the data. “When they encrypt the data, that happens really fast,” he said.

These hackers have breached FBI-affiliated websites and leaked data online

Security Affairs

The association promotes federal and law enforcement leadership and training located at the FBI training academy in Quantico, VA. TechCrunch spoke to one of the hackers, who didn’t identify his or her name, through an encrypted chat late Friday. “We

China Releases National Standard on Personal Information Security

Hunton Privacy

Encryption measures must be adopted whenever sensitive personal information is retained. Enterprises must also implement staff training and audit the security measures which they have adopted to protect personal information. Cybersecurity Information Security Online Privacy Security Breach Anonymization China Consent Data Processor Encryption Information Sharing Personal Data Personal Information Privacy Privacy Policy

OMB Publishes Memorandum on Responding to Data Breaches

Hunton Privacy

The Breach Memorandum next notes the importance of breach response and awareness training, and emphasizes key provisions to include in agency contracts that obligate contractors to (1) encrypt PII in accordance with OMB and agency-specific guidelines, (2) report breaches to the relevant agency as soon as possible and (3) cooperate with any forensic investigation and analysis. Federal Law Compliance Encryption Obama Administration Personally Identifiable Information

Consumer Financial Protection Bureau Imposes First Ever Data Security Fine

Hunton Privacy

Specifically, the CFPB found that Dwolla failed to: adopt and implement data security policies and procedures reasonable and appropriate for the organization; use appropriate measures to identify reasonably foreseeable security risks; ensure that employees who have access to or handle consumer information received adequate training and guidance about security risks; use encryption technologies to properly safeguard sensitive consumer information; and.

Weekly Update 135

Troy Hunt

The timing actually works out pretty well as there was this week's announcement around Let's Encrypt transition of their root cert which is right up his alley.

Putting VMware’s Cloud Certification Platform to the Test with Thales’s Vormetric Data Security Manager

Thales eSecurity

The integration of DSM into VMware provides one-stop enterprise encryption key management for VMware customers. VMware supports end-to-end VM and vSAN encryption solutions. Plus, advanced encryption can also be performed from this single platform.

New Report on Police Digital Forensics Techniques

Schneier on Security

Survey results indicate that accessing data from service providers -- much of which is not encrypted -- is the biggest problem that law enforcement currently faces in leveraging digital evidence. A plurality of respondents said they only received annual training.

GUEST ESSAY: The true cost of complacency, when it comes to protecting data, content

The Last Watchdog

Heathrow Airport was fined £120,000 when it lost a USB stick containing non-encrypted and sensitive data. ” Even with sharper teeth attached to the regulatory fining regime, companies still operate as if non-encrypted data, on a non-password protected USB stick, should be considered acceptable. The ICO found that there was a “catalogue of shortcomings in corporate standards, training and vision.”

Payments and Security: Putting security where your money is

Thales eSecurity

ensuring staff are fully trained in security protocols. Originally published in Payments Journal on July 31, 2019.

Data Security Act Introduced in New York State Assembly

Hunton Privacy

The Data Security Act obligates entities to develop an information security program that includes: administrative safeguards, such as conducting risk assessments, training employees and selecting service providers capable of maintaining appropriate safeguards; technical safeguards, such as assessing risks in network and software design and regularly testing and monitoring the effectiveness of key controls; and.

Boosting Your Data Protection Strategy in 2019

Archive Document Data Storage

Use Encryption Software. You can protect your data from hackers by encrypting your data. Encryption software scrambles your emails and files, so only authorised end users with the encryption key can unlock and read them. Several software providers offer high-security encryption software. Invest in Employee Training. Schedule ongoing training sessions to educate your staff about evolving risks and data breach prevention strategies.

Information Governance: Trends and Highlights From 2018


Documenting the GDPR compliance training program to prove that everyone who handles client data has been appropriately equipped. Continuing the annual tradition, it’s time to review the valuable information governance (IG) lessons of the past year.

More on Backdooring (or Not) WhatsApp

Schneier on Security

And that is, we have been training our AI models on the server and making inferences on the server when all the data are flooding into our data centers. Instead, we should ­ we must ­ take steps to constructively demand what we actually want: End to End Encryption which is worthy of the name.

My 7 top security publications from the ICO

Data Protector

Encryption (Mar 2016) This 35-page guide highlights, through a range of practical scenarios, when different encryption strategies can help provide a greater level of protection.

FTC Enters into Memorandum of Understanding with Dutch Data Protection Authority

Hunton Privacy

The Memorandum also discusses protective measures for transmitting information related to a request for assistance on a privacy-related matter, such as encryption or maintaining materials in secured, restricted locations. Federal Law Consumer Protection Cross-Border Data Flow Data Protection Authority Edith Ramirez Encryption Federal Trade Commission Information Commissioners Office Ireland Jacob Kohnstamm Netherlands United Kingdom

Nutanix and Thales, Hyerconverged & Hypersecure

Thales eSecurity

Nutanix certainly knows this and is working hard with Thales eSecurity to protect the confidentiality and integrity of sensitive data through strong encryption of user and application data to a level of FIPS 140-2 Level 2 compliance.

Artificial intelligence in cyber security

IT Governance

This technology enables computers to be trained to process large amounts of data and identify trends and patterns. The 2018 Cisco Annual Cybersecurity Report expects organisations to increase their use of encryption. Cyber security has become a major priority for every organisation.

MY TAKE: How digital technology and the rising gig economy are exacerbating third-party risks

The Last Watchdog

Allen is a widely respected thought leader on this topic, having launched Shared Assessments in 2005 as an intel-sharing and training consortium focused on third-party risks. And once you have that, then you have the ability to reverse algorithms and unlock encryption.

Risk 169

Enterprise SaaS – and threats to your data

Thales eSecurity

Add to this the lifetime of support, maintenance, infrastructure and training required. If organizations have the resources and tools available to build out secure infrastructure and interfaces, they are able to control their encryption keys.

Port Covington, MD re-emerges as ‘CyberTown, USA’ — ground zero for cybersecurity research

The Last Watchdog

DataTribe , a Fulton, MD-based cybersecurity startup incubator, has been a key backer of this ambitious urban redevelopment project , which broke ground last October in Port Covington, MD, once a bustling train stop on the south side of Baltimore. When CyberTown, USA is fully built out, it’s backers envision it emerging as the world’s premier technology hub for cybersecurity and data science.

AI Evolution: The Next Inflection Point in Legal Technology


Predictive coding was based on mathematical algorithms that could learn from examples and training cycles. With computer training cycles, the error rate was 2 or 3% — much lower than human-reviewed documents.

How to make sure your cyber insurance policy pays out

IT Governance

For example, digital information should be encrypted where possible, and organisations should create strict policies on the use of laptops and removable devices. Perform staff awareness training. Cyber insurance is big business these days.

The Case for Best Practices Key Management in Cisco HyperFlex

Thales eSecurity

And, like any enterprise computing environment, the encryption of sensitive data has become a fundamental requirement. Cisco has addressed this with its self-encrypting drives within Cisco HyperFlex, which includes basic encryption key management as a vital line of defense. Unified key management ensures that as the use of encryption continues to expand throughout an enterprise, a single key management system expands with this, especially to include disparate systems.

NIS Regulations: Adopt a “human-first approach” to compliance

IT Governance

He warns that people’s curiosity, habits and misplaced trust have enabled social engineering to thrive, and that organisations’ biggest priority needs to be staff training.

5 data protection policies your organisation must have

IT Governance

Encryption policies. According to Rickard, most companies lack policies around data encryption. Current guidance states that encryption is central to this. Organisations might also choose to pseudonymise data , either instead of or alongside encryption.

Ransomware: Keep the Bitcoin in Your Wallet


Hackers break in and rely on the malware to encrypt vital files or render machines useless. The organization is not able to access the encrypted data. Think of it in terms of training a dog. Train Your People. Ransomware continues to rack up victims.

NYDFS 500: Why the Regulation?

Perficient Data & Analytics

Training and Monitoring: (1) Monitor the activity of authorized users and detect unauthorized access or use of, or tampering with, NPI by such authorized users; and (2) provide regular cybersecurity awareness training for all personnel.

Data Stewards, Say Goodbye to Painful, Rules-based Matching.


Today’s third-generational data management platforms with a machine learning component, help you derive the matching rules automatically from the data and also offers you the capability for active learning/training of the machine.

MDM 52

The 4 stages of cyber resilience

IT Governance

Staff awareness training will play a vital role, but it should be complemented with information security policies and technological defences, such as anti-malware software and data encryption.

GDPR 104

Cybersecurity Rules for Insurance Companies to Take Effect in South Carolina

Hunton Privacy

Among other details, the program must be based on a company’s own risk assessments and must include encryption of information in transit, regular testing of systems, and cybersecurity awareness training for employees. New cybersecurity rules for insurance companies licensed in South Carolina are set to take effect in part on January 1, 2019.

MY TAKE: These 7 nation-state backed hacks have put us on the brink of a global cyber war

The Last Watchdog

The Wall Street Journal recently reported that North Korea is cultivating elite hackers much like other countries train Olympic athletes. WannaCry encrypted data on company servers and demanded ransom payment in Bitcoin. So the hackers posted even more stolen digital records: contracts, phone lists, financial details, as well as cryptographic keys and digital certificates used to encrypt business records and authenticate Sony’s web properties.