By:
On:
In: *Connecting the Dots Blog*, Information Security

According to a recent survey released by the Messaging Anti-Abuse Working Group (MAAWG), about 1 in 6 consumers have at some point acted on a spam message.  Those who admitted to opening a spam message said they “were interested in a product or service” or “wanted to see what would happen if they opened it.” Wanted to see what would happen if they opened it!?   These people are not 6-year olds wanting to see what would happen if they touched the hot stove or stuck their tongue to a flag pole during an ice storm! Nearly 2/3 of the people surveyed felt they were veryRead More →

By:
On:
In: *Connecting the Dots Blog*, Business Continuity

According to a recent article, because of tight budgets, many organizations plan to cut funding for technologies that would help to mitigate the main security threats they face. The article went on to say that 72 percent of respondents have seen an increase in e-mail borne malware and phishing, but eight percent of respondents said they plan to cut previously allocated funding for messaging security, e-mail encryption, e-mail security or instant messaging security technologies. The survey also revealed that although 40 percent of respondents noted lost or stolen devices as a top security challenge for the next 12 months, 15 percent said they will beRead More →

By:
On:
In: *Connecting the Dots Blog*, School Safety

I am attending the 2009 Virginia School and Campus Safety Training Forum in Virginia and the speakers have been very informative providing the attendees with a whole lot of “what you should dos”…also called recommendations. The “what you should dos” and recommendations are targeting serious challenges and obligations: Legal Gotchas Regulatory Updates Gang and Drug Abuse Search Guidelines Violence and Crime Prevention Bullying Establishing Relationships with School and Community Threat Assessment Team Recommendations And many other important topics…   In talking with several of the attendees, I have been asking which step is the most difficult: Performing Assessments Planning and Development of Programs Implementing PlansRead More →

By:
On:
In: *Connecting the Dots Blog*, Legal

Did you see the $50,000 defamation lawsuit filed by an organization against a “tweeter”? The lawsuit is a lesson learned that you may want to use to better prepare your people and your organization about the potential legal liabilities associated with sending a tweet about someone else or about another organization. While I am not going to argue whether it is right or wrong, I want to bring attention to the personal details that the lawsuit exposes and how a person’s reputation or an organization’s reputation can be exposed no matter what the outcome of the court case. If you scroll down on the verifiedRead More →

By:
On:
In: *Connecting the Dots Blog*, Information Privacy, Information Security

Keeping You Out of the Headlines and out of this blog… Please take a moment to consider how these Lessons Learned could be implemented by managers within your organization to avoid expensive and embarrassing situations… NYPD…New Typewriters? The New York Post reported that the New York City Police Department had signed a nearly $1 million contract with a vendor to purchase thousands of new manual and electric typewriters during the next three years. The NYPD’s typewriters are a shocking reminder of just how much more change needs to be implemented across government agencies and organizations to eliminate the status quo. Kaiser Hospital Privacy Violation KaiserRead More →

By:
On:
In: *Connecting the Dots Blog*, Information Security, Risk Management

An article in The Washington Post and comments from Avivah Litan, vice president at the market research firm Gartner Inc, regarding fraudsters targeting commercial business accounts caught my attention….and if you run a business, you should pay attention too. Apparently the bad guys have figured out yet another way to steal real money and they are targeting business accounts rather than personal accounts.  The fraud involves mules and mule recruiters, some keylogger software planted on the PC of an unknowing person inside a bank, some social engineering and some fake, but real looking websites.  Notice how the bad guys are focusing on people and theirRead More →

By:
On:
In: *Connecting the Dots Blog*, Information Security

Received e-mail below this week…Wouldn’t it be great if all phishing attempts were this obvious? How are you doing and your family? I shall require from you , your  full names, address and phone numbers to start the process of claim in this regard. Do send me these details to barwonglee@******.com.hk for prompt and needed action Again I guarantee that all is under control and you have nothing to worry about, Just grant to me your full cooperation and keep this transaction close at heart. Regards, Wong Lee. Of course many phishing attempts are more sophisticated and more professional looking and unfortunately more successful atRead More →

By:
On:
In: *Connecting the Dots Blog*, Information Security, Risk Management

I was reading a report the other day (The Evolution of Data-Centric Protection) from InformationWeek Analytics presented by Security Dark Reading (requires registration) and written by technology expert Joe Hernick.  The report includes a survey of 384 business technology decision-makers at North American companies and the purpose of the report was to determine the role of endpoint protection in enterprise data security strategies.  The opening line of the report was great: “Think sophisticated attackers are your biggest problem?  Our survey says clueless and malicious end users are more likely to stymie even the best-laid defensive plans.”  I have experienced and observed similar results for years,Read More →

By:
On:
In: *Connecting the Dots Blog*, Regulatory Compliance, School Safety

Great news! A pending New Jersey bill would mandate that all public and nonpublic schools conduct monthly school security drills for non-fire evacuation, lockdown and active shooter response.  Why is this great news? Currently, most schools probably have emergency security plans in place, but due to lack of implementation many schools are not comfortable with their level of preparedness.  They have a plan, but because they are not actively implementing and practicing their plans, confusion exists regarding roles and responsibilities and what do actually do if an incident were to occur.  The status quo methods outlined below are not working: You have an Emergency Plan.Read More →

By:
On:
In: *Connecting the Dots Blog*, Information Security, School Safety

Lessons Learned Review…Keeping You Out of the Headlines and out of this Blog… Please take a moment to consider how these Lessons Learned could be implemented by managers within your organization to avoid expensive and embarrassing situations… Law would require monthly school security drill A new New Jersey bill would mandate that all public and nonpublic schools conduct monthly school security drills for non-fire evacuation, lockdown and active shooter response. Currently, all schools have emergency security plans in place, but many schools are not comfortable with the procedures due to a lack of implementation.  Spam Survey According to a recent survey released by the MessagingRead More →