By:
On:
In: *Connecting the Dots Blog*, Health Care

  Check out this recent overview of 10 of the largest data breaches from 2010 resulting in the loss of millions of data records. Lessons Learned: Is your organization providing ongoing situational awareness training?  People are the weak link for the majority of data breaches which are caused by human error, lost devices, social engineering attacks and numerous other poor decisions.  It is critical for organizations to educate their employees (and third-parties) ongoing as risks, threats, requirements, and ’next’ practices are constantly changing.  Lessons learned clearly reveal that once-a-year general training is not enough.Read More →

By:
On:
In: *Connecting the Dots Blog*, Human Resources, Information Security, Legal

  In a recent incident, a man called a 24-hour Wal-Mart in Ohio and explained to an associate that he was with Wal-Mart’s IT department and needed the associate to activate several gift cards, read to him the card numbers and then provide the authorization codes from the back of the cards.  The associate willingly did so – and not until $11,000 in online fraud later, did the store realize they had been tricked. This is a great lesson learned to share with your employees (and third-parties).  Do your employees understand your organization’s policies on providing/protecting information in different situations? The Wal-Mart caller did notRead More →

By:
On:
In: *Connecting the Dots Blog*, Information Privacy, Information Security, Risk Management

  Lessons learned from a recent hacking competition at Defcon revealed yet again that your employees are the biggest threat to your organization. With just two phone calls, a hacker posing as a Louisiana-based employee handling claims involving the Gulf oil spill was able to trick a computer support employee at BP into divulging sensitive information that could have proved crucial in launching a network attack.  The employee provided information to the caller including the model of laptops BP used, the specific operating system, browser anti-virus and VPN software.  The hacker also convinced the employee to visit an unknown web site, Social-Engineer.org. Other hackers inRead More →

By:
On:
In: *Connecting the Dots Blog*, Information Security, Risk Management

An article in The Washington Post and comments from Avivah Litan, vice president at the market research firm Gartner Inc, regarding fraudsters targeting commercial business accounts caught my attention….and if you run a business, you should pay attention too. Apparently the bad guys have figured out yet another way to steal real money and they are targeting business accounts rather than personal accounts.  The fraud involves mules and mule recruiters, some keylogger software planted on the PC of an unknowing person inside a bank, some social engineering and some fake, but real looking websites.  Notice how the bad guys are focusing on people and theirRead More →