Aerospace Industry Scrambles: Investigation Exposes Deceptive Company & Ficticious Employees

Aerospace Industry Scrambles: Investigation Exposes Deceptive Company & Ficticious Employees

Nowhere is the need for supply chain security more evident than in the aerospace industry, where seemingly negligible quality discrepancies in products and materials such as steel and aluminum can have catastrophic consequences. Falsified safety documentation and supply chain corruption have been plaguing the airline industry for the past decade, with potentially weak materials going…

Are Standardized Practices and IT Certifications an Indication of Cybersecurity Readiness?

Are Standardized Practices and IT Certifications an Indication of Cybersecurity Readiness?

Another summer, another Datarisk Canada research project. This term, my Ontario Tech University students conducted a Capstone study to determine the cybersecurity readiness of Canadian companies in various sectors and to no one’s surprise, the results aren’t great: While many will be relieved to not fall into these categories, the rest should be reminded about the extensive selection of information technology certifications and broad spectrum…

Does everyone have exceptional memory, or are we still mismanaging passwords?

Does everyone have exceptional memory, or are we still mismanaging passwords?

For the third annual World Password Day Survey, Bitwarden polled over 2,000 internet users globally (United States, United Kingdom, Australia, Germany, France, and Japan) on their password security practices. Here are some of findings: Passwordless options are of interest to consumers, as evidenced by the Bitwarden survey and a recent survey from the FIDO Alliance….

While Negligible, Amazon’s Privacy Fine Serves as a Timely Warning to Data Brokers

While Negligible, Amazon’s Privacy Fine Serves as a Timely Warning to Data Brokers

According to the Federal Trade Commission, “Amazon’s history of misleading parents, keeping children’s recordings indefinitely, and flouting parents’ deletion requests violated COPPA and sacrificed privacy for profits”. So how did “the everything store” get away with a “disregard for #privacy and security that exposed consumers to #spying and harassment” by paying a relatively small $30 million fine while continuing to…

Privacy Regulators Set The Right Example for How To Deal With Negligent Edtech

Privacy Regulators Set The Right Example for How To Deal With Negligent Edtech

Ouch! According to the Federal Trade Commission, Microsoft violated consent and data retention requirements of the U.S. #COPPA #privacy legislation by requiring children under 13 to provide their first and last names, email addresses, dates of birth, and phone numbers. The #confidential data was shared *by default* with advertisers and third-party developers. The information and underage children’s unique persistent identifiers were…

3 Easy Pieces: What Can Financial Companies do to Help Customers Cope with Breaches?

3 Easy Pieces: What Can Financial Companies do to Help Customers Cope with Breaches?

What 3 easy steps can banks and other financial institutions take to reduce customer victimization (and shoulder less of the blame for perceived apathy)? 1. Offer a 24/7 #cyberfraud info hotline in collaboration with a regulator (CBA, OSFI, FSRA and the CAFC)2. Teach front line staff to ask *the right questions* when suspecting #fraud or #scams3. Be more aggressive about…

Think Your Company Does a Good Job of Collecting Children’s Data? Regulators Might Disagree

Think Your Company Does a Good Job of Collecting Children’s Data? Regulators Might Disagree

Big, positive news for public education and parents: “This order makes clear that ed tech providers cannot outsource compliance responsibilities to schools, or force students to choose between their #privacy and #education“. Kudos to the Federal Trade Commission for standing up for chidren’s right to privacy and offering much-needed guidance to the poorly regulated #edtech sector. Lots of useful takeaways here for…

Parents and teachers should collaborate to recognize, prevent and stop Edtech violations of children’s privacy

Parents and teachers should collaborate to recognize, prevent and stop Edtech violations of children’s privacy

How can public education institutions prevent the loss of children’s data?Avoid collecting it in the first place and require #edtech vendors to purge it annually from their entire supply chain. It sounds sensible, but it’s easier said than done in our post-pandemic world. Since 2016, school boards have been under continuous pressure to adopt cloud applications to…

How Government Agencies and their Suppliers can Learn from Catastrophic Data Breaches

How Government Agencies and their Suppliers can Learn from Catastrophic Data Breaches

Nova Scotia is advising over 100,000 victims that their #personalinformation was taken as a result of a “global #cybersecurity issue”, #Ontario recently informed some 360,000 residents about the #breach of their private data, and other provinces are facing similar challenges of #incident detection, impact assessment and #fraud prevention. In all cases, these are predictably followed by the generally weak recommendation for victims to keep monitoring their credit…