At Least Public Organizations are Transparent About their Cyber Challenges

At Least Public Organizations are Transparent About their Cyber Challenges

As part of a rapid fire succession of TV interviews earlier this week, I had the opportunity to read a 12-page report prepared for the board of directors of the Toronto Public Library following the security breach that devastated IT operations, affected more than 100 branches, compromised the personal information of employees going back to…

Do Data Aggregators Have a Higher Responsibility to Data Protection?

Do Data Aggregators Have a Higher Responsibility to Data Protection?

Unsurprisingly, aggregators of financial data are a major target of cybercrime. Some mortgage lenders and brokers have taken steps to invest in security detection and incident response capabilities, but there are key lessons to be learned from each and every data breach. These include: 1. Attackers can steal millions of personal identities in just a…

What Does it Mean for a Data Breach to be Material?

What Does it Mean for a Data Breach to be Material?

As of this morning, public companies operating in the U.S. now have 4 (four) days to disclose “material” cybersecurity incidents and data breaches. The U.S. Securities and Exchange Commission cybersecurity rules describe a material incident as a matter “to which there is a substantial likelihood that a reasonable investor would attach importance” in an investment…

How Should the Media Cover Catastrophic Data Breaches?

How Should the Media Cover Catastrophic Data Breaches?

I don’t envy those who will have to clean up a 1.5 TB data breach going back to the last millennium, involving compromised personal information shared with up to 8000 suppliers*. While the cyberattack was confirmed as far back as September, formal conclusions have yet to be published, so I’m going to take a moment…

Is it Fair to Inform Data Breach Victims via Social Media?

Is it Fair to Inform Data Breach Victims via Social Media?

Every breach of children’s privacy is severe and has the potential to cause lasting harms. Since the watershed year 2016 when many Canadian boards of education were financially incentivised to make the irreversible leap from on-premise information systems to cloud edtech ‘learning management systems’, a massive brain drain simultaneously took place within their IT and…

Does everyone have exceptional memory, or are we still mismanaging passwords?

Does everyone have exceptional memory, or are we still mismanaging passwords?

For the third annual World Password Day Survey, Bitwarden polled over 2,000 internet users globally (United States, United Kingdom, Australia, Germany, France, and Japan) on their password security practices. Here are some of findings: Passwordless options are of interest to consumers, as evidenced by the Bitwarden survey and a recent survey from the FIDO Alliance….

How Government Agencies and their Suppliers can Learn from Catastrophic Data Breaches

How Government Agencies and their Suppliers can Learn from Catastrophic Data Breaches

Nova Scotia is advising over 100,000 victims that their #personalinformation was taken as a result of a “global #cybersecurity issue”, #Ontario recently informed some 360,000 residents about the #breach of their private data, and other provinces are facing similar challenges of #incident detection, impact assessment and #fraud prevention. In all cases, these are predictably followed by the generally weak recommendation for victims to keep monitoring their credit…

In Canada, Acceptance of Security Negligence Enables Privacy Violations

In Canada, Acceptance of Security Negligence Enables Privacy Violations

Acceptance is enabling. There is no other way to say it, but Canadians simply can’t be bothered to question data breaches, to report privacy violations or to care about the security of their own data in the hands of big name companies. According to the IAPP, the number of Canadians who reported no concerns whatsoever…

3 Immutable Conditions for Trustworthy #Edtech

3 Immutable Conditions for Trustworthy #Edtech

Because Edtech Without Integrity is Fraud After two decades in information security, I was a latecomer to the edtech party back in 2016 and what I found was a land rush for the last frontier of intangible assets: children’s personal data. To be clear, 2016 was a watershed year in edtech cybersecurity breaches. With tens…