What Does it Mean for a Data Breach to be Material?

What Does it Mean for a Data Breach to be Material?

As of this morning, public companies operating in the U.S. now have 4 (four) days to disclose “material” cybersecurity incidents and data breaches. The U.S. Securities and Exchange Commission cybersecurity rules describe a material incident as a matter “to which there is a substantial likelihood that a reasonable investor would attach importance” in an investment…

How Should the Media Cover Catastrophic Data Breaches?

How Should the Media Cover Catastrophic Data Breaches?

I don’t envy those who will have to clean up a 1.5 TB data breach going back to the last millennium, involving compromised personal information shared with up to 8000 suppliers*. While the cyberattack was confirmed as far back as September, formal conclusions have yet to be published, so I’m going to take a moment…

Is it Fair to Inform Data Breach Victims via Social Media?

Is it Fair to Inform Data Breach Victims via Social Media?

Every breach of children’s privacy is severe and has the potential to cause lasting harms. Since the watershed year 2016 when many Canadian boards of education were financially incentivised to make the irreversible leap from on-premise information systems to cloud edtech ‘learning management systems’, a massive brain drain simultaneously took place within their IT and…

Is It Time for Organized Cybercrime Reform?

Is It Time for Organized Cybercrime Reform?

As reputable outlets* breathlessly peg the global impact of cybercrime in the trillions of dollars, the reality is that the bulk of the business comes from strong-arming victims using ransomware. As recently as a decade ago, cyber-extortionists saw themselves as modern-day Robin Hoods, who merely appropriated the surplus of bloated, negligent capitalists in an effort…

Does everyone have exceptional memory, or are we still mismanaging passwords?

Does everyone have exceptional memory, or are we still mismanaging passwords?

For the third annual World Password Day Survey, Bitwarden polled over 2,000 internet users globally (United States, United Kingdom, Australia, Germany, France, and Japan) on their password security practices. Here are some of findings: Passwordless options are of interest to consumers, as evidenced by the Bitwarden survey and a recent survey from the FIDO Alliance….

While Negligible, Amazon’s Privacy Fine Serves as a Timely Warning to Data Brokers

While Negligible, Amazon’s Privacy Fine Serves as a Timely Warning to Data Brokers

According to the Federal Trade Commission, “Amazon’s history of misleading parents, keeping children’s recordings indefinitely, and flouting parents’ deletion requests violated COPPA and sacrificed privacy for profits”. So how did “the everything store” get away with a “disregard for #privacy and security that exposed consumers to #spying and harassment” by paying a relatively small $30 million fine while continuing to…

Parents and teachers should collaborate to recognize, prevent and stop Edtech violations of children’s privacy

Parents and teachers should collaborate to recognize, prevent and stop Edtech violations of children’s privacy

How can public education institutions prevent the loss of children’s data?Avoid collecting it in the first place and require #edtech vendors to purge it annually from their entire supply chain. It sounds sensible, but it’s easier said than done in our post-pandemic world. Since 2016, school boards have been under continuous pressure to adopt cloud applications to…

What can the world’s biggest email data loss teach businesses about data protection and recovery?

What can the world’s biggest email data loss teach businesses about data protection and recovery?

Ever lost an important email? I know! It totally sucks, doesn’t it? JPMorgan Chase, a company that recently allocated $12 Billion to upgrading its #cybersecurity and claims to spend hundreds of millions per year on #dataprotection, has “a c c i d e n t a l l y” deleted 47 MILLION emails considered to be #business records required to…

Forget ChatGPT: Businesses will soon use hundreds of AI tools daily. How should companies prevent data leaks and violations?

Forget ChatGPT: Businesses will soon use hundreds of AI tools daily. How should companies prevent data leaks and violations?

Why would anyone want to gain access to your company’s ChatGPT accounts? Because they know that in the absence of regulation and policy enforcement, users are likely to enter sensitive #information, intellectual property details, #personal data and strategically important information.#ChatGPT saves this data in chat logs by default, giving thieves exceptional visibility into company operations and creating a vast…

How can the rise of Voiceprint help companies learn about technology due diligence?

How can the rise of Voiceprint help companies learn about technology due diligence?

A gentle reminder that while #voiceprint technology was dubious from the get-go, is has of late been firmly discredited by #security professionals and researchers around the world.Just because banks and telcos – notorious for suffering from a perennially false sense of security – continue to push this “feature” onto callers, it doesn’t mean that you…