Recognizing the Risks of a Malicious Insider

Data security is a complicated thing, and it’s made much more complicated by the human element. The vast majority of breaches are a result of error, negligence, or intentional misconduct. And that misconduct isn’t always a hacker (invariably, he’s wearing a hoodie) – many times, it’s a malicious insider in your own company who steals or facilitates the theft of your crucial data. Understanding the risks of malicious insiders is a vital part of avoiding a breach, and being #datasmart. Read More

GDPR Countdown – 8 Weeks to Go

There were quite a few data breaches in the news this week, and the media makes it seem there’s a breach a day. That’s fake news, folks: there are way more than one a day.

It’s no secret that the GDPR imposes strict new requirements for preventing, detecting, resolving, and reporting data breaches, and similarly strict penalties when companies fall short. Sometimes it may appear like you’re facing risks from hackers and regulators alike. But it doesn’t have to be so. Taking a datasmart approach to security and compliance can help keep you out of the crosshairs and out of the courtroom. Read More

E10 🎧Podcast: Don’t Come At Under Armour, Bro – The New Privacy Breach Normal

Under Armour, Saks, and Panera, all announce privacy hacks and major data breaches within the last few days. We are learning more each day how each company responded, the good and the bad.

In this episode of “Are You DataSmart?”, the Ward brothers dissect health data, like the kind popular in fitness apps as well as the “don’t throw stones in glass houses” aspect of data breaches. About 60% of larger corporations have been hacked according to a Duke University and CFO Magazine analysis in 2015. Read More

E9: IAPP Global Privacy Summit Recap, Big Questions, and Indiana Jones Analogies

“We have top men working on it right now.” – Government Bureaucrat.
“Who?” – Indiana Jones
“… Top… Men…” – Government Bureaucrat
If you know this iconic scene from Indiana Jones and the Raiders of the Lost Ark, then you know it comes following the epic search and recovery of the Lost Ark by Indiana Jones.  And that exact feeling of confusion seemed to permeate some of the raw details of how the GDPR and other regulations will actually be governed and executed by regulatory authorities. Read More

GDPR Countdown – 9 Weeks to Go

So I’m buying some Under Armour shorts at Saks when I suddenly get a craving for Panera.

What a difference a week makes. With new breaches and investigations beginning seemingly every day (Under Armour, Saks, Panera, all in the last five days), it raises a critical, and practical, issue: how are regulators going to approach data security enforcement after May 25?

We’re entering the home stretch of the GDPR countdown now, with just about two months to go. At this point, you may or may not have realized that you need good advice about what to do and how to do it. Ideally, you’ve started the process of implementing a thoughtful data security plan (or have at least thought about thinking about it). Read More