Own Goals and Cups of Coffee

We’ve spent a good deal of time here talking about the risks of data breaches and how to create structures that help prevent them. We’ve even talked about common kinds of breaches and what they mean for your business. But, of course, no matter how much we talk about this stuff, there’s a never-ending supply of… Read More

Why the LabMD Case is So Important

Yesterday, the Eleventh Circuit Court of Appeals issued a long-awaited ruling in a case called LabMD v. FTC.  Followers of the case will tell you that it has been, to put it mildly, an interesting saga, and it hits on the biggest data related issues of the past fifteen years.  The ruling has serious implications for… Read More

Recognizing the Risks of a Malicious Insider

Data security is a complicated thing, and it’s made much more complicated by the human element. The vast majority of breaches are a result of error, negligence, or intentional misconduct. And that misconduct isn’t always a hacker (invariably, he’s wearing a hoodie) – many times, it’s a malicious insider in your own company who steals or facilitates the theft of your crucial data. Understanding the risks of malicious insiders is a vital part of avoiding a breach, and being #datasmart. Read More

Who’s the Boss?

One question I hear from clients all the time is “who has to be the decision maker about data security?” Companies that have a C-Suite will rely on a Chief Information Officer (CIO), a Chief Technology Officer (CTO), or even a Chief Information Security Officer (CISO).  These are great options, and worth discussing on their own.  Other companies place the responsibility in the head of IT or with whoever oversees compliance issues.  There is no one-size solution to overseeing data security, but it’s important to ask the question. Read More