Weekly Data Protection & Compliance Links: August 7, 2015

Here is a list of our favorite data security link finds of the week. This time we’re talking about hacking cities, making security a company-wide conversation, a result of the OPM breach, measuring success, and we even quote Lord Kelvin.
Below you’ll find our weekly recap.
Turn the Security Monologue into a Company-Wide Conversation – Aimee Simpson, @AimeeJSimpson
While a quick read, this is also one of my favorites of the week. And it’s all because of this opening line:

If a security policy is issued, and employees don’t hear of it or understand it, will it succeed in securing data?

That line right there! That is so important, and of course, the answer is “no, it won’t succeed.” There’s little value in having a security policy, or a security awareness program, if it’s not built to engage users. The article goes on to state that 70% of successful breaches are conducted via a user endpoint. Many of these breaches are a result of ignorance or apathy. It’s what happens when good employees are disengaged, or when they’re simply unaware of their role in protecting the company. When employees understand their part, they’ll be more likely to become allies in the fight to secure data.
How to Hack a City—And Why We Should – Jonathan Keane, @J_K9
When we think about hacks and data breaches, we most often think about corporate systems. We don’t think about hacks affecting the servers and infrastructures that run cities—but it’s a real threat and one we should be paying more mind to.
According to The Kernel, that’s starting to take form. Information security professionals are beginning to look at cities for exactly what they are—interconnected ecosystems—in an effort to understand how they work, how susceptible they are to attack, and what measures can be taken to prevent those attacks from happening. The article also highlights some unique breach areas that we should all be thinking about.
After a Massive Federal Data Breach, Use of Stronger Government Passwords Rose from 42% to 72% — Jeff Mason, @jeffmason1
Shocking virtually no one, U.S. federal civilian agents have increased their use of strong passwords following the hacking at the Office of Personnel Management (OPM). The use of “strong authentication for privileged and unprivileged users” is said to have increased from 42% to 72%, however, many were still found not to be up to the highest standards set by the White House’s Office of Management.
Don’t get me wrong, it’s great to see that agents have become more security-aware after the hack that put more than 22 million Americans at risk, however, imagine if that behavior was intact before there was a problem? Learn from OPM’s mistake: don’t wait for a massive breach—teach your staff those password security best practices now and invest in a security awareness program that is designed to change behavior and attitudes around corporate security.
How to Put Data at the Heart of Your Security Practice – Jay Jacobs, @jayjacobs
Let’s see, an article about security awareness that begins with a quote from Lord Kelvin? Yes, please!
We really like this one from Jay Jacobs. Here, he talks not only about the importance of integrating data and measurement into the security decision-making progress (something we wholeheartedly agree with!), but also the importance of asking the right questions to drive the right decisions. Defining what those questions are can be somewhat tricky; however, the goal is to get at objective answers. Jay says rather than asking, “How secure am I?” perhaps a better question is “How many security events did we have last quarter?” Or maybe even dig deeper with, “What types of security events do we spend the most time on?” This will leave you with questions that you’ll be able to answer with data.

Share this Post