Weekly Data Protection & Compliance Links: July 31, 2015

This week’s recap features an age-old phishing tale, tips for better compliance training, dueling Google security research, an interactive tool to see how many times you’ve likely been hacked, and more!
How Many Times Has Your Personal Information Been Exposed to Hackers? – Josh Keller (@Josh Keller), K. K. Rebecca Lai (@KKRebeccaLai), and Nicole Perlroth (@NicolePerlroth)
You were looking a little well-rested, so we’d thought we’d share this neat interactive piece from The New York Times that’ll ensure you never sleep well again! It not only tells us that half of American adults had their personal information exposed to hackers last year, it also prompts you to answer some basic questions to calculate how many times your very personal information has probably been hacked. Go ahead, give it a try. Don’t worry, for good measure it also provides tips on how you can protect yourself in the future.
Email Security: A Phishing Tale – Darryl MacLeod, @Darryl_MacLeod
Confession time: I fell in love with this story from Darryl MacLeod. Of course, it’s more than just a “story;” it’s something that happens every day. Hackers send out mass phishing attacks hoping that at least one person will be tricked into handing over personally identifiable information. Once they do, their data will be stolen and it might take years to clean up. Luckily, in this case, the hack was thwarted by Darryl’s understanding of both information security and the tell-tale signs of a phishing e-mail. But not everyone is so lucky. This one is worth a read, both for the story he shares and for the helpful tips on protecting yourself from phishing.
New Research: Comparing How Security Experts and Non-Experts Stay Safe Online – Iulia Ion (software engineer, Google), Rob Reeder (research scientist, Google), Sunny Consolvo (user experience researcher, Google), @Google
A new white paper released by Google outlines the results of two surveys—one with 231 security experts, and another with 294 web users who aren’t security experts—in which they were asked what they do to stay safe online. Google hoped to compare and contrast responses from the two groups to better understand the differences and why they may exist. And well, the responses from both camps certainly were different.
The survey highlighted fundamental differences about basic security practices between security experts and normal web users. For example, security experts are far more likely to use password managers to store unique, strong passwords, while normal web users think their brain is the safest place to store such information. The scariest of all, only 2% of web users said that installing software patches was one of their top security practices, and that they actually avoid installing updates in fear they contain malware. There’s clearly room for improvement on how security best practices are prioritized and communicated.
3 Ways to Improve Compliance Training – Michael Volkov, @MikeVolkov20
Michael Volkov shares three tips to help organizations improve compliance training, including getting the board and C-suite involved, focusing on the content and the audience, and using surveys as a way to measure the effectiveness of security awareness training. I’m not sure we could love the post more. If you need something to share internally to not only convey the importance of corporate compliance training, but to get some added budget to do it right, this post will serve you just fine.

Share this Post