Privacy regulation in the United States has historically not been something business owners spent a lot of time worrying about – it’s been limited to specific industries or situations. But as this graphic demonstrates, that’s all changing. Most business owners have heard of the California Consumer Privacy Act, or at least recognize it when they […]

Read More →

Today, I’m going to share a video about teapots. No, not honeypots – teapots. Bear with me, there’s a good reason for it. Thanks to the proliferation of inexpensive high-quality tools for video production, social media has an endless supply of people making videos about their passions. As you might expect, the quality varies, but […]

Read More →

Over 100 Million customers of Capital One have had their data stolen. As usual, the fact that there’s a data breach isn’t surprising or newsworthy, although the scale of this one is above average. But looking closely at the details of the incident can tell us a lot about the state of things for the company that suffered the breach – and potentially offer important lessons for the rest of us.

Read More →

On March 6 2019, we hosted a tabletop exercise at Sword & Shield CyberCONNECT in Portland, Oregon. Most information security practitioners have either conducted or participated in a tabletop at some point, but this one is a bit different. Rather than testing or introducing incident response, it’s about practicing Risk Management in a real-world setting. […]

Read More →

We are continuously bombarded with commercialized communication – everything is a sales pitch, everything is clickbait, everything is designed to scream for your attention and your dollars. So instinctively we know that the most effective communications are those bits of authenticity that break through – the welcoming feel and focus of personalized service and direct […]

Read More →

Last week, the UK Information Commissioner’s Office announced that it was fining the Independent Inquiry into Child Sexual Abuse (IICSA) £200,000 (over $260,000 US) for a 2017 data breach. The breach exposed the email addresses, and in some cases the full names, of 90 individuals. The information of these people, presumably sexual abuse victims and […]

Read More →

When it comes to privacy or security, advice can be found everywhere. Use Signal. Use Two-Factor Authentication. Don’t share passwords. Use a password manager. Invariably, these are followed by a series of critical questions – what if your password manager is compromised, what if someone’s broken into your phone, etc. The same thing happens with […]

Read More →