Even if you don’t issue your staff with smart phones, and you prohibit them from storing sensitive data on them, they’re still very likely to use them to exchange emails and to talk about about business matters. This short post from CSO Online – ShmooCon 2011: Your Android’s dirty little… Continue Reading Smart Phone (In)Security

Over the years, I’ve heard a lot about how important it is to ‘engage’ staff in information security, but very little about how to do this in practice. And what little advice I see seems to be limited to providing giveaways and trinkets. Surely, there has to be more than… Continue Reading Engaging Your Staff in Security Requires Leadership – Not Free Coffee Mugs

Whether or not your organization is officially looking into cloud computing as a potential business tool, chances are that your employees are already be using cloud-based applications without you knowing about it. Cloud-based applications are already widely used – some of the better known examples being Google Docs, Windows Live,… Continue Reading Cloud Computing is a Security Awareness Issue

If you’re planning your online security awareness training content development strategy, don’t forget PowerPoint. Much maligned as a web-based training tool, it should still have a place in your toolkit for when you need to develop quick and simple training materials – perhaps when you have an urgent message to… Continue Reading Don’t Forget PowerPoint for Your Security Awareness Training

Here’s a blog post by Simon Herring of Ubersecure which describes how (during an authorized penetration test) he was able to “persuade” a helpdesk agent of a large company to reset his password by pretending to be a salesman in a panic. Once the password had been reset, he was… Continue Reading Don’t Let Your Helpdesk Help the Wrong People!

emPower – a leading provider of comprehensive Healthcare Compliance Solutions through Learning management system (LMS) has announced today that Dales Davidson LLC located in Thomasville, Georgia has adopted Dragon Legal Complete Online Training Course in order to improve their productivity in transcription process. Dale Davidson as a practicing litigation attorney at DALE DAVIDSON, LLC was looking… Continue Reading Dale Davidson LLC has adopted emPower eLearning Solutions’ Dragon Legal Complete Training Course

Physicians, Attorneys, Many Hospitals No Longer Must Comply Howard Anderson, Managing Editor  President Obama on Saturday signed legislation that exempts certain businesses, including physician practices and apparently most hospitals, from the Identity Theft Red Flags Rule. The Red Flags exemption law more narrowly defines the term “creditor” so that, in effect, far fewer… Continue Reading Obama Signs Red Flags Exemptions Bill

Congress passes legislation clarifying definition of “creditor.” By Peter W. Crownfield, Executive Editor After delaying enforcement of the Red Flags rule for more than two years while debating which entities should be covered under the rule and thus required to develop and implement identity theft protection protocols, Congress has passed legislation that… Continue Reading Health Care Providers Exempt From Red Flags

I’ve seen a number of security awareness training programs run into problems when the designers of the program didn’t take into account the limited time that students have. Here are some things to think about when planning your program.

The U.S. House has passed by voice vote legislation–identical to that recently approved in the Senate–to exempt health care providers, attorneys and certain other service providers from provisions of the Red Flags Rule to combat identity theft. That means the bill, S. 3987, now goes to President Obama for his… Continue Reading Congress Approves Red Flags Exemptions