Data Pro­tection and the Environment

Finally, it is 2018 ­­­­­– a year to be heavily impacted by the EU General Data Protection Regulation (GDPR). What may feel like a revolution, was in fact called a reform when the the EU Commission announced the first GDPR proposal in 2012. Nothing has changed overnight, but accompanied by regular news of data breaches and activists like Snowden, information privacy has certainly gained some traction since then. Now, I’d say we have a working climate for data protection and privacy in place.

Regulation helps reducing environmental pollution, and will similarly limit dirty personal data processing.

Continue reading “Data Pro­tection and the Environment”

Security Awareness for the Rest of the Year

October is behind us, a big month for national security awareness campaigns across several countries. For many, campaigns like this offer the only security training people get during the entire year. But a campaign oriented approach like this has also a few limitations. You simply cannot frame all your company’s security training needs within one month. Campaigns cannot be arranged for each and every other month either. So, what should you do when October ends?

It’s not just about the awareness of others, but your own awareness of people and security is key to getting them aligned.

Continue reading “Security Awareness for the Rest of the Year”

Four Steps to Have Employees Report Security Incidents (And Save the Day)

Some insist on the contrary, but any of your colleagues can be a valuable contributor to your company’s security efforts. An example is when you do not have systems, rules or training to cover an unforeseen event, but people improvise to stay both as productive and secure as possible. Risk-based trade-offs like this happen a lot – although people will not necessarily tell you when it happens – but that’s how business gets done. Another example is when people report incidents (or potential ones), allowing your organisation to improve and become more resilient to cyber-attacks.

Reporting security incidents should never get yourself or colleagues into trouble. Instead, it allows for specialists to handle the situation, and for the organisation to learn.

Continue reading “Four Steps to Have Employees Report Security Incidents (And Save the Day)”

Nobody Is Really Against Security

Anyone can relate to an e-mail they got, that seemed a bit suspicious. Or to seeing a Facebook campaign that seemed too good to be true. Security is not something special that matters only for a few people. According to a recent online survey of American adults, 39% said they would sacrifice sex for one year if it meant they never had to worry about being hacked.

A general risk analysis would usually put people “up there”, in terms of damage potential and probability for incidents.

Continue reading “Nobody Is Really Against Security”