The Privacy Professor Blog

Be Safer in the Internet of Things on Safer Internet Day!

By Rebecca Herold | Feb 7, 2022

For those IoT products that you own and control, do you have them sufficiently secured, to be safe from the threats of the internet? Here some key checks to make to see if you need to make any improvements on Safer Internet Day.

How Much of Your Privacy Are Your Browsers Leaking?

By Rebecca Herold | December 30, 2021

In our Privacy Professor January Tips of the Month, one of the privacy beacons we highlighted was the “Cover Your Tracks” website from the Electronic Frontier Foundation (EFF). Here are the results of our testing with this website.

Suggestions for Consumers Using IoT Products Containing Log4j

By Rebecca Herold | December 28, 2021

Many of our Privacy and Security Brainiacs and Privacy Professor consultancy clients have asked for a simple description of the Log4j problems they’ve seen so much about in the news lately. Here are some key facts and advice we’ve provided to them.

Organizations Need to Use More Than One Type of Encryption

By Rebecca Herold | March 28, 2021

What encryption solution businesses use? Every type of organization will typically each need to use at least two, but usually more, types of encryption solutions to meet their needs. Why? Because each organization needs to encrypt personal data, sensitive data, and a wide range of other types of regulated data, wherever the data is collected, stored, or transmitted.

2020 Was a Wakeup Call: Don’t Shut the Curtain and Go Back to Sleep in 2021!

By Rebecca Herold | December 15, 2020

2020 was a wakeup call for more than healthcare pandemic preparedness. It also exposed some huge security and privacy vulnerabilities, that many cybercrooks have exploited thousands of times throughout the year, for remote workers; both those work-from-home (WFH) employees, along with those mobile workers who have largely been going under the CISOs’ and information security departments’ radars for the past two to three decades. Will cybersecurity and privacy pros heed the lessons learned from the awakening?

The Spies Who Eavesdrop on Your Work from Home: Part 2 – Apps

By Rebecca Herold | May 17, 2020

In my previous blog post, I described how one of my monthly Privacy Professor Tips readers recently sent me a question about some unusual coincidences where it seemed that home conversations and activities were then known and discussed by workers. When working from home, or mobile working while traveling, it is important to remember that cybercrooks and business competition are actively exploiting the vulnerabilities that are present in most home offices, hotels, restaurants, airports, and a long list of other locations where remote work occurs.

The Spies Who Eavesdrop on Your Work from Home: Part 1 – IOT

By Rebecca Herold | May 5, 2020

With what may be the majority of office workers throughout the world now working from home, cybercrooks and business competition are actively exploiting the vulnerabilities that are present in most home offices. This series of blog posts focus on fours ways in which digital spies enter home office areas, and some information security and privacy protections you can put in place to shut the holes in the digital pathways created into your organization through working from home office areas. Part 1 provides an overview of digital spies coming through IOT devices.

What Business Leaders Need to Know About Privacy Breach Notifications

By Rebecca Herold | April 18, 2020

There will come the inevitable day when your organization will need to make a privacy breach notice. Will you be prepared and know what to do when this day comes?

You Will Be Judged by the Company You Keep

By Rebecca Herold | April 4, 2020

All organizations need to identify and document all the outsourced and contracted entities that possess or otherwise access their information, in all forms. Here are some reasons why.

Fired Because Photo of Surgery Room Was a HIPAA Violation

By Rebecca Herold | March 28, 2020

With the preponderance of people now taking photos and videos with their phones as part of their standard daily activities, the number of situations where healthcare workers are capturing images and posting on their Instagram, Facebook and other social media sites is dramatically increasing. What does this mean for compliance with the HIPPA Privacy Rule?

HIPAA and Calling Out Full Names In Waiting Rooms

By Rebecca Herold | March 28, 2020

Is it a HIPAA violation to call out a patient’s full name in the waiting room? What factors go into deciding whether something like this is a HIPAA violation? The Privacy Professor Explains.

Why You Should Use a Right to Audit Clause

By Rebecca Herold | March 28, 2020

A right to audit clause is a good idea for all types of organizations, of all sizes, not only as a way to demonstrate due care, about also to to be proactive in preventing privacy breaches and security incidents. Here are the top reasons why you should have right to audit clauses within business partner contracts.

Revisiting the Theory for How Eddie Tipton Committed the Largest Lottery Fraud in History

By Rebecca Herold | March 25, 2020

Eddie Tipton, an information security officer, was able to successfully rig the Hot Lotto random number generator and commit the largest lottery fraud in US History. How did he do it? The Privacy Professor explains.

Top 4 Reasons Encryption Is Not Used

By Rebecca Herold | March 21, 2020

During my work with a wide range of small to large organizations, in a wide range of industries, I’ve found there are some common reasons why encryption is not implemented. Here are the top four I’ve run across.