Thursday, January 26, 2017

Beware the Bear!  The Russians are hacking, the Russians are hacking! 
From the I-just-report-’em-I-don’t-necessarily-believe-them dept.
Paul Srubas reports:
County websites of the Democratic Party in the area have been under attack, at least one apparently by Russian hackers, an officer of the party said.
What appears to have been Russian hackers compromised the website of the 8th Congressional District Democratic Party as well as the sites of seven county Democratic party organizations, said Mary Ginnebaugh, who chairs the congressional district as well as the Brown County Democratic parties.
Read more on USA Today.
[From the USA Article: 
The hackers may have been targeting the state site and stumbled onto the 8th Congressional District site, Ginnebaugh said.  “We’re one letter off,” she said.  “We’re and the state is”

One size fits all?  You put as much effort in protecting your Recycle Ban as you do your M&A records?  
Study: 62% of security pros don’t know where their sensitive data is
   the value of data security is still largely defined “in terms of risk, cost, and regulatory compliance,” notes Forrester Research in the executive summary of a new report commissioned by data protection software provider Varonis Systems.
One of the key findings of the Forrester survey of 150 data security professionals in the U.S. and Canada is that while 76% of respondents claim a mature security strategy, the vast majority report facing technical challenges (93%) and organizational challenges (90%) with data security.  And, Forrester says, they “are focused on threats rather than their data, and do not have a good handle on understanding and controlling sensitive data.”  

For example, just 31 percent of respondents say they classify corporate data in the cloud based on its sensitivity.  
   Forty-one percent of survey respondents said they know where their employee data is located, while 38% said they know where their customer data and sensitive structured data is located.
   To learn more about what security pros have to say about the state of data security in their organizations, download the Forrester/Varonis report.

Is this technology sufficiently error free?  Spoof proof?  If it goes down, is there human backup? 
Michael Koziol reports:
International passengers would be whisked through immigration and customs without stopping or even encountering humans, while passport scanners and paper cards would be a thing of the past, under a radical overhaul of Australia’s airports due to start this year.
Instead, passengers will be processed by biometric recognition of the face, iris and/or fingerprints, matched to existing data.  By 2020 the government wants a system in place to process 90 per cent of travellers automatically, with no human involvement.
Read more on SMH.

My students seem to think you should not wait for an audit.  Why not have your systems notify you of unusual activity immediately?  
Brianna Owczarzak & Kate Nadolski report that an employee who improperly accessed thousands of patients’ files was fired after the Covenant in Saginaw detected the improper access through an audit:
The hospital sent letters to more than 6,000 individuals who may have been affected.
One of those people is Gabriella Economous.
“I received a letter from Covenant and it was in regards to my son saying that someone had accessed his records with his medical treatment, where we live, personal info, driver license numbers,” Economous said.
The incidents occurred between Feb. 1, 2016 and Nov. 21, 2016.
Read more on Crossroads Today.  Although it sounds like a snooping incident, they don’t seem to actually say what the employee’s motivation was and whether there is any evidence that data were copied or exfiltrated.  As of the time of this posting, there doesn’t seem to be a copy of the notification letter on their web site, so this post may be updated if more information becomes available.

Is it possible they do not know how to regain control of their data? 
Americans and Cybersecurity
...   Previous Pew Research Center studies of the digital privacy environment have found that many Americans fear they have lost control of their personal information and many worry whether government agencies and major corporations can protect the customer data they collect.  As part of this ongoing series of studies on the state of online privacy and security, the Center conducted a national survey of 1,040 adults in the spring of 2016 to examine their cybersecurity habits and attitudes.  This survey finds that a majority of Americans have directly experienced some form of data theft or fraud, that a sizeable share of the public thinks that their personal data have become less secure in recent years, and that many lack confidence in various institutions to keep their personal data safe from misuse.  In addition, many Americans are failing to follow digital security best practices in their own personal lives, and a substantial majority expects that major cyberattacks will be a fact of life in the future.   

I’m trying to explain to my students that proper Governance should have caught this very early in the process.  Why did it continue? 
The Wells Fargo Scandal Is Now Reaching VW Proportions
I thought it would be a long time before a corporate scandal got bigger and worse than the Volkswagen emissions-cheating mess.  I still think that, but almost every day the Wells Fargo situation makes me wonder if it might soon surpass even VW in overall awfulness.  The latest news certainly shortens the odds.  Before we examine the dismal state of affairs, let’s jump straight to the bottom line: Even if this scandal does not widen further, it reflects a massively broken corporate culture, not just the acts of a few bad men and women.  It has trashed the reputation of former CEO John Stumpf and at least casts doubt, fairly or not, on the reputation of his predecessor, Richard Kovacevich; both were among America’s most admired CEOs.  The No. 1 job of CEO Tim Sloan is culture change, and the big lesson from others’ experience is not to talk about culture but to model and enforce the right behavior—and to be patient.
Recent developments go way beyond the original revelation, that the bank opened as many as 2.1 million accounts without customers’ permission or knowledge.  Lots of people had to know of such widespread wrongdoing, but...
New evidence shows that employees who called the company’s ethics hotline were sometimes fired or otherwise punished.  That’s illegal under federal law.  The bank has hired an outside investigator to learn more.
Branch managers were warned 24 hours before internal auditors showed up to conduct inspections.  Employees were sometimes ordered to work into the night or all night to shred documents and forge signatures so the branch would pass inspection, the Wall Street Journal reports.
The bank allegedly caused customers to miss deadlines for extending a promised interest rate, then charged those customers late fees.  The process typically cost customers $1,000 to $1,500.  So say four former employees from the Los Angeles region, as reported by ProPublica.  One of the four ex-workers claims that total proceeds to the bank were in the millions of dollars.

A local contact for the AI discussion?
What Managers Need to Know About Artificial Intelligence
The field of artificial intelligence (AI) is finally yielding valuable smart devices and applications that do more than win games against human champions.  According to a report from the Frederick S. Pardee Center for International Futures at the University of Denver, the products of AI are changing the competitive landscape in several industry sectors and are poised to upend operations in many business functions.

This will probably get referenced a lot over the next four years. 
LibGuide on Presidential Power
by Sabrina I. Pacifici on Jan 25, 2017
Mary Whisner – Librarian – Gallagher Law Library: “In November two of our brilliant young professors decided to put together a class on Presidential Power for winter quarter.  It immediately filled and drew a waiting list.  And there was a lot of interest from outside the law school.  People from other university departments and the community asked if they could audit or at least get the reading list.  The professors didn’t have room for a flock of auditors, but they did think that sharing their readings was a good idea, and they asked me to set up a public web page.  In case the topic also interests any of you, see  Check back from time to time: they are developing the syllabus (and I’m adding links) as events unfold.”

For my gamers…

No comments: