I like to keep my students aware of common security failures.
Weibrecht Law in New Hampshire recently submitted
a notification to their state with this explanation of their breach:
On or about Monday September 10th, our
office sent an unencrypted electronic copy (“thumb drive”) of a
client file via US Postal Service. The envelope that the thumb drive
was sent in was received by the recipient, damaged and without the
thumb drive enclosed. We immediately contacted the USPS to
investigate.
Okay, so far that sounds really familiar, right,
although why entities would still send unencrypted thumb drives thru
postal mail in 2018 is a bit disheartening. In any event, their
report continues (with emphasis added by me):
A representative from our office spoke
with a representative in the Claims and Inquiries Department of the
USPS in Manchester, NH and learned that all items recovered from the
mail processing center are sent to her department. She
reported that because this was a common occurrence, she had several
buckets of thumb drives that had similarly been torn free from their
envelope in the mail sorting process.
Buckets of thumb drives? The possibilities are
staggering.
She did a visual review for the USB but
did not find it. She also reported that the USPS has its own
internal privacy policies that would preclude an employee from
actually opening any of the USBs that are recovered.
And we know that employees always rigorously
adhere to policies, right?
Based on this information, we do not have
reason to believe the information has been accessed by individuals
intending to misuse it. In fact, our investigation indicates that
the most likely disposition of the thumb drive was that it was
destroyed in a post office mail processing machine.
Complete the “write your own misdadventure”
starter above.
The law firm has
taken
steps to provide protective and remediation services and is
changing their procedures for sending files, but how much time,
money, and potential reputation harm could they have avoided by
encrypting files during file transfer?
These lessons are so costly and painful for SMB.
I wish we could help more entities avoid having to learn them.
Another common failure and a proper response.
Madison
County computer system infected with ransomware
Madison County in Idaho
fell
victim to a ransomware attack last week, after an employee opened
a phishing email asking for money. The IT department spent the week
recovering the computer system from the attack, which took place over
the three-day Columbus Day weekend.
The entire county network was affected, including
payroll systems, sanitation services and the treasurer’s office,
making it difficult for officials to conduct business operations.
Employees couldn’t send emails and had to use backup data to issue
paychecks.
… County Commissioner Brent Mendenhall and
Madison County Clerk Kim Muir said they will not pay the ransom and,
because the IT department had made backups, they were able to
successfully restore the system.
Is this really cheaper than good security?
Insurer
Anthem will pay record $16M for massive data breach
The nation’s second-largest health insurer has
agreed to pay the government a record $16 million to settle potential
privacy violations in the biggest known health care hack in U.S.
history, officials said Monday.
The personal information of nearly 79 million
people — including names, birthdates, Social Security numbers and
medical IDs — was exposed in the cyberattack, discovered by the
company in 2015.
The settlement between Anthem Inc. and the
Department of Health and Human Services represents the largest amount
collected by the agency in a health care data breach, officials said.
Cause and effect.
The
Employer Surveillance State
“…In fact, electronic surveillance of
employees, through technologies including not just video cameras but
also monitoring software, has
grown
rapidly across all industries. Randolph Lewis, a professor of
American Studies at the University of Texas at Austin and the author
of
Under Surveillance, Being Watched in Modern America,
pointed to
software
that makes it possible for employers to monitor employee facial
expressions and tone of voice to gauge their emotional states, such
as rage or frustration. Among more conventional surveillance
methods, employers can track employees’ website visits, and keep
tabs on their employees’ keystrokes. Employers can also monitor
employees’ personal blogs, and read their social-networking
profiles. In one case in California, a sales executive at a
money-transfer firm
sued
her employer, claiming she had been fired for disabling an app that
used employer-issued cell phones to track workers via GPS, even when
they were off the clock. (The suit was later settled out of court.)
The proliferation of
surveillance is due, at least in part, to the rising sophistication
and declining cost of spy technology: Employers monitor workers
because they can. Michel Anteby, a Boston University
sociologist and business scholar who has watched how monitoring
impacts employees at the TSA and other workplaces, has also noticed
that the more employees are surveyed, the harder they try to avoid
being watched, and the harder management tries to watch them. “Most
TSA workers we observed do everything possible to stay under the
radar, to essentially disappear,” he said. “They try to never
speak up, never stick out, do nothing that might get noticed by
management,” he said. “This leads to a vicious cycle, whereby
management grows more suspicious and feels justified in ratcheting up
the surveillance.”
“People? We don’t listen to no stinking
people!”
Study:
Nearly all unique comments to FCC opposed net neutrality repeal
… Singel discovered that of the 800,000 unique
comments posted, 99.7 percent were in favor of net neutrality. His
findings were released Monday and first
reported
by Motherboard.
My young students don’t know this. My
international students don’t know what a “Sears” is. Sad.
Opinion |
How Sears Was the Amazon of Its Day
The orders poured in from everywhere — 105,000 a
day at one point — so much so that the company
became
an economic force. It could make or break suppliers by promoting
their products. It could dictate terms on manufacturing. Its
headquarters city boomed as this tech-driven retailer built huge
warehouses and factories and attracted other businesses and rivals.
State and local governments complained that the company was harming
small-town retailers.
… Sears became the Amazon of its day because
its co-founder Richard Warren Sears harnessed two great networks to
serve his enterprise — the railroads and the United States Postal
Service. When the Postal Service
commenced
rural free delivery in 1896 (the “last mile” in today’s
jargon) every homestead in America became within reach.
And Richard Sears reached them. He used his
genius for advertising and promotion to put a catalog in the hands of
20 million Americans in 1900, when the population was 76 million.
The Wish Book […] could run a staggering 1,500 pages and offer more
than 100,000 items.
Sounds interesting.
For the
Love of Lit - Four Free Webinars for ELA Teachers
This week PBS Education is hosting the first
webinar in a four part virtual professional development series called
For
the Love of Lit. This series features free webinars designed to
help ELA teachers engage their students in learning about literature.
The four webinars in the series are as follows:
Inspiring Young
Authors, with NaNoWriMo founder Chris Baty
Including All
Readers, with student activist Marley Dias
Encouraging Bright
Thinkers
Cultivating Young Book Lovers
You can register for
one or all four registers
right
here. PD certificates are available for attending each session.
Oh, the horror!
Climate
change to double costs of making beer, scientists say