All posts in Cartoons

Hacking Cartoon: All Too Easy

Daniel Solove
Founder of TeachPrivacy

Cartoon Hacker Quits - TeachPrivacy Security Awareness Training

Hacking is easy.  My latest cartoon is based on the fact that many hacking attacks involve rather simple and common tactics.  Why try the hard stuff when the easy stuff works so well?  All it takes is for one person to fall for a social engineering trick, and the hackers can break in.

Continue Reading

HIPAA Cartoon on Social Media Use

Daniel Solove
Founder of TeachPrivacy

HIPAA Cartoon Social Media

Here’s a cartoon on HIPAA and social media use to jump start your week.  You can’t think enough about HIPAA these days.  HIPAA audits are back, and OCR is having a vigorous enforcement year this year, something I plan to post about soon.

Continue Reading

Phishing Cartoon: Why Do Phishers Keep Sending Obvious Scam Emails?

Daniel Solove
Founder of TeachPrivacy

Phishing Cartoon

Why do phishers waste their time with such obvious phishing scams when they can do so much better?

One possible answer: They don’t have to do better.  They send out so many emails that they only need a very low percentage of people to click.  And people always do.  In fact, if phishing emails became more effective, phishers might get too many clicks and might not be able to process it all!

To break into an organization, all the phishers need to do is to catch just one person. They don’t need to overphish the seas.  Victims are plentiful enough!

Don’t assume that people won’t fall for obvious phishing scams — they do.  That’s why it is essential to train people.  I am pleased to announce that TeachPrivacy now is offering a phishing simulator service.  We’ve teamed up with QuickPhish to provide a platform where organizations can conduct simulated phishing exercises for their workforce.  A great way to teach people not to fall for phishing emails is through direct experience.  When people wrongly click, our training can follow to teach them how to improve.

Phishing Simulator

Continue Reading

GDPR Cartoon: Taking Privacy Seriously

Daniel Solove
Founder of TeachPrivacy

cartoon-gdpr-training-privacy-shield-training-02

I created this cartoon to illustrate the fact that despite the increasing risk that privacy violations pose to an organization, many organizations are not increasing the funding and resources devoted to privacy.  More work gets thrown onto the shoulders of under-resourced privacy departments.

It is time that the C-Suite (upper management) wakes up to the reality that privacy is a significant risk and an issue of great importance to the organization.  Looming on the horizon is the enforcement of the new EU General Data Protection Regulation (GDPR), which will begin in 2018.  It’s never too early for organizations to start preparing.  GDPR imposes huge potential fines for non-compliant organizations — up to 4% of global turnover in many cases.  For more information, see the FAQ page I created about the GDPR and privacy awareness training.

Of course, the C-Suite may be quick to say that privacy is very important, but what matters most are the actions they take.  Privacy office budgets and sizes should be going up by a lot these days.

Continue Reading

The Funniest Password Recovery Questions and Why Even These Don’t Work

Daniel Solove
Founder of TeachPrivacy

Passwords

 

A recent article in Wired argues that it is time to kill password recovery questions. Password recovery questions are those questions that you set up in case you forget your password. Common questions are:

In what city were you born?

What is your mother’s maiden name?

Where did you go to high school?

Continue Reading

HIPAA Cartoon on HIPAA’s Jargon

Daniel Solove
Founder of TeachPrivacy

HIPAA Cartoon - TeachPrivacy HIPAA Training

HIPAA is famously impenetrable, with so many special terms and definitions.  I wrote this cartoon to capture the wonderful world of HIPAA jargon, which I hope fellow lovers of HIPAA can appreciate.

AHIMA LogoFor those who want an introduction to HIPAA and how the Privacy Rule and the Security Rule work, I produced a series of courses on HIPAA for the American Health Information Management Association (AHIMA). Each course is approximately 1 hour long.  The courses are:

• HIPAA Privacy: The Pillars of a Privacy Program
• HIPAA Privacy: Rights and Responsibilities
• HIPAA Security: Safeguarding PHI

They are available through AHIMA, but you can preview them on my site here.

HIPAA Courses - AHIMAThese AHIMA HIPAA courses are not for the entire workforce — the courses are for personnel who focus on HIPAA compliance and need to understand the basics of how HIPAA works.  My HIPAA training for the workforce is shorter as well as more basic and general.

I have another HIPAA cartoon here.

Continue Reading

Privacy Cartoon: Know Your Data

Daniel Solove
Founder of TeachPrivacy

Privacy Awareness Training Cartoon

Here’s a cartoon I created.  It involves several Fair Information Practice Principles (FIPPs) and privacy best practices.  The ones involved (and not heeded) in this cartoon are doing a data inventory, informing people about the purposes of the collection of their data, using data for only those purposes, and not keeping data longer than necessary to accomplish those purposes.

For many organizations, there is a lot of data collected that gets stored and forgotten, or that is collected with no apparent purpose in mind.  Data inventories are a great way to take stock of this data and determine whether it is really necessary and appropriate to keep it.

Poster Privacy Awareness Training Know One's Data

Continue Reading

Ransomware: A Cartoon to Brighten More Bad News

Daniel Solove
Founder of TeachPrivacy

Ransomware cartoon

I have good news and bad news about ransomware.  First, the good news — here’s a cartoon I created.  I hope you enjoy it, because that’s the only good news i have.  Now, for the bad news . . .

The Bad News: Be Afraid, Very Afraid

Everyone seems to be afraid of ransomware these days, but is the fear justified?  Is ransomware more about hype than harm?   Unfortunately, a recent study of international companies conducted by Malwarebytes provides some startling statistics to back up the fears.  According to the study, 40% of companies worldwide and more than 50% of the US companies surveyed experienced a ransomware incident in the last year.

The stakes are very high — 3.5% of companies surveyed even indicated that lives were also at stake which was exemplified by a recent attack in Marin, California where doctors lost access to patient records for over 10 days.

Continue Reading

HIPAA Cartoon – HIPAA Compliance Program

Daniel Solove
Founder of TeachPrivacy

HIPAA Training - Cartoon HIPAA Compliance

Recently, HIPAA celebrated its 20th birthday.  HHS issued a celebratory blog post.  HIPAA is 20 years old if you start counting from the date the statute was passed (1996).  If we measure HIPAA’s age from the date that the HIPAA Privacy Rule became effective (2003), then HIPAA is 13.

So HIPAA could be 20 years old, eager to become 21 and be able to drink (right now, it just makes people want to drink) or 13 years old and about to begin being an unruly teenager.

A few years ago, I published an article in the Journal of AHIMA to celebrate HIPAA’s 10th birthday (counting from when the Privacy Rule became effective).  The article discusses HIPAA’s growth and impact, and is a quick read if you’re interested.  You can download it for free here:

HIPAA Turns 10: Analyzing the Past, Present, and Future Impact
84 Journal of AHIMA 22 (April 2013)

Continue Reading

Passwords Cartoon – Security Awareness Training

Daniel Solove
Founder of TeachPrivacy

Cartoon Passwords - TeachPrivacy Security Awareness Training 01

Here’s a cartoon I created to illustrate the importance of security awareness training.  I hope you find it amusing.

Continue Reading