All posts in Social Engineering

Ransomware’s Dilemma: Pay It or Not?

Daniel Solove
Founder of TeachPrivacy

Ransomware cybersecurity training

Ransomware is one of the most frightening scourges to hit the Internet.  Ransomware is a form of malware (malicious code) that encrypts a person’s files and demands a ransom payment to decrypt them.  If the money isn’t paid, the encryption keys are destroyed, and the data is lost forever.

Ransomware cybersecurity training

Ransomware began to emerge in 2009, and it has been rapidly on the rise.  Recently, it was ranked as the number one threat involving mobile malware.  According to one estimate, “at least $5 million is extorted from ransomware victims each year.”

Ransomware became a household name in 2013, when CryptoLocker infected about 500,000 victims in just 6 months.

Ransomware Cryptolocker security training 01CryptoLocker was eventually defeated.  But new variants of ransomware started popping up more frequently.

Continue Reading

New Security Training Program: Social Engineering: Spies and Sabotage

Daniel Solove
Founder of TeachPrivacy

Module Data Security Spies and Sabotage 02

I am pleased to announce the launch of our new training program, Social Engineering: Spies and Sabotage. This course is a short module (~7 minutes long) that provides a general introduction to social engineering.

After discussing several types of social engineering (phishing, baiting, pretexting, and tailgaiting), the course provides advice for avoiding these tricks and scams. Key points are applied and reinforced with 4 scenario quiz questions.

Social Engineering Training Spies 01

Continue Reading

Should the FTC Kill the Password? The Case for Better Authentication

Daniel Solove
Founder of TeachPrivacy

title image

Co-authored by Professor Woodrow Hartzog.

Authentication presents one of the greatest security challenges organizations face. How do we accurately ensure that people seeking access to accounts or data are actually whom they say they are? People need to be able to access accounts and data conveniently, and access must often be provided remotely, without being able to see or hear the person seeking access.

Continue Reading

Mr. Robot: My Review of the New TV Series

Daniel Solove
Founder of TeachPrivacy

Mr Robot 01by Daniel J. Solove

I’ve really been enjoying the new TV series Mr. Robot on USA. Network.  It presents highly-engaging depictions of hacking and social engineering, and it is great entertainment for privacy and security  geeks.

Mr Robot 05aThe protagonist is Elliot Alderson (played by Rami Malek), a tech who works at a cybersecurity firm in New York City.  The show is narrated with voiceover by Elliot, and we get a glimpse into the mind of this reclusive and quiet person.  Voiceover can often falter as a technique, but here it works wonderfully — and all the more impressive because Elliot speaks softly, often in monotone.  But Elliot is such a fascinating character and Malek delivers Elliot’s monologue so effectively, that it becomes surprisingly engaging.

Elliot is very smart and clever, and he sees many around him as idiots.  He suffers from severe bouts of depression, is a recluse who wants to be invisible, and he is very awkward around other people.  He lives most of his life inside his head.  The show presents the stark contrast between what he says to others and what he is thinking.  In one scene, we see him speaking to his psychiatrist, telling her hardly anything.  But we hear his thoughts and know that he is pondering quite a lot.
Continue Reading

Cybersecurity in the Boardroom

Daniel Solove
Founder of TeachPrivacy

??????????

by Daniel J. Solove

A few days ago, I posted about how boards of directors must grapple with privacy and cybersecurity.   Today, I came across a survey by NYSE Governance Services and Vericode of 200 directors in various industries.

According to the survey, about two-thirds of directors are less than confident about their company’s cybersecurity.  This finding is not surprising given the frequency of data breaches these days.  There is a growing sense of exasperation, as if we are living in an age of a great plague, with bodies piling up in the streets.

Plague 01

Continue Reading

The Terrifying Math of Phishing

Daniel Solove
Founder of TeachPrivacy

Fish 1210-1242156850ss7a pub domain pictures

by Daniel J. Solove

Although we are seeing increasingly more sophisticated attempts at phishing, it appears as though many phishers still haven’t been able to get their hands on a program with spell check.  Why are we still seeing the $10 million lottery winning emails?  Or the long lost relative of yours living in Fiji who is leaving you $4 million?

A recent article explains that for the phishers, it is all a numbers game:

“So, if 97 per cent of phishing attempts are unsuccessful, why is it such a large issue? Because there are 156 million phishing emails sent worldwide daily. . . . Of the 156 million phishing emails sent daily, 16 million get through filters. Another eight million are opened by recipients. 800,000 click on the link provided, and 80,000 provide the information requested.”

Continue Reading

The Funniest Hacker Stock Photos

Daniel Solove
Founder of TeachPrivacy

stock photos

By Daniel J. Solove

 

I produce computer-based privacy and data security training, so I’m often in the hunt for stock photos. One of the hardest things in the world to do is to find a stock photo of a hacker that doesn’t look absolutely ridiculous.

I’ve gone through hundreds of hacker stock photos, and I’ve discovered some that are so absurdly funny that they are true classics and deserve to be celebrated in a hall of fame. So I bought some of these gems to share them with you — because if there’s any sense of justice in the universe, when so much thought, creativity, and effort goes into a stock photo, it deserves to be sold.

Continue Reading

Follow Professor Solove on Social Media

Daniel Solove
Founder of TeachPrivacy

If you are interested in privacy and data security issues, there are many great ways Professor Solove can help you stay informed:

Professor Solove’s LinkedIn Influencer blog

LinkedIn Influencer 02 You can follow Professor Solove on his blog at LinkedIn, where he is an “LinkedIn Influencer.”  He blogs about various privacy and data security issues. His blog has more than 600,000 followers.

LinkedIn Influencer 01

*    *    *    *

Professor Solove’s Twitter Feed

Twitter 01Professor Solove is active on Twitter and posts links to current privacy and data security stories and new scholarship, cases, and developments of note.

*    *    *    *

Professor Solove’s Newsletter

Newsletter 01Sign up for our newsletter where Professor Solove provides information about his recent writings and new training programs that he has created.

*    *    *    *

Professor Solove’s LinkedIn Discussion Groups

Please join one or more of Professor Solove’s LinkedIn discussion groups, where you can follow new developments on privacy, data security, HIPAA, and education privacy issues. You can also participate in the discussion, share interesting news and articles, ask questions, or start new conversations:

Privacy and
Data Security
HIPAA Privacy
and Security
Education Privacy
and Data Security
Image Group LinkedIn Logo Education Privacy 01 Image Group LinkedIn Logo HIPAA 01 Image Group LinkedIn Logo Privacy Security 01

Data Security and the Human Factor: Training and Its Challenges

Daniel Solove
Founder of TeachPrivacy

Posted by Daniel J. Solove

According to a stat in SC Magazine, 90% of malware requires a human interaction to infect.  One of the biggest data security threats isn’t technical – it’s the human factor.  People click when they shouldn’t click, put data on portable devices when they shouldn’t, email sensitive information, and engage in a host of risky behaviors.  A lot of hacking doesn’t involve technical wizardry but is essentially con artistry.  I’m a fan of the ex-hacker Kevin Mitnick’s books where he relates some of his clever tricks.  He didn’t need to hack in order to get access to a computer system – he could trick people into readily telling him their passwords.

There have been a number of good recent articles on data security and data security training.  Robert O’Harrow, Jr.’s recent piece in the Washington Post discusses the human element to data security in his piece, “In Cyberattacks, Hacking Humans is Highly Effective Way to Access Systems.”  The article describes the increasing sophistication of phishing.  The old misspelled lottery scam emails are now your grandfather’s phishing.  Today’s phishing is more personalized – and much more likely to trick people.  According to O’Harrow’s article: “The explosive growth of cyberspace has created a fertile environment for hackers. Facing the flood of e-mail, instant messages and other digital communication, many people have a hard time judging whether notes or messages from friends, family or colleagues are real. Many don’t even try.”  O’Harrow goes on to note that “Hackers are so confident about such permissiveness that they sometimes begin their attacks in social media three or four steps removed from their actual targets. The hackers count on the malicious code spreading to the proper company or government agency — passed along in photos, documents or Web pages.”

Continue Reading