Last year, major incidents involving law firm data breaches brought attention to the weaknesses within law firm data security and the need for more effective plans and preparation. An American Bar Association (ABA) survey reveals that 26% of firms (with more than 500 attorneys) experienced some sort of data breach in 2016, up from 23% in 2015.
I recently created a new resource page — How to Make Security Training Effective. The page contains my advice for how to make security training memorable and effective in changing behavior.
Training the workforce is an essential way to protect data security, but not all training endeavors are successful. Poor training is akin to shouting into the void. This resource page is designed to provide some tips and advice about training that I’ve learned from being an educator for more than 15 years. Continue Reading
What laws require security awareness training? What topics do the laws require to be covered? What should be covered? How frequently should training be given?
I recently created a new resource page — Security Awareness Training FAQ — to answer the above questions and more. I discuss various legal and industry requirements for security awareness training. I also discuss best practices. I hope that you find this resource to be useful.
By Daniel J. Solove
A recent study by TeleSign revealed that many people engage in some troublesome password practices. Some of the most alarming findings from the report include:
— 73% of accounts use duplicate passwords.
— Nearly half of consumers have a password they haven’t changed in 5+ years
— “Consumers have an average of 24 online accounts, but use only 6 unique passwords.”
— “Only 30 percent of consumers are confident that their passwords will protect the security of their online accounts.”
These findings demonstrate why better authentication is needed. Enforcing good password practices is tremendously difficult. People have so many passwords that they must memorize, and if they must be long and complex, this compounds the challenge. Alternative means of authentication — such as two-factor authentication — should be explored, as they can be affordable and efficient.
by Daniel J. Solove
We’re in the midst of a crisis in data protection. Billions of passwords stolen. . . Mammoth data breaches. . . Increasing threats. . . Malicious hackers . . . Continue Reading
by Daniel J. Solove
I’ve been a teacher for the past 15 years, and I’ve taught in several mediums including live classes and computer-based e-learning. I have come to the conclusion that the most effective factor in education and training is fostering emotional investment.
Simply put, students must care about learning the material. The more they care, the more they learn.
The notion of getting emotional investment from students might sound like simple common sense, but it is often not done …and often not even attempted.