WPPS NEWS

"Is using Twitter always right for the enterprise, or is it a risk to a business?"

The report sharply criticizes the agency's cyber security performance, calling its personnel "substantially under-qualified." Interior required that staff only get self-certified training; only 13.5 percent of self certifications were relevant and complete.

"While employees necessarily forfeit a good deal of privacy when
using company-owned equipment and facilities for their personal interests and
benefits, employers today must be concerned about maintaining privacy and
confidentiality for customers and employees alike with respect to those
individuals' legally protected personal information such as social security and
driver's license numbers."

"The new Google Dashboard addresses concerns that users have regarding just how
much Google knows about them. Providing a resource like the Google Dashboard
that presents all associated information in one place may actually create more
privacy and security issues than it solves though."

"Facebook "change-your-password" spam scam[s] are
circulating




There are at least two Facebook "change-your-password" scams circulating in
spam. Here's the first one. It tries to lure you to a malicious site to steal
your Facebook login information."

"Commonwealth Equity Services LLP of Waltham, Mass., agreed to pay the penalty
for failing to have anti-malware software on its reps computers or written
security policies to deal with security breaches. Securities brokers and
registered investment advisors are required by SEC regulations to have written
procedures to protect customer information."

"The Red Flags Rule requires many businesses and organizations to implement a written Identity Theft Prevention Program designed to detect the warning signs -
or "red flags" - of identity theft in their day-to-day operations. Are you covered by the Red Flags Rule? Read Fighting Fraud
with the Red Flags Rule: A How-To Guide for Business
to:


Find out if the rule applies to your business or organization;

Get practical tips on spotting the red flags of identity theft, taking steps to prevent the crime, and mitigating the damage it inflicts; and

Learn how to put in place your written Identity Theft Prevention Program.

By identifying red flags in advance, you'll be better equipped to spot suspicious patterns when they arise and take steps to prevent a red flag from escalating into a costly episode of identity theft.

Take advantage of other resources on this site to educate your employees and colleagues about complying with the Red Flags Rule."

FREE until November 1st

The four walls around a company's data servers are continuing to erode as end users are finding it increasingly easier to use Web-based tools and bring their work home and on the road. The latest survey finds that companies are more concerned than ever about unintentional employee errors that can lead to data leakage.

The Federal Trade Commission ("FTC") intends to
apply the Red Flags Rule to lawyers and law firms, and
those in the legal profession should prepare themselves
by putting into place written programs to detect and
mitigate against identity theft involving client accounts.
Section 114 of the Fair and Accurate Credit
Transactions Act of 2003 ("FACTA") directed the FTC
and federal banking agencies to issue regulations
requiring "financial institutions" and "creditors" to
develop identity theft prevention programs designed to
identify and detect "Red Flags" signaling possible
identity theft. The FTC and the federal banking
agencies finalized the regulations, commonly known as
the "Red Flags Rule," in late 2007.

Why are these warnings important?

Like the real world, technology and the internet present dangers as well as benefits. Equipment fails, attackers may target you, and mistakes and poor judgment happen. Just as you take precautions to protect yourself in the real world, you need to take precautions to protect yourself online. For many users, computers and the internet are unfamiliar and intimidating, so it is appropriate to approach them the same way we urge children to approach the real world.
What are some warnings to remember?

* Don't trust candy from strangers
* If it sounds too good to be true, it probably is
* Don't advertise that you are away from home
* Lock up your valuables
* Have a backup plan

Click on the link for details.

Why are these warnings important?\n\nLike the real world, technology and the internet present dangers as well as benefits. Equipment fails, attackers may target you, and mistakes and poor judgment happen. Just as you take precautions to protect yourself in the real world, you need to take precautions to protect yourself online. For many users, computers and the internet are unfamiliar and intimidating, so it is appropriate to approach them the same way we urge children to approach the real world.\nWhat are some warnings to remember?\n\n * Don't trust candy from strangers \n * If it sounds too good to be true, it probably is \n * Don't advertise that you are away from home \n * Lock up your valuables \n * Have a backup plan \n\nClick on the link for details.

Cybersecurity: Make it a Habit

* How Do I Make Cybersecurity a Habit?
* How Do I Fight Phishing Scams?

Cybersecurity is the responsibility of everyone that uses the Internet. To remind us of this important issue, October has been designated as National Cybersecurity Awareness Month.

The National Cybersecurity Division of Homeland Security is responsible for helping the protection of the cyber infrastructure. Each citizen uses this cyber infrastructure each time we use the Internet. By proactively educating everyone about cybersecurity, it will lower our Nation's vulnerabilities on the Internet and lower our collective risk. Securing cyberspace is a difficult strategic challenge that requires coordinated and focused effort from our entire society-the federal government, state and local governments, the private sector, and the American people.

By protecting yourself on the Internet, you also protect others.
How Do I Make Cybersecurity a Habit?
Start with the Basics: Three Core Practices

* Install anti-virus and anti-spyware programs and keep them up to date.
* Install a firewall and keep it properly configured
* Regularly install updates for your computer's operating system

Make Ongoing Learning Easy with US-CERT Tips

Cybersecurity is an evolving issue. The U.S. Computer Emergency Readiness Team (US-CERT) Security Tips provide advice on common security topics, such as privacy, email spam, and wireless protection. The tips are sent to your e-mail once a month so that you can continuously stay up to date with changing technologies and threats. Visit US-CERT and sign up to receive US-CERT's Security Tips.

The responsibility to oversee information security among federal agencies would shift to DHS from the White House Office of Management and Budget under revisions of the measure, nicknamed U.S. ICE, that updates IT security guidance detailed in the seven-year-old Federal Information Security Management Act (FISMA), according to a senior cybersecurity staff member on the Senate Committee of Homeland Security and Government Affairs.

FTC officials announced in a statement that they would not begin enforcement of what they call the "Red Flag Rule" until Nov. 1. In the meantime, the statement said, the agency plans to add more information to its Web site. The agency is also emphasizing that it is unlikely to bring enforcement actions "if entities know their customers or clients individually, or if they perform services in or around their customers' homes, or if they operate in sectors where identity theft is rare and they have not themselves been the target of identity theft."

This is the third time the FTC has delayed enforcement of the new identity-theft rules, which under a 2003 law require businesses that act as "creditors" to set up a program to minimize risk. Lawyers, doctors and other professionals have protested the FTC's broad interpretation of "creditors" to include businesses that bill clients some time after providing services.

Research from Ponemon Institute Reveals Company-wide
Strategy Governing the Use of Data Encryption Technologies Reduces Risk of Breach




LONDON, July 8 /PRNewswire/ -- PGP
Corporation, a global leader in enterprise data protection, has announced the
results of the third annual study by The Ponemon Institute, identifying the
steps UK organisations are taking in order to safeguard their confidential data.
The 2009 Annual Study: UK. Enterprise Encryption
Trends study, which polled IT security professionals at 615 enterprises and
public sector organisations, found that 70% of UK organisations have been hit by
at least one data breach incident within the last year, up from 60% in the
previous year. The number of firms experiencing multiple breaches was also up,
with 12% of respondents admitting to more than five data loss incidents in the
twelve month period (up from 3%). Less than half of these breaches (43%) were
publically announced; there was no legal or regulatory requirement to disclose
the remaining 57% of incidents.

Computer &
Technology


Focus on the Privacy of
Individuals on Social Networking Sites is Well Founded, but Security
Impact








Print article







Refer to a friend

2009-07-18 11:11:38 - Based on the Privacy Commissioner's recommendations to
respect PIPEDA as well as the privacy of Canadians, Facebook has promised to
review its practices. Companies should also pay close attention, as social
networking sites can increase security risks and introduce new attack
methods.


Toronto, ON July 18, 2009 -- The Commissioner's report
sternly voices the common concerns of privacy-conscious Facebook users about the
social networking site's approach to data collection, sharing and retention. By
demanding changes to current practices, the Privacy Officer seeks to help
Facebook implement protective controls that comply with Canada's federal law
Personal Information Protection and Electronic Documents Act.
"The added











disclosure
practices and transparency around the use of personal information will go a long
way towards building the trust of individuals and in my personal opinion, will
improve Facebook's business rather than curtail its potential" according to
Claudiu Popa, a recognized security expert and Informatica's founder. "However
we must remember that social networking sites as a whole are information
aggregators, they accumulate and consolidate detailed
information about people
and even employers. That's why we advise
corporate clients to enforce policies regarding social networking and other
online activity that could pose a threat to
information security


".
Over the past few years, organized
criminals have improved phishing techniques, social engineering and other
targeted attacks to the point where exploits are precisely targeted to
individuals and organizations. This year, Informatica's Research division has
observed a definite