I haven’t done of these in a while but I saw so many important issues to bring to your attention that here is a quick rundown. As longtime readers of the blog know any one of these issues could be the basis for an expanded blog in the future.
How Do You Protect Your At Rest Data?
I’m more than a little surprised that there isn’t more outrage out there stemming from the disclosure that hundreds of millions of Facebook users had their account passwords stored “in plain text and searchable” format as far back as 2012. This information could be accessed by thousands of Facebook employees.
When New York implemented its cybersecurity regulations, one of the most hotly debated issues was what measures institutions holding personally identifiable information had to take to make sure it was protected. While there was broad agreement that information in transit – such as an attachment to an email – should be encrypted, many institutions argued that it wasn’t necessary or cost-effective to mandate the encryption of data “at rest” provided it was protected by a firewall.
continue reading »