Well, another day, another email hacking story. This one involves the Bush clan, with reports that a hacker who goes by the name Guccifer accessed private emails and photographs, telephone numbers and addresses sent between members of the Bush family, including both former presidents. Among the data released are catty emails about Bill Clinton, photographs

What gets less coverage, however, is how often small business owners are the weakest link in an identity theft chain. Certainly big businesses have been called out for serious data breaches, including misrepresenting whether or not their data was encrypted. But, as it turns out, personally taking pains to protect against hackers and identity thieves can all be for naught if thieves are accessing your digital data via the smaller businesses you frequent. This could include your favorite local restaurant, or the neighborhood Mom and Pop bookstore or boutique you proudly support. Take credit card terminals, for example: Small businesses are especially vulnerable to the plethora of ways hackers collect cardholder data via credit card terminals used to process credit card sales.

Here are some ways small businesses can protect their client’s data from credit card terminal breaches.
Continue Reading

Attorneys know that one of their primary obligations to their clients is to protect client confidences. Therefore, great pains are taken to make sure that clients’ highly personal information stays in safe hands. But what happens when attorneys are the ones passing along their personal information? Well, unfortunately lawyers are far less careful with their own confidential information than they are with their clients’.
Continue Reading

Recently proposed changes to attorney ethical rules by the American Bar Association (ABA) suggest that the profession sees technical breaches as a serious problem in need of immediate remedies. Earlier this week the ABA Commission on Ethics released a summary of proposed changes to the Model Rules, including a new rule requiring lawyers to take proactive measures to protect their client’s information when using new technologies. The proposed rule suggests that lawyers have to be more aware of both “inadvertent and unauthorized” disclosures–in other words, leaks from inside and hacks from outside a firm. The proposed rule warns technophobes that they need to change their Luddite ways. Lawyers now have a “duty to keep abreast of changes in relevant technology, including the benefits and risks associated with its use.” In other words, claiming ignorance is simply not an excuse.

By putting the onus on lawyers, the ABA is acknowledging what those of us who study and track security breaches have been shouting from the rooftops for years: preventing security breaches is not just about technology; it’s about changing human behavior. As the Wall Street Journal article makes clear, “the weakest link at law firms of any size are often their own employees.”

Other industries face similar problems. For example, a recent article on data breaches in the health care industry suggests that the epidemic of breaches of confidential health care information has more to do with human error than it does with IT shortcomings. As Larry Clinton, president and CEO of the trade association Internet Security Alliance succinctly points out “[p]eople are the biggest problem.” Consequently, Collins predicts that data breaches in hospitals and health care systems will only be prevented if these organizations approach these breaches as a “human-resource management issue and not an IT issue.”
Continue Reading