🕴 55% of Companies Don't Offer Mandatory Security Awareness Training 🕴

Even those that provide employee training do so sparingly, a new study finds.

📖 Read

via "Dark Reading: ".

🕳 Workday and Envestnet | Yodlee Demonstrating Best Privacy Practices for Processors through APEC PRP Certification 🕳

<code>Media</code><code>Global companies are increasingly more concerned with ensuring the privacy and security of the information they hold. Not only is complying with international privacy regulations and frameworks important to avoid fines, but it is also critical for building trust with customers, mitigating risks, and protecting the company’s reputation. One way that companies can demonstrate compliance is by adhering to a recognized international privacy framework, such as the Asia-Pacific Economic Cooperation (APEC) framework as demonstrated by the  APEC Privacy Recognition for Processors (PRP) certification.</code><code>Like the APEC Cross Border Privacy Rules (CBPR) system (which applies to data controllers), the APEC PRP system is a voluntary, enforceable program designed to ensure the continued free flow of personal information while maintaining meaningful protection for the privacy and security of personal information for data processors. The U.S. became the first formal participant in the PRP system with  the Federal Trade Commission (FTC) serving as the first enforcement authority in 2018 with more expected to follow.</code><code>A significant portion of the world’s economy is based in the region represented by the Asia-Pacific Economic Cooperation (APEC). Companies acting as data processors in the Asia Pacific region can comply with the  PRP program requirements in order to process personal data efficiently, securely, and safely while respecting data privacy. In addition, the PRP system enables businesses that operate as data processors to demonstrate their commitment to global privacy standards.</code><code>Two examples of companies who have achieved this certification are Workday and Envestnet | Yodlee.</code><code>Workday and Envestnet | Yodlee have worked with TrustArc to demonstrate compliance with the APEC PRP certification standards.</code><code>Barbara Cosgrove, Chief Privacy Officer at Workday said: “Maintaining the privacy and security of customers’ data in compliance with privacy laws is of critical importance to our business. By partnering with TrustArc to achieve the APEC CBPR and APEC PRP certifications, we’ve been able to further demonstrate our commitment to privacy and qualifications to process data in compliance with the APEC privacy framework.”</code><code>“Envestnet | Yodlee wanted a way to demonstrate the rigor of our privacy programs to our clients, prospects and the market. Security-focused certifications, like the APEC PRP, provide objective reliable evidence that Envestnet | Yodlee adheres to applicable privacy standards,” said Brian Costello, Chief Information Security Officer at Envestnet | Yodlee. “TrustArc is a trusted advisor for our entire global privacy program – we leverage their expertise for general certification as well as the APEC certifications.”</code><code>TrustArc Solution</code><code>To prepare companies for an APEC PRP (and/or CBPR) Certification, TrustArc works in partnership with clients following a three-phase process leveraging a combination of in-house privacy experts and proven assessment methodology powered by the TrustArc Privacy Platform that accelerates and assists in documenting compliance.</code><code>Phase I – A review of the company’s privacy practices against the APEC requirements and creation of a detailed privacy findings report.  </code><code>Phase II – A collaborative review of the findings, implementation of remediation recommendations, and documentation of action item resolution.</code><code>Phase III – Certification activation of the TRUSTe APEC PRP (and/or PRP) Privacy Seal and Dispute Resolution Services.  </code><code>For more information about TrustArc privacy tools and solutions, click here.</code><code>The post Workday and Envestnet | Yodlee Demonstrating Best Privacy Practices for Processors through APEC PRP…

🕴 Boosting SOC IQ Levels with Knowledge Transfer 🕴

Despite shortages of skills and staff, these six best practices can improve analysts' performance in a security operations center.

📖 Read

via "Dark Reading: ".

🕴 Bringing Compliance into the SecDevOps Process 🕴

Application security should be guided by its responsibility to maintain the confidentiality, integrity, and availability of systems and data. But often, compliance clouds the picture.

📖 Read

via "Dark Reading: ".

🕴 Adobe Flash Zero-Day Spreads via Office Docs 🕴

Adobe has patched a zero-day in its Flash player after attackers leveraged the exploit in an active campaign.

📖 Read

via "Dark Reading: ".

🕴 Kubernetes Vulnerability Hits Top of Severity Scale 🕴

The security issue strikes at some of the basic reasons for the rising popularity of containers as an architecture and Kubernetes as an orchestration mechanism.

📖 Read

via "Dark Reading: ".

⚠ Hacker-besieged DNA data tucked away under military care ⚠

Genomics England announced it's sequenced 100K Brits' genomes... and then had to store them in a military base after multiple hacking attacks.

📖 Read

via "Naked Security".

⚠ Unencrypted medical data leads to 12-state litigation ⚠

The Attorneys general of 12 states are suing an e-record provider who lost 3.9 million personal healthcare records in 2015.

📖 Read

via "Naked Security".

⚠ Kids’ VTech tablets vulnerable to eavesdropping hackers ⚠

Attackers can boobytrap what should be access to only parent-vetted sites and can take over the webcam, speakers and microphone.

📖 Read

via "Naked Security".

⚠ Flash zero-day exploit spotted – patch now! ⚠

If you’re among the holdouts still running Flash, you have some more updating homework to do.

📖 Read

via "Naked Security".

🔐 10 tips to combat phishing via social media platforms 🔐

Social media platforms are just as susceptible to phishing attempts as email. Learn some strategies to protect yourself and your users from such attacks.

📖 Read

via "Security on TechRepublic".

🔐 22 Android click fraud apps with 2M+ downloads removed from Google Play Store 🔐

Fraudulent apps rely on a backdoor opened to receive instructions from a command and control server, opening users to greater potential harm.

📖 Read

via "Security on TechRepublic".

❌ Microsoft Calls For Facial Recognition Tech Regulation ❌

Microsoft and the AI Now Institute are both calling for regulation as facial recognition software picks up popularity.

📖 Read

via "Threatpost | The first stop for security news".

🔐 7 tips for CXOs to combat cybersecurity risks in 2019 and beyond 🔐

This year alone saw more than 600 data breaches, yet only 25% of organizations are planning to defend against attacks, according to Deloitte.

📖 Read

via "Security on TechRepublic".

❌ Using Fuzzing to Mine for Zero-Days ❌

Infosec Insider Derek Manky discusses how new technologies and economic models are facilitating fuzzing in today's security landscape.

📖 Read

via "Threatpost | The first stop for security news".

🕴 Insider Threats & Insider Objections 🕴

The 'tyranny of the urgent' and three other reasons why it's hard for CISOs to establish a robust insider threat prevention program.

📖 Read

via "Dark Reading: ".

🕴 Kubernetes Deployments Around the World Show Vulnerabilities 🕴

Kubernetes owners who expose APIs to the Internet are leaving their systems open to hackers.

📖 Read

via "Dark Reading: ".

❌ TA505 Crooks are Now Targeting US Retailers with Personalized Campaigns ❌

Threat group moves away from “smash-and-grab” attacks and adopts a boutique approach to targeting victims.

📖 Read

via "Threatpost | The first stop for security news".

🔐 Top 5 features smart homes still need 🔐

Tom Merritt explains five ways smart home technology is evolving.

📖 Read

via "Security on TechRepublic".

🔐 Top 5 ways smart homes are getting smarter 🔐

Tom Merritt explains five ways smart home technology is evolving.

📖 Read

via "Security on TechRepublic".

❌ Australia Anti-Encryption Law Triggers Sweeping Backlash ❌

A newly-passed Australian law could allow the government to force tech companies to create backdoors in their products.

📖 Read

via "Threatpost | The first stop for security news".