Data Breach Today Podcast

Organizations that have experienced a breach report that three lessons they learned were to limit the amount of personal information collected, limit sharing data with third parties and limit the amount of data stored, a new survey shows.

The privacy risks involved in using social media in healthcare can be minimized through innovative staff education, says risk management expert Paul Anderson.

Losses linked to debit fraud now exceed losses connected to check fraud, according to a new survey by the American Bankers Association. How are banks responding to the threat?

One reason why encryption is not more broadly used in healthcare is that so many organizations lack an updated risk assessment that identifies the role the technology can play in preventing breaches, says attorney Amy Leopard.

Online security starts with e-mail monitoring. BITS and FS-ISAC have partnered to launch a new registry service that aims to thwart phishing attacks.

Does the U.S. government's shuttering of the file-sharing website Megaupload.com show that new laws are not needed to battle intellectual property piracy? Brookings's Allan Friedman believes it does.

The Europay, MasterCard, Visa standard, commonly used in most global markets, is coming to the U.S. The sooner issuers, acquirers and merchants initiate migrations, the better, says Stephanie Ericksen, head of authentication product integration at Visa.

The recent breach that affected 24 million customers of Internet retailer Zappos.com should lead others to consider how much client information to store, says cybersecurity expert Fred H. Cate.

The Massachusetts eHealth Collaborative, a non-profit consultancy that experienced a health information breach, learned eight important lessons from the experience, says CEO Micky Tripathi.

Zappos was quick to communicate after discovering a data breach impacting 24 million customers. But did the online retailer respond appropriately, or make some missteps in its haste to notify? Francoise Gilbert of the IT Law Group gives a mixed review.

Security managers need the heads up from non-IT executives before they dismiss employees, some of whom might seek payback for their sacking by pilfering data or sabotaging systems, Carnegie Mellon University's Dawn Cappelli and Mike Hanley say.

The first step toward avoiding a data breach: Be aware of and learn from other organizations' mistakes. Listen to hear attorney David Szabo's top three tips for breach prevention and detection.

When your site processes more transactions annually than the London Stock Exchange, you'd better care deeply about breach prevention, says Ionut Ionescu, Head of Threat Management at Betfair.

Notifying patients about a healthcare information breach requires a "difficult balancing act" by entities to ensure that risks are not exaggerated, says attorney Robert Belfort, an expert in HIPAA compliance, fraud and abuse.

To help prevent breaches, mobile devices should be encrypted even if storage of sensitive information on them is prohibited, says security expert Melodi Mosley Gates.

A breach is a disaster, says business continuity specialist Ken Schroeder. So organizing an effective breach-response team does not require a reinvention of the wheel. What it does require is a holistic approach.

Global organizations easily can be confused by the myriad privacy laws in different regions of the world. But U.S. privacy attorney Miriam Wugmeister has advice to help navigate these tricky waters.

One good way to prepare for a HIPAA compliance audit is to read a recent government report that identified vulnerabilities that could lead to breaches, says attorney Timothy McCrystal.

One good way to prepare for a HIPAA compliance audit is to read a recent government report that identified vulnerabilities discovered in seven audits, says attorney Timothy McCrystal.

As organizations move to the continuous monitoring of their IT systems to assure they're secure, they rely much more on automated processes. But don't forget the role people play.