Welcome to the SecAware blog

I spy with my beady eye ...

1 May 2018

NBlog May 1 - privacy & GDPR awareness module

The awareness series on privacy is complete with the third and final installment delivered to NoticeBored subscribers today in time for the GDPR deadline on the 25th of this month.

Parts one and two on GDPR and privacy were delivered in December 2016 and November 2017.

Privacy is a perennial topic, of course, so it's not literally 'final'. We will be back to cover it again. Maybe in a year or so we'll refresh the materials with a GDPR retrospective, a look back at the privacy changes brought about globally by the regulation and a look forward to how the field is evolving.

Alternatively, the global news media picking up on the first major prosecution under GDPR will present a golden opportunity for awareness. Although we can't predict exactly when it will happen, we could still prepare for it while the topic is front-of-mind. We might perhaps pre-assemble a mini-module as an awareness refresher on privacy, the OECD principles and the GDPR requirements. Customizing the materials to name the organization/s in the headlines, outline the specific allegations and draw out the implications might only take a few hours, thanks to having the stash of privacy awareness content to hand. We could deliver relevant awareness content shortly after the news breaks, while it is still hot.

In the same way, we have plenty of awareness content in the bag ready to tweak and roll out at short notice in the event of almost any other major information security-related incident. We've done exactly that previously in the wake of terrorist attacks, the Sony hack and fake news, for example, leveraging the saturation news coverage for security awareness purposes. When employees see security stuff in the press, it raises all sorts of questions that the awareness content can address.

Aside from such major incidents, information security-related news is a rich seam for awareness purposes all year round. Whatever the monthly topic, there's always something relevant going on ... otherwise it wouldn't be worth covering in the awareness program. This month, for instance, we're using the Facebook privacy incident as a topical example, supplementing the GDPR stuff. We picked up on ransomware incidents in the malware module, and other events as applicable. It's surprising* just how often hot news seem to fall into our laps!

NoticeBored subscribers can take the same approach with corporate situations, internal initiatives and local incidents that don't hit the news. Whatever happens in the information risk and security domain, we have probably covered it in one or more of the 60+ topics in the awareness portfolio, hence there are awareness materials to hand - enough to get started at least. Having an issue with backups? No problem. People not patching? A breeze. Social engineers breathing down your necks? A doddle. Speak to us nicely and we might even prepare something just for you.

And that thought leads us towards our next planned awareness topic on business continuity and incident management. I'll be blogging about it here during the month ahead as the module takes shape. Come back often!

Meanwhile, if your organization needs its privacy and security awareness boosting, email me today. We can get you up and running in next to no time - prior to the the GDPR deadline if you're on-the-ball. Mention this blog and ask for a special blog-readers' price. I'll see what we can do for you.

* Actually, it's not surprising at all. It takes continuous effort to stay abreast of the field, researching every topic and chasing down relevant examples to incorporate into the awareness stream. Our experience leads us to see information risk and security aspects of all sorts of news, events and situations. You may think us obsessive or paranoid. We consider ourselves passionate about this stuff, driven, evangelical even. It's what we do.

No comments:

Post a Comment