Our Thinking

2018 has been a year of rapid technology growth. We have seen changes to the security landscape, an increased adoption of AI and continued generational adjustments to our workforce.  As we look back over the last 12 months, we wanted to share some of our favorite blog posts from 2018 that touch on some or all of these topics: from risk and security assessment, to user experience, design thinking, business consulting, and everything in between. Happy reading!

"Turn down that noise!" I suspect that at some point in your life you’ve uttered those words or perhaps had them spoken to you. In my case it was my parents telling me to turn down my music when I was a teenager. What I never understood was why they viewed my music as noise. To me, it was a symphony of sounds that I connected to in a variety of ways. I realized, as I got older, that noise was really just another term for “I don’t understand, like or connect with that.”

Sometimes it’s just about volume. Sometimes it’s about something else.

In early 2017, HP invited a group of cybersecurity industry bloggers and podcasters to gather for an HP Print Security “Tech Day” at their headquarters in Palo Alto, CA. The purpose of the gathering was to introduce the group to HP’s printer security program (#reinventsecurity), foster discussion, and get feedback on the program. This event was the precursor to a major marketing campaign for HP to promote everything they’ve been doing in terms of making their printers more secure and also building printers with “cyber resilience”, meaning they have the capacity to detect malicious or accidental actions and even recover from the attacks. HP has worked diligently to improve the security of printers which in turn helps to create a more secure enterprise network.

Password complexity and authentication has always been a subject of contention both for users and system  administrators. Many assume that forcing users to create more complex passwords, and changing them frequently,   will lead to greater system safety - in theory this may be true. Given human nature, things rarely go as planned and research has shown that forcing users to comply with these additional requirements has actually had a detrimental effect on system security.

In Part One of this blog we introduced the California Consumer Privacy Act of 2018 (CCPA) and highlighted some of the important points organizations need to look out for to be compliant. In Part Two we elaborated on the scope of the CCPA in terms of businesses covered and their obligations. In this final part we will discuss how the CCPA will be enforced and what you can do now to become CCPA compliant.

In the first part of this blog series we took a look at the the California Consumer Privacy Act (CCPA) that is coming into effect in January 2020. The implications of being off side with the new regulations are not trivial and apply to more than 500,000 US businesses according to the IAPP - not to mention any business around the world that has the personal data of California businesses and meet the relevant threshold. That is A LOT of businesses. Now how is that possible you ask? Let’s take a closer look at the businesses who will fall under the CCPA’s umbrella come 2020. 

On July 19, Visa posted an important and timely security alert regarding“Chatbots”. In a nutshell, Visa says that due to the rise in online and mobile commerce, AI and chatbots (both text and voice) have become increasingly important to payment system companies to handle increasing call volumes. With that said, Visa goes on to say that they have become aware of attackers targeting these online chat service providers and distributing malware to intercept payment card data.

Privacy and protection of personal information has almost always seemed like it should be a basic human right everywhere in the world, not only in the European Union where it has long been acknowledged as such. Within the last 10 years, however, that notion has been blurred by social media, the rise of online shopping, and subsequently the hacking of just about everything that lives on the Internet. For the longest time people have sort of just accepted this overreach and misuse of their personal information as the price you pay for using the Internet. Sure, maybe they delete Facebook for a while or change their passwords, but now that is starting to seem like it is not enough and governments from around the world are beginning to step in, in a big way.

Hi folks, my name is Tim McCreight and I’m a new member of the Risk, Security & Privacy practice here at Online. I wanted to take this opportunity to introduce myself to a new audience and write about one of my favourite topics in the security industry – Risk!

By now, most of the world has heard about the alarm pertaining to a zombie alert in Lake Worth, Florida.  Do we think that zombies were getting their day in the sun, or could it possibly be that whomever was responsible for writing the power alert application (or for testing it) was in some sort of zombie state at the time?