Security & Privacy Weekly News Roundup, Vol. 1, Issue 10

Security & Privacy Weekly News Roundup, Vol. 1, Issue 10

A tough race: Protecting clients against risks associated with information technology system failures is a leading concern of the insurance industry, underwriters and brokers told risk managers at the RIMS 2015 Conference. Steve McGill, group president with Aon, an insurance and reinsurance brokerage based in the United Kingdom, said more companies offer cyber insurance. But the rapid rise of cyber threats may make it difficult for insurers to stay ahead of the curve. “Currently, the insurance industry is delivering products to the market and not delivering solutions,” McGill said. Source: Claims Journal

Picture this: People who upload photos of their faces to the new How Old Do I Look website are giving Microsoft the right to use the pictures for nearly any purpose, privacy experts say. The age-guessing site was unveiled last Thursday, and within four days, it had 240 million pictures from 33 million users, says Microsoft Vice President Joseph Sirosh. Microsoft states on the site it will not keep the photos. But the terms of use for the website, covered under Microsoft’s general cloud-services agreement, say the company can copy, edit and distribute any uploaded pictures for use with their Internet services. Source: The Calgary (Canada) Herald

Legal eagles: Law firm Jones Day has formed a Cybersecurity, Privacy & Data Protection Practice. The firm says clients face such issues as a growing array of domestic and international laws and regulations on the collection, use and transfer of consumer information, aggressive enforcement by regulators and data-protection authorities, and private litigation over the use of consumer information. The practice will be supported by more than 50 lawyers. Source: Dark Reading

Now hiring: Lawmakers and regulators in Asia have increased scrutiny of cybersecurity threats, boosting the hiring market for tech experts. “Banks are definitely increasing their expenditure,” said Paul O’Rourke of Asia Pacific Ernst & Young. “It is a very hot market for skilled practitioners.” Some banks are recruiting younger, tech-savvy staff. “Banks need to be constantly hiring young people who are better and sharper and more skilled in this area … because these are new technologies,” said Citi’s CEO for Asia Pacific Stephen Bird. Source: Finance Asia

Strengthened armor: Microsoft’s updated Advanced Threat Analytics software suite is designed to protect corporate cybersecurity. It uses anti-hacking tools to detect intruders, including log-file analysis to register unusual activity and Deep Packet inspection to track the movement of data in real-time. Those who use Microsoft’s other software products will see cyber capabilities upgraded with forthcoming updates. The mobile application for Outlook will support access restrictions and limits on copy, paste and attachment-saving to limit exportation of sensitive data. Source: The Hill

Always on their minds: Innovation in payment technologies is outpacing security measures to prevent data breaches, and consumers might need to be proactive in protecting their identities, a study finds. Experian Data Breach Resolution and Ponemon Institute’s Data Security in the Evolving Payments Ecosystem study found that more than 50 percent of consumers think using mobile payment systems raises the risk of a breach. However, 53 percent think convenience is more important than security. The survey also found that security budgets have increased 45 percent, while 41 percent of companies appointed more security staff and 54 percent invested in new security technologies. Source: Computer Business Review

Justice weighs in: The Department of Justice’s Cybersecurity Unit issued guidance on responding to data breaches. Assistant Attorney General Leslie Caldwell said the Best Practices for Victim Response and Reporting of Cyber Incidents report advises that organizations conduct risk assessments to identify and prioritize critical assets, data and services and develop an incident response plan of action that has specific procedures to follow during a cyber attack. Source: JDSupra

Trash talking: The GeniCan garbage can scans barcodes on items that are thrown away or recycled and wirelessly transmits that data to an app, which generates a shopping list. Consumers agree as part of the app download to share this information in exchange for coupons and other promotional items, When GeniCan can’t read the barcode or something doesn’t have one, it will ask you to say the item’s name. GeniCan also will send an alert to the app to tell you it’s time to take the garbage out. Source: Computer World

Not another pretty face: For the second time in a year, beauty products chain Sally Beauty is investigating reports of unusual credit and debit card activity. The company is working with law enforcement and its credit card processor, and has launched an investigation with third-party forensic experts. The company sent an alert to employees, asking associates to direct any customers with credit card issues to the Sally Beauty website or customer service. Sources: Krebs on Security, Security Week

Lots of charges: Chino, Calif., deputies discovered a large-scale credit card and identity theft ring at a home where they found drugs, firearms, credit card manufacturing machines, and a 3D printer used to make firearms parts. Two suspects were booked on charges of identity theft, possession of four or more fraudulent credit card numbers, possession of personal property of more than 10 victims, forging access cards, unlawful acquisition of access cards, using a stolen access card, possession of equipment to forge access cards, possession of a card encoder, possession of a controlled substance for sale, and manufacturing firearms. Source: The Chino Hills (Calif.) Champion

Talk to us, too: Devices becoming part of the Internet of Things, such as thermostats, refrigerators, light switches, televisions and door locks, can communicate with one another. Your car can tell your home’s thermostat to turn on the air conditioning as you drive home, for example. But the devices also can send personal data to corporate servers, where it’s saved and shared. Without safeguards, data can be used by marketers or stolen by hackers. Consumer advocates are urging manufacturers of Internet-linked devices to tell consumers about the data being collected and how it could be shared, sold and used. Source: Consumer Reports

Ignorance may be no excuse: Although 47 states have enacted legislation that regulates what businesses must do in case of a data breach, many lack confidence that they know the laws. A Software Advice survey of 180 small and medium-size businesses found that only a third of company decision-makers were confident that they knew the laws; only 49 percent of businesses surveyed had a data breach security plan in place; and 82 percent said they encrypt customers’ personal information. Source: The American Genius

This article originally appeared on