Dec 132018
 December 13, 2018  Posted by  Featured News

In 2018, SecurityScorecard analyzed 2393 companies with a footprint of 100 IP addresses or more in the education industry. We found the following:

  • The education industry performed last in terms of cybersecurity performance compared to all other major industries.
  • The education industry performed poorly in patching cadence, application security, and network security.
  • There are several regulatory requirements for cybersecurity performance to improve in the education industry.

The results show that although hackers have become increasingly deft at stealing school and student data, the education industry is no better prepared to deal with these malicious threats.

Request the report here. I just did a quick skim on it, and yes, the findings are grim. I wish there was more detailed analysis of the risks involving EdTech, and available statistics on breaches in the education sector, but the report can be used to argue for greater budgets for cybersecurity/infosecurity and training in keeping data secure. 

Dec 132018
 December 13, 2018  Posted by  Breaches, Featured News, Laws, U.S.

Laura Hautala reports:

The US doesn’t have a single data privacy law that applies to all fifty states. On Wednesday, a group of 15 US senators indicated it wanted to change the status quo, introducing the Data Care Act.

The bill (PDF) would require companies that collect personal data from users to take reasonable steps to safeguard the information. The act also has provisions to prevent them from using the data in ways that could harm consumers. 

If the bill becomes law, the US Federal Trade Commission would be in charge of implementing it.

“People have a basic expectation that the personal information they provide to websites and apps is well-protected and won’t be used against them,” Sen. Brian Schatz, a Democrat from Hawaii who is sponsoring the bill, said in a press release.

Read more on CNET.

Dec 132018
 December 13, 2018  Posted by  Govt, Surveillance, U.S.

Adam Federman reports:

On 15 May 2016 three friends from Fairfield, Iowa, made the five-hour drive to an oil refinery on the shores of Lake Michigan to participate in what was part of a series of protests and acts of civil disobedience in the fight against climate change. They had every intention of getting arrested. What they didn’t expect was to end up in an FBI file for taking part in a peaceful protest.

But according to documents obtained by the Guardian through a Freedom of Information Act (Foia) lawsuit, the file on the Iowa protesters was part of a larger effort by the FBI to assess the danger posed by the climate change activist group in the run-up to a series of actions that were part of the Break Free from Fossil Fuels campaign. 

Read more on The Guardian.

Dec 132018
 December 13, 2018  Posted by  Court, Featured News, Non-U.S., Surveillance

Rebecca Hill reports:

A band of human rights organisations have appealed against a top European court’s ruling on bulk surveillance, arguing that any form of mass spying breaches rights to privacy and free expression.

The group, which includes Liberty, Privacy International and the American Civil Liberties Union, has taken issue with parts of a September judgment from the European Court of Human Rights.

That ruling said oversight of the UK government’s historic regime for bulk interception of communication was insufficient and violated privacy rights under the European convention.

Read more on The Register.