The Hollywood Presbyterian Medical Center ended up deciding to pay $17,000 in ransom after network computers with their Electronic Medical Records were hit by a ransomware attack.

Nobody ever thinks they will lose their phone, and they don't think much about the importance of the data on their devices. Aside from the privacy implications of the data on your phone being accessed by others, you should consider the impact of what would happen if you lost access to the data on any of your devices.

For the past several years, I've talked about how "fear or compliance" are often the best ways to help justify the need for security. It's not that I'm trying to convince my readers that security investment is needed in their organization by scaring them or threatening them... They know it is needed.

The problem is that they have a hard time articulating the need to executives who have limited time to listen, a whole different mentality around risk and a need to watch the bottom line in the short term. Sometimes pointing out the worst case impacts (e.g. fear) or pointing to regulations (e.g. threats of penalties from non-compliance) are needed, but sometimes they aren't effective or appropriate. I recently had a conversation with an executive that gave me this idea, to focus on what I call Due Diligence Risk.

Since this issue of the SSN references Episode 51 of the Shared Security Podcast, where I speak with Andrew Patrick of the Office of the Privacy Commissioner of Canada, I thought it would be good to define the term the Privacy Commissioner uses for something you are probably familiar with, but may not know its name or definition.

According to KISS Metrics:

Behavioral advertising is a technique used by online advertisers to present targeted ads to consumers by collecting information about their browsing behavior.

This episode features a special interview with Andrew Patrick from the Office of the Privacy Commissioner (OPC) of Canada. We discuss "Online Behavioural Advertising" (OBA - see the definition above), and the interesting case of persistently tracked ads hosted by Google. This episode was recorded February 10, 2016.

Other topics we cover in this episode include:

• Security Issues with Connected Toys 
• 15 Dangerous Apps Every Parent Should Know About 
• Facebook-prowling predator arrested after mother helps police

I recently attended a seminar on how to improve the quality of my newsletters. I've still got a lot of work to do. But in this issue, I've tried to use a more mobile-friendly format, and have shortened the amount of content in the email. I'd like to hear whether or not you think this new format is better for you.

You should be able to find all of the above articles on my Security Views Blog.