Logo
Rebecca Herold

The Privacy Professor's
Tips of the
Month

 This July, celebrate your independence from supplying too much information!

 

Firework Family 

 

Some of it is illegal (phishing scams, HIPAA violations) and some intrusive (Facebook trolling, LinkedIn fax spam), but either way, the danger lies in over-sharing your information. By being in-the-know and taking a few precautions, you can help prevent these types of information fireworks from blowing up this Fourth of July, and every day after. 

 
Hand with Firecracker 
PRIVACY PROFESSOR'S TIPS OF THE MONTH 

PHISHING

There are literally thousands of currently active phishing scams taking advantage of people by telling them they need to contact a seemingly reputable source for some urgent reason (like your email account is about to be disabled, you've won a prize, you have a package that needs to be picked up at a drop station, etc.). You should never supply personal information to any source with whom you did not initiate - or cannot verify - the contact. Check out this article highlighting a couple of hoaxes that might be on their way to you next.

 

MALWARE

It used to be common belief that Mac systems were immune to malware... but now we know they're not. Install anti-malware on all types of computing devices (computers, iPads, smart phones), no matter how small. Also, enable automatic updates for your anti-malware software.  Oh, and don't forget to make frequent backups of your data; if malware DOES get past your digital defenses you will then have some recent copies you can restore.

 

FACEBOOK

Guess what?  Now there's a job screening agency, called Social Intelligence Corp, that archives all the social media posts they can access, including Facebook posts (ALL of them - yours, your kids', everyone's) even if they contain incorrect or unflattering information. If an employer hires this agency, these posts would show up at job application time! Along with checking your credit reports once per year, also check your reputation to see what this, and the other credit reporting agencies, are telling your potential employers and lendersClick here to learn more.

 

HIPAA (The Health Insurance Portability and Accountability Act)

Whether you're a patient or an employee, make sure your healthcare (or healthcare-affiliated) organization has robust information security and privacy policies/procedures and performs ongoing compliance tasks including regular training and risk assessments. If you're responsible for medical information in any form, you're responsible for protecting it. Regardless of whether you knowingly commit a breach or simply make an administrative mistake, if someone's health records are compromised, there will be a price to pay. This violator was sentenced to six years in prison.

 

FAXING

They're not your grandma's fax machines any more! They have new capabilities... and with those, new risks. Many faxes go to fax servers on networks (not a physical stand-alone machine), and increasingly more even go straight to email addresses.  Before faxing confidential information, ask the requestor what kind of fax you are sending to, and how the recipients are securing the information they receive via fax. I was recently asked by a financial organization to fax my sensitive personal information to a server that dumped all faxes in with emails...and they were not encrypted!

Clear text (human readable) delivery systems like email or fax servers are not safe to use for sensitive information. The best way to send information is snail mail, but sometimes that takes too long for your purposes. If that's the case, you can scan, encrypt, password-protect and email documents. (That way, someone who is not supposed to see them, can't.) Then send the passwords in a separate email, that way if someone gets the fax, they won't be able to read it since they don't have the password to decrypt it.

If an organization requests more information that you think is necessary, ask why. Many requests to fax info are bogus... some of these are more obvious, but there are plenty of posts requesting your information on LinkedIn, for example.

 

Again, regardless of whether it's faxed, phoned, emailed, snail-mailed or otherwise transmitted, protect your information from anyone with whom you did not initiate contact or that you do not know. Otherwise, it might get lost in space... or get into the hands of someone more evil than Parallax.


 

Rocket 

 


Did you know...

I'm speaking at the Global Fax Summit July 12-14 in Tucson, Arizona. 

There are some wonderful resources I've found handy for keeping kids safe in the electronic universe:



If you know of others who would benefit from this information, please share this message with them or send them to my website! Thank you for reading... and have a BLAST (safely) this month!
Rebecca 
Rebecca Herold, CISSP, CIPP, CISM, CISA, FLMI
Rebecca Herold & Associates, LLC
Mobile: 515.491.1564, Business: 515.996.2199