Logo
Rebecca Herold

The Privacy Professor's
Tips of the
Month

New Year, New Commitment
 

If you're anything like me, you've already committed to a handful of resolutions for the New Year. How many will we stick to? Only time will tell. But if there is one resolution we must take seriously, it's a commitment to protecting ourselves.

 


To be sure, the world's thieves have made a collective resolution of their own - to steal as much of your personal information as possible and turn it around for a healthy profit. And too many organizations and businesses are overcollecting personal information, making it much more vulnerable to misuse and being breached.

 

Make a promise to yourself - and maybe even to your family members and colleagues - that you will stick to a plan of protection.

 

Below are a few ideas for how you can do just that, as well as some warnings and tips for avoiding privacy pitfalls in 2012. 

Read Those Privacy Policies 

 

How many times have you clicked "I accept" without actually reading a website's privacy policy? Don't be ashamed; you're not alone. They can often be lengthy and difficult to understand - and most times they seem to stand in the way of a task you're trying to accomplish.
 
Of course, as a privacy professional, I'd advise you to read every word. As a busy, working mom, I'd advise you to at least skim to find some key items.
 
What are you looking for? Start by searching for the word "share." This will allow you to jump to one of the most important parts of the policy - with whom or with which entities the website plans to, or may in some way, share your information.
 
If "share" does not pop up in your search, this may signal an incomplete policy, or worse, a website business that is not forthcoming with its data-sharing procedures. In this case, you may choose to do further research or even forgo business with the website all together.

Tame Your Curiosity
 
 

We all know what curiosity did to the cat. And it can be just as dangerous for the inquisitive humans who roam the planet. Scammers count on curiosity to help them accomplish their misdeeds. Don't let them!

 

For example, have you ever found a data storage device in a store, restaurant, hotel or even on the ground, such as in a parking lot or at a shopping center? One truly devious way malware engineers find homes for their destructive software is to leave an unattended thumb drive somewhere in public. The trap is designed to snare at least one nosy person into popping the drive into their own laptop, PC or tablet USB port.

 

As soon as that drive is inserted, malware is off and running. Maybe it's downloading a virus, maybe it's implanting software that will read and share the person's keystrokes, or maybe it's doing something else even more destructive.

 

Next time you find what appears to be a missing thumb drive, turn it in to the nearest lost-and-found and be on your merry way.

 

For more information on USB drive risks, and interesting related research, see my friend Scott Wright's site, "The Honey Stick Project."

 

Spot a Malicious Email

 

Schemers disguised as legitimate organizations looking for information continue to victimize hundreds of thousands every year. Coined "phishing" attacks, they can actually be quite easy to spot - once you know how. 


A big thank-you to Iowa State University's Information Technology Services department for posting a diagram of a malicious email on its Facebook page. Efforts like this go a long way toward helping educate potential victims as to the clues phishing pros leave in their emails. 


Keep in mind that these phishing scams also happen over the phone (and even via text messaging). In fact, I had my own run-in with a scammer when he dialed me up this summer. I wrote about the experience on my blog. 

 

Be on your guard whenever you get unsolicited communications, in any form.

 

 Know How 'Smart' That Phone Really Is
 
Smartphones have become the latest must-have. Not only for professionals, but for at-home moms and dads, retirees and even teenagers (don't get me started). But how much do the owners of these devices understand about the personal information that is being collected every time they engage their smartphones?

 

According to news reports, many of these devices come standard with an application that automatically collects information about where its users made calls and texts, and even worse, sometimes gathers the content of messages.

 

While these tools may have been meant for diagnostic purposes, the consequence of collecting very personal information could be seriously off intent.

 

Consider what could happen if, for instance, law enforcement requests this information under the USA PATRIOT Act - something they can do without a warrant or notice to you. What kind of conclusions - be they accurate or not - could be drawn from your behavior or conversations?
 
Or, what if this data was sold to marketers or others to target their sales pitches based upon that data?  See some thoughts I shared with George V. Hulme at CSO Online on this topic early in December when the Carrier IQ story broke. Senator Franken of MN was so concerned he demanded a long list of questions to be answered; you can see the responses here.

Keep an Eye on Who's Watching
 

New technology certainly raises questions about our privacy. However, traditional surveillance devices, like the old-school video systems in banks, grocery stores and even on the streets, continue to track the moves of many unsuspecting people.

 

There are also recent reports of a disturbing increase in hidden recording devices that creeps and criminals have hidden in public places, such as coffee shops and retail stores. 

 

I'll plan to talk more about the impact video surveillance can have on personal lives in my next issue. In the meantime, if you have a question about surveillance or any other privacy issue, please send me an email. I'll look to include at least one of your inquiries in the upcoming newsletter. 

 

Great to Hear From You!  
 

A special note of thanks to all the folks who have sent me notes with feedback on my monthly tips messages. It's extremely beneficial to know what you think and the topics that are important to you. 
 
Thanks also to the people who have asked me about information security and privacy. Please keep the questions coming! I may not be able to answer them all, but I will do my very best. 
 
I hope you, your families and your friends are having a glorious holiday season. I wish you a very prosperous, healthy and safe Happy New Year!

 Rebecca

More from the Privacy Professor Online...

 

Article: Your Mother Was Right: You Will Be Judged By the Company You Keep

 

Webinar for Health Information Professionals: Preparing for and Managing Data Breaches

Rebecca Herold, CISSP, CIPP, CISM, CISA, FLMI
Rebecca Herold & Associates, LLC
Mobile: 515.491.1564, Business: 515.996.2199