Logo
Rebecca Herold

The Privacy Professor's
Tips of the
Month

Spring is Just around the Corner

Herold boys on Spring Break 2010. Can you name this famous Chicago landmark?

 

Unfortunately, so are scammers, con artists and fraudsters. This spring break, have fun, but don't let your guard down too far or you may become the latest in a long list of fraud victims. 

 

 Following are the latest tips and trends in privacy protection. Please feel free to pass them on to your friends, family and colleagues, whether they are home bound or traveling this month. 

An "Oldie" but a Goodie

 

All too often, the elderly fall victim to sophisticated and heartless fraudsters who know how to pray on three common qualities of older people: 1) a lack of sophistication about crime; 2) the love of family; and 3) generosity.

 

An old telephone scam targeting the elderly has come back into fashion. The caller pretends to be a grandchild or the friend of a grandchild who is in trouble, and you guessed it, needs money wired to an international location.

 

Spring break is the perfect time to play this game, as grandparents are quick to believe that their grandchild is out of the country enjoying a break from school.

 

Many have been victims of this crime in recent weeks, such as a woman who lost $45,000! Don't be afraid to warn the older folks in your family of this trick. If you want to take it a step farther, develop a secret code word or phrase known only to the family. If a caller is unable to supply the secret password, your family will be alerted to the scam.

Google Makes Privacy News

 

If you're a Google user, you undoubtedly saw their announcement about an updated privacy policy. Did you read it?

 

Don't worry if you answered no. You're definitely in the majority; only 10% have read it so far. But that doesn't mean you shouldn't read it so you can understand the changes Google is making, as they may have a great impact on the way your online activities are monitored and shared with third parties.

 

Essentially, Google's changes allow them to connect and consolidate all the information they gather on their users across every one of their many platforms, including YouTube, Gmail, Chrome, Picasa, Blogger and Google+ (just to name a few). This will allow them to better learn their users' behaviors, which will in turn allow them to share more detailed information with advertisers and other parties willing to pay for the intel.

 

What's more, their tracking is based upon more than just your username, including such things as IP addresses. So one person with different usernames will not protect that individual from the intelligence that is being gathered on his every Google-powered movement.

 

Here are some small steps you can take to keep Google from collecting everything about your activities on all these sites and pooling it into one large pot of personal activity information. Keep in mind, different browsers may require slightly different actions.

 

1. Sign in to your Google account.

 

2. From the drop down menu next to your name, select Account Settings, then Services.

 

3. Click View, Enable, Disable Web History.

 

4. Click Remove all Web History.

 

Check (and Recheck) That Bank Statement

 

Travel time is like Christmas time for credit card fraudsters. Knowing that many banks relax their fraud prevention strategies during travel times like spring break, these criminals will wait until those two weeks in March when many people are leaving the state - maybe even the country - before they attempt to use a lost or stolen credit card.

 

Hackers, too, like the ones who have stolen account information from sites like iTunes, have their sneaky strategies. And these folks are especially tricky, siphoning money out of accounts slowly with small-dollar purchases over many months.

 

Regardless of your bank's travel-time strategy, the first line of defense against card fraud is always the cardholder himself. During holidays, spring breaks and vacation times, it is good to check your bank statements daily if possible, once a week at a minimum.  

 
 Protect Yourself - But Not in "Suspicious" Ways

It may seem silly, but there is apparently such a thing as protecting yourself too much - at least where those charged with protecting U.S. national security are concerned.

The FBI and the U.S. Department of Justice have published a series of 25 fliers, including this flier for Internet cafés, that detail behavior deemed"suspicious" or indicative of potential terrorist activities. It is good to see efforts being made to protect the country, however, many of these behaviors are those that privacy specialists have been recommending for years - things like shielding your screen from view when entering login credentials or other confidential information.

Here are three good ways to protect your privacy while out in public without also sending terrorist-profiling signals to the FBI and others.

1. Use a computer screen filter for your laptop, smartphone or digital reader (e.g,. iPad). These are comparatively inexpensive, and they allow you to see the screen without others seeing it from angles above, below or from the sides.

 

2. Don't change the SIM cards in your cell phones in public. This also helps to keep you from accidentally dropping or losing one of these data-rich storage devices.

3. Keep your confidential information encrypted in storage. Then, when you want to use your computer, smart phone or digital reader (e.g., iPad) in public, if it is confiscated, if you lose it, or if it is stolen, no one will be able to access your confidential information.

Smartphone Security

 

Smartphones are wonderful, yet rife with privacy pitfalls. Here are five quick tips for making your device less prone to a hacker attack.   

1. Do not download apps from unknown sources. Only download those from the official app stores sponsored by the smartphone manufacturers, as they are typically more secure.  

2. Control your location settings. To make your location as protected as possible, turn off all location assessment options.    


3. Before installing an app, be sure to read the Permissions screen. Note where your data is going to be stored. The most secure apps are those that only store data on your device, or store a minimal amount on the vendor systems, and those from vendors that do not share your app data with third parties.  

4. When you no longer use an app, remove it from your phone. An app-happy friend recently realized she had more than 185 unused apps on her device - many of which were tracking her whereabouts.     


5. Encrypt your smartphone data.  Many apps inspect your smartphone data storage areas, and the unscrupulous ones will copy what they find interesting and/or valuable.  

 Privacy Forecast

 

I recently contributed to an article on privacy predictions for 2012. Here's a bit of what I had to say in the Privacy Advisor article:

 

"The business associates/partners of organizations will receive unprecedented increased scrutiny and penalties as the breaches they cause continue to increase dramatically. As a result, these businesses will start implementing more privacy protections, and will be monitored by their business clients, more than ever before. In addition, the at least five proposed rules for HIPAA/HITECH will be finalized in 2012...finally! And, utilities will more proactively and publicly address the privacy concerns of smart meters, and more directly point to the need for third parties that consumers directly share home area network (HAN) data with (typically not subject to current or proposed smart grid privacy rules) to do more to preserve privacy in the smart grid."

 
Privacy Professor Out and About...

I'll be speaking at the following upcoming conferences.


The IAPP Privacy Foundations CIPP Training in D.C. on March 6 
 


The Seattle ISACA-Puget Sound Chapter Spring Seminar Information Security and Privacy Collaboration
2-day Training Class April 2 & 3


The St. Paul, MN, Secure360 Conference on May 8

Here's to a brilliant March filled with basketball madness
and no privacy sadness!
All the best,  

Rebecca
Rebecca Herold, CISSP, CIPP, CISM, CISA, FLMI
Rebecca Herold & Associates, LLC
Mobile: 515.491.1564, Business: 515.996.2199