Logo
Rebecca Herold

The Privacy Professor's
Tips of the
Month

Back to School!

 

 Sorry, Alice Cooper, school's not out forever! Parents and other guardians are only days away from the back-to-school rush. Physicals and dentist appointments, school-supply shopping and uniform sales -- all will combine to wash away what's left of a relaxing summer break.

 

 School prep won't stop with appointments and shopping trips, however. Many parents and guardians will begin to condition their kids for learning. They'll reinstate the bedtime routine, line up the tutors and get their kids working ahead to be ready for the lessons to come. At the same time, these folks will want to condition themselves for continued learning, particularly in the areas of security and privacy precautions.

 

I've prepare a few crib notes for just such a lesson. Read on for a tutorial on avoiding some new (and some old) privacy pitfalls.

 

 

How to Spot a Fake LinkedIn Profile


LinkedIn is no stranger to fraud, having recently survived a heavily scrutinized password breach. Unfortunately, it's largely up to you to protect yourself from falling into the snare of a scam artist posing as a legitimate professional connection.

 

Understand that once you are linked with a fraudsters there is no telling what type of scams they will try to pull on you. They may also victimize your other connections if you allow your linked connections to see one another (you can change your settings to prevent this). Because some LinkedIn users are in the practice of accepting all invitations, it's incredibly important to look out for scammers.


John Thomas of Bloglerati has put together an excellent collection of fake profiles on his Facebook page, along with the following red flags for spotting fake LinkedIn profiles:

 

  • Lower case first and last name
  • Stock photo for profile picture
  • Minimal info in profile
  • Belongs to a large number of groups
  • Generic company name
  • Rhythmic names, like Sam Smith or Joe Johnson

Hackers at It Again


By entering database commands into online forms, attackers tricked Yahoo's back-end servers into releasing more than 450,000 user credentials. These hackers took it one step farther and published the credentials online. Wonder if yours was among the credentials circulated?

 

You can find out here.


If you find your email and password in this database, change your password immediately... and not only on Yahoo, but anywhere else you have used that password. Social engineers are notorious for uncovering a victim's entire web profile, which could include potentially costly exposure (e.g. your online banking).

 

Even if you don't see your password listed, it's a good security practice to regularly change your passwords in case someone has uncovered it some other way. Also, never use the same password on social media sites as other types of sites, such as your employer's systems, online retail stores, banking, and so on.
  

  

Do Your Passwords Need a Refresh?

  

If your password is "123456" or "startrek," you are in

the company of a very large group of folks...using really bad passwords! According to CNET, these are among the most popular passwords used for web credentials today. They have published a great article on the topic

of using more unique creativity when choosing passwords.

 

 

 

 Take a look to evaluate whether or not your passwords need a originality injection.  

 

 

Your Posts Out of Context

Check out this site: weknowwhatyouredoing.com

The site takes one-off, out-of-context social networking posts (like Tweets, Facebook statuses and Foursquare check-ins) and paints them with one of four unflattering brushes. Touted as a "social media experiment," the site gathers some of the more salacious public social networking posts... and then categorizes them under headings like:

  • Who's taking drugs?
  • Who wants to get fired?
  • Who has a new phone number?
  • Who's hung over?
It's a good reminder that anything we post online can be taken out of context and republished anywhere. Before posting something online, think about whether or not parts of it could be posted elsewhere and have damaging, lasting repercussions on you. Being embarrassed is probably the least problematic outcome of something like this happening to you.
Grandparents Remain a Target

A phone scam targeting seniors continues to find victims. The fraudsters use one of several methods to con grandparents and other older Americans out of their money. Often they will pose as police calling for bail money to release a captive grandchild; or even gutsier yet, they pose as the grandchild himself and ask for money to get out of some sort of danger.

It's a good idea to have conversations with your own parents and grandparents about what you will and will not ask of them over the phone. Or develop a code word or phrase that you can use if you are asking for money. Advise them never to send money without this code word. 
Nothing for Free

Many of my friends use a large number of free apps, and I'm vigilant in reminding them: "Nothing in life is free."

I challenge them to consider:
  • What information are you giving in exchange for the "super cool" app?
  • What is the app's owner doing with that information? 
Be careful what you freely give away to unknown suppliers who tempt you with tantalizing fun and games. Here's a good article with a high-level overview that points to some good research on the topic. 
Who's Watching Your Driving?

 

Have you seen the commercials promoting the new on-board cameras for drivers who want to monitor their kids' driving? How about the devices that monitor your own driving and promise to use that data to lower your premiums?

 

If these sound like good ideas to you, proceed with caution. Voluntarily providing an insurance company, or any other type of company, with information about your driving, activities or whereabouts, may lead to more than increased safety or a lower monthly bill. Where else might that data wind up? Divorce negotiations? Law enforcement proceedings? Employee reviews?

The original purpose of surveillance, in many to most instances, is usually rooted in good intent. It's when the information collected is shared and used by others (for their own other purposes) that you get into some significant privacy issues.
 
Before you agree to allow others to track your activities, driving habits, phone conversations, or anything else that reveals your personal activities, first ask how that information will be used, and with whom it will be shared. And be sure they will get your consent to use your information in other ways if they ever change. You should be given the ability to then opt-out if you don't like the new uses they have in store for your personal information and surveillance information.

 

Reader Question

Can you tell me how to not only unsubscribe from Facebook but to also have all of my history on their site deleted?  These sites never make these actions very easy at all.

This page contains some good step-by-step instructions for how to completely remove your Facebook account and associated data. It is important to keep in mind that while these actions will remove YOUR account and information, others will still have the information they copied from you, so copies of your Facebook information may still exist in other online locations. Always remember you should expect that anything you post online to a social media site could possibly stay online virtually forever! (Next month I'll point out some possible ways to try and get those copies removed.)

Good luck with getting it all removed! 

Privacy Professor at the Head of the Class

 

Here are a few of my upcoming speaking engagements. If you are at the venue, please come up and say "Hi!"

 

 

 

 

 


For those of you in the healthcare industry, or business associates of healthcare covered entities, here is something else you may be interested in: I am also co-trainer for the HealthcareInfoSecurity.Com webinar: "Dept. of Health & Human Srvcs: Privacy and Security Strategies for Smaller Healthcare Entities"

 

 

Enjoy what remains of this sizzling hot summer and I'll plan to talk to you again next month when school's fully in session!

 
 
Best,
 Rebecca
Rebecca Herold, CISSP, CIPP, CISM, CISA, FLMI
Rebecca Herold & Associates, LLC
Mobile: 515.491.1564, Business: 515.996.2199