Play Strong Defense against Privacy Rivals


This month, basketball fans will pack arenas, sports bars and living rooms equipped with big-screens to cheer on their favorite teams. 


While some will do it simply for love of the game, others will be rooting for the team that will get them farther in the office pool. But while they're betting on basketball, criminals are wagering these happy fans and others are completely unaware of the game play they have in mind.


Read on for some fresh headlines, warnings and best practices for protecting yourself against these well-trained fraudsters. 

Box Out Facebook Threats


Who can keep up with all the changes Facebook and other social networking sites make to their privacy settings? I'm a privacy professional, and it's difficult for me to stay up-to-date. That's why I recommend Facebook users perform a self-audit of their profiles at least annually.


Chances are this audit will reveal that you are sharing WAY more information about yourself than you understood. And with the new Facebook Graph Search, more people than you ever intended will be able to find this information.To conduct a self-audit, download your EXPANDED Facebook archive (important to chose this option) by following the directions in this article. As well, you may find this article from TIME Tech helpful in reviewing your privacy settings on Facebook. 


Training Camp for Kids


It's never too soon to start teaching the young people in our lives about standing up for their privacy rights. Make it a point to address what you view as "over sharing," and warn the kids you know about the dangers of allowing others access to their information.


For more on how to keep children safe, particularly online, check out this post by Sue Scheff, author and parent advocate. It's an excellent collection of places around the Internet where you can learn more about protecting children in this technology age.  



 Dishing-Off Your Device?


Have you, like many adults, given a child in your life a hand-me-down mobile device? Maybe it's a "disabled" cell phone or your old iTouch that you let them play around on. Did you know that in the wrong hands that "old" device can mean "new" problems for you? Savvy criminals are increasingly targeting mobile devices (even outdated ones) because they are very often loaded with personal data, including bank and credit cards numbers cached on mobile browsers, passwords, contact information, email and GPS histories.


If you are dead-set on letting your children play with these devices, be sure they have been wiped completely clean of your personal and business information. For tips on how to do this, give this eHow Tech post a thorough read. 


The Feds' Flagrant Foul against Privacy


Ever wonder what Google has planned for all of the information it's collecting on its users? Well, their intentions may be completely irrelevant. As it turns out, Google has been compelled to give over their user data by law enforcement at an increasing and alarming rate.


In the second half of 2012, the tech giant received more than 21,000 requests for information, which represents a 70-percent increase over three years. The majority of the requests came from the federal government, who was hoping for a peek into users' email accounts. In most cases, the Feds didn't need a judge's okay.


Google is fighting back, trying to rally support against government access to personal data. In this professional's opinion, however, that's a bit ironic considering Google's own policies on collecting user information.


Just remember, anytime you are using a webmail site like Gmail for communication, understand your email is absolutely not protected and is not private. Do not send sensitive information or conduct business using these types of free webmail services. If you must use these sites, gather the emails through an off-cloud software system, like Microsoft Outlook. Then, configure your Outlook settings to delete the emails from Gmail, Yahoo, Hotmail or whatever cloud email service they are coming from, as soon as Outlook downloads them. 


Cops in Possession of False Leads


Tech companies aren't the only ones soon to have large caches of personal data. According to Wired:


Federal regulators are proposing that new automobiles sold in the United States after September 2014 come equipped with black boxes, so-called "event data recorders" that chronicle everything from how fast a vehicle was traveling, the number of passengers and even a car's location.


This is troubling for several reasons, not the least of which is how law enforcement, and a wide range of other organizations, may look to use the information. Was your car in a certain neighborhood during a crime? Did it achieve accelerated speeds while there? Combined with other circumstantial evidence gathered from additional sources, this black-box data could lead cops to believe you're guilty (even if it wasn't you behind the wheel). Not to mention, the data could have an significant impact on your car insurance or warranty. 


Don't Turnover Your Passwords


Earlier this month, there was an expert on a popular U.S. morning news show advising people to use personal password database sites to keep track of their passwords. I couldn't disagree more.


While I commend the expert for advising people to use multiple, diverse and difficult-to-guess passwords for their different online accounts, I do not believe storing these passwords in the cloud is the best idea.


Here are four password-keeper services I saw recently being promoted for use within this Payment Systems post. Here are my thoughts on each of the four:

  • KeePass: If you want to use this service, use it with a USB instead of Dropbox, which has had some security breaches in the past yearAlthough Dropbox recently announced improved security, I still don't want to entrust my passwords to a cloud service of any kind (Keep in mind lots of folks working for the cloud service have access to the info, simply as a matter of supporting the service.)
  • 1Password: I'm leery. If someone else gets my computer, will the service's web integration allow them to access all my accounts? I pass on 1Password.
  • LastPass and RoboForm: Many security folks approve of LastPass and RoboForm. Indeed, the services have been around for a few years. But I do not like the lack of information about how they secure their sites. I would not use these services, as they are cloud-based, and I simply do not want to share my passwords with others in this way. If you want to use them for managing the passwords for your websites with non-sensitive information, that's an option. However, keep your banking and other financial passwords with you and don't share with an online site.

It continues to be important to have multiple and varied passwords. At a minimum, your social networking passwords should be vastly different from your financial and banking passwords. As for how to keep a record of these sites, if you don't want to use a password management service like KeePass to store your passwords on your own devices, try an encrypted Excel file, or even a good old-fashioned notebook that you keep locked away. These alternatives may not be high-tech, but given the password management cloud services sites' vulnerabilities, it's much safer right now than relying on cloud-based services, which are major targets for hackers. 


Take a Time Out & Read Up


There is so much going on in the area of privacy these days, prompting many journalists, bloggers and reporters to cover the industry. Below are a few good articles I'd recommend.


  • Every industry is struggling with how to balance service and the benefits of technology with respect for user, client and consumer privacy. If you are interested in how privacy should be addressed within new technologies in the Smart Grid, see my recommendations to those building this gigantic new type of network in this industry article from the utility trade publication, Intelligent Utility.

Term of the Month

"Smart Grid"


Used to describe the huge, complex network being created in the U.S. and other countries, "smart grid" refers to the connections currently being built between the country's historically disconnected electric grids. To improve reliability of the energy infrastructure, engineers are also implementing communications networks within the smart grid. The 21st century solution promises improved security, "self-healing" technologies and energy efficiency. 


In its multi-year program plan, the U.S. Department of Energy (DOE) lists seven traits of the electric smart grid:


1) customer participation,

2) integration of all generation and storage options,

3) new markets and operations,

4) power quality for the 21st Century,

5) asset optimization and operational efficiency,

6) self-healing from disturbances, and

7) resiliency against attacks and disasters.


Just outside my window, snow is still falling on top of a foot already on the ground. I hope you can celebrate these last remaining moments of winter, as the spring season is just around the corner. Along with the green grass will come fresh new schemes and tricks from crafty criminals, privacy-numb organizations and mistakes by those simply not up on privacy protections. 


Be mindful, and get in touch anytime you have a question or want to chat about privacy troubles facing your business.



 Enjoy March Madness...SWOOSH!
Rebecca Herold, CISSP, CIPP
The Privacy Professor®
Rebecca Herold & Associates, LLC
Mobile: 515.491.1564, Business: 515.996.2199