Soak in the latest privacy information

Showers Bring Flowers, Spring Brings Scams

April showers are soon to fall, ushering in a brilliant spring for the winter-weary. Just as tulips pop from the snow-soaked ground and umbrellas emerge from the jam-packed closet, so too will hackers, criminals and social engineering crooks come out of the woodwork.

But we'll be ready for them! Armed with information and committed to vigilant protection of our privacy, the bad guys will have a hard time pulling the wool over our eyes.

Read on for the latest news, updates and privacy issues springing up across the globe. Then strap on your rain boots and buckle up your privacy protections for an eventful spring!

Come Rain or Shine

Nothing's certain but death and taxes, except of course, for tax scams. Accountants, CPAs and millions of hard-working families are not the only ones busy during this time of year. As April 15 approaches, scammers are working hard to con the U.S. taxpayers out of money, personal information and secure data.

Here are just a few examples of some recent tax scams:

Someone files using your identity
Someone uses your tax return to steal your information
Someone poses as the IRS to get at your data

Here is good advice for staying aware during this time when the criminals are stalking your tax return activities:

Have your guard up when viewing communication claiming to be from the IRS. This includes phone calls, text messages, faxes and especially emails.
Visit the IRS website for other tips on protecting yourself during tax time.

Don't Track in the House!

We all know (or are quickly learning) our online movements are increasingly traceable. Powerhouse Internet companies like Google and Facebook are watching our every digital move and logging all of them in goldmines known as Big Data, increasingly being used by marketers, researchers, investigators, government groups, and others. Once analyzed, this data begins to reveal intimate details, and sometimes secrets, about our shopping and financial behaviors, our likes and dislikes, the websites we've visited and even how fast we drive and where our kids go to school. It all makes us much easier targets for marketers (and unfortunately, also for criminals).

Coincidentally, the topic of my Q1 2013 issue of Protecting Information Journal was the security and privacy impacts of social media and Big Data analytics. You can listen to a short podcast (8 min, 44 sec) of the feature article from it.

But did you know your offline moves are also being tracked? Ric S pointed me to a great article The New York Times prepared on how data analytics companies are using digital means to track our real-world exploits. With technology once reserved for making sure convicted criminals on house-arrest stay put, these companies are now offering their services to run-of-the-mill retailers.

Most shockingly, people are actually opting-in to be tracked, thanks to the promise of discounts and free stuff. Tread lightly, folks. The data these companies are collecting today may someday come back to bite you.

Local Businesses Rain on Google's Parade

In preparation for the possibility of early-adopter patrons wearing Google Glasses inside their establishment, Seattle's 5 Point Cafe has banned the photo- and video-capable eye wear. When defending his decision, the Cafe's owner said:

"People want to go there and be not known ... and definitely don't want to be secretly filmed or videotaped and immediately put on the Internet."

Indeed Google Glasses and other such wearable technology makes it difficult for the subject of a photo or video to understand (and to therefore consent) that he or she is being filmed. The privacy implications are pretty staggering, particularly when you consider how simple it is to post photos and videos online... and how difficult (potentially impossible) it is to have this type of content removed from the Internet.

Here are two articles talking through the privacy implications of this technology:

After the Storm Comes a Rainbow

If you've ever had a computer device unexpectedly fail on you, you know how it feels - like a flash flood, taking you by surprise and washing away everything you need.

I recently had my 3 TB Hitachi external hard drive stop. Completely. Unexpectedly.

I had only used it for 11 months, but it had close to 2GB of data on it. Did I have backups of that data? Most of it, yes. Unfortunately, my backups were not as nicely organized as they had been on my drive.

Thankfully, my go-to tech guy was able to access the insides of the drive and copy all my data out onto a new one (I'm using a 3 TB Seagate now that has additional backup utilities) - the rainbow at the end of my storm! Still, the whole situation resulted in four very long days without an easy way to get to the data I needed, and to some data I had no access to at all.

Do you make backups of your data regularly? Here are some recommendations to help you from feeling the pain of a failed hard drive:

Invest in an external backup drive for storing your backups. You can see some good guidance here.
For data that is especially valuable (income tax data, photos, business data), make another copy on a different external drive and store at a different, secure location, such as a bank safety deposit box.
Back up your email at least once a week; more often if you depend on it for business and would be lost without it.
Most external hard drives can be configured to automatically make backups at specified intervals; look for external hard drives with these capabilities.
If personal information is on your backup drive, encrypt it!
If you want to use a cloud service to store your backups, make sure they will encrypt your data, and that they have terms of service that will allow you ample time to remove your data, completely, if there is ever the need.
Regularly test backups to ensure the backup data is actually good.

Always Pack an Umbrella

There's a fine line between paranoia and preparation. Think it might rain? Bring an umbrella, and it won't. The same concept may apply to encrypting your email communication: Think someone may be reading your emails? Encrypt them, and they can't.

Are you sending confidential information in your email, text and instant messages? If so, you could be exposing it to a lot of peeping eyes...and they may decide to do bad things with it!

Here are some ways to encrypt your digital messages:

In Outlook, within your message, go to File, Properties, Security Settings, and click the box for "Encrypt message contents and attachments."
If you use some type of webmail, most good ones offer SSL as a security option; use it. It encrypts the messages *while they are traveling through the Internet.* However, it is not the same as encrypting the message itself. Your messages are still in clear text within the mail box storage, and when forwarded elsewhere not using an SSL-encrypted transmission method.
For webmail, consider getting an add-on tool, such as Armacrypt.
Another email option is Hushmail.
Consider using an up-to-date version of PGP (see Term of the Month below for more).
Here's a pretty good discussion of encrypting text messages on Android devices.
Here are some smartphone encryption apps to consider.

TIP! Don't send any sensitive or confidential information using social network messaging systems, such as Facebook mail. While you can have the *connection* (meaning while it is traveling from you to your recipient) encrypted using SSL, it does not encrypt the message itself, leaving it in clear text within the many Facebook repositories.

Know Enough to Come In Out of the Rain

I received a message from a very educated and skilled privacy expert lamenting the constant changes Facebook makes, not only to its privacy policies and settings, but also to its layout. Monique's note underscores how painfully difficult it can be for the average user to keep on top of protecting their information on this nearly ubiquitous social network.

One current resource that interested Facebookers can use to correct their privacy settings now can be found here. While I can't vouch for how long this infographic will remain relevant, I can say that it's up-to-the-minute as of today.

Give it a glance; hopefully it can help you and those in your network better understand how to use Facebook's privacy settings to their fullest potential.

Term of the Month

"PGP"

An acronym for Pretty Good Privacy, PGP has become somewhat of a catch-all moniker for free data encryption solutions. Pretty Good Privacy was one of the first such solutions developed for the mass market by Phil Zimmermann in 1991. Zimmermann believed good security should be free and available to everyone during a time when the U.S. government discouraged encryption on all exported data. His position was progressive, not to mention controversial. PGP has evolved over the years and is still a good option for strong, free encryption, particularly for emails.

Taking the Speaking Circuit by Storm

I'm so lucky to have the opportunity to tour the country (both in person and via the Internet) each year, sharing tips, advice and privacy expertise. See below for two of my upcoming talks:

Cutter Consortium: Big Data Privacy Q&A, April 3, Webinar
Secure 360: Vendor Information Security and Privacy Management, May 13, St. Paul

Here's to an incredible spring for each of you! If you learn of new privacy issues, concerns or threats you think would make a good addition to Tips of the Month, please know it is okay to get in touch.

Wishing you a warm and safe spring-time season,

Rebecca

To view previous months' tips, click here.

Rebecca Herold, CISSP, CIPP
/US/IT, CISM, CISA, FLMI

The Privacy Professor�
Rebecca Herold & Associates, LLC
Mobile: 515.491.1564, Business: 515.996.2199

Email me

Follow me on Twitter
Check out my blog

Compliance Helper solutions

Visit my website