Protect Your Pot of Gold

 

Your personal information is a hot commodity on the black market, with social media sites and among marketers. And participation in even the most commonplace activities, like checking your email, making a credit card purchase or downloading a popular app, opens your personal data up to the possibility of capture. Once it's exposed, that information can be used to create a profile to help various entities market to, snoop on, steal from or impersonate you.   

    

This is not to say consumers should not feel comfortable answering the phone or walking by a neighbor's security camera. But they should definitely educate themselves on the problems that even these menial actions can create for them, their friends, family and colleagues.

 

What follows are some of the latest consumer and business risks of which you should be aware. And may the luck of the Irish be with you as you attempt to keep your personal information out of the hands of sly creatures looking to access your pot of gold. 

Scammers' Eyes are Smilin'  

New phone, computer and email scams are popping up every day - heck, several times a day. Below are some of the more daring nets perpetrators are casting out there in the hopes of catching a few unsuspecting individuals.

 

Phone    

In the Midwest (and probably beyond), crooks are calling people (often the elderly and those who have English as a second language) and small- to medium-sized businesses and demanding utility payment for unpaid bills. They then ask for the person's credit or prepaid card number. You can see many instances of this online.  

 

In an increasingly frequent calling scam, bad guys pretend to be from Microsoft. They claim to be calling to help victims remove malware from their computers. They convince the person to navigate to a website, which actually loads (not removes!) real malware. Victims have also had their files and personal information stolen by these scammers. I wrote about my own experience with this in 2011. 

 

Computer

Nearly all Linksys routers of the E product variety are at risk, according to Ars Technica. A worm infects Linksys routers with self-replicating malware, which is a virus that spreads by scanning the Internet for other vulnerable devices. Nicknamed "The Moon," the malware can only work if router owners have enabled the Remote Management Access feature. If you own one of these older model routers, check to be sure you have disabled this feature, as advised by my Facebook friend Joseph Shook.

 

Email    

Spam emails that claim to be from state judicial branches or court officials are convincing recipients around the country to click on malicious hyperlinks. The emails state that a complaint was received, court ordered restitution is due or a trial date is set. Some even ask for money, Social Security Numbers or direct the recipient to download a document. If you receive something similar, do not open, reply or click on any links. Call a court official (at a phone number you locate on your own) to investigate if you have any reason to believe it could be legitimate.

 

Truly a new low in phishing scams are emails from crime rings posing as funeral homes. The emails carry the subject line "Funeral notification" and invites victims to click on links for more information about the upcoming "celebration of your friend's life service." Of course those links don't lead to a real obituary or announcement; they send the recipient to a domain, typically outside the U.S., where the scammers download malware to the victim's computer. Below is an image of the one I received earlier this month:

 


Beware the Ides of March... It May Curse Your Hard Drive

Loss of data to a thief is one thing; loss of it from your own negligence is quite another. We are all so dependent on technology for the safekeeping of our photos, videos, communication and files, that we sometimes forget it's an imperfect system.

 

In addition to death and taxes, there is one other certainty in life: Hard-drive failure. I should know; it just happened to me.

 

For as long as I can remember, I've performed both system and file backups every week consistently. What I didn't realize was that the hard drive on which I was making those backups was about to crash. The result? I lost months' worth of files and emails, all in a flash. The backups I had made while the hard drive had already started to fail, unbeknownst to me, were not usable.

 

To keep this from happening to you, realize that making backups to a hard drive simply isn't enough. First, test those backups at least monthly to be sure they have actually been made and that the files are healthy, not corrupted by a broken piece of hardware that you may not yet know about. Second, back up your most important files to a system independent of your computer. This could be an external hard drive, a series of thumb drives that you then store in a safe-deposit box or a secure cloud provider, such as CrashPlan or Backblaze.

 

One word of caution about cloud-based services, however. Check to be sure the provider uses strong encryption and take a read through their privacy policy just to be sure your information stays behind closed doors. Also keep in mind that any time you put your files in the hands of a provider, they may be vulnerable to hackers and/or subject to review by government or law enforcement agencies.  

 

Doonagore castle near Doolin, Co. Clare, Ireland
 

 

 

Over the Rainbow... with a Drone

Drones (the airborne nemeses to privacy) are finding their way into international headlines as they become more popular with both businesses and consumers worldwide. It also doesn't hurt that they are the subject of various legislative debates. 

 

Below are a few recent news articles spotlighting the benefits (and risks) of relying on these flying spy vessels for security, information and entertainment around the globe.

There are many privacy and safety issues that must be resolved, and rules established, before the skies are filled with these spies. Here in my home state of Iowa, lawmakers are acting; they just introduced the Unmanned Aerial Vehicles/ Drones Bill (HF 2289) on February 26, 2014.

 

You can affect change by contacting your local business leaders and elected officials to share your concerns with the increased use of drones in your area.  

 
  

Smart Appliances Get Up to Mischief

Thanks to rapid innovation, our lives are getting easier. But there is a price to be paid. The Internet of Things is creeping into the average lives of consumers in unexpected ways, creating new vulnerabilities even in what was once the safety of our own homes.  

 

Each of the below developments has been built to automatically collect data about users and send that data to others. The developers insist this data is being used to enhance the consumer experience in some way; but what they don't often reveal is all the ways that data is being used to help them make money or achieve some other objective.  

 

Take a look at these examples and think twice before you volunteer your personal information by purchasing one of these "smart" products.

  • LG markets a fridge that sends a text when the milk runs out, and this article says experts have long warned such a gadget is an attractive "soft target" for hackers. In fact, in one recent attack on 100,000 smart gadgets, 750,000 spam emails were sent to their owners.      
  • Google's smart contact lenses check in and report on your health, monitoring things like gluclose levels in your tears. One commenter's question was intended to be sarcastic, but in every joke there is a grain of truth. He asked: Will it send the wearer's glucose levels directly to the NSA or does that only happen after the contact lens syncs with Google's cloud? The fact is, if the lenses can report glucose levels, it is also technically possible to program them to report on many other types of activities, as well as more of your body contents and characteristics.      
  • Wearables devices monitor physical activity and connect wirelessly to online services charged with collecting data on the wearer. If insurance companies were able to collect and use this data for their underwriting purposes (which now let employers charge employees different health insurance rates based on whether they exercise, eat right or make healthy choices), these devices could spell disaster for insurance costs... not to mention the potential impacts if employers, potential employers, family members, etc. obtain the data.      
  • Video baby monitors send signals far and wide. To test the vulnerability of these smart gadgets, a Miami TV reporter attached one of these baby-monitor receivers to the dashboard of his car. In just a few minutes, he was able to pick up images of babies and bedrooms. Traditional audio montiors are vulnerable, as well. During the summer of 2013, ABC News reported on a Houston couple who heard cursing and lewd remarks coming from their 2-year-old's baby monitor. It had been hacked.     
  • A clip-on camera takes a still image every 30 seconds in an effort to "record your life." How often have you come across a photo of yourself that if taken out of context could cause others to jump to the wrong conclusion (college days, anyone)? Worse, what happens when someone with a clip-on camera enters a public restroom or locker room and takes pictures of people (or children) in various stages of undress?
  

Privacy Professor in the News, on TV & in the Blogosphere  

 

In the News

 

A reporter with Healthcare Info Security recently interviewed me for an article on HIPAA Training. In the piece, I shared insight on the importance of awareness and frequent reminders to stopping data attacks.

 

On TV

 

I was recently invited back as a guest on Great Day, a morning news show, to talk about the privacy risks of popular mobile apps. The segment is available on YouTube. Simply click on the image to the left or search "great day privacy professor" on YouTube.

 

 

In the Blogosphere

 

Earlier this week, I authored a blog called "Strong security controls are necessary for more than just preventing hack attempts." In it, I discuss the concept some folks have of devaluing data for hackers instead of using strong security controls, which is a dangerous attitude in the fight against data breaches. 

 

 

Privacy Professor on the Road

I love traveling the country to raise awareness of data security and privacy. If you ever have need for a speaker, presenter or workshop host, please get in touch. In the meantime, take a look at the schedule below, and if you'll be in the neighborhood during these events, I hope you'll attend. 

 

March 4: Giving presentations for the Minnesota State Bar Association "Cybersecurity and Data Privacy in Energy Law" seminar

 

April 9 & 10: Teaching IAPP CIPP Foundations and CIPM classes in Minneapolis

 

April 30: Conducting a workshop for the ISACA North America CACS conference in Las Vegas

 

May 1: Presenting a session about privacy auditing and metrics at the ISACA North America CACS conference in Las Vegas

 

May 12: Conducting a workshop for Medical Device Security and Privacy at the 10X Medical Device Conference in Minneapolis

 

May 19Presenting a HIPAA session at the Long Term Care Solutions Summit

in Kansas City

 

June 16: Providing the keynote about privacy and the Internet of Things at the International Information and Computer Security Conference in Bogotá, Colombia 

    

Need Help?

 

If you need any help with information security or privacy training and awareness, or if you must comply with HIPAA and need help (especially important now that the Omnibus Rule has gone into effect), please check out my Compliance Helper site or get in touch with me; I would love to help you!

  

You Have My Permission to Share

 

I receive a lot of requests to repurpose the information contained in these Tips messages, so I wanted to drop a quick note in here to say, "Yes, I approve!" Please use the following attribution so that others will know where to find me if they have additional questions about the material you pass along.

 

Source: Rebecca Herold (a.k.a. The Privacy Professor), privacyguidance.comrebeccaherold@rebeccaherold.com.

 

 

  

This month, we'll celebrate Irish culture with great food, parades, music and an outrageous amount of green. 

 

As you gather with friends, family and colleagues to revel in the festivities, continue to be aware of your surroundings. Act as if the entire world is watching... because they very well could be. 

 

Wishing you an especially fun (and safe) St. Patrick's Day! 

    

Rebecca

Rebecca Herold, CISSP, CIPM, CIPP/US/IT, CISM, CISA, FLMI 
The Privacy Professor®
Rebecca Herold & Associates, LLC
Mobile: 515.491.1564