Getting Lazy During These Last Days of Summer

 

Along with the warmer temperatures and brighter sunshine, the dog days of summer bring with them the opportunity to enjoy the outdoors. Family and friends arrange reunions, barbecues and picnics to get the most out of what is - for many of us - a fleeting season.

 


 

But just as every picnic inevitably draws out the ants, the summer season brings out the criminals. Intent on taking advantage of those lazy days of summer, con artists, tricksters and hacks are busy laying their traps.

 

Read on for a heads-up so you can avoid them and enjoy the remaining "lazy days" of summer. 

Summer Scam Round Up

Be on the lookout for these four tricks and traps. They could ruin what's left of your summer season.

 

Phone Scam Calls You with Your Own Number - Scammers use caller ID spoofing technology to impersonate phone numbers.

 

Another Phone Scam Seeks Access to Computers - Impersonators pose as Microsoft employees and offer to fix a virus if the victim allows them remote access. (This happened to me in 2011, and now it's more widespread throughout the U.S. and other parts of the world; read about my experience!)

NOTE: I am happy to pass on the news that the U.S. Federal Trade Commission recently caught some of these crooks and slapped them with $5.1 million in fines! 

 

A Handy Way to Foil ATM Skimmer Scams - Thieves continue to place hidden cameras at ATMs to surreptitiously record customers entering their PINs. This previously reported way to stop from being a victim still works against the hidden cameras. (Thanks to my Facebook friend Ric for this one!)

 

What To Do When Criminals Take Your Computer Hostage - Criminals are increasingly using ransomware and threatening to wipe out your files if you don't pay up. Don't give them your money; they will just come back for more! Make frequent backups and use anti-malware tools.

 

Before You Trust Facebook with Your Summer Fun...

Facebook is at it again. The social network used by billions is sharing its users' online behavior in ways it previously said we could opt out of. 

 

As Venture Beat reports, anytime a Facebook user visits a site with a "Like" button (any site, not just a Facebook page), that visit is stored by Facebook and used to better target the ads of its advertising partners. No need for the user to actually click the Like button. The page visit is enough to trigger the storage of user data.


 

I actually tested this by visiting several types of websites I've never visited before. Low and behold, I started seeing ads for associated items on my Facebook page.
 

There are a few tools that allow you to block sites like Facebook from inserting tracking code into your browser. Learn about them here


 
 


Even Sketchier Moves by Facebook

More disturbing, however, is what looks to be Facebook's attempts to leverage user data for more than targeted advertising. In a recent move, the social network appears to be experimenting with its power to control your mood. (I'm sure there is some advertising-revenue benefit to that, as well.)

 

For one week in January 2012, 700,000 Facebook users saw only what Facebook wanted them to see in their news feeds. According to The Atlantic, practices like this are actually something users agree to (whether they realize it or not) when they become members of the Facebook community:

 

In the company's current terms of service, Facebook users relinquish the use of their data for "data analysis, testing, [and] research."

 

It may be legal, but, as The Atlantic asks in this article, is it ethical? Drop me a note and let me know what you think.   

 

Is Discrimination Against Google Glass Wearers Fair? 


Although they may be small in numbers, Google Glass wearers (coined "Explorers" by the Internet giant) are fierce defenders of their "right" to participate in this emerging technology trend. They may have a battle ahead of them, particularly with citizens, business owners and cities that argue the wearable devices
 threaten the privacy of people around them or infringe on copyright and other laws.

 

Generally this is because wearable devices like smart shoes, smart watches and smart glasses have the ability to take pictures and record video in ways that are virtually undetectable by the average person. (Consider whether or not you would want to change in a locker room next to a fellow gym-goer sporting Google Glass.) There are even places online where you can download "Google Glass is Banned on These Premises" signs.


 

What do you think? Would you be comfortable at the beach, in a restaurant or at work with others wearing glasses and other "smart" items that may be secretly recording you? It's something we all need to start thinking about.
 

There are plenty of serious debates I could point you to, but given that summer is coming to a close, I thought you might enjoy a more humorous approach. Keep in mind as you watch this Daily Show spoof on a serious interview with Google Glass Explorers that behind every joke, there is a grain of truth.  

   

Delicate Balance of Benefits and Privacy 

Whether you support Edward Snowden or not, you likely agree he has done quite a lot in terms of raising the average citizen's awareness of privacy issues. Indeed, debates over whether or not privacy trumps national and personal security continues to rage on in the U.S. and beyond.

 

I wanted to share just one recent example: The balance of privacy with security is discussed with an excellent panel of two esteemed experts moderated by another esteemed expert (my friends Marc, David and spaf) in this video recorded at the 15th Annual CERIAS Info. Sec. Symposium.

 

This delicate balance comes up again as we talk about the growing prevalence of drones, particularly in the real estate business. While being able to capture images of hard-to-see real estate is certainly beneficial to brokers, sellers and buyers, there may be a completely different view from neighbors of the property. Imagine you are sunning au naturale by the backyard pool when a drone with a video camera flies overhead, filming your private moment and broadcasting it far and wide. Even if it was an honest mistake, that kind of video can be hard to recoup once it has been captured. 


 

A Lesser Known Form of Identity Theft

On a recent visit to the Great Day morning show, I had the pleasure of talking with the hosts about one form of identity theft of which many are unaware, and that's synthetic identity theft. It essentially describes theft of only a few pieces of personally identifiable information (PII) that ultimately allows criminals to make up an entirely new (and false) identity. 

 

With these synthetic identities, criminals can gain employment, get approved for loans, open new credit cards and more. When bill collectors come calling, they realize there's no "real" person they can hold accountable for the misdeeds of the criminal. That is unless they can track down the person associated with those few pieces of real information, which they often do.  

 

It's a growing problem, one that we all need to be aware of as we work to protect every little piece of our personal information. 

Small Biz Looks to Build Data Breach Plans

Around the world, small businesses are rightly concerned about the dangers of data breaches. Specifically, they want to understand how a data breach is likely to impact them, how they can prepare and what they can do to protect themselves, their employees, customers and others.

 

To address these concerns, I participated in a Twitter chat sponsored by my friends at the National Cyber Security Alliance who also sponsor International Data Privacy Day each year in January. The chat highlighted ways small businesses can prioritize privacy by establishing a strong data protection plan. The chat was captured and is available here for your review. I encourage you to share your take-aways with others in your organization, be it small or large.  
 

 
 

A New Venture for The Privacy Professor 

I am so excited to share the news that I have a new service business and a new retail site!

 

The new service is called SIMBUS, and it provides comprehensive HIPAA and HITECH compliance services to all types of covered entities and business associates. 

 

I also have a new retail site at www.privacyprofessor.org, and I am going to continue adding information security and privacy tools and information there to help businesses of all sizes over the coming months. In addition, I plan to provide a page on that site for consumers and the general public. 

 

What types of information and tools would you like to see me provide there? Please let me know!   

 

Privacy Professor on the Road

My own summer travels are winding down. Just two more exciting events to go, and then I will be into Autumn travel. See below for my upcoming destinations, and if you'll be in the area, stop by to say hello!

 

August 19: Providing a session called "Cybersecurity & Business Data Privacy" at the IT Service Management Leadership Forum in Scottsdale, AZ

 

September 16: Leading the SGCC Privacy Subgroup Workshop at the SGIP 2014 Conference in Nashville, TN
 

October 16 & 17: Providing a keynote at the Australian Information Security Association's National Conference in Melbourne, Australia.

 
 

 

Need Help?

 

If you need any help with information security or privacy training and awareness, or if you must comply with HIPAA and need help (especially important now that the Omnibus Rule has gone into effect), please check out my SIMBUS site (http://www.hipaacompliance.org) or get in touch with me; I would love to help you!

  

You Have My Permission to Share

 

I receive a lot of requests to repurpose the information contained in these Tips messages, so I wanted to drop a quick note in here to say, "Yes, I approve!" Please use the following attribution so that others will know where to find me if they have additional questions about the material you pass along. **NOTE: This permission does not extend to the images in this email. They have been purchased with a one-time use license that cannot, unfortunately, be passed to the readers of the Tips Message.** 

 

Source: Rebecca Herold (a.k.a. The Privacy Professor), privacyguidance.comrebeccaherold@rebeccaherold.com.

 


Each summer in August when I was growing up in mid-Missouri, we had a family reunion picnic in the city park. All the living relatives would come from near and far and bring potluck dishes to share. The adults would visit and catch up on the past year while the kids played throughout the park. Those reunions make up some of my best (albeit hottest) memories. Here I am at 7 years old with my parents at one of those get-togethers.

 

I hope you'll enjoy what remains of the season with close family and friends, and that you'll remember to stay safe and vigilant with your privacy as you do. 


 
See you next month!


 Rebecca

Rebecca Herold, CISSP, CIPM, CIPP/US/IT, CISM, CISA, FLMI 
The Privacy Professor®
Rebecca Herold & Associates, LLC
Mobile: 515.491.1564