Who's Watching You this Holiday Season?

Surveillance happens in all kinds of ways, many of which are helpful to the safekeeping of our property and the protection of our loved ones.

Yet, with warp-speed advancements in both technology and analytics, we have to take the bad with the good. As more of our personal items (everything from smartphones to smart refrigerators) are connected to the Internet, you may be surprised at how much risk this creates for our privacy.

Santa Claus sitting on the floor looking through spyglass

This holiday season, be mindful of the ways in which your movements, your location - and maybe even the private spaces in your home - are being monitored. What can you do to minimize the risk to your privacy?

You better watch out...

The holidays have a tendency to bring out the trusting spirit in each of us. That's why I've put together "12 Security & Privacy Threats of the Holiday Season" to remind us to keep our guards up as we're celebrating with family, spending lots of money and traveling to parts unknown.

Here's a sneak peek:

Don't post that you're away: Keep details like how long your house will be empty and where you'll be staying to yourself. You can always post to Instagram, Facebook, etc. when you return.

Beware of USBs: If you find a USB in a public place, on your property or in a strange gift basket, don't insert it in your computer or device. It could be infected with malware.

Watch out for ATM skimmers: These little devices clamp right onto an ATM machine and are rarely noticed. If you see something that looks suspicious, report it to the operating bank and find another machine. Cash back at the point-of-sale is a safer (and often cheaper) way to get at the cash in your account.

For more tips, download "12 Security & Privacy Threats of the Holiday Season."

P.S. I discussed these on the Thanksgiving Day episode of the Great Day show, so you will be able to watch that also when the video gets posted.

Checking it twice...

Woman holding winter cup close up on light background. Woman hands in woolen red gloves holding a cozy mug with hot cocoa, tea or coffee and a candy cane. Winter and Christmas time concept. Poor Home Depot. The U.S. home improvement store's security woes just keep continuing. You'll recall in September the retailer made big-time headlines with a breach that exposed millions of customers' credit card numbers.

Then, another 53 million customer emails were compromised. While this may not sound as dangerous, criminals use emails to commit phishing attacks. Think of your own habits: Are you more likely to open an attachment or click a link from an email you recognize? Sure, we all are.

What's more, email addresses are often the basis of someone's login credentials. In fact, usernames are often verbatim email addresses.

And now, at least one customer has accused Home Depot of using shredded documents, such as checks and bank statements, as packaging! A customer who received a package like this was actually able to piece together several of these to see the valid, confidential information of others!

It's no doubt this one-right-after-the-other set of circumstances has raised eyebrows among Home Depot's business partners and customers (not to mention piquing the interest of hackers). This myriad of security issues within just one company sparked quite a few comments on my Facebook page. Check it out and weigh in with your own thoughts.

He sees you when you're sleeping...
There is a website out there housing streaming footage from more than 73,000 cameras, most likely unbeknownst to the camera's owners. The footage shows all manner of locations, including in some cases, the camera owner's bedroom.

This happened because the owners didn't change their default passwords, which allowed the website owner to hack into their lives streams.

If you ever find your camera on a site like this, the fix is easy. Simply change your password right away. If you don't want to do that, the site claims it will remove the URL to your camera if you write the site administrator. Don't wait to find your images online; *ALWAYS* change the default passwords of any type of system and technology as soon as you start using it.

Curious to find out if your camera's feed is visible to the world? Here's the site.

He knows when you're awake...

Not many of us are under the impression that our online behavior is private. All manner of entities - good and bad - are looking to capitalize on the financial potential of our private browsing sessions.

What is less known, however, are the different providers looking to grab a piece of this incredibly valuable data pie. As pointed out to me by my friend Faith Heikkila, Internet service providers (ISPs) are joining in on the fun.

Verizon Wireless, for example, was recently found to be inserting a sort-of short-term serial number into the data flowing between their wireless customers and the websites they visit while using Verizon's service. According to Wired, "...ad networks could start using it to build a profile of your web activity, even without your consent."

Not every entity watching you is after financial gain. The government, for instance, purports having a much loftier goal - national security. The government required the U.S. Postal Service, for instance, to monitor nearly 50,000 pieces of mail in 2013. It was all part of what KCCI-TV calls "a far-reaching federal surveillance program."

Be careful what you write or place on the outside of the holiday cards and presents you send through the mail in the coming weeks. The wrong comment or joke - no matter how funny you find it - could land your name on a watch list (and your mail in a big pile).

So be good for goodness sake...

Who will be able to access and manage your social accounts and other online properties when you pass away? No doubt a great percentage of consumers have not yet confronted this question.

That's one of the reasons I'm excited to join the advisory board of Prevendra and let you know about their new product called Red Folder. The company, co-founded by a former intelligence officer, provides a much-needed service. Red Folder helps consumers plan for how their information will be accessed appropriately by their designee should they need assistance during an emergency or following death.

Take Facebook, for example. Users have reported long delays in having their loved ones' accounts turned into memorial pages (understandable given the morbid estimate of 60,000 Facebook users who will die just this week).

Planning ahead for eventualities like this can make a world of difference. Below is what The Guardian reporter Jack Schofield recommends.

If you want your spouse or other family members to deal with your digital stuff after you've gone, it's a good idea to make a list of the log-on names, passwords, and associated email addresses. You could put the details in a letter, but it would be better to use an encrypted file and leave the password with someone you trust.

Among Schofield's additional tips is this one: Don't add password information to your will. In many countries, they eventually become public record. This is what makes Red Folder such a great tool; you not only document this list, but you can use the service to control who gets access to your sites and associated passwords. You can even state what you want done with your sites in the event of your death. And, it is not public record!

New HIPAA Risk Awareness Evaluation Tool

Over the years, I've seen a great need for organizations to be able to quickly and economically determine the high-level HIPAA compliance risks that exist throughout their organization. I've also done work for many covered entities (CEs) to determine the risk levels of more than 250 of their business associates (BAs).

I've had a vision for being able to provide this help online since 2010. Therefore, I'm really excited to have finally found a great business partner who has been able to create this first-of-its-kind HIPAA Risk Level Evaluator!

For the next few weeks or months (I've not established a set time yet) I'm providing a scaled-back version of it free. I'd love for you to take a few minutes to answer the questions, view the report that is generated and give me feedback. I can then make any tweaks and changes based upon your feedback. For those of you who have already sent me feedback, a heartfelt THANK YOU! I'm making changes as you read this based upon some great suggestions. I welcome more feedback from everyone else.

After this initial free introductory period, I am currently planning to sell a more feature-full and capabilities-rich version of it; probably in the ballpark of $295. Please Click Here to be taken to the evaluation. And again, please send me an email to provide your feedback! Plus, if you're curious about the additional features of the retail version, I can describe those to you also.

I was on Security Culture TV!

I was very happy to be invited to join Kai Roer and Mo Amin on November 26 in their Security Culture Hangout! Each is an information security expert and active proponent of information security and privacy training and awareness raising. We discussed privacy and challenges around how to deal with privacy issues from a security culture perspective. You can see the episode here.

Questions? Topics?

Do you have any topics you'd like to see me discuss on the Great Day KCWI morning show? Or, any you'd like for me to answer in my next monthly Privacy Professor Tips? Please let me know by sending an email!

Need Help?

If you need any help with information security or privacy training and awareness, or if you must comply with HIPAA and need help (especially important now that the Omnibus Rule has gone into effect), please check out my SIMBUS site (http://www.hipaacompliance.org) or get in touch with me; I would love to help you!

You Have My Permission to Share

I receive a lot of requests to repurpose the information contained in these Tips messages, so I wanted to drop a quick note in here to say, "Yes, I approve!" Feel free to forward this in its entirety to others. If you want to use only excerpts, then please use the following attribution so that others will know where to find me if they have additional questions about the material you pass along. **NOTE: This permission for excerpts does not extend to the images in this email. These are all my personally taken and owned photos. If you want to use them, contact me.

Source: Rebecca Herold (a.k.a. The Privacy Professor), privacyguidance.com, rebeccaherold@rebeccaherold.com

There's a buzz in the air here in Des Moines, Iowa. As I write this, there is a light snow falling on top of the gentle two inches that dropped overnight. It's the perfect way to ring in the start of the holiday season.

We're also celebrating the many things we are thankful for, among which are my two sons. These are their "baby's first Christmas" photos.

I hope the weather is equally as enjoyable where you are and doesn't threaten your travel plans. Wherever they may take you, stay safe, aware and enjoy that boost of joyful energy that comes from reconnecting with family and friends.

See you next month!

Rebecca

To view previous months' tips, click here.

Rebecca Herold, CISSP, CIPM, CIPP/US, CIPT, CISM, CISA, FLMI

The Privacy Professor�
Rebecca Herold & Associates, LLC
Mobile: 515.491.1564

Email me

Follow me on Twitter
Check out my blog

Compliance Helper solutions

Visit my website