Curiosity Will Grow If Nurtured

 

Data breaches, phishing scams and high-profile email "scandals" in the political world have shone a much-needed spotlight on privacy and data security issues. Consumers are beginning to pay closer attention to the threats and vulnerabilities posed by new technologies and expanded connectivity.

 

Image of female farmer sowing seed of squash in the garden   

 

As the natural world around us begins to wake from its wintry rest, let's commit to helping sow the seeds of privacy and data security awareness. Take advantage of the increased curiosity to further educate your peers, colleagues, friends and family.

 

Read on for a few pointers that may get you started. 

Sleep. Creep. Leap. 

The Internet of Things (IoT) was the topic of my latest visit to the Great Day Morning Show. It's a $1.6 trillion... yes trillion... market, so it's no wonder new products are springing up. Some of the things we chat about include:

  • Samsung smart TV, which can listen to your private conversations, as well as record and transmit images. All uploaded to the cloud, the media data is analyzed by Samsung and potentially others. In the last few months, Samsung has made some changes to help consumers better understand how to turn off the recording when they don't really need it.
  • Amazon Echo, a new music system and virtual assistant for the home, which is also listening, collecting, analyzing (i.e. learning about your and your household's activities, likes and dislikes, etc.) and sharing what it hears.
  • USB chargers, which open people up to "juice jacking." This is when malware jumps from your computer to your tablet, smartphone or whatever device you're hoping to charge (including electronic cigarettes).

Now, if you think your connected devices don't need to be secured because "no one cares about hacking little old me," check this out. The article details how hackers very easily and inexpensively find unsecured connected devises, and they don't care to whom they belong. 

So Many Weeds, So Little Thyme 

Cozy home garden with herbs - rosemary sage basil thyme and oregano We ran out of time on Great Day before I got a chance to mention one of the creepier Internet of Things (IoT) reportedly soon to hit the market - the Hello Barbie.

 

Equipped with voice-recognition software, this new toy from Mattel will "listen" to children speak and even give content-appropriate responses. And how does it do that, you may wonder? Here's how the Washington Post explains it:

 

...audio recordings travel over the Web to a server where the snippets of speech are recognized and processed. That information is used to help form Hello Barbie's responses.

 

So there you have it. The doll is actually listening to the child (and anyone else within range), collecting and transmitting the audio files to what is most likely a third party, and then using that data to "get to know" our kids. Most concerning is the doll - with all of its potential influence on its tiny real-life owners - can say or ask anything Mattel (or criminals hacking into Mattel's or associated third-party's systems) wants to.

 

The toy is still in development, but I've no doubt it will soon be bound for toy stores all over the world. We can only hope Mattel's engineers are working just as diligently on Hello Barbie's security as I'm sure they are on her marketing. 


 
 

And the Breach Weeds Continue to Grow...  

Have you ever used Uber? If you have, it is very possible your Uber ID/password is being sold by criminals and purchased by yet other criminals.


 
What should you do? Change your Uber passwords (make sure you create strong passwords) and look closely at the statements for the cards you used to pay Uber.


 
Even if they claim to have "no evidence" of a breach, it doesn't mean they haven't been breached (many breaches leave no evidence). Thanks to my friend Gal Shpantzer for pointing out this incident to me.  

 

How Does Your Personal Information Garden Grow?  

Speaking of the things we do and say being tracked...

 

...many of us actually turn a blind eye to the fact our private information is being, as this Australian reporter puts it, furiously scooped up by corporations, governments and others. Why? Because we see it as a harmless tradeoff for whatever convenience or bit of entertainment we get in return.

 

However, as this video details [at 2:50], more consumers are becoming aware of exactly what that tradeoff entails. And they're coming to it through social experiments like the one conducted in Australia.

 

A reporter arranged for baristas to behave like an online app. After taking the java order, the baristas asked their customers to give them details like their home addresses or their last four text messages. The coffee buyers were super uncomfortable.

 

As we see in the video, the sharing of private information is no longer viewed as a harmless tradeoff when put in the faces of consumers. It's viewed with skepticism and dismay, just as some may argue, it always should be. The other day, a friend told me the fast-food restaurant chain app she downloaded asked for access to her camera and all the photos and videos stored on it!

 

The takeaway? Pay closer attention to the information your new apps are asking to access. If something throws up a red flag, investigateOr simply don't install the app. 

 

Live for Today. Plant for Tomorrow. 

Pepper plant seeds in the hand of a young African-American girl. Although the U.S. government has been somewhat mum on its post-Edward Snoden collection of private individuals' information, President Obama is making strides with regard to protecting consumers when their information is breached.

 

Specifically, Obama has proposed the Data Security and Breach Notification Act of 2015, which would require entities that collect and maintain consumers' personal information to secure that information. As well, the law would require breached entities to provide notice to affected individuals.

 

Today, at least 50 different states and U.S. territories have different breach notification laws, and very few have specific data security laws in place. This would be the first law of its kind in the U.S., set at a national level, and capable of setting a standard across geographies and industries. 

   

I'd Rather Be Gardening

We can never have too many reminders about protecting ourselves from digital threats. What follows is a round up of quick-hit tips to keep you and the people important to you safe online, in your email and on social networks.

 

Fake Microsoft tech support scammer threatens to cut up victim, toss pieces into river: In a new twist on an old threat, phishing criminals are increasingly taking their craft old-school. When victims don't succumb as easily as others, they may threaten violence.

 

Spear-phishing could enable cyberterrorism attacks against the U.S. (and other countries): Because spear-phishing relies on what appear to be personal emails sent to a specific individuals, this article contends groups like ISIS, which recruit members from Western countries, will soon gain the ability to conduct effective spear-phishing attacks.

 

But spear-phishing isn't only targeted at the ulta-connected or high-powered. Recently, a friend of mine received a phishing email that appeared to be from the EZ Pass toll way organization. Although she lives in Iowa where there are no EZ Pass toll ways, she had just visited Florida and thought perhaps this phishing email was in some way targeting her. Stranger things have happened.

 

What you need to know about Instagram privacy settings: This article does a great job illustrating the geo-location threats that come from Instagram (and really any social app that collects and broadcasts your location along with your content). It also takes the extra step of letting readers know how they can change their settings to prevent automatic posting of location details.

 

How to find out if someone is using your or your child's images online: We've all heard the horror stories about cat-fishing "moms" who post pictures of their children in the hospital or suffering the effects of chemotherapy. Come to find out, they are simply the lowest form of criminal, often without any children of their own, just looking to make a quick buck off of the generosity of others. If you suspect your child's photos could be used in a similar scam, read this article from my friend Mary Kay Hoal for tips on how to quickly scour the Internet for matching images.

 

Just a quick caveat, however: When you upload your images to check on their use, be aware that you may be creating a problem. Who knows how Google is, or may soon be, storing those images for future use. 

 

Multi-ethnic mother and daughter harvesting organic produce   
  

Don't Forget About the Technology Innovations Whose Seeds Were Sown by Women

Did you know March was Women's History Month? My most recent Dell blog post covers the many women whose accomplishments in technology have been largely overlooked. I welcome your thoughts on this post, and suggestions for upcoming blog topics.

 

Privacy Professor on the Air...

My next visits to the Great Day KCWI Morning Show have been scheduled. Please be sure to tune in on Friday, April 10, at 8:40 a.m. and Monday, April 20, at 7:20 a.m. central. To see my last appearance, check the station's YouTube channel
  

  

... and on the Road

I have a growing list of presentation and training events confirmed. Here is where I will be next. Stop by and say hello if you'll be in the area.

  

April 8: Speaking about privacy engineering at the Purdue University Center for Education and Research in Information Assurance and Security (CERIAS) Seminar, West Lafayette, IN.

 

 

 

Questions? Topics?

Do you have any topics you'd like to see me discuss on the Great Day KCWI morning show? Or, any you'd like for me to answer in my next monthly Privacy Professor Tips? Please let me know by sending an emailI've also just added some easy to use "?" buttons on my sites you can use! See here and here.


 
 

Need Help?

 

If you need any help with information security or privacy training and awarenesssecurity or privacy activities, or if you must comply with HIPAA and need help (especially important now that the Department of Health and Human Services, as well as all the State Attorneys General are increasing their compliance reviews, and fines/penalties), please check out my SIMBUS site (http://www.hipaacompliance.org) or get in touch with me; I would love to help you!

  

You Have My Permission to Share

 

I receive a lot of requests to repurpose the information contained in these Tips messages, so I wanted to drop a quick note in here to say, "Yes, I approve!" Feel free to forward this in its entirety to others. If you want to use only excerpts, then please use the following attribution so that others will know where to find me if they have additional questions about the material you pass along. **NOTE: This permission for excerpts does not extend to the images in this email. One of the photos is my personal photo. For the others, we have paid for their use only within this tips message, which you can forward within this message, but cannot remove and use elsewhere. If you want to use them, contact me.

 

Source: Rebecca Herold, Founder,The Privacy Professor®, privacyprofessor.org, privacyguidance.comrebeccaherold@rebeccaherold.com 
   



 


 
 Here I am standing by the row of tulips my mom tended each fall. I was in 7th grade.

 

Those flowers were one of the first signs of Spring and made each of us happy just to look at them. I wish you the same simple joys as you head into your own Springtime. 

 

Have a safe and healthy season and we'll talk next month!


 

Rebecca
Rebecca Herold, CISSP, CIPM, CIPP/US, CIPT, CISM, CISA, FLMI 
The Privacy Professor®
Rebecca Herold & Associates, LLC
Mobile: 515.491.1564   

Email me

Follow me on Twitter
Check out my blog
SIMBUS
 Information Security and Privacy Solutions (www.HIPAACompliance.org and more sites coming in 2015)
  

Logo