Stay Educated When Entering a New Chapter

 

Chances are excellent you know a young (or maybe even tenured) person about to graduate. Perhaps you are lucky to know a preschooler headed for that scary new frontier known as kindergarten. Maybe you're celebrating the last college tuition check with a grown child about to take on the world. You may be even be congratulating a hard-working academic finally able to add "PhD" behind his name.

 

greyscale-graduates.jpg
 

Graduation symbolizes the next chapter in a life and illuminates new opportunities to shine. Staying educated and safe as we enter that new chapter or usher others through it is paramount. Read on to learn more about how to do exactly that. 


 

Hackers hack. Watch your back.  

 

There are many criminals who see a fairly easy way to make quick money through online crime. And those are who we hear about most often.  However, the world is also full of rebels - individuals intent on going against the grain. Sometimes they do it to bring awareness, other times they do it just because they can. We've seen a lot of this happening in cybersecurity recently. Hackers hacking just because. Others doing so behind the guise of justice. Still others truly attempting to shine a light on a problem.

 

Even with the best of intentions, however, there are consequences. Take, for instance, the hacker or hackers who exposed the private spaces of consumers who had failed to change the default passwords on home video monitors. Although a website statement said they did it to "give awareness of technical security problems around private life," the hackers ended up acting like hypocrites.


 

They violated the privacy of those whose intimate spaces they put online in the name of pointing out a security problem; how many of those people whose baby rooms and intimate living quarters they live-streamed then had other bad things happen to them? There were other ways they could have let them know about the security problem. Before acting, even with good intent, everyone needs to consider the potential harm to those involved.
 

 

When we see someone making an honest, naive mistake with their security, it's most responsible to take concerns to them privately. Sincere education trumps public humiliation any day of the week, and we can't allow it to become okay to sacrifice privacy in the name of security awareness.

 

We talked about this very topic on my latest visit to the Great Day morning show in April. Have a listen. It was also one of several pointers in my recent talk at Purdue University. Access the recording of that talk here.   

 

Your location: shared 5,398 times 

 

Magnetic compass standing upright on a world map conceptual of global travel tourism and exploration with copyspace A Carnegie Mellon University computer scientist recently studied how much the average mobile app user really knows about the rampant sharing of personal data. The study also looked at the impact this knowledge would have on behavior - in other words, how many people would chose to change app settings on their smartphones after learning how much data that app is collecting?

 

Twenty-four Android users were shown which apps were accessing their data and how often. One user, for instance, found his location data had been shared 5,398 times by 10 apps within 14 days. Just one of these apps, Groupon, checked in on the user's whereabouts 1,600 times over that 2-week window.

 

Fifty-eight percent of the study participants took action, specifically changing their app settings, upon learning of this rampant sharing of personal details. The other 40 percent, likely representative of the rest of the world, did nothing. That's probably because apps don't often allow users to pick and choose the data they are willing to share. 

 

As John Zorabedian wrote on Sophos' Naked Security, "...without the ability to change app permissions on a granular level, users are left with little choice - you can either use the app or not."

 

The next time you are tempted to download an app, pay careful attention to the permissions screen. Are you willing... really... to share the information they want with potentially hundreds or thousands of others, to use as they want? Is the reward that app promises worth the risk?


 
 

What you wear to work

 

Dress code or not, mini controversies about wardrobe seem to creep up in the workplace. Someone dresses too casual or doesn't cover up enough. Another person wears inappropriate shoes or a T-shirt with an off-color saying. Today, those controversies are extending to wearable devices, such as smart glasses and watches.

 

As I wrote in a recent blog post, those wearables not only create privacy and security risks through the wide range of video and audio surveillance capabilities many have; but also through their wireless connectivity to networks and other types of smart devices. This creates dangerous pathways to valuable data.

 

Have you established information security and privacy policies for the use of wearable computing devices within your organization? You may not want to wait much longer to do so. One in every five Americans already owns and uses some type of wearable device.

 

For more on the challenges businesses are struggling with for their always-connected employees, read my recent Dell blog post, "Look backward to get future-ready for BYOD."


 

Shot of a bald african businessman working on laptop computer in office. Young web designer sitting at his desk working.
 

 

Does someone have access to your email?


Here's a good site to visit to see if hackers have gotten access to your email address: 


 

haveibeenpwned.com


 

 

Tax scams aren't over yet

 

It'd be easy to believe IRS and other tax-related scams would begin to die off after April 15, 2015, tax day in the U.S. But, it's quite the opposite. Playing on the fact most Americans have already filed, scammers fool victims into believing their fraudulent call is legit.

 

Here is a round up of some common pre- and post-tax day scams:

 

 

Get to know these women 

 

Did you know March was Women's History Month? If you didn't, you're not alone. Sadly, it doesn't garner much press.

 

To do my part in celebrating, I rounded up some of the most overlooked women in tech innovation history. Below are quick pointers to just a few. Get to know more of them here.  

  • Hedy Lamarr was a pioneer of wireless communications. She had a patent for a "Secret Communications System" in 1941, yet it wasn't actually used until the Cuban Missile Crisis. Wi-Fi is a pretty significant innovation in the evolution of all things digital, yet very few are aware of Ms. Lamarr's contributions.
     
  • Evelyn Boyd Granville developed computer programs that were used for trajectory analysis in the Mercury Project (the first U.S. manned mission in space) and in the Apollo Project (which sent U.S. astronauts to the moon). Her computer coding innovations supported our early space travel!
     
  • Judy Malloy wrote and programmed the first hypertext novel, "Uncle Roger," in 1986. However, history credits Michael Joyce with doing this...a year after Malloy had already done it.

   

Ransomware going nowhere 

 

Cheerful students throwing graduation caps in the Air Ransomware, malicious software that blocks computer access until a sum of money is paid, appears here to stay, and in fact, is spreading quickly. Its list of victims is growing. So much so that it recently (and boldly) added police departments to that mounting listAnd most of the police departments are paying the crooks the ransom demanded...because they have not had recent backups of the files taken hostage!

 

So what can you do if a ransomware artist comes a calling? Hope he or she is using CoinVault ransomware. That's because anti-virus maker Kaspersky has released a fix for those victimized by this "horrible piece of malware."

 

The best way to avoid becoming a victim in the first place is to follow these steps recommended by the FBI:

  • Update your antivirus software.
  • Enable automated OS and web browser patches.
  • Use strong and varied passwords.
  • Install a pop-up blocker.
  • Only download software, especially free software, from sites you know and trust.
  • Don't open attachments or click on links in unsolicited e-mails, even if they come from people in your contact list. Close out the e-mail and go to the organization's website directly.
  • Use the same precautions on your mobile phone.
  • Conduct regular system back-ups and store the backed-up data offline.
I also recently provided advice about protecting against ransomware on my blog, and I will be speaking about it during my next Great Day KCWI 23 appearance on May 4. Please tune in; and let me know if you have any topics you'd like for me to cover on future shows!

 

Privacy Professor on the News...

My next visits to the Great Day KCWI Morning Show have been scheduled. Please be sure to tune in Monday, May 4 at 8:20 am and Monday, May 18 at 8:20 am. 

I was so happy to talk with Marcus Ranum of the TechTarget network last month. We discussed service level agreements and why senior managers should be taking a lot more action.


 

I also really enjoyed visiting the campus of Purdue University on April 8 to deliver the CERIAS Symposium talk, " Privacy Potpourri: Changing Privacy from the Bottom Up." The talk covered a wide range of topics from the importance of engineers actively identifying and mitigating privacy risks to methods of building in privacy protections and controls. My sincere thanks to Dr. Gene Spafford for inviting me over to do the talk! 

  

... and on the Road

I have a growing list of presentation and training events confirmed. Here is the public event where I will be next. Stop by and say hello if you'll be in the area.

  

August 25: I will teach a class on how to perform a privacy impact assessmentand implementing Privacy by Design within organizations at Data Privacy Asia, Singapore


 

Reader Questions

 

I was grateful for your tips on securing my home Wi-Fi, but I have a few follow up questions. You recommended using "WPA2 Encryption." How can I tell what I'm currently using?

 

Great question! Click on the "Properties" of your wireless connection icon; on a Windows machine is typically found in the lower right portion of your screen.  It will show the type of encryption that is in place.

 

You also said to make sure all wireless access points, like printers, are secured. How can I tell if my printer is secure? When setting it up to my home WiFi, I have to use the network password. 

 

Typically the password that is requested is for the WiFi router you are using, not the printer itself. You can click on or go to "Devices and Printers" and click on the Properties for your printer. Then go to Security and then set your permissions there to only allow the computers within your house to connect to and use the printer.

 

I will answer more of this reader's questions in next month's Tips. 

 

 

 

 

 

Questions? Topics?

Do you have any topics you'd like to see me discuss on the Great Day KCWI morning show? Or, any you'd like for me to answer in my next monthly Privacy Professor Tips? Please let me know by sending an emailI've also just added some easy to use "?" buttons on my sites you can use! See here and here.


 
 

Need Help?

 

If you need any help with information security or privacy training and awarenesssecurity or privacy activities, or if you must comply with HIPAA and need help (especially important now that the Department of Health and Human Services, as well as all the State Attorneys General are increasing their compliance reviews, and fines/penalties), please check out my SIMBUS site (http://www.hipaacompliance.org) or get in touch with me; I would love to help you!

  

You Have My Permission to Share

 

I receive a lot of requests to repurpose the information contained in these Tips messages, so I wanted to drop a quick note in here to say, "Yes, I approve!" Feel free to forward this in its entirety to others. If you want to use only excerpts, then please use the following attribution so that others will know where to find me if they have additional questions about the material you pass along. **NOTE: This permission for excerpts does not extend to the images in this email. One of the photos is my personal photo. For the others, we have paid for their use only within this tips message, which you can forward within this message, but cannot remove and use elsewhere. If you want to use them, contact me.

 

Source: Rebecca Herold, Founder,The Privacy Professor�, privacyprofessor.org, privacyguidance.comrebeccaherold@rebeccaherold.com 
   



  

My parents and I on our way to receive my bachelors' degrees in Math and Computer Science


 

Enjoy spending time with and soaking up the energy of the graduates in your life. 


 

Get inspired by that page-turning life stage. Ask yourself, "What's next for me?" And then go after it with gusto. 


 

See you next month!


 

Rebecca
Rebecca Herold, CISSP, CIPM, CIPP/US, CIPT, CISM, CISA, FLMI 
The Privacy Professor�
Rebecca Herold & Associates, LLC
Mobile: 515.491.1564   

Email me

Follow me on Twitter
Check out my blog
SIMBUS
 Information Security and Privacy Solutions (www.HIPAACompliance.org and more sites coming in 2015)
  

Logo