|
|
|
You Can't Have True Freedom if You Don't Have Privacy
This weekend, as we celebrate Independence Day in the U.S., we also acknowledge the sacrifices made to win and to maintain our freedoms. Such sacrifices are also made throughout the world, and the lessons apply everywhere.
Those of us passionate about data and security believe privacy does not have to be one of the sacrifices we make. Whether the trade off for safety is convenience or some other benefit, there are ways to achieve that end without sacrificing privacy.
Read on to learn more about the trade-offs facing us today.
|
|
Threat Roundup
Here are some pointers to a wide variety of privacy and information security threats recently in the news.
|
It Pays (in Ill-Gotten Gains) to be a Fraudster
If you've ever wondered why someone would go to the trouble of learning to become a ransomware fraudster, this fact may hold some answers for you: According to Trustwave, a standard ransomware campaign could earn an attacker a 1,425 percent return on investment (ROI). That's not a typo... one thousand, four hundred and twenty five percent!
The security company's report showed that with an investment of $5,900/month, these scammers can pull in as much as $90,000 in 30 short days... all with individual ransom demands of just $300 - $500.
Because people around the world and of all different walks of life value their time, most are happy to pay $300 - $500... even many U.S. police departments! And the fraudsters know this. They have intentionally set the dollar amount in this range to ensure its affordability. As well, they know that to make the investment worth the victim's time, it really has to work. (Kudos to my friend Sara Peters for writing the great articles referenced!)
Thanks also to my Facebook friend Debbie Mahler for pointing out the news of this ransomware ROI. Read my article from earlier this year to learn more about what to do if your computer is taken over by ransomeware.
It's Convenient, But Worth It?
Many consumers are attracted to the convenience of cloud-based password keeper sites and apps. Using these services, however, may not be a good idea for many (something I discussed on a Great Day morning show appearance some time ago). That's because they are not immune from hacking, and when their systems are compromised, users' passwords - and the information protected by them - are vulnerable if they are not strongly secured.
That's precisely what happened in June with LastPass, a cloud-based password manager service that disclosed it had been the target of a hack. Although Wired reported the incident exposed users' email addresses, encrypted master passwords, and the reminder words and phrases the service asks users to create, LastPass says master passwords and encrypted user vaults were not exposed.
What should you do if you use LastPass? First change your master password and set up the optional multifactor authentication LastPass offers. And, change your reminder words and phrases; if you don't, the crooks who have them may use them to get into your password vault. Be on the lookout for scammers who may pose as LastPass customer service agents. LastPass says "Never, ever disclose your master password or any confidential information, even to someone claiming to work for LastPass."
If you want to use one of the many cloud-based password management services, do your homework first. Most importantly, make sure they have strong security controls in place. You can check magazines for reviews to help you determine this, and do online searches to see if the service you're considering has had a breach in the past 1-2 years.
|
|
Your Face Tells a Story
 More than a year of negotiations to draft facial recognition guidelines has ceased. Privacy advocates and retailers had been working together to ensure face-scanning techniques and campaigns ultimately resulted in a win-win, but they have been unable to accomplish that goal.
Unwilling to let go of the potential "gold mine" that is facial recognition, for-profit companies are in hot pursuit of the technology to identify people coming to stores, restaurants... even walking down the street in front of their retail locations. Even churches are increasingly using facial recognition to know which parishioners attended and which slept in.
Some of the low-tech ways you may have thought about protecting ourselves are not working. According to ThinkProgess.org, "Blocking your face with your hand or hair won't keep you from being tagged in a Facebook post. The company's artificial intelligence lab cooked up an experimental algorithm that can recognize faces even when they're obscured."
Facebook is now able to identify a person with 83 percent accuracy even when they aren't facing a camera.
As summarized by this article in Fortune, facial recognition is allowing for a record of your physical actions in a digital world. The privacy implications are almost too numerous to count! This is a topic worth keeping an eye on.
|
Killer Robots No Longer Sci-Fi
If your face tells a story, your health records are a novel. According to the Wall Street Journal, we will generate 50 times more health information five years from today. Everything from our prescriptions to our DNA is being collected by a variety of sensors, scanners and other medical devices (some even implanted in our bodies). This doesn't even include the copious amounts of health data so many willingly turn over themselves by wearing fitness trackers. Because a great number of these instruments are "smart," their connection to the Internet makes them (and the people they are reporting on) incredibly vulnerable.
Even scarier than someone hacking into a pacemaker, for instance, is the idea that robotics used in medical procedures may also be exposed to hackers. A group of MIT researchers recently reported they were able to maliciously control a wide range of robot functions and even to completely ignore or override command inputs from the surgeon in their tests of a teleoperated surgical robot called Raven II.
On March 23, I discussed this incredibly compelling topic on a Great Day morning show visit. This month, I'm excited to be joining colleagues on a committee to plan topics and presentations for The Internet of Medical Things conference in Princeton, N.J.
For more on how societies and industries can ensure medical data security and privacy in meaningful ways, watch this conference session.
|
Bitcoin a Bit Unpredictable
Well, maybe more than a bit, but I just couldn't resist the headline. Many people are asking me for an expert opinion on digital currencies like Bitcoin these days. What I advise is it's too early to get involved in any financially significant way. At least I'm not willing to take the risk at this time.
 That's because there is still a lot we don't know, and as of today, digital currencies are not regulated or insured. So, if the "guardians" of the digital currency you decide to invest with close up shop, you're likely going to be out the money you invested. This was recently discussed in information provided by the FTC.
Another red flag is that criminals love Bitcoin - largely because it is anonymous and essentially allows them to launder money without doing any of the washing themselves. We see it in ransomware incidents all the time. The person holding your computer files ransom will send you his bill along with instructions on paying via Bitcoin... it's an instant removal of any paper trail (or shall I say digital trail?).
Of course there are proponents of digital currency. You can get some of that perspective here.
Whatever you decide, please do your homework. Consider the risks and benefits first, and then determine how much you are willing to lose if something does go wrong.
Bitcoin was a topic of a recent morning show appearance of mine. Have a listen here if it's something you're interested in learning more about.
|
Privacy Professor on the Road
I have a growing list of presentation and training events confirmed. Here are the public events where I will be next. Stop by and say hello if you'll be in the area.
July 13: I will be on Great Day at 7:20 a.m. CDT.
July 18: I will speak at the FBL Financial Group luncheon in Des Moines, Iowa.
November 9 - 11: I will deliver multiple sessions at the ISACA Euro CACS Conference in Copenhagen, Denmark
|
Questions? Topics?
Do you have any topics you'd like to see me discuss on the Great Day KCWI morning show? Or, any you'd like for me to answer in my next monthly Privacy Professor Tips? Please let me know by sending an email. I've also just added some easy to use "?" buttons on my sites you can use! See here and here.
Need Help?
If you need any help with...
... get in touch with me; I would love to help you!
You Have My Permission to Share
I receive a lot of requests to repurpose the information contained in these Tips messages, so I wanted to drop a quick note in here to say, "Yes, I approve!" Feel free to forward this in its entirety to others. If you want to use only excerpts, then please use the following attribution so that others will know where to find me if they have additional questions about the material you pass along. **NOTE: This permission for excerpts does not extend to the images in this email. One of the photos is my personal photo. For the others, we have paid for their use only within this tips message, which you can forward within this message, but cannot remove and use elsewhere. If you want to use them, contact me.
|
|
 My eldest son just graduated high school this year, and a world of possibility is before him. Celebrating the freedoms that will enable him to pursue his dreams is one of my favorite holidays of the year. It's a reminder many of us need of the sacrifices made to keep us safe, happy and free.
Privacy doesn't have to be one of these sacrifices. I believe this strongly and will continue to do my part to convince others of its truth!
Have a fabulous, safe July celebrating freedom, wherever you are!
See you next month,
Rebecca
|
|
|
|
|
|
|
|
Rebecca Herold, CISSP, CIPM, CIPP/US, CIPT, CISM, CISA, FLMI
The Privacy Professor�
Rebecca Herold & Associates, LLC
Mobile: 515.491.1564
|
|
|
|
