Anticipating and Filling the Gap

Signs of summer's end are everywhere. School buses are chugging along; Halloween candy's in the aisles; flowers are fading in anticipation of the first frost.
 
As we wait for autumn blooms, there's always a bit of a gap in color. Savvy gardeners anticipate this and plant to fill that gap. Just the same, some people are working double time to anticipate and fill security and privacy gaps. Can you say the same?
 
Read on to learn about gaps that may exist in your personal and professional environments. 
Quiz: How Many Times Have You Been Exposed to Hackers?
If you do just one thing for privacy today, take this quiz. It'll raise your awareness (and maybe the hairs on your neck).  
 
If you do just two things for privacy today, take the quiz and change your passwords. Healthy password behavior happens with two simple rules: 
  1. Change passwords every few months (It's safe to jot them down if you lock them up!).
  2. Never use the same passwords for financial accounts as you use for social or email accounts. 
Doing Your Part... But Are Vendors?
20 percent of health data breaches affecting 500 or more have involved business associates

That's why I shared with Healthcare Info Security's Marianne Kolbasuk McGee the importance of getting expectations in writing, as well as establishing a vendor oversight plan.
 
Healthcare is not the only field with vendor risk. Consider including in your vendor contracts the right to audit, as well as a requirement for the vendor to provide a copy of its current information security policies and any recent risk assessments upon request. Need help? Let me know! 
 
Privacy Professor Vendor / Business Partner Security and Privacy Program Review 

Are There Security Vulnerabilities Inside Your Body?
Connected medical devices are vulnerable to attack

When people think of implanted medical devices, they're often worried about surgery or infection. But, there's another risk they don't often consider: the Internet of Things (IoT).
 
As more of these devices are connected to the Internet, carrying them comes with special risk. 
 
But who would want to hack into my medical device, you may ask.
 
Maybe no one. Or maybe someone with a vested interested in knowing intimate details (where you go, what time you wake, your heart rate during a certain day or time). Maybe it's someone seeking a gateway to your hospital's network. If hackers find a computing device to exploit to their benefit, they will; it doesn't matter how big or small the device, or even the purpose of the device.
 
 
A nefarious hacker who makes his way into a pacemaker or insulin pump could potentially do a lot more damage than one who makes it into your laptop or smartphone.
 
 Privacy Professor Talks Medical Device Privacy and Security

Are There Vulnerabilities in Your Garage? 
More than 3 million people have downloaded OnStar's mobile app. Are you one of them?

A researcher has advised drivers of General Motors vehicles to stop using the OnStar mobile app. In this video, he shows why. 
 
If compromised, the app gives access to information, such as the car's exact location, but also to functionality (like unlocking the car remotely). The manufacturer says it's fixed this problem, yet the researcher disagrees.
 
More organizations should consult with security experts. Beyond receiving the advice, they must also respond to it. 

One company doing exactly that is Anonos, which simplifies data access controls. Anonos recently added me as an advisor, and their leadership is intensely committed to reacting to guidance from its advisors. Very refreshing and something of which I'm thrilled to be a part.
 
Early Warnings about Windows 10
 
More reasons to let the kinks get worked out by others before downloading the latest software...

Windows 10 shares your Wi-Fi with contacts: Reportedly allows any of your Outlook, Skype and Hotmail contacts to use your Wi-Fi without a password. Some news outlets are downplaying the risks, but more recent reports support the initial concerns.

Your data won't be staying on your computer: Browser history, favorites, open/saved websites, Wi-Fi network names and passwords are synced to Microsoft servers by default. You must actively disable this by going into your settings. 
 
Advertisers know all about you: Generates a unique advertising ID for each user to create profiles for marketing. Of course, advertisers are using way more than Windows 10 for these purposes. Check out how it's happening on Facebook and how to stop it (thanks to Shelly Kramer for the pointer!). 
 
Already vulnerabilities are being discovered: In its first "Patch Tuesday" since the launch of Windows 10, Microsoft released 14 security updates. 
 
'Beware!' Roundup
 
 
A couple of warnings recently surfaced 

Mozilla issues quick fix for Firefox zero-day bug: An advertisement on a Russian news site served a Firefox exploit that searched for sensitive files and uploaded them to a Ukrainian server. (Thanks to my friends Anthony Freed and Joe Shook for this pointer!)
 
Google Photos still grabs your snaps, even after you delete the app: A good example of the ways in which app providers are collecting information behind the scenes. For more, check out this article about Google Timeline, which tracks your every move. 

 
Privacy Professor On the Road & On the Air
 
 
On the Road Again 

Here are three of the public events I'm scheduled to attend. Stop by if you'll be in the area.
 

October 10: I will give a keynote on privacy at 2nd Annual Los Angeles Cybersecurity Summit 2015 sponsored by IEEE and Loyola Marymount University in Los Angeles, California. 
 
October 20 - 22: I will be doing a variety of meetings at Dell World in Austin, Texas. 

November 9 - 11: I will deliver multiple sessions at the ISACA Euro CACS Conference in Copenhagen, Denmark. 
 
Taking to the Air Waves

The Great Day KCWI 23 Morning Show regularly covers privacy and security tips with their guest, the Privacy Professor! Each is a brief 10-15 minutes and covers topics ranging from insider theft to connected vehicles. Check out this online library to watch recent episodes. I will be appearing again on Monday, August 31, at 8:20 am CDT to discuss some current Facebook scams. 

Questions? Topics?

Have a topic I should discuss on the Great Day KCWI morning show? Or, a question I can answer in my next monthly Tips? Let me know!
  
 

Enjoy those flowers while they're still bright and beautiful! We'll plan to see you next month when the trees are turning and the autumn blooms are out. 

Stay forever safe and always aware,

Rebecca

Rebecca Herold
The Privacy Professor
Need Help?


Permission to Share

Want to repurpose the information contained in this Tips? Yes, please forward in its entirety. 

If you prefer to use only excerpts, please use this attribution:

Source: Rebecca Herold, Founder, The Privacy Professor�, privacyprofessor.org, privacyguidance.com, [email protected] 

NOTE: Permission for excerpts does not extend to images; these are my own personal photos of some of my flowers, as well as one from a friend. If you want to use them, contact me.
 
 
The Privacy Professor
Rebecca Herold & Associates, LLC
Mobile: 515.491.1564

Visit my blog   Follow me on Twitter