Don't Get Caught Alone
With Halloween approaching, you may be in the mood for a harmless fright or two. But that's no reason to drop your guard completely. And don't be afraid to use your community... it truly takes village to stay up on the latest privacy and security tricks and traps. Read on for information you may want to share with your friends and colleagues this fall. 

P.S. I hope you enjoy the photos of my kids and me in our Halloween costumes through the years. 
Who ya' gonna call?
Our very own phones are watching (and listening) 

Turns out the newest iPhones are configured to automatically record a constant stream of sound and video whenever the camera app is in use (even if it's not set to take a video!) Thanks to my friend Stephen S. for pointing out this intrusive little innovation of Apple's. 

Of course, it's not just the camera apps we need to worry about. Kim Komando examined seven others it calls the "worst apps that violate your privacy." They are:

Draw Something Free: Passes advertisers your phone number, call log, signal information, carrier and more.

Words With Friends: Same violations as Draw Something, plus it shares your location.
 
GO Locker: Sends your personal information to app stores, which often have malicious apps that steal your information.

GO Weather Forecast & Widgets: Same violations as GO Locker.

Camera360 Ultimate: Has the Baidu search engine (China's answer to Google) built in. Why? Komando says there's no good explanation.

Angry Birds: Both the NSA and British GCHQ used this app to snag user information from smartphones.

My Talking Tom: Sends the advertisers audio from the microphone. Komando put it best: "For a kids' game, that's creepy."


If there's something weird, and it don't look good
Messages to watch for now that Facebook has a "Dislike" button
 
"Download the official DISLIKE button now:" Don't do it! Once users have clicked this malicious link, it prompts them to download a rogue app that updates their Facebook pages with spam, and possibly worse types of malware.
 
"Take this survey for early access:" Don't do it! After agreeing to take the survey, criminals install malware on a user's computer and steal his or her private data.
 
One other thing to consider as the legitimate "Dislike" button comes on the scene is that clicking it may do more than signal your displeasure. According to USA Today (thanks William S for this pointer!), when a post reaches a certain number of dislikes, Facebook's algorithms may remove the post entirely
More Facebook specters
You may have seen evidence of a couple hoaxes on Facebook recently. As The Blaze reported, thousands of users have posted paragraph-long status updates in what they thought was an effort to protect their information. 

My oldest son at 6 years old as Mike from "Monster's, Inc."
If you're seeing things, running through your head 
Privacy policies must be accessible and clear

Antivirus software provider AVG is getting a decent amount of slack for selling users' browser histories to online advertisers. However, it is refreshing to see a company be so open about its business model and privacy policies. Thank you to my friend Christopher Burgess of  Red Folder for pointing this out!
 
TIME magazine recently published a round up of some of the best (and worst) privacy policies. If you're curious how your company's policy stacks up, have a look at the article
 
POLL QUESTION
There's an infamous breach incident I use to illustrate why it's so important for medical clinics to monitor their third-parties' security and privacy practices. It goes a little something like this: 

A hospital contractor had downloaded 34,000 unencrypted patients' files onto his personal laptop, which was then stolen from his car. Just like that, the clinic was facing thousands of dollars in fines and a sullied reputation!
 
 
Please take this poll, and I will share the results in next month's Tips message. No personal information will be collected when you participate in the poll.    
One of my sons... spoooooooky!
If there's something strange, in your neighborhood  
 
Lottery insider sentenced

You may recall the high-profile insider scheme that occurred in my neck of the woods: A Hot Lotto official... the Director of Security, no less... managed to rig a drawing to win millions of dollars.
 
There is now an update: The official was convicted and received two consecutive five-year prison terms.
 
It serves as a healthy warning to all organizations and wanna-be insiders alike. I've written more on the need for vigilance against insider threats in this recent blog post
 
I ain't 'fraid of no ghost  
 
Good excuse to watch a movie

Who doesn't love to go to the movies, especially this time of year with the spine-tingling, adrenaline-pumping scary films in the theaters? 

Well, did you know movies can serve another purpose this fall? You can actually use them to help raise privacy and security awareness. Quite a few films, including popular box office hits, contain story lines helpful for educating different groups on information security and privacy best practices.
 
Here are just a few to consider as you prepare your own training programs. More about why these films are well-suited to education can be found at on my blog post "Use Movies to Raise Privacy and Security Awareness."
  • "The Final Cut" (2004) with Robin Williams (Addresses privacy: a chip implanted in the brain records every moment of each person's life)
     
  • "The Billion Dollar Bubble" (1978) with James Woods (Addresses computer security: code is modified to create fake customers to boost company value)
     
  • "The Brave Little Toaster" (1987) and "The Brave Little Toaster to the Rescue" (1997) (Addresses the Internet of Things: appliances communicate with each other, share data and act autonomously)
Privacy Professor in the News
 
  • Mr. Heller also covered the proposed Cybersecurity Information Sharing Act, along with my impressions of the new version, in this TechTarget article.  

Privacy Professor On the Road & On the Air
  
 
On the Road Again 

Here are three of the public events I'm scheduled to attend. Stop by if you'll be in the area.

October 10: I will give a keynote on privacy at 2nd Annual Los Angeles Cybersecurity Summit 2015 sponsored by IEEE and Loyola Marymount University in Los Angeles, California. 
 
October 20 - 22: I will be doing a variety of meetings at Dell World in Austin, Texas. 

November 9 - 11: I will deliver multiple sessions at the ISACA Euro CACS Conference in Copenhagen, Denmark. 
 
Taking to the Air Waves

The Great Day KCWI 23 Morning Show regularly covers privacy and security tips with their guest, the Privacy Professor! Each is a brief 10-15 minutes and covers topics ranging from insider theft to connected vehicles. Check out this online library to watch recent episodes. 

I will be appearing again in October (date TBD) to discuss how the Volkswagen coding fraud occurred, as well as how it could have been prevented. 

Questions? Topics?

Have a topic I should discuss on the Great Day KCWI morning show? Or, a question I can answer in my next monthly Tips? Let me know!
 
My youngest son a few years ago (with what appear to be spooky eyes watching him in the dark).


candy_bucket.jpg
Your personal data is like a bag of valuable treats -- everyone is after it. Keep it close and be extra vigilent as you decide with whom to share!

Stay forever safe and always aware,

Rebecca

Rebecca Herold
The Privacy Professor
Need Help?


Permission to Share

Want to repurpose the information contained in this Tips? Yes, please forward in its entirety. 

If you prefer to use only excerpts, please use this attribution:

Source: Rebecca Herold, Founder, The Privacy Professor�, privacyprofessor.org, privacyguidance.com, rebeccaherold@rebeccaherold.com 

NOTE: Permission for excerpts does not extend to images; these are my own personal photos. If you want to use them, contact me.
 
 
The Privacy Professor
Rebecca Herold & Associates, LLC
Mobile: 515.491.1564

Visit my blog   Follow me on Twitter