The wind began to blow 
And shook the trees
Heads turned up in unison
Witnessing a season of change

I stumbled upon this, the beginning of a poem by Danielle Spencer, and it seemed so perfectly suited to our world today. Here in the northern hemisphere, we're experiencing fall weather. Around the world, we're entering an entirely new era - one in which data is the new currency, cybercrime the new weapon and privacy the new sacrificial lamb.
The upside of this global season of change is we are much more educated about threats to our security and privacy. Read, share and discuss what follows to continue building all-important awareness - the first step to enacting change.  
4 must-nots for fall
Don't throw your used airline ticket in a public trash can: Barcodes and QR codes can be scanned to reveal information about you.  
Don't insert an unknown USB into your device: They can have malware embedded that allows the USB to communicate with all kinds of malicious commands.
Don't fall for these 10 new phishing scams: Thanks to my friend Lisa Brownlee for shedding light on these emerging attacks.  
Don't follow your GPS blindly: Double check the route and destination before following your GPS' advice. 

Look for much more about drones and related privacy and safety issues in the coming months.

Drones fly the not-so-friendly skies
Citizens are not happy about flying intruders
With Walmart and Amazon going head to head in a battle to be the best at drone delivery services, more attention is being paid to these once futuristic flying machines. 

In addition to the legitimate safety concerns, here are a few privacy incidents showing the how the public reaction can be less than welcome when people feel spied-on:

The guy has a chip in his hand!
With data more valuable than money, gone are the days of pick pockets

Today, we're presented with the very real possibility that criminals will use chip implants to get up to their dastardly deeds. 

It's already being done, and this American engineer and former petty officer in the US Navy - himself with a computer chip in his hand - told the BBC why 

Facebook friended by yourself? 
Most of us have gotten a message from a social connection saying something like:
My account has been hacked. 
Please ignore any messages that appear to come from me.
But what many of these people don't realize is their account has not been "hacked." It's been duplicated , a serious form of identity theft. 

Often, fraudsters don't even need access to your account to pull this off. If your privacy settings allow them to view your content, they simply copy and paste. So how can you prevent it and what should you do if this happens to you? Check out this article for a few tips.

IS SOMEONE USING YOUR IMAGES? Check out Google's Search by Image(Be aware, however, Google has access to photos you upload to this tool. You may want to try other means if it's a particularly sensitive one). 
LinkedIn has historically had trouble with fake and counterfeit accounts, as well. Visit  this article from InfoSecurity Magazine to learn the truly remarkable and terrifying threat hiding behind some of these accounts (thanks to my friend Joe Shook for this pointer!) 

BEST PRACTICE TIP: I block my LinkedIn connections from seeing one another. That way, if I get fooled, it's only me exposed (vs. my entire contacts list).

Please take 30-seconds to answer this 1-question poll, and I will share the results in an upcoming Tips message. 

No personal information will be requested when you participate in the poll. 

NOTE: If you already answered this poll, THANK YOU! You will see the results to date if you click the link.

If you have not answered yet, please take this poll! I need to get around 100 more to participate, so you're participation is needed and will be much appreciated in helping me to reach the goal!   
Cops look for clues in your search history 
Think before you Google

Law enforcement are becoming increasingly dependent on browser search histories for "evidence" in criminal investigations and trials. Take this case, for example:
Unless you are using an anonymous browser (e.g. Control Shift N in Chrome), your search history is open for nearly anyone to view. The same is true for email and other digital communication, like chats and texts. 

An innocent coincidence, a series of events or some sort of criminal trend going on in your area can add a veil of suspicion to otherwise innocuous online activities. 
Keyless access leaves cars vulnerable   
Car technology designed to prevent theft may actually increase risk

More than 100 models of cars are at risk of theft thanks to hackable codes that allow fraudsters to produce fake keys. The revelation is courtesy of researchers in the Netherlands who were able to "listen" to the wireless communication between the car's key fob and its onboard transponder.  

Smart move by the U.S. government... 
Lawmakers thankfully say no to backdoor

Data security and privacy advocates are pleased as punch by the news the U.S. will not seek legislation to counter the encryption of communications. This is great news, as America is considered by some to be inadequate at privacy protection. We certainly do not need a government mandated backdoor to allow authorities the ability to decrypt at will. Read more of my thoughts in this ISACA Now Blog post.
Recently, the top court in Europe struck down data transfer rules between our two countries. For 15 years, European organizations have been relying on Safe Harbor rules to transfer personal data between the E.U. and the U.S.; they are now technically breaking the law. 

Learn more in this article I co-authored alongside Dave Shackleford for IANS.
...followed by what may be a not-so-smart move  
CISA passed by the U.S. Senate

I've had concerns with the U.S. Senate's Cybersecurity Information Sharing Act (CISA), specifically how it impacts both data security and privacy. It's something everyone needs to keep an eye on. The final version of this bill, and the subsequent law, could have significant impacts.

I've provided thoughts on the topic to Michael Heller at TechTarget several times throughout the year. In his latest article, we talk about the reconciliation of CISA with the House's Protecting Cyber Networks Act (PCNA) and National Cybersecurity Protection Advancement Act (NCPPA). 
Give it a read and then let me know of your thoughts. I'd love to hear them!
Privacy Professor On the Road & On the Air
On the Road Again 

Below are the public events I'm scheduled to attend. Stop by if you'll be in the area.

November 9 - 11: I will deliver multiple sessions at the ISACA Euro CACS Conference in Copenhagen, Denmark. 
Taking to the Air Waves

The Great Day KCWI 23 Morning Show regularly covers privacy and security tips with their guest, the Privacy Professor! Each is a brief 10-15 minutes and covers topics ranging from insider theft to connected vehicles. Check out this online library to watch recent episodes. 

I will tentatively be appearing again in November to discuss how to change the settings on some hot holiday gifts items to avoid huge invasions of your privacy.

Questions? Topics?

Have a topic I should discuss on the Great Day KCWI morning show? Or, a question I can answer in my next monthly Tips? Let me know!

My hope is you'll enjoy this season no matter where in the world you may find yourself. Whether your leaves are turning, the snow is falling or the heat is rising, immerse yourself in the moments. 

Stay forever safe and always aware,


Rebecca Herold
The Privacy Professor

Need Help?

Permission to Share

Want to repurpose the information contained in this Tips? Yes, please forward in its entirety. 

If you prefer to use only excerpts, please use this attribution:

Source: Rebecca Herold, Founder, The Privacy Professor®,,, 

NOTE: Permission for excerpts does not extend to images; these are my own personal photos. If you want to use them, contact me.
The Privacy Professor
Rebecca Herold & Associates, LLC
Mobile: 515.491.1564

Visit my blog   Follow me on Twitter