Celebrating #PrivacyAware Day in 2016

It's no coincidence Data Privacy Day is held during the first month of the year. The hope is to capitalize on all that energy and enthusiasm for improving, bettering and the turning over of new leaves.

What will you do to celebrate this international day of awareness on January 28, 2016? Drop me a note, as I always love to hear the creative ideas and meaningful activities of the world's privacy champions during this special time of year.

I hope you enjoy the photos in this month's Tips. Each came from my trip to Copenhagen in November.

Such a lovely city!

Internet of Things (IoT) Grows

What's ahead for IoT?

A look back at 2015 gives an idea of what we can expect in the months ahead. Here's just a few, recapped by IoT Analytics:

Fitbit went public and earned a 20-percent share increase in just its second day on the stock exchange.
U.S. government launched Smart Cities Initiative, putting $160 million toward the creation of IoT applications to collect data for better service of citizens.
Amazon's IaaS platform, its acquisition of startup 2lemetry and its language-processing product Amazon Echo suggests the tech company is getting serious about IoT.

With all this growth in IoT, the need for more privacy protections and better built-in security controls becomes even more important. You can see some of my recommendations in this article I wrote for Dell.

The Year of the Insider Threat?

Organizations must prioritize internal risk prevention in 2016

When it comes to data breaches, just 22 percent actually occur from outside theft, and 2015 saw many problems coming from "inside the house." (Take a look at this recap from Observeit.)

You may recall my pointers to an incident local to my home base within the Iowa Lottery. Although the matter has been adjudicated, and the mastermind employee behind the theft is going to jail, it's far from case closed. Investigators are now discovering the former security director for the lottery may have rigged jackpots in as many as 37 other states!

Check out my Great Day spot from this summer during which I explained how the security director may have committed these frauds.

It happens in healthcare, too.

In both big ways and small, knowingly and unknowingly, medical workers expose private information with increased frequency. Consider this dental assistant whose diagnosis was shared on Facebook by a patient care technician at the local hospital.

Interested in learning how you an prevent insider threats from becoming insider breaches? Here's a recording of a recent webinar you may enjoy. The 60-minute "Best Practices to Prevent Data Breaches in 2016" talks through methods for establishing a data protection plan, educating employees, enforcing basic security best practices and leveraging technology to prevent data breaches in 2016.

Government Access is Human Access

200 women victimized by government-employed cybercriminal

As the U.S. government continues to position itself for more access to more information, one of its employees (at the American embassy in London) proves just how dangerous that access can be. This guy targeted his victims, sorority women and aspiring models, and then hacked into and held their email accounts for ransom.

Cases like this underscore the fact governments are made up of human beings, and humans are fallible (some even malicious). So the next time it sounds like a good idea to allow governmental bodies access to personal, private information, keep in mind that very access will be given to potentially thousands of people, each of whom may have their own agenda.

Adventures in Scammer Tracking

My run-in with a relentless computer scammer team

From Nov. 27 to Dec. 9, 2015, I received nearly 250 fake computer support calls. It began when a scammer called to tell me I had a malicious malware file embedded in my computer that was going to "spread to everyone else in my neighborhood."

I played along, eventually telling him my Internet was down before he could get wise to my own spoof. He asked if he could call me back, and over the next nine days, I received almost 250 calls from the scammers trying to finish helping me "fix" my computer.

If you're interested in seeing the numbers from which these calls originated, I have them on my website. Feel free to share them far and wide so your friends, family members and colleagues can watch for them, as well.

2016's Hottest Breach Targets

Hotels and hospitals under attack

Hackers are after your information, and in 2016, they're going to have the easiest time getting it from hotels and hospitals.

Hospitals and other healthcare providers: In 2015, at least 55 healthcare providers were breached, exposing the personal data of more than 110 million Americans. Stay tuned for an infographic I'll release in January (just in time for Data Privacy Day!). It will walk through the increased vulnerability of medical data.

Hotels, resorts and other travel destinations: Just in the last quarter of 2015, Hilton Worldwide, Starwood Hotels & Resorts, Trump Hotel Collection and Hyatt announced security breaches exposing customer information from thousands of locations.

How Much Strangers Can Learn About Your Kids

Amount of children's data collected is 'astonishing'

In school, in public, even at home, kids are leaving behind a trail of data that is increasingly valuable to all manner of individuals and organizations. According to the Parent Coalition for Student Privacy, information about your children's behavior and nearly everything else that a school or state agency knows about them is being tracked, profiled and potentially shared.

Smart toys and online sites catering to children are two other battlegrounds for privacy advocates. They point to these two recent incidents to support their calls for increased privacy and security controls to protect young people:

3.3 million Hello Kitty fans exposed in database leak

VTech hack: Data of 6.4M kids exposed

So what are the crooks after when they target kids' information? Birthdates and home addresses, in particular, can be used for identity fraud, in phishing attacks and to gain access to other websites with additional information. Photos of children are also extremely valuable to underground websites selling or coordinating deplorable services, including kidnapping and abductions.

Privacy Professor In the News

Media cover privacy and security concerns

It's my great pleasure to provide writers, reporters and bloggers with insight on privacy and security whenever possible. Here are a few recent articles for which I've been happy to provide commentary:

CISA added to budget omnibus, with privacy protection stripped

Experts: Lawmakers don't understand encryption backdoor problems

How physicians can do no harm using social media

With 2015 Cybersecurity Challenges in the Rearview, 2016 Presents New Opportunities

Pen mightier than the sword

Organizations regularly ask me to contribute articles. Here are a few of the more recent ones I hope you'll enjoy:

Cybersecurity Wishes 2015: Rebecca Herold

How to Avoid 3 HIPAA Compliance Missteps

Tech support call scams becoming more aggressive

Women in STEM: Take the lead to secure a path for the future

Privacy Professor On the Road & On the Air

On the road again

One of my favorite things to do is visit with leaders in different industries - healthcare to energy and beyond. Below is a recording of a recent talk and a schedule of where I'll be over the next few months.

My talk on the need for more privacy controls at Purdue University for their CERIAS program is available on my YouTube channel.

January 15: (Live Presentation) IEEE Par 1912 Privacy and Security Architecture for Consumer Wireless Devices Working Group Meeting, Piscataway, New Jersey

January 21: (Webinar) Internet of Medical Things: 2016, The Year Ahead, 1 p.m. EST

February 15 & 16: (Two Live Privacy & Security Workshops) Alaska Surveying & Mapping Conference, Anchorage, Alaska

March 22 & 23: (Training) IAPP class for CIPM certification, Chicago, Illinois

April 30 - May 1: (Live Presentation) 2-day workshop, "Creating a Privacy Program using ISACA's Privacy Principles," ISACA, New Orleans

May 2: (Live Presentation) PIA: Highway to Hell or Stairway to Heaven?

Taking to the air waves

The Great Day KCWI 23 Morning Show regularly covers privacy and security tips with their guest, the Privacy Professor! Each is a brief 10-15 minutes and covers topics ranging from insider theft to connected vehicles. Check out this online library to watch recent episodes. Below are upcoming in-studio visits.

January 28: Data Privacy Day

Questions? Topics?

Have a topic I should discuss on the Great Day KCWI morning show? Or, a question I can answer in my next monthly Tips? Let me know!

Are you feeling as energized about the possibilities of the new year as I am? Hold on to it tightly! The stresses of every day deadlines, errands and to-do's have a tendency to diminish that can-do spirit that so graciously comes around this time of year.

If there's anything I can do to help you hang on to that energy or to prioritize data privacy and security in 2016, please don't hesitate to get in touch!

Rebecca

Rebecca Herold

The Privacy Professor

Need Help?

If you need any help with...

information security or privacy training and awareness

HIPAA compliance

... get in touch, I'd love to assist!

Permission to Share

Want to repurpose the information contained in this Tips? Yes, please forward in its entirety.

If you prefer to use only excerpts, please use this attribution:

Source: Rebecca Herold, Founder, The Privacy Professor�, privacyprofessor.org, privacyguidance.com, [email protected]

NOTE: Permission for excerpts does not extend to images; some of which are my own personal photos. If you want to use them, contact me.

The Privacy Professor

Rebecca Herold & Associates, LLC

Mobile: 515.491.1564

[email protected]

www.privacyprofessor.org
www.SIMBUS360.com

www.HIPAACompliance.org

www.SIMBUSTracker.com

www.privacyguidance.com