Privacy and Security Advocates Empty the Bench
This time of year in the U.S. is all about the prospect of the big basketball win. Underdogs surviving on lucky seasons and passionate hearts battle it out with heralded players on championship-bound teams. Coaching careers are made (and lost). Longtime devotees cheer on their teams, as casual fans become fanatics overnight.
It's a 'madness' those of us in privacy and security circles dream of inspiring for our collective mission. In the intense hopes of nurturing privacy and security fanatics, we battle it out with the news of the day or the innovation of the week, working toward the big win - awareness.
The past few weeks, we've come away with a winning record. Apple's epic clash with the U.S. government has propelled consumer awareness of the privacy and security threats they face to arguably the highest levels yet.
Read on to learn more about the issues opening the eyes of future privacy and security fanatics...  

I hope you enjoy the images in this month's Tips message, many of which come from The New York Public Library Digital Collections. 
The Full Court Press on Encryption & Other Security Technologies
U.S. government's demand for a back door (finally) gets attention
The pursuit of a method to break encryption in the name of homeland security has long been on the radar of privacy and security advocates. (Remember the Clipper Chip initiative in the 1990's? Thankfully it was defeated.) In recent weeks, however, Apple's fight against the development of such a method has made aware millions of consumers.
That awareness will only increase this week, as Apple goes before the U.S. House of Representatives. The company will explain why it will not comply with a court order to build a system capable of breaking the security of a deceased terrorist's iPhone operating system (and 10 million others just like it). 
Technology companies must not be forced to create hacking tools. Period. The precedent it would create has the potential to lead the U.S. down a destructive road.
We discussed this very topic during Monday's Great Day KCWI morning show broadcast. Watch the brief segment and then drop me a note. I'm curious to hear what you think of the debate.

Can Tech Giants Box Out?
Facebook, Twitter and others scrutinized by anti-terrorism agencies
Some tech companies appear to be voluntarily breaking encryption for purposes unknown (but perhaps related to pressure from U.S. agencies).
Facebook, for example, recently made changes that disabled an effective encryption tool. Crypter, which had offered users a secure way to communicate with their Facebook friends, can no longer be used to code conversations on Facebook.  
The timing of Facebook's changes is interesting, given the U.S. Department of Homeland Security's latest initiative. At the urging of Congress, the agency is building tools to more aggressively examine the social media accounts of all visa applicants and those seeking asylum or refugee status in the United States. 

Watch the Screen!
A round-up of must-know risks... thanks to the Tips reader community
Your child's identity is a hot commodity.
The likelihood of identity theft of those under 18 is 51 times higher than it is for adults. Thanks to my friend Mich Kabay for the pointer to this article talking through what you can do to protect your kids.
What Facebook can now do with images.
Facebook is using its photo-tagging technology to create incredibly detailed maps of where you live. Lisa Brownlee shared this article about the tech company's ability to easily identify man-made structures. Thanks, Lisa!
"Puppy" chewing holes in your defenses.
Ever considered that snazzy new 'smart' gadget to be like a brand new puppy? Brian Krebs draws the parallels in this article encouraging consumers to change their default passwords on connected devices and appliances. Thanks for the pointer, Alec Bass!
Before you say 'yes' to that discount.
Insurance firms are offering discounts for your data. But, be careful before you opt-in. Ask questions about how they will use the data and with whom they will share it. It's something Ireland's Data Protection Commissioner Helen Dixon is urging her country's citizens to do.
Your whereabouts tracked, logged and sold. 
Speaking of cars, how about those cameras snapping photos of your license plate? Curious what the cameras' owners may be doing with all the images they gather? Check out this troubling article about one private company that has captured more than 2 billion license plate photos and is selling them to law enforcement. 

It's a Slam Dunk for Crooks at the ATM
Hackers exploit lonely cash machines
Although most carry it less than we used to, cash continues to be in high demand. Some are even turning to cash to lessen their risk of credit and debit card theft. Ironically, we typically need our plastic to access that cash, and we do so from a connected device.
I'm referring, of course, to the ATM, which has become a playground for all manner of thieves, from low-level thugs to crime ring players.
Threats at the ATM are as varied as the perpetrators. They can come from the keypad, the camera or a look-alike piece of hardware attached to the machine by a crook. They can even come from the cables plugged into the machine.
When you spot something fishy at an ATM, move on to the next one. If possible, choose a unit located in densely populated or high-traffic area, as these tend to be less vulnerable to the hijinks of thieves. 

My Very Own Scammer Pump Fakes 
How I catch tricksters in the act
I've set up several accounts, a dedicated a phone line and a special computer all to chatch catching phishers, scammers and other shady characters up to no good. Often, I get the opportunity to stretch my acting muscles as I play along to see how far they will go with me.

Phishing phone calls during which I get to "play victim" are another delight of mine. In February, I received a bunch of calls from an individual claiming to be Officer John Coskin. He said there was an arrest warrant for me for tax fraud. He just kept calling, seventeen times in total. If you're curious what these calls sound like, take a listen of this recording I made.

It's important to know the police aren't going to call you out of the blue. Nor are they going to ask you when you answer their call to phone them back. If they have a legitimate arrest warrant, chances are pretty good they'll visit you in person. 

Emails, too, make me happy, as I get the chance to expose the scammer's tricks before they claim more victims. 
Here's an example of the types of phishing emails I receive on a daily basis. Because a large number of people use Box and other free data sharing sites, I'm sharing this particular one with you in the hopes you will immediately delete anything similar that populates your inbox. Don't click it!
2016 International Data Privacy Day
Another successful event draws global attention
Passionate advocates of data privacy and security from around the world celebrated this year on January 28, 2016. Here are just a few of the ways:

What They're Saying
Readers share how they use Tips
Thank you, Syed S. for your note letting us know how you use the monthly Tips message in you internal security and privacy awareness activities:
I am trying my best to promote privacy. Early next month, I am planning to initiate an "Information Security & Privacy campaign," and your tips will definitely help.
Reader Question    

I'm getting ready to throw out my old Wi-Fi printer. Do those retain any personal data? Do I have to be careful about what I do with it?

What a great question! Yes. You need to be careful, as these types of printers (as well as copiers, scanners and fax machines) typically have disk storage and random access memory. Here are some things you should consider doing:
  • Delete all data from the printer's hard drive (Check with the manufacturer, dealer or servicing company for options, as many offer their own services that will remove the hard drive and return it to you for retention or disposal).
  • Reset the printer to its factory default settings.
  • Take the device to destruction services provider (Search for "secure electronic waste disposal" to find providers in your area.)

Privacy Professor In the News

Media cover privacy and security concerns 

It's my great pleasure to provide writers, reporters and bloggers with insight on privacy and security whenever possible. Here are a few recent articles for which I've been happy to provide commentary:

Privacy Professor On the Road & On the Air

On the road again 

One of my favorite things to do is visit with leaders in different industries - healthcare to energy and beyond. Below is a schedule of where I'll be over the next few months.
April 30 - May 1: (Live Presentation) 2-day workshop, "Creating a Privacy Program using ISACA's Privacy Principles," ISACA, New Orleans

Taking to the air waves

The Great Day KCWI 23 Morning Show regularly covers privacy and security tips with their guest, the Privacy Professor! Each is a brief 10-15 minutes and covers topics ranging from insider theft to connected vehicles. Check out this online library to watch recent episodes. I will be visiting in-studio again sometime in March. 

Questions? Topics?

Have a topic I should discuss on the Great Day KCWI morning show? Or, a question I can answer in my next monthly Tips? Let me know!

Here I am in the 8th grade, going for the left-side layup!

I hope you have a great time with friends, family and colleagues during this month's fanatical celebration of the sport of basketball. 

Just remember to keep your head during what is sure to be another season of March Madness! (International friends, if you've not heard this term before, a quick search should yield a good explanation.)

Wishing you a safe and secure spring... it's just around the corner!
Rebecca Herold
The Privacy Professor
Need Help?

Permission to Share

Want to repurpose the information contained in this Tips? Yes, please forward in its entirety. 

If you prefer to use only excerpts, please use this attribution:

Source: Rebecca Herold, Founder, The Privacy Professor®,,,, 

NOTE: Permission for excerpts does not extend to images; some of which are my own personal photos. If you want to use them, contact me.