Catphished by our own gardens

April showers bring May flowers. They also bring weeds.

If you're anything like me, those weeds can be deceiving because some of them are quite beautiful. Especially here in the Midwestern U.S. where ditch weeds sprout gorgeous blooms between undulating food crops. It's become a part of the landscape we love.

Just as pretty weeds trick spring gardeners into leaving snarling roots in place, savvy fraudsters fool us with their look-alike scams. Similarly, well-intentioned government agencies and other entities convince us their actions won't strangle our privacy rights. We must know better.

Read on to become better adept at spotting the privacy and security "weeds" sprouting up in all the different facets of our lives.

That's not a flower! Each of the images below showcases a beautiful weed.
Can you name them?

U.S. Privacy Attitudes Impact Global Economy

The FBI's actions have far-reaching impact.

The FBI and its cracking of the iPhone is really impacting U.S. businesses, particularly those with international ties. Global companies are now requiring more assurances from their U.S. partners.

In the past, U.S. companies asked to delete the personal data of international consumers would simply delete the associated encryption key. Now, in various parts of the European Union (EU), concerned business leaders are saying, "But look at what the FBI did. It got to the data without an encryption key."

Naturally, these businesses now want the information itself - not just the encryption key - deleted permanently. That may sound easy, but in reality, it can be very costly and time-consuming.

Last year, the EU implemented the General Data Protection Regulation (GDPR) to replace the EU Data Protection Directive. The regs contain greatly expanded requirements for businesses in the U.S. and other countries. Among them is the "right to be forgotten," which demands a company permanently delete the records of consumers when receiving legitimate requests to do so. This will force companies to develop new processes and procedures, as well as implement new technology - something they may deem too expensive.

Has this already begun to impact the global economy? No doubt.

Stateside, you can see the concern about government access to encrypted files among social and tech companies. One example is WhatsApp, a Facebook owned messaging service, which recently implemented stepped-up encryption to reassure its one billion users their content is kept private - even from WhatsApp.

Your Data for Ransom

Prepare now to avoid paying later

Have you been hit by ransomware yet? If not, you may be soon. In fact, LA Times columnist Michael Hiltzik called 2016 the Year of Ransomware.

Among the concerns is how many people actually "give in" to their attackers. Here in the U.S., exactly half of ransomware victims have fulfilled their attackers' demands.

Businesses, too, are under a lot of stress as they face down the threat. Hollywood Presbyterian Medical Center recently paid $17,000 to get its data back from attackers. And they are far from alone. I've seen "Just pay it" advice come from even professional security firms.

Why is it so successful? Because it's simple and because it works. The hassle of "going around" the hacker to get their data is often more time-consuming and expensive for victims than simply paying the ransom.

But the ease of paying is exactly why you should not do it. If it continues to work, ransomware will only grow. There are several things you can do to avoid falling into the snare of ransomware:

Backup, backup, backup - If you have copies, you won't have to pay.
Purchase cybersecurity insurance (Ask me about how my SIMBUS 360 business provides this as an option.).
Don't fall for scam emails or text messages (Remember, all of your connected devices are vulnerable, even wearables.).
Make sure your security software is up to date.
Ask tough questions of your 3rd party business partners (here's a webinar recording to help you start those conversations).

Your Location Up for Grabs

You'd be surprised who knows where you are

Marketers, insurance companies, law enforcement, crooks, employers, romantic partners (just to name a few!) have huge stakes in knowing where you are and when. Getting that information is easier now than ever. As you'll see in the two examples below, sometimes you can stop it, sometimes you can't:

If you use Google's Waze, hackers can stalk you: This navigation app has a vulnerability that allows a computer to intercept communication between Google and its user. (Thanks for the pointer, Faith Heikkila!)

Glitch turns Kansas farm into digital hell : This one is scary. An IP mapping company, which assigned default geographical coordinates to thousands of masked IP addresses, created huge problems for the innocent family who lived at that location.

Protecting Your Child's Digital Reputation Should Be Easy

Facebook doesn't seem to agree


Look closely... you can see my son exploring all this little apple tree had to offer.

Just a few days ago, Parsons School of Design Associate Professor Dave Carroll got into a tense Twitter tussle with Facebook.

His beef? Facebook requires a notarized declaration of parenting rights before it will allow a mom, dad or guardian to opt a child out of their ads.

Carroll argues that an easy opt-out is the least Facebook should be doing with something as precious as a young person's image and reputation. What about an opt-in, he argues in this blog post recapping his experience.

How's Your Personal Data Hygiene?

4 easy ways to "clean up" your body of data

In a recent visit to the CW Iowa Live morning show, I shared some hygiene tips with viewers - personal data hygiene, that is. Here are a few of my pointers, mixed in with a few from others:

Use Spokeo or another similar type of site to become aware of what is really out there about you (and your loved ones). Revisit them often.
Opt out of allowing the credit bureaus to sell your data.
Shred your documents (Check out this disaster exposing the private records of high school students.).
Don't store PINs or passwords in real text on your devices. (Think no one does this? Millennials certainly do - 21% of them admitted to it. Of course, there are people of all generations guilty of this practice).

More tips are available. I've written up steps you can take to clean up your personal data hygiene. If you want a copy, send me an email.

Privacy Professor On the Road & On the Air

On the road again

One of my favorite things to do is visit with leaders in different industries - healthcare to energy and beyond. Below is a schedule of where I'll be over the next few months.

April 30 - May 1:

(Live Presentation) 2-day workshop, "Creating a Privacy Program using ISACA's Privacy Principles," ISACA, New Orleans

May 2:

(Live Presentation) PIA: Highway to Hell or Stairway to Heaven? ISACA, New Orleans

July 28: (Live Presentation) Internet of Medical Things conference, Princeton, New Jersey

October 24 - 26: (Live Presentation) "Vendor Management," Privacy + Security Forum, Washington, D.C.

November 9 - 11: (Live Workshop) "Going Digital? Think Privacy Impact and Security Design," Data Privacy Asia Conference, Singapore

Taking to the air waves

CW Iowa LIve (formerly KCWI 23 Great Day morning show) regularly covers privacy and security tips with their guest, the Privacy Professor! Each is a brief 10-15 minutes and covers topics ranging from insider theft to connected vehicles. Check out this online library to watch recent episodes. I will be visiting in-studio again in May.

In the news

Microsoft's new lawsuit against the U.S. raises alarming privacy concerns

Microsoft fights to notify users of FBI surveillance

Does HIPAA hit its mark?

Practice good personal data hygiene

Questions? Topics?

Have a topic I should discuss on the CW Iowa Live morning show? Or, a question I can answer in my next monthly Tips? Let me know!


Thought I'd sign off with a legit, gorgeous flower, the peony. This photo was captured in 2010 on our farm, and the decade-old plant continues to bloom there today.

This time of year, I get the itch to get outside and play in the dirt. Rest assured, I'll be looking closely at anything green emerging from a long winter's nap. Flower or weed?

Likewise, I'll be watching those great new apps, tech-forward devices - even my snail mail - to ensure what I'm seeing is what I'm getting. Will you join me?

Have a terrific month!

Rebecca

Rebecca Herold

The Privacy Professor

Need Help?

If you need any help with...

information security or privacy training and awareness

... get in touch, I'd love to assist!

Permission to Share

Want to repurpose the information contained in this Tips? Yes, please forward in its entirety.

If you prefer to use only excerpts, please use this attribution:

Source: Rebecca Herold, Founder, The Privacy Professor�, privacyprofessor.org, privacyguidance.com, SIMBUS360.com, rebeccaherold@rebeccaherold.com

NOTE: Permission for excerpts does not extend to images, some of which are my own personal photos. If you want to use them, contact me.

The Privacy Professor

Rebecca Herold & Associates, LLC

Mobile: 515.491.1564

rebeccaherold@rebeccaherold.com

www.privacyprofessor.org
www.SIMBUS360.com

www.HIPAACompliance.org

www.SIMBUSTracker.com

www.privacyguidance.com