Thieves in the Night, and Plain Sight
When we think of people stealing from us, we often picture masked criminals sneaking into our homes or businesses under cover of darkness. In fact, much of today's theft is happening right under our noses.
I'm talking, of course, about the siphoning of our personal data. It's occurring from all kinds of well-known places, such as social media sites, business databases
and business websites, not to mention through security holes in organization networks, wi-fi networks, and "smart" Internet of Things (IoT) devices.
Sharing personal data
with and within
these places can be like leaving your front door wide open for any old crook who happens by.
Read on to learn more about the latest threats against our personal data and tips you can do to lessen the risk.
|
|
 International Privacy Regulations Go Live
|
|
GDPR went into effect May 25
Those of us in the data security and privacy industry have been talking about the
European Union's (EU) General Data Protection Regulation (GDPR) for what seems like ages. It finally went into effect in May.
Will your organization be named as a violator of GDPR? Those in the US, and other non-EU countries, may very well need to comply with this wide-ranging law.
A common complaint, one already sparking lawsuits, is an ineffective privacy policy. It's incredibly important to get your policies up to snuff with GDPR as soon as possible if you haven't already. Remember, GDPR generally applies to any organization or person that currently has (or targets) EU citizens as customers, users, patients, employees, contractors or some other stakeholder.
GDPR Info & Resources
Below is a sample of the GDPR resources I've prepared over the past 18 months. Please use them. If they spark any questions, don't hesitate to get in touch.
NOTE: GDPR content and automated DPIAs will be incorporated into my SIMBUS business services in the coming weeks.
|
|
Privacy Hero: Tara Taubman-Bassirian
|
|
Early adopter learns tech so she can teach others
Tara goes by many titles: lawyer, advocate, mediator, researcher, consultant, speaker and writer. With incredible expertise in areas like privacy, intellectual property and data protection, she has made a name for herself in several areas of the world, most notably the UK, France and the US.
An early adaptor of emerging technologies, Tara makes it her business to understand intimately the challenges presented by regulations in the era of high connectivity. This is how she has become a trusted advisor to individuals and businesses looking to navigate the legal pathways to justice in the internet age. Over the past couple years, Tara has been very active in raising awareness of the new EU General Data Protection Regulation (GDPR), advising businesses on the relevant compliance requirements.
Tara is heavily involved raising awareness around privacy issues, rights and regulations. She is a member of ICANN's Noncommerical Users Constituency, the European Network and Information Security Agency (ENISA) and Society for Computers Law. She co-authored "Online as Soon as It Happens" and is a volunteer mediator for Mediation North Surrey where she extends community mediation to copyright conflict resolution.
A few years back, Tara and I co-founded a Facebook group, Fly A Kite, dedicated to coping with and eradicating cyber-bullying, something near and dear to the two of us.
We want to know: Who is your privacy hero?
Throughout 2018, we'll introduce an individual who has gone over and above to advance data security and/or privacy in their corner of the world. To nominate, simply
drop us a note and explain why we need to know your hero.
At the end of December, we will announce our Privacy Hero of 2018. He or she will receive a token of appreciation and commemoration of outstanding work.
|
|
A
lexa Privacy Fail Makes Headlines
|
|
Smart speaker records, sends private conversation
Can you imagine having a private conversation with your loved one secretly recorded and sent to his or her colleague via email? That's exactly what happened to a Portland, Oregon, woman in May. Luckily, the content of the conversation wasn't salacious... the pair was talking about hardwood floors. What if they had been talking about something more private, disclosing bank account information or passwords? What if those recordings had been sent to someone less friendly?
For starters, the engineering of devices in the burgeoning Internet of Things (IoT), like smart speakers, is far from perfect. The "wake words" that trigger recording and transmission of their owners' voices to servers in the cloud are very often misinterpreted by the device, turned on when the owners have no idea. And, if their volumes are low enough, smart speaker owners
cannot hear the command verifications Alexa and others emit before taking actions... like sending audio recordings to your contacts.
If you insist on having a smart speaker, or other type of smart device, in your home or business,
here are a few tips courtesy of Lifehacker for lessening the risk to your privacy:
Block all incoming voice calls - Anyone can dial into your smart speaker, and depending on the device you have, listen to or watch what's happening in the room.
Delete your data regularly - Amazon, Google and others keep recordings of the commands and discussions they have "heard" through your smart devices. Purge them every week or two. Delete immediately if you realize a sensitive conversation may have been recorded.
Turn off the mic, camera when not in use - Doing so helps to keep your smart speaker from engaging accidentally.
|
|
|
Atlanta SecureWorld Expo 2018
|
The
Atlanta SecureWorld Expo
keynote I gave on May 30 touched on this topic and was well received by attendees. "Preventing Privacy and Security Nightmares in the Internet of Things"
provided details on how digital interlopers take advantage of the vulnerabilities in these devices as they exist today. Look for more of my IoT work and tips to be published in the coming months.
|
|
How can I make my cell phone more secure?
I'd like to make my cell phone secure enough to store passwords. What steps should I take?
Cell phones can be secure, but usually only with additional protections beyond what is built into them.
First, check to see if your phone has have the following:
1) Encryption. If you have this option, turn it on. This helps to protect the data stored within your phone.
2) Passwords / Authentication. Use 2-factor authentication to make it harder for a crook to crack into your phone by guessing/cracking its password or PIN.
It's important to note these features alone will not provide sufficient security for passwords you store in your phone. In addition to encryption and 2-factor authentication, consider using a strongly secured password manager app, which stores data on one of your local devices.
I generally advise against storing passwords within a cloud service. If that cloud service gets hacked, all your passwords will likely be exposed. Plus, if the cloud service goes down, or goes out of business, you could be in trouble if you depended solely on that service and didn't create a backup. You may need to go through a lot of work to re-establish all your passwords (which isn't always possible with every site, app or device).
|
|
The Secrets DNA Can Tell
|
|
|
Advancements in technology give DNA even greater power
As more consumers readily share their DNA with all kinds of places, from law enforcement agencies using a
shotgun approach to cold case investigations to for-profit ancestry firms, it makes sense to raise awareness of the implication of such decisions.
That's why I'm devoting a full hour of my new radio show to the topic. Tune in
June 5 at 4 p.m. central to hear from my guest
Mellissa Helligso, a forensic DNA expert, about what is and is not possible with DNA forensics. We will also talk about the privacy risks that come along with DNA collection, analysis and sharing.
Mellissa and I will seek to answer a wide variety of questions, including how valuable is DNA in making criminal convictions, as well as exonerating the innocent? What parts of the human body provide the best types of DNA for analysis? And, of course, what are privacy considerations for DNA sharing?
|
Just How Confidential is Gmail's New 'Confidential Mode?'
|
|
Best bet is to consider every email accessible
The Los Angeles Times recently
reviewed Gmail's new privacy feature. Called "Confidential Mode," its been added to give Gmail users a greater sense of privacy. The feature allows senders to
remove recipients' options to forward, copy, download or print certain emails. A premium version will also allow senders to require an email recipient to use a passcode to view the email.
Look closer, though, and you can see this is really just window dressing.
Here are just two of the flaws the LA Times highlighted:
- Much like SnapChat's early claims that pictures its users sent would "disappear," Gmail's new feature does not prevent screenshots from being taken of emails and their attachments.
- Gmail's servers will still maintain a copy of the email.
I've long warned against using Gmail, and other "free" email services, to share business or confidential messages.
Any email sent through these platforms should be considered open and accessible. Use these services only for communications that do not involve sensitive information or communications. You might consider them for signing up for coupons, discounts or other temporary email needs.
|
|
Where to Find the Privacy Professor
|
|
In the classroom...
After years of
providing a regularly updated set of online employee training modules for my SIMBUS business clients,
and on-site certification teaching for IAPP, I'm excited to now also be teaching online IAPP-approved CIPP certification classes.
As an instructor for AshleyTrainingOnline, an IAPP-registered certified training partner, I will host a full schedule of classes beginning
June 21 & 22
with a CIPT certification course. Hope to see you in the virtual classroom sometime soon!
On the road...
|
|
|
Compass Financial ID Theft Event, May 3, 2018
|
|
|
|
ILLOWA ISACA Privacy Class, April 25, 2018
|
One of my favorite things to do is visit with leaders in different industries - health care and managed systems providers to insurance and energy (and beyond!). Below are a few of the events I have scheduled for the upcoming season.
June 26: Facilitating the online s
eminar, "Practical Steps to
Users Group in Des Moines, Iowa.
September 19-20: Giving keynote and sessions at Data Privacy Asia, Manila, Philippines.
On the air...
NEW RADIO SHOW!
I'm so excited to be hosting
Data Security & Privacy with The Privacy Professor on the
VoiceAmerica Business network
. All episodes are available for on-demand listening on the VoiceAmerica site, as well as iTunes, Mobile Play, Stitcher, TuneIn, CastBox, Player.fm and similar apps and sites.
Hear the perspectives of incredible guests as they talk through a wide range of hot topics. We've addressed identity theft, medical cannabis patient privacy, cybercrime prosecutions and evidence, government surveillance, swatting and GDPR, just to name a few. One of our recent guests even talked about his personal experiences with historical notables Jimmy Hoffa, Gloria Steinem and Fidel Castro.
Several episodes provide career advice for those in, and wanting to pursue, cybersecurity, privacy and IT professions. Please check out some of my recorded episodes, and let me know your feedback! I truly do use what I hear from listeners.
Do you have an idea for a show topic? Or would like to suggest someone who would be a great guest? Please let me know!
In the news...
ABC News (Des Moines)
Health Care Info Security
ISACA
Kyodo News Service
"GDPR articles with experts" available in Japanese in the "Clue" Kyodo News service and "Eikon" Tomson Reuters service.
NBC News
Pro Resource
SC Magazine
The morning TV broadcast regularly covers privacy and security tips with their guest, the Privacy Professor! Each is a brief 10-15 minutes and covers topics ranging from insider theft to connected vehicles. Check out
this online library to watch recent episodes.
On April 2, we talked about the recent headlines Facebook has made, as well as the implications of our online behavior.
Keep an eye on my YouTube channel, where you can catch up on many of my visits to CWIowa Live.
Questions? Topics?
|
|
Summer is finally here. Warm weather brings open doors and windows. Just as you are mindful of your physical security, keep an eye on your digital well being, too. It's increasingly becoming the go-to path for crimes of opportunity.
Have a wonderful, safe and privacy aware June!
Rebecca
Rebecca Herold, The Privacy Professor
|
|
|
