Why are you getting this? Please read our Privacy Notice & Communication Info at the bottom of this message.
|
|
|
Holiday Gift Awareness
Here comes the holiday season! Wow, that was fast. This year is whizzing by.
We are very concerned about the risks of IoT devices. Many reports indicate that this year, significantly more “smart” IoT devices will be purchased and given as gifts than ever before. It is time to raise awareness of the security and privacy risks that will result from using these devices in homes, businesses, schools and other types of organizations.
This month we also provide a few more special days throughout the month of November. Use them in some creative ways to raise awareness of security and/or privacy risks.
Rebecca
|
|
November Tips of the Month
- National Family Literacy Day
- Watch Out for Fake Sites on Cyber Monday
- Privacy & Security Questions and Tips
- National Plan Your Epitaph Day
- Data Security & Privacy Beacons
- National S.T.E.M./S.T.E.A.M. Day
- Privacy and Security News
- Where to Find the Privacy Professor
|
|
Excited to Announce...
... Our Next Infographic, Set of Flipbooks and “Cybersecurity for Grandparents (And Everyone Else!)” Paperback Book ...
|
|
As a follow-on to our popular publication for Grandparents Day, “Cybersecurity for Grandparents: Q3 2021 Edition,” we are focusing our next set of flipbooks on IoT security and privacy. We are also adding a slight title change to the series based on feedback from readers of all ages who have found the information really useful. Thus, we've added, “And Everyone Else!" to the title.
IoT products will be popular gifts for millions of people throughout the world during the 2021 holiday season. Privacy & Security Brainiacs wants to help those using IoT products use them securely and to also help to protect their privacy and the privacy of their families, friends and coworkers.
Privacy & Security Brainiacs has created a three-volume set of flip-books and videos to cover IoT security and privacy topics as the next 3-volume set of books, “Cybersecurity for Grandparents (& Everyone Else!): Q4 2021 Edition – IoT Security! The three free flipbooks include:
- Volume 4 – Securing Smart Homes
- Volume 5 – Securing IoT on the Go
- Volume 6 – Securing IoT in Schools, Businesses & Other Organizations
A supplementary paperback book with expanded versions of the flipbooks (additional details, more tips, checklists, resources, a glossary and more) will be available on Amazon, worldwide, in November 2021. Entitled “Cybersecurity for Grandparents (And Everyone Else!): Q4 2021 Edition - IoT Security,” the book is the second in our series. With the additional information, it will provide even more value to readers than our Q3 2021 Edition!
|
|
National Family Literacy Day
November 1
|
|
“Families who read together succeed together.” We wholeheartedly agree!
In fact, we suggest reading this monthly tips message, along with the above flipbooks and paperback books list above, with your full family, seniors included.
Doing so will expand your circle of influence, helping more people understand security and privacy risks and the steps they can take to mitigate those risks.
|
|
Watch out for Fakes Sites on Cyber Monday
November 29
|
|
Online deals abound! But, be on the lookout for scammers... and scammer sites.
Many fake retail sites pop-up on Cyber Monday. They are built to look exactly like a legitimate site. You may get emails, too, that appear to be coming from a real online retail store. They'll promise huge savings, enticing recipients to click links.
Even savvy consumers who copy and paste URLs into a URL checker can get fooled. Often, scammers leave bogus sites up for only a day or two, not enough time for the URL checker sites to register complaints.
ONLINE SHOPPING TIP: Look at the web address (URL) at the top of your browser. Cloned sites often leave out a letter or number in the web address in an attempt to fool you. They may also include similarly shaped letters or numbers to replace one of the correct letters or numbers.
Compare the URL of the site you are at with the site you know is correct. E.g., You may think you are at the Amazon site, and the link shows: https://www.anazon.com/.
Compare with the real website URL (to determine this use a search engine like DuckDuckGo.com and enter: Amazon website). You will see it resolves to the real website: https://www.amazon.com/
Aha! You see now that the URL is bogus; there is an “n” where an “m” should be. Be safe out there, and happy shopping!
|
|
Privacy & Security Questions and Tips
Rebecca answers hot-topic questions from Tips readers
|
|
We continue to get more questions; thank you for sending them! We love that we are raising awareness, and resultingly raising the questions that readers and our radio show listeners have about a wide variety of security and privacy issues in their personal lives as well as work lives. We will continue to print questions and answers over time. Here are 4 of them. Please send us those questions you always wondered about related to security and privacy!
Q: I keep getting invitations to Clubhouse. Is it safe to use? It seems risky, even compared to Facebook and other social media sites.
A: We agree about it being risky. At Privacy & Security Brainiacs, we do not use Clubhouse because of security and privacy concerns. Just a few:
- A vulnerability in the Clubhouse application programming interface (API) has been exploited numerous times, including this past summer when more than 3.8 billion phone numbers taken were made available for sale on the dark web.
-
Because Clubhouse asks to go through contact lists to find friends of those using Clubhouse when they are signing up, Clubhouse has the personal data of many times more people than they have active users. The service has around 10 million active monthly users.
- Cybercriminals have combined the data from Clubhouse with stolen Facebook user profile data. This vulnerable data combo is reportedly being used to create fake identities and social media accounts to scam others (via catphishing) into thinking they are getting communications from someone they know.
- Clubhouse audio recordings were hailed as being absolutely only available to those using Clubhouse with the proper access authorization. This lured many who were otherwise worried about privacy to participate. However, in late September, two new features made it easier to share audio from Clubhouse. The "Clips" function allows discussion leaders to capture 30-second soundbites and share them on other parts of the internet. The "Replay" function allows Clubhouse users to record entire conversations and share those anywhere also…without the others in the conversations knowing it's being sharing.
Quite frankly we do not understand what Clubhouse offers as a social media site that is better, different or more secure and private than other social media sites. We’ll keep an eye on developments and let you know if we see improvements. Let us know your experiences with security and privacy with Clubhouse! We love to hear from others.
Q: I read about Apple having access to photos stored on your iPhone with the software they released just a few weeks ago to flag child pornography. Can they get to all our photos? And to whom are they reporting photos they deem inappropriate? Sounds like a noble cause, but I don’t want all my photos judged! For instance, I have shared photos of my wife bathing our infant. Could I be arrested?
A: You are not alone in your concerns. The news created quite an online backlash from Apple users. We are certainly all for catching cybercrooks involved in child pornography. However, Apple’s announcement did not come across as being focused on justice. Instead, it came across as an intent to surveil all information on Apple users’ phones.
There are two initiatives Apple announced that will be launched before the end of 2021. They are:
- Software intended to identify child pornography and is reportedly tagged as “child sexual abuse material” when discovered Apple’s iCloud Photos.
- A parental control enabling iPhones, iPads and Macs to use AI to determine what to blur out that is sexually explicit in photos sent with the Messages app. The control also reports to warn children about sending or receiving these kinds of images. It could also alert parents of children 12 and under that they are sending or receiving such images.
We are not able to determine the verified, factual technical details at this point; not enough information has been released to make a solid decision. You can see a few reports with more information about this issue at the following:
We will revisit this topic when we learn more factual details about the technologies involved.
Q: I am getting freaked out with all this facial recognition technology. Where is it located? Should I get one of those weird privacy masks and start wearing it when I go out? Or, even in my home?
A: We have received many questions about facial recognition technology in recent months. Yes, it is increasing in use and in concern. Among the mounting concerns is incorrect matching. People are falsely matched and accused of crimes or other actions that ultimately harm them.
The good news is special groups are reviewing and researching facial recognition technologies, as well as identifying the associated security and privacy risks. A couple include:
We were thinking about dedicating a flipbook to this topic in Q1 2022. Would you like that?
Q: All these Facebook revelations make me not want to use it anymore. How do I get off Facebook completely?
Many people don’t realize the large amount of memories and photos, communications with longtime friends and family, some of whom may have died, that they have on Facebook until after they’ve deleted their accounts. Once that's done, users can no longer access any of their content.
After you have downloaded all your content, you can decide if you want to deactivate or completely delete your account. If you deactivate, messages you sent to others will still be in their inboxes. All of your data (photos, videos, comments, etc.) will still be in Facebook. Deactivating allows you to return and reactivate any time you like.
If you want to completely remove your account and everything you’ve ever posted on Facebook, you can completely delete your account. Here is how you do each:
- Click the down-facing arrow on the top right of the page when you are logged in to Facebook.
- Click Settings & Privacy.
- Click Settings.
- In the list of options on the left side of your screen, click Your Facebook Information.
-
Go to the central menu, scroll down to Deactivation and deletion.
- The pre-chosen default is “Deactivate account."
- If this is what you want to do, click the “Continue to account deactivation” blue bar button.
- You’ll need to reenter your password.
- You’ll see a page requiring you to provide your reason for leaving.
-
You’ll be provided with the choice to opt out of emails from Facebook (e.g., if a friend has sent you an invitation to join a group, etc.) and to keep using Messenger. NOTE: The Messenger app is extremely privacy intrusive compared to using Messenger in your browser. If you are deactivating your account, we advise you also stop using and uninstall Messenger. This gives you more complete security and privacy protection.
- Select your choices and hit the blue Deactivate button. Congratulations! You are now deactivated. However, all your information is still in Facebook, and still being used for a wide range of analysis.
- If you want to delete your Facebook account, click the circle that says “Delete account."
- Continue to account deletion.
- Facebook hates losing users, so they’ll prompt you to deactivate instead, but you’ve made up your mind. It is time to delete.
- Press Delete account.
- Enter your password.
- Click Continue.
Congratulations! You are completely gone from Facebook…well, almost.
- Facebook really, really hates to see anyone leave, so they are going to keep your stuff around for a 30-day period in case you change your mind.
- Keep in mind, too, that Facebook is still able to track you through any of the apps that Facebook owns (Instagram, WhatsApp, Messenger, etc.). And, the tens of thousands of third parties that received your information from Facebook will still have that info. So, you will still likely hear from them in one way or another.
|
|
National Plan Your Epitaph Day
November 2
|
|
This day was established for folks to think about and write down how they want to be remembered after they die.
While it sounds a bit morbid, it is important for you to consider, particularly as it relates to the digital parts of you that will continue to live on. This includes your presence on social media sites, other online accounts, photos, videos, digital diaries and many other locations. Then there are the physical storage devices that may have so much of you and others stored within them.
Take some time to think about it. We will be covering this topic at more length in our December Tips and in our next flipbooks and upcoming paperback book, Cybersecurity for Grandparents (And Everyone Else!): Q1 2022 Edition.
|
|
Data Security & Privacy Beacons*
People and places making a difference
|
|
Now in its 18th year, Cybersecurity Awareness Month ( previously known in the U.S. as National Cybersecurity Awareness Month), sponsored in the U.S. by the U.S. Cybersecurity & Infrastructure Security Agency (CISA), and by other government agencies in other countries, continued to raise awareness about the importance of cybersecurity throughout October.
Thousands of organizations sponsored events and products in recognition of the month. This earns those orgs a spot in our beacons. Just a couple included:
*Privacy Beacons do not necessarily indicate an organization or person is addressing every privacy protection perfectly. It simply highlights a noteworthy example of privacy-aware practices.
|
|
Rebecca answers hot-topic questions from Tips readers
|
|
The purpose of this day is to inspire children to explore and pursue their interests in Science, Technology, Engineering, Art and Math.
When discussing these topics with them, point out where they will have security and privacy vulnerabilities or threats. Encourage them with ideas for becoming pioneers in the engineering of new solutions and tools for mitigating privacy and security risks.
|
|
Privacy & Security News
Visit the PBS News Page often!
|
|
The PSB News page contains news grouped by month and by topic. We curate the news we find of most concern and interest, so you can see the kind of info we pass along to our own clients and employees.
Revisit often to keep up with the news our team finds worthy of mention
|
|
World Toilet Day
November 19
|
|
This day officially declared in 2015. What does this have to do with security and privacy? Well, during our research work for several clients, Privacy & Security Brainiacs has observed a growing deployment of IoT toilets. Yep, smart toilets are a thing.
Smart toilets are used to support traditional types of uses (e.g., flushing, bidet settings, hot-air blower actions). They are also used to share data, photos, video and audio with healthcare providers to support patient care, particularly for patients with cancer, diabetes and a long and growing list of other diseases and health problems.
|
|
Where to Find the Privacy Professor |
|
Here are just a few of the podcasts, webinars Rebecca has done and is coming up, and news articles within which she has been quoted, or written. |
|
ASU School for the Future of Innovation in Society
PIT Colloquium
November 30, 2021
|
|
Sudipto Ghosh, AIThority Interviews
|
|
Linda Rosencrance - loT World Today
AI has enabled intrusion detection systems to be adapted for IoT networks, which have been difficult to cover with traditional alternatives.
|
|
Marla Korolov, Data Center Knowledge
Datacenter management has permanently changed as a result of the coronavirus pandemic. Read up on how data centers are evolving.
|
|
Internet Security Company
|
|
InfoSec People Profiles: Rebecca Herold
|
|
This article is courtesy and permission of privacy and security expert Rebecca Herold, known as The Privacy Professor, who taught a workshop I attended on Microsoft’s campus to train for my information privacy certificate from the IAPP (International Assn. of Privacy Professionals).
|
|
Social media commenters asked me to provide examples of cryptocurrency security incidents, which I appreciate them asking for. My reply went beyond LinkedIn’s length limits, so I created this post....
|
|
|
|
Latest Episode
Dr. Rhonda Farrell
Secure Software Lifecycle Management and Software Quality Engineering
No technology will be sufficiently secure unless the human, physical, and technical controls are built within software from the time it is imagined through to the time it is no longer supported or used.
Aired first on October 2, 2021
Next Episode
Cecil Pineda
The digital critical infrastructure complexity creates many security vulnerabilities. Hear more about the, and what needs to be done from a security expert with real-world experience in managing the security of such systems. Plus, how being bilingual supports better cybersecurity and privacy management.
Airing first on Saturday,
November 6, 2021
|
|
|
|
Privacy & Security Brainiacs| Website
|
|
|
Permission to Share
If you would like to share, please forward the Tips message in its entirety. You can share excerpts, as well, with the following attribution:
NOTE: Permission for excerpts does not extend to images.
Privacy Notice & Communication Info
You are receiving this Privacy Professor Tips message as a result of:
2) making a request directly to Rebecca Herold; or
3) connecting with Rebecca Herold on LinkedIn.
When LinkedIn users initiate a connection with Rebecca Herold, she sends a direct message when accepting their invitation. That message states that in the spirit of networking and in support of the encouraged communications by LinkedIn, she will send those asking for LinkedIn connections her Tips message monthly. If they do not want to receive the Tips message, LinkedIn connections are invited to let Rebecca know by responding to that LinkedIn message or contacting her at rebeccaherold@rebeccaherold.com.
If you wish to unsubscribe, just click the SafeUnsubscribe link below.
|
|
|
|
|
|
|
