We'll also continue our wacky 'holiday' features, as many of you shared that the concept helps improve data security and privacy awareness... a passion of mine and my team's.

Enjoy your summer. Stay safe and cool!

Photo by Zeina Kassem on Scopio

This month, we are focusing on misinformation. August 10 is International Update Your Bio Day. What's the connection? Well...you know where you can find a whole heap of misinformation? In the social media profiles of catphishing cybercrooks.

Sometimes these scammers use completely bogus bios. More often than not, however, they take someone else’s bio and use it as their own to advance their catphishing endeavors.

When you update your bio, remove everything that doesn't need to be there, like your birthday. Or for fun, add some information to throw off scammers. You could list your birth year as 1905, for example. (On Facebook, Rebecca lists her residence as Elephant Island, Antarctica.)

Last month, we included a song related to one of our wacky holidays. It's a good way to make new information stick. This month's holiday-related song is "Lie to Me" by The Pretenders. Think of the lyrics as telling catphishers that they are not believed; that you are too smart to fall for those long-winded lies.

Using songs for training sessions and awareness activities helps employees, friends and family spot key indicators of online misinformation and lies. Organize a short, fun meeting during which you play the above song. Talk through the lyrics and how they relate to the misinformation trend. Then, loop the song softly in the background as participants share catphishing stories, either from their own or others' experiences.

You can also create a short video using the same methodology. (Just be sure to cite the source appropriately.)

Rebecca has used similar types of activities for data security and privacy training. It's a great way to engage people and to get them thinking critically, often for days, weeks or months after your event, about the topic(s). And then again every time they hear the song!

Q: My kids encouraged me to get a Koretrak-brand smart watch. It connects to my phone via Bluetooth, monitors my heart rate and sleep and plugs into a USB to charge. How can I secure it?

A: Let's start with the device provider. Any time you're curious about how a device is using your data (a starting point for securing it), check out the provider's privacy policy. Koretrak's privacy policy includes several red flags:

These factors alone amount to enough reason not to do business with Koretrak. But, we have a few other factors that further eliminate them from consideration:

Keep in mind, all internet of things (IoT) devices, including smart watches, digital assistants, smart cars and security systems, rely on personal data. It's the "knowing you" aspect of their function that attracts people to the devices. Therefore, it's critical you understand how that data is being gathered, analyzed and shared, not to mention secured.

Here are some quick tips for securing smart watches in general:

A: Generally, no. However, providers must consider the use of specific data types in the context within which they are used. There are some instances when time could be considered PHI under HIPAA. Two examples:

In unique conditions where the time, combined with other non-PHI pieces of information (unique surgery, location), could identify a specific patient, that time could become part of PHI within that particular context.

For CEs and BAs, this is becoming a critical question, specifically in situations where artificial intelligence is used. If a time is used with other non-PHI items to derive insights about an individual, that piece of information could be argued as PHI.

A: On Friday, July 2nd, Kaseya received reports from customers about unusual behavior occurring on endpoints managed by the Kaseya VSA remote monitoring on-premises product. Soon after, customer reports indicated that ransomware was being executed on endpoints. Kaseya estimates that 800 to 1,500 small to medium-sized companies may have been compromised through their managed service provider (MSP). Generally, this means businesses that use an MSP that also uses Kaseya may be targeted for a ransomware attack.

If your MSP has applied the patch Kaseya released on July 20, and you haven’t experienced any problems, you may be okay. Contact your MSP and ask them how the attack impacted them and what risk mitigation steps they've taken.

If you are tech-savvy and familiar with the Kaseya VSA, you can download Kaseya's Indicators of Compromise tool. There are two PowerShell scripts: one on a VSA server, and the other for endpoint scanning. Be sure to use the self-assessment scripts offline. They were updated on July 5 to also scan for data encryption and REvil's ransom note.

When Rebecca learned of the Kaseya breach, her first step was to contact the MSP that hosts our Privacy & Security Brainiacs SaaS services. Fortunately, they do not use Kaseya (They use other types of monitoring tools.).

Of course, this doesn't mean our MSP won't be targeted in different attacks. However, knowing they have many layers of defenses to block these attacks does provide some peace of mind. That along with having up-to-date multiple backups to use within recovery plans.

A: Happy to help. We have a recent blog post about identity verification on our Privacy & Security Brainiacs site, as well as a short, complimentary video and a longer, paid training session.

A: We understand your concern and frustration. It is a huge problem that often also involves numerous scams and privacy breaches beyond the bad information.

Many folks in their 60s, 70s, 80s and beyond are extremely tech savvy. However, a large portion are not. A Princeton and New York University study found that people over 65 are more likely than other age groups to share false information, disinformation and conspiracy theories online.

Here are some resources that you may find helpful:

We also have a section on misinformation in our monthly Privacy & Security Brainiacs news feeds. Check it often for the latest news.

Entrepreneur Magazine shined a light on eight data stealers, specifically apps that put Android cell phones at risk. After reading up on them, you may choose to uninstall the apps assoon as possible.

FightCyberCrime.org produced a COVID-19 scams infographic that succinctly describes several pandemic-related data security and privacy traps.

Fakespot developed a browser plugin that lets you spot and avoid shady sellers, products with dishonest reviews and scam websites. We’ve not tried this out yet, but plan to.

The Cybersecurity and Infrastructure Security Agency (CISA) created a website that shows people how to spot and stop ransomware.

The US Department of State instituted the Rewards for Justice (RFJ) program. It offers up to $10 million for information leading to the identification or location of any person who, while acting at the direction or under the control of a foreign government, participates in malicious cyber activities against US critical infrastructure in violation of the Computer Fraud and Abuse Act (CFAA). This is tied to many recent US privacy breaches.

IPQaulityScore helps internet users check to see if a URL is malicious. The site provides more information than most other URL checkers, giving those of us who want more information beyond "this site is safe" the ability to make more informed safety determinations.

*Privacy Beacons do not necessarily indicate an organization or person is addressing every privacy protection perfectly. It simply highlights a noteworthy example of privacy-aware practices.

Photo by Kiwoba Allaire on Scopio

Of those who decided to let their opinions be known, they overwhelmingly say they love the Privacy & Security Brainiacs News Page where we now post daily pointers to news articles. We are earning increasingly more visits to the page every day, as we add news items of interest. So, we will continue. Thank you for all your feedback!

The PSB News page contains news grouped by each month, and within each month by specific topic. We add new news items regularly, often daily. We curate the news we find of most concern and interest, so those going to that page can see what we pass along to our clients and employees.

Some of the recent news we included covered...

Check out the news page and revisit often to keep up with news items our team finds worthy of mention.

August contains a large number of days devoted to pies and pie-like desserts, along with bacon! We couldn't resist including just of few of these tasty tidbits in the Tips this month (Believe it or not, there are many more!).

Savory to balance out the sweet.

As you scan the list, think of ways to relate these tasty bites to security and privacy insights and tips. We’ve included one for you as an example; did you spot it?

Ask your employees, co-workers, friends and family how they can relate security and/or privacy with these food items. Let us know your inspirations! We may include some of them in an upcoming issue.

If you want links to the pages with information about each of these, just let us know. We did not include the hyperlinks here because we didn’t want to set off the spam filters with too many embedded web addresses.