As the Ides of March approaches...
 
... people are reminded to watch their backs. After all, had Julius Caesar done as much in 44 B.C., he may have experienced a much different end.
 
Read on to learn how you can identify potential trouble spots in your increasingly digital life -- long before they come to call. 


IN THIS ISSUE
colosseum_rome_italy.jpg
hot
Are You Privacy Savvy? Are Your Employees?

Take this 5-minute quiz to find out. 

 
We are so excited to bring you this short quiz for both personal and business use. In no time flat, the quiz tells individuals just how well they are protecting their personal privacy in three key areas:
  1. Password use, including how they are created and how often they are changed
  2. Daily activities, such as plastic card payments and social media practices
  3. Data protection, like document disposal, file backups and the use of encryption
Besides being a fun and awareness-raising activity for individuals, the quiz also supports the legal requirements most organizations have for providing employee privacy and security education. You can achieve that  through ongoing awareness communications, reminders and activities...like this quiz!
 
Two TV reporters in Des Moines took the quiz. Hear about their experience

After you take the quiz, please let me know your feedback. If you get an idea for other privacy or information security topics for me to make further quizzes about, certainly let me know. I love to hear your suggestions about what you would find interesting. And, I may make another quiz with your suggested topic!

dev
Your Medical Records are Under Siege
 
 
 
  
Each record sells for $50 on the dark web. 

 
Attackers are becoming even more bold in their healthcare industry cyber schemes. By infecting medical devices and systems, they create a back door in the networks that house your most private health data. This could very well  impact your health and safety if someone modified that data .
 
As a recent example, one San Mateo, Calif. security team found malware on several types of medical devices including an x-ray printer, an oncology unit's MRI scanner, a surgical center's blood gas analyzer and a health care provider's PACS-picture archiving and communication system.
 
The team's CEO told a local ABC affiliate, "Those devices are in the operating room; they could be in a hospital bed. Lives could be dependent on them and if they're disrupted with malware or ransomware or other attacker toolkits-they may not be able to do what they're meant to do."
 
Download and share this infographic with your doctors, nurses, data security pros and privacy pros,  to raise awareness of the need for greater privacy and security protection in hospital and clinics! 


The Roman Forum, Italian Foro Romano in Rome, Italy. Ruins of Roman ancient city.
jan
When a Website Looks Like Gibberish
  
 
It's a trick. Don't click on any pop ups. 

A new delivery channel for a different type of ransomware has cropped up recently and is going after Chrome browser users. According to BleepingComputer.com, this is how it works:
 
The criminals first hack legitimate web sites and add code that causes the site to look like gibberish. It then displays a pop-up that says the user needs a "Chrome Font Pack" to see the page properly.
 
I can see a lot of people falling for this one. Share this warning far and wide to prevent more ransomware victims!  (And be sure to make frequent backups. Keep them disconnected from your computer, just in case you get hit with ransomware.)

Another growing threat...
 
Public charging ports are another sneaky channel fraudsters are using to load malware and ransomware on your device,  delivered via a "juice jacking" path . ( Thanks to my friend Jolynn D. for this find.)

If you must use one of these public ports, make sure you're protected with a device like the Juice Jack Defender, created by my  friend Stuart at Charge Defense.
 
The clever gadget protects your devices from malware delivered via juice jacking. Many government agencies use it to protect their workers while they are traveling.

fav
 
How Do You Spot Fake News?
 
 

Here are a few things you can try. 

If a news story you're reading sounds particularly outlandish, it very well may be completely made up. With the rise of so many sites and apps claiming to be "news" organizations, it's increasingly easy to put false reporting out into the world, then sit back and watch it spread.
 
Here are a couple of quick tips for spotting whether or not a news article, quote or photo is legitimate.
  1. Check with Snopes.com and FactCheck.org.
  2. Copy and paste the URL of an image into Google Images to find the true source.
  3. Understand the context of the site; fake news might actually be satire.
A UK organization put together a pretty good video pointing out some ways to spot fake news by using Google to search by source, by quote or even by photo. 

id
Who is Watching You?
 
 
 

Surveillance taking place in all kinds of wacky ways
 
 
 
Small white drone flying over the city
We all know we're being watched. Cities track us as we commute. Stores monitor us as we shop. ATMs watch us as we transact.

But who else is watching, and how? Below is a quick round up of the new ways people are being observed and recorded.

For Marketers, TV Sets Are an Invaluable Pair of Eyes The article contains one of the more troubling consumer responses to surveillance: "Whatever, I have nothing to hide." If you're tempted to utter the same, just remember, you don't have to be guilty of something to have your privacy invaded.
 
Police: Couple Used Drone to Spy on Man in Bathroom The victim actually followed the drone and found video of himself and others that had been recorded inside his home. Chances are pretty good that video also lives on the Internet somewhere. 

Are Autonomous Robots the Future of Mall Security? Although harder to miss than a covert drone outside your window, this robotic security guard is just as effective at surveillance. It  can read 300 license plates a minute and run the results against a database. 

big
Follow Up to Reader Question

In a recent Tips message, I gave  my impressions of SimpliSafe , a home security system with an app that allows users remote views of their home through sensors, smoke detectors, etc. There were things that concerned me, and things that I liked.

My friend Eric N pointed me to an article written by a physical security specialist in which he, too, reviewed SimpliSafe. In the article, he made a comment I thought was particularly poignant relative to the attention the system had been receiving:

If you read and believe the multitude of national media endorsements that SimpliSafe has received, you would think that this system is THE consumer answer to the larger alarm companies... Unfortunately, not one of the high-profile and respected media endorsements or articles talked about security, or the potential vulnerabilities of these totally wireless systems.

Sadly, this is a pretty common occurrence with most all new technology and the hype that initially surrounds it. I so appreciate each of you for asking more questions when you see something interesting. You are the individuals who will ultimately make a difference in our quest for greater privacy and security awareness!

 
handsome pediatric doctor holding a baby girl, male doctor with small girl, indian doctor, indian girl patient with red heart stuffed toy, heart care concept and doctor with girl patient, isolated
healthHEALTHCARE SPOTLIGHT
 
 
 

Things are not getting better, folks!
 
According to a healthcare security firm, patient data breaches are happening daily. What's more, there were triple the number of patient records breached in January of 2017 as compared to January 2016.
 
Insider fraud and human error are often to blame for these " wall of shame " incidents. That is why it's so important to be up-to-date on your risk assessments, employee oversight and training compliance. We have developed an incredibly simple, affordable way to do that. If you get a chance, please check out simbus360.com and request a demo. You won't believe how easy we've made it to remain compliant.
 
A lot of trouble can be solved by building and nurturing a culture of privacy and information security compliance -- one that has the protection of consumer data as a core value. Watch this video to get a feel for what I'm talking about. 

(Big time shout out and a hearty "great job" goes to Protegrity for putting this together. Thanks for the pointer, Myles Suer. Your video provided some creative inspiration for us to pursue; stay tuned.

SeventhPrivacy Professor On The Road, In the News & On the Shelves
  
 

On the road...

One of my favorite things to do is visit with leaders in different industries - healthcare to associations to energy and beyond. Below are a few of the events I have scheduled for the upcoming season.

April 4, 2017:  Giving speech,  "Fraud 2017 - Protecting Your Business From Email Attacks," to attendees of the BBB Fraud Program meeting in Omaha, NE. 

April 18, 2017:  Giving speech, "Don't Let Third Parties Bring Down Your Business: Effective Vendor Management," to attendees of  ISSA Minnesota Chapter Meeting , St. Paul, MN. 

June 14, 2017: Giving webinar, "Building a Framework for Data Privacy and Protection in the Cloud," sponsored by IANS Research
 
August 10, 2017: Providing sessions at the Internet of Medical Things III: Engineering and Cybersecurity for Connected Devices Conference , hosted by the BioPharmaceutical Research Council, NJ Hospital Association,  Princeton.


In the news...

ABC News


The morning TV broadcast regularly covers privacy and security tips with their guest, the Privacy Professor! Each is a brief 10-15 minutes and covers topics ranging from insider theft to connected vehicles. Check out this online library to watch recent episodes.

Here is my most recent visit to the studio on Feb. 20, during which we talked about the importance of practicing personal data hygiene. 


On the shelves...

I'm thrilled to share the news that the ISACA Privacy Book, for which I was Lead Author and Developer, released in late January. It's an effort that took two years, so it's extremely exciting to see it officially on the shelves (so to speak!). ISACA members can purchase the book for $35, non members for $70. 


Questions? Topics?

Have a topic I should discuss on the  CWIowa Live morning show? Or, a question I can answer in my next monthly Tips? Let me know!


Speaking of spirit animals, this is our beloved Slippers, a true outside cat.
Next time you feel like taking one of those popular online quizzes, skip the "Which Spirit Animal Are You?" option and take the personal privacy risk evaluation instead. 

I promise your five minutes will be better spent learning how you can enhance your personal security than whether you are a fox or a doe. :)   All kidding aside, I had so much fun putting the quiz together. You know this stuff is my passion!  

Have a terrific March (with an uneventful March 15!), 

Rebecca
Rebecca Herold
The Privacy Professor
Need Help?


Permission to Share

Want to repurpose the information contained in this Tips? Yes, please forward in its entirety. 

If you prefer to use only excerpts, please use this attribution:

Source: Rebecca Herold, Founder, The Privacy Professor┬«, privacyprofessor.org, privacyguidance.com, SIMBUS360.com, rebeccaherold@rebeccaherold.com 

NOTE: Permission for excerpts does not extend to images, some of which are my own personal photos. If you want to use them, contact me.
 
 
The Privacy Professor
Rebecca Herold & Associates, LLC
SIMBUS, LLC 
Mobile: 515.491.1564

Visit my blog    Follow me on Twitter