|
|
Living in a Perpetual April Fool's Day
Will you be looking over your shoulder this Saturday? Probably not a bad idea - it is April Fool's Day after all!
A favorite holiday among practical jokesters, April 1st marks a tradition that goes way back - hundreds of years back. People, businesses - even some media - attempt to fool as many people as possible with any number of "believable" tricks.
Of course today, we live it what could be considered a perpetual April Fools Day, with fake news, spoofed websites, social engineering scams and hundreds of other "believable" tricks coming at us every day.
Read on to avoid some of the latest deceits - Saturday and beyond.
IN THIS ISSUE
|
|
Fake News Everywhere You Look (and Listen)
|
|
Two ways illegitimate headlines are sneaking into your life
While there is no shortage of ways to get your fake news, you can add digital assistants and spoofed news sites to that growing list.
Voice-enabled digital assistants
As reported here, Google's Home device recently shared a fake news story in the same manner it would a legit news item. Why? Because the device (and others like it, Amazon's Echo, Samsung's Bixby) appears to be programmed to respond to questions from users in snippets, which are short, direct answers found at the top of its search results.
This is a good example of the unintended consequences of lax engineering of smart devices. Just as it creates the spreading fake news, itcan also create privacy and security problems.
But, writes Mike Murphy of Quartz, the devices don't know any better. They are simply "parroting what Google search shows when the same questions are asked online."
Spoofed news sites
Scammers are getting very good at building websites that look like real news sites. And the
FTC is warning consumers. (
I've seen several of them; they are good replicas!)
This should be especially interesting to those of you in health care, as some of the craftier scammers out there are pedaling "brain booster" pills that make give false hope to patients with mental deficiencies, such as difficulty with concentration or memory.
|
|
Suspect a Data Breach? Google It
|
|
Search engine results may indicate a compromise
Google has begun adding a small, but mighty, phrase under search directory listings when its systems detect something has gone awry with an organization's website.
The warning reads "This site may be hacked."
As
reported by Brian Krebs, the advisory seems to indicate Google's spiders are capable of identifying sources of a large credit card breaches.
Google's attempts to protect its users is a double-edged sword for businesses and other organizations that rely on web traffic for revenue or engagement. On the one hand, it can lessen the fallout of a malware infection by preventing users from visiting the site. On the other, the warnings can persist long after the infection has been cleared. Read
this article for more on the little known consequences of website infections.
All the more reason to work double time to prevent those infections from happening in the first p
lace! Many of our SIMBUS360 clients thank us for helping them to establish the procedures and implement the tools necessary to be successful in this regard.
|
|
Surveillance Innovation Creates Privacy Concerns
|
|
From live streaming video to police body cams...
... surveillance these days is everywhere. A colleague of mine recently lamented she can't even sing along to the radio in her car without fear of winding up in a SnapChat video filmed by her 13-year-old in the backseat.
I looked at the feeds as I was creating this, and I saw a group of around 30 or so 1st
- 3rd
grade schoolchildren waiting to cross the street at an intersection. Given what is going on in the world, it is unsettling to think someone else in that area with malicious plans could have also been watching and seen an opportunity to do something bad.
Yes, this is a public space. However, the difference is that it is live-streaming, available for everyone to see, not just a small group like security guards or police officers. I'm hopeful they will soon post signs that alert people they are being monitored. Often, we're just completely unaware we're being watched. Take some government buildings, for example, which have security cameras in their bathrooms.
Many people will be surprised that such cameras are located within such a private space.
(A bill currently before our state's senate
seeks to ban them.)
I definitely agree there's potential for body cameras to create transparency. It makes sense to use them when necessary to resolve conflicts over specific incidents between suspects and police. However, we also need to balance those benefits by addressing the very real privacy issues they create.
Said a police sergeant: "If you are going to be out in public just understand there are going to be times where you are video taped." That's all well and good for the planned moments in your life. But what about crime victims? What about their right to privacy? Audio of 9-1-1 callers aired for all to hear have been a concern for many years; this issue is only becoming more complicated with the entry of video.
Using video captured on police body cameras for an indefinite period of time creates more concern. How could video from an individual's teen years impact them later in life if employers or others were able to access it? The privacy risks for the full lifecycle of such video, from the time it is created, through the time it is destroyed, needs to be clearly defined with rules established for its ongoing use.
|
|
WikiLeaks Has Done it Again
|
|
4 things you may have missed in the headlines
You've likely read the headlines about the,
now two sets of, documents provided to WikiLeaks disclosing how intelligence agencies spy on people through our devices. But let's dig a little deeper. Here are
4 meaningful take-aways:
- By law, intelligence agencies can only use the tools described in the leaked information if they have secured a warrant.
- The fact these agencies have methods and technologies that allow them to spy on people is not surprising. Making them public, however, opens the doors for cybercriminals to learn from the agencies' practices.
- Internet of Things devices are already telling tales about their users. This is not new, but the WikiLeaks incident helps consumers understand we all have to take ownership of our own privacy. There are things you can do, such as configure 2-factor authentication and encryption.
- The news also underscores the need for all organizations to have policies and procedures in place to monitor for and prevent insider threats, such as the leaking of confidential information.
|
|
Speaking of Insider Threats...
|
|
A new kind of employee = a new kind of risk
|
|
Losing Sight of IT Security Basics
|
|
Cyber incidents don't always stem from hackers
A recent article in
Fast Company covering the March outage of Amazon Web Services (AWS) raised an incredibly important issue. The world is so focused on hackers and cyber criminals that we may be forgetting the basics of IT security. At the top of that list are continuity and compliance.
Business continuity
Numerous big-name brands were out of luck with AWS went down. In one particularly ridiculous incident, a company was unable to communicate its trouble with AWS because the platform it relied on to communicate with its users also relied on AWS.
Security compliance
In addition to ensuring your business can continue to function in times of system outages, organizations of most every type have to consider security regulations. A violation of HIPAA, GLBA, and others, as well as standards like those from PCI, ISO/IEC and NIST, are a critical factor for running a successful business or advancing a cause.
|
|
HEALTHCARE SPOTLIGHT
|
|
"When Workers Go, So Must Their Access"
I recently had the pleasure of contributing to the subscription journal Report on Patient Privacy, in editorial put together by the brilliant Theresa Defino. Here's a bit of what we discussed in her article, "When Workers Go, So Must Their Access." Contact the
Health Care Compliance Association (HCCA) if you're interested in becoming a subscriber.
Managing workers' access "is an area where most organizations, of all types, struggle," says Rebecca Herold, president and CEO of SIMBUS, a HIPAA compliance firm.
Healthcare organizations and hospitals are especially challenged because there are "often large numbers of contractors, doctors that are business associates and not employees of the hospital, students and interns and volunteers. Because of the widely diverse population, it is important for hospitals [and other CEs] to have rigorous access controls, identity management requirements and thorough off-boarding processes," says Herold.
Systems must make efforts to narrow and track access. For example, some may allow too many pathways "of entry into the network," which can lead to one or more being missed, she adds. "This is where regular audits of log activity can identify the unauthorized access much earlier," says Herold.
|
|
Privacy Professor On The Road, In the News & On the Shelves
|
|
One of my favorite things to do is visit with leaders in different industries - health care and managed systems providers to insurance and energy (and beyond!). Below are a few of the events I have scheduled for the upcoming season.
April 18, 2017:
Giving speech,
"Don't Let Third Parties Bring Down Your Business: Effective Vendor Management," to attendees of
ISSA Minnesota Chapter Meeting
, St. Paul, MN.
In the news...
Tech Target Search Security
Health Info Security
Credit Union Times
LinkedIn
The morning TV broadcast regularly covers privacy and security tips with their guest, the Privacy Professor! Each is a brief 10-15 minutes and covers topics ranging from insider theft to connected vehicles. Check out
this online library to watch recent episodes.
The ISACA Privacy Book, for which I was Lead Author and Developer, released in late January. ISACA members can purchase the book for $35, non members for $70.
|
|
Every now and then, it's okay to let down your guard just a little. April Fool's Day is one of those times. Let your kids put Milk of Magnesia in your cereal or cellophane on the toilet seat. Those are memories you'll never forget!
The rest of the year, keep your wits about you. With hectic schedules and so many demands on our time, it can be easy to go with your first reaction. Take the time to dig a little deeper. It's so worth the extra steps...
Have a fabulous April,
Rebecca
Rebecca Herold
The Privacy Professor
|
|
|
|
|
|
|
|