 |
|
|
When my boys were little, they were brilliantly sly. Like most toddlers, they sometimes liked to see just how far they could bend the rules. As they grew into preschoolers, there were times they tried some pretty ridiculous things. And when they'd get in trouble, we knew what was coming: "But you never
said
I couldn't."
Surveying the world today,
I can't help but be reminded of those lovable, sometimes devious, little boys (
now grown into
responsible, smart young men, of course)
.
We're in such a rush to develop "the next great thing" that we've reverted to a preschool mentality.
In no space is this
more true
than data security and privacy.
Building in th
e necessary controls to secure data and protect privacy
is not something many developers
see as a priority.
Nor can they be bothered with c
onsidering the unintended consequences of
their "disruptive" innovations.
No one is telling them they can't, so they do. The small portion of developers that *do* see this as important usually have executives who put the kibosh on something they do not see as legally required.
There are dangers in this preschool privacy mentality. Don't you think?
IN THIS ISSUE
|
|
The Computer Says You'll be Dead Soon
|
|
Tech that scans your organs can also foretell your lifespan
Now i
magine how valuable that information could be
to people other than you, your family or your doctor. I'm thinking specifically of
employers,
insurance companies, funeral home or hospice marketers, estate planners, not to mention criminals who make hay preying on widows and widowers.
I imagine there are
many,
many others
who would love to get their hands on that level of predictive detail
.
This is an innovation we will want to keep an eye on, as there are
huge implications for
both
security (controlling access) and privacy (controlling who the
data is
shared with and how
it's
used).
|
|
Apps Sharing Your Data with the World
|
|
Users are rarely given a choice
Think of the last app you downloaded to yo
ur smartphone. Did you pay close attention to the services it asked to access?
If you did read down the list of services, did you accept them? Or did they give you a bad enough feeling that you decided not to download the app after all?
The really unfortunate thing, for both app developers and users alike, is that today's app world is
largely
"take it or leave it." It's rare to find an app that says, "It's okay if you don't want us to access your contacts. Just opt out, and you can have the app with fewer features."
Sadly, I don't
see this changing anytime soon. No one is requiring the developers to change, and for the most part, app users aren't as concerned as they probably should be.
Not to mention, the data collected, analyzed and sold is making a lot of people a lot of money. And when the money comes fast, change comes slow.
WHAT YOU CAN DO: Make it a habit to read the services your apps are requesting access to.
C
onsider whether it's worth it. Remember, it's not a question of whether you trust the app provider to
use properly and
keep safe your data. You also have to consider the same for all the other third-party entities the app provider is sharing your data with.
Why's that? Because...
WANT TO BE EVEN MORE PROACTIVE? Contact the app vendor and ask them "Why do you need access to the information?" Ask, "Who are you going to share it with? And how are you going to use it?" If you get answers, please let me know! With your consent, and either with your name included or anonymized, we will share your results with others in an upcoming issue so they can learn from your experience.
|
|
From Average Joe to Private Detective
|
|
Smart contacts transform wearers into super spies
Remember when Google Glass was just coming on the scene? Hospitals,
banks
,
even bars
, had to ban them so patients,
customers
and patrons
didn't have to worry they were
being secre
tly
video taped
or photographed.
Still,
we anticipated the day when no glasses, nor
indicator
lights, would
be there to clue us in
. In fact, I even talked about it in keynotes in several locations such as Bogotá, Colombia, and Melbourne, Australia, as far back as 2012. Well, the day has arrived. With the advent of smart contacts,
people will soon be able to
film what they see and play it back all with the blink of an eye.
It begs the question, "How will bars ban these?"
|
|
Fresh Phish: Examples of Phishing Email
|
|
Here are two scam emails
I've received in recent weeks
Thanks to those of you who identified even more red flags in the June Tips example of real-life scam emails. Here are some more for you to inspect. Do you see what I saw that says, "I am a scam message!" Let me know!
|
|
Ransomware Scammers Reach a New Low
|
|
'Pay up or spread the malware instead'
Just when you thought data thieves couldn't get any worse, they came up with this crafty crime.
Popcorn Time
, a particularly nasty version of ransomware, spreads by offering victims an alternative to paying up.
The person attacked can either send the ransom in bitcoin or send the malware to two people they know. Kind of reminds me of the old chain letters from the 1980s, except much more sinister.
It is never a good idea to pay a ransom for your data.
(Of course, that doesn't stop even large organizations from paying up to
$1 million to the data nappers
.)
For starters, there's no guarantee you'll get your data back. Even if you do, it is quite likely they kept a copy and may be selling it to other crooks. Second, it only encourages the scammers by expanding the profitability of their game. The same is true for offering to infect your friends.
When it comes to ransomware, your best bet (in addition to keeping your systems updated, of course) is to back up your files. That way, if you are attacked, you'll have no reason to pay -
nor
to spread the malware.
|
|
4 Scary Things You Need to Know
|
|
Here's a quick round up of what's new in the world of personal privacy risk
Google Chrome flaw allows for secret audio/video recording
-
A design flaw in the browser could allow malicious websites to record audio or video without alerting the user or giving any visual indication the user is being spied on.
NOTE: I've been worried about this possibility since they built videocams into computers. And, yes, I've kept that little camera lens covered with a sticky note at all times I wasn't actively using it. Better safe than sorry!
Facebook users reveal shocking details about themselves when they "like"
-
As the power of the
social media
"like" grows, political campaigns and companies are
using
it to influence and track
our
behavior.
Something to keep in mind when you are pressured to "like" a relative's or friend's post if it is something you wouldn't ordinarily look at. I know what it's like; I've also "liked" posts I usually would never read upon request just to not hurt someone's feelings. And as a result, those posts are now part of what people think is my personality.
Identity thieves targeting kids
-
The clean slate of a child's social security number and credit history can be too much for a greedy crook to ignore. What a disgusting thing to ruin a kid's financial standing before they can even talk or walk. And even more despicable when it is done by a parent or family member. Get a credit report on your kids at least once a year to make sure they've not become unsuspecting victims.
You could become infected just by hovering your mouse
- It's true. There is a PowerPoint trick that allows scammers to send you a file capable of spreading malware to your computer... without even clicking anything! Among other precautions, remember if someone you don't know, or wouldn't expect to get a file from, sends you a PowerPoint file (or any file for that matter), simply delete the entire message. It is not worth the potential problems that any associated malware could cause.
|
|
HEALTH CARE SPOTLIGHT
|
|
Task Force Eyes Medical Devices
A special task force has declared that the health care industry needs to step up its game when it comes to cybersecurity. I could not agree more, and am happy to see such actions being taken!
Among the recommendations made by the task force were increased
security
on medical devices, something data security and privacy advocates have been clamoring for... for at least the past ten years.
Medical device developers and the hospitals, clinics and medical offices that use these devices (and other connected technologies) should heed this as a wake-up call. Based on the task force's recommendations, the HHS, OCR and the FDA could begin auditing these devices for effective controls.
And, those responsible for the devices could be held accountable for HIPAA noncompliance and face associated penalties.
|
|
Privacy Professor On The Road & In the News
|
|
One of my favorite things to do is visit with leaders in different industries - health care and managed systems providers to insurance and energy (and beyond!). Below are a few of the events I have scheduled for the upcoming season.
October 11, 2017
: Private Executive Briefing on healthcare security and privacy in the Internet of Medical Things in northern Rhode Island.
Privacy Professor In the news...
Credit Union Times
Healthcare Info Security
TechTarget
The morning TV broadcast regularly covers privacy and security tips with their guest, the Privacy Professor! Each is a brief 10-15 minutes and covers topics ranging from insider theft to connected vehicles. Check out
this online library to watch recent episodes.
Here is
my most recent visit to the studio in June.
I enjoyed discussing Russian hacking, "digital exhaust," the need for MUCH BETTER and ESTABLISHED MINIMUM SECURITY STANDARDS REQUIREMENTS for election systems, and ransomware with Lou Sipolt, Jr and Jackie Schmillen.
|
|
 |
|
|
My little troublemakers at ages 2 and 4.
|
There are so many things we can learn from our preschoolers. Things like curiosity and imagination. At the same time, there's a reason we mature as human beings. When it comes to data security and privacy, we must apply our more evolved sense to the problems that challenge our society. But follow that proclivity to ask a lot of questions...especially when others are asking for and using your personal information.
When you see evidence of the preschool privacy mindset, speak up. The only way to rid our communities of this attitude is to remind one another of its dangers.
Best of luck to you and have a wonderful, fun and & safe July,
Rebecca
Rebecca Herold
The Privacy Professor
|
|
|
|
|
|
|
|
