Giving our Grads the Best Chance at Success

It's that time of year again. Wide-eyed graduates the world over are preparing to embark on the next phase of adulthood. Will they do so with a clean slate? Or will the data trail they've left, most since early childhood, challenge their dreams?

Read on to learn how you can give the young people in your life the best chance at a strong future - one in which technology helps, not hurts - their chances of success. 

... and I hope you enjoy the photos, each captured at my son's recent graduation. 

You Are on the Dark Web
Data breaches and compromises open the doors to your personal data.

The digital black market
, a.k.a. the dark web, is home to every conceivable type of stolen personal data - from social security numbers to the name of childhood pets. 

Curious if your data is out there for the bidding?

NOTE: I could not quickly find a privacy notice posted on the site of the above tool, so keep that in mind if you want to use it.

We don't go a day without hearing about a data breach or information security compromise (and there are hundreds of others we don't hear about). The chances of your information NOT being for sale on the dark web are small. Knowing about it, though, is a huge first step in preventing fallout.

That's because there are things you can do to protect yourself should you find your information for sale on the digital black market. These include changing your passwords, being alert to calls, emails and texts that seem out of place and contacting the credit reporting agencies to let them know your personal profile has been compromised. 

Fake Emails that Look Totally Real
Anyone in a hurry could fall for this one...
... but look closely. Even this well-designed phishing attempt, delivered to its target via mobile email, contains red flags. Look closely, can you see them?

Did you find them? (Maybe you found others... if so, let me know!) Here are the ones I caught:
  • Grammar: U.S. entities rarely if ever hyphenate "co-operation;" there are words missing throughout; many sentences just don't sound right, e.g., "...on update on your file..." Really doesn't seem right, does it?
  • Misspellings:  Card "Memeber" and "authenticaate."

  • Deadlines and threats: Telling the reader they only have three days to complete this or they will block access is not a typical business nor customer service practice.

  • Overly detailed instructions: Most email users understand what to do with an attachment and do not require a 4-step instruction manual. 
Security Threats from Your Used Car
If you can connect to your car via smartphone, so can they.

Consumer Reports recently wrote a heads-up article for all used car buyers. It warned us the former owner may still have remote access to the vehicle we just purchased. To illustrate their point, they shared a story:

"[The used car seller]... later noticed that his old car remained listed... on the smartphone app he used to control it. If he wanted, he could still remotely unlock the doors, find the car's exact location, and control the heat and air conditioning. He figured his access eventually would be cut off, but years passed and nothing happened."

Buyer... and seller... beware

New buyers may also be able to access an old owner's information, such as home address (logged into the GPS), garage door openers (still programmed for the old home) and phone contacts (logged in the hands-free driving feature).

Importantly, the same can be true for homes. If you have purchased a home with connected security features, like steaming video of front-door visitors or remote unlocking, be sure to reset them. If you're not sure how, contact me and I'd be happy to research it alongside you. 

Could You Lose Your New Home to Hackers?

This couple did.

In North Carolina, Jon and Dorothy Little were about to sign on the dotted line for their $200,000 home when they learned of a problem. Their lawyer's office had been hacked. And in the process, their payment had been stolen, right out from under the couple, the lawyer, the realtor and the bank.  

Even though the FBI was able to freeze most of the stolen money before it moved overseas, policies and procedures at the couple's credit union prevented them from getting their money back immediately. So... no money, no deal. And the sellers of the home moved on to the next homebuyer.

The lesson? Don't be afraid to ask questions of the businesses you engage for large transactions. Ask them if they perform even basic tasks to protect you. In this case, a simple phone call from the realtor to the law firm may have prevented the entire disaster. 

Another Public Employee Under Fire for Personal Email Use
It's déjà vu all over again. 
Some of my long-time readers may remember the story of a school superintendent in my neck of the woods who was fired for conduct uncovered when she used her school email personal reasons. The emails were racy in nature, causing her firing and also a lot of embarrassment.

Well, it's happened again.

This time, it was a utilities board chairwoman using her email for non-work reasons. Not nearly as racy, but just as foolish, the emails revealed she had improperly mixed her state job with a personal law practice.

The lesson? Understand that every single email you write is logged, tracked and the contents likely accessed. Be mindful of the use and the contents of every email, text, chat, etc. you send over the company or organization network! Even "personal" emails are tracked by Google, Hotmail, AOL, whatever... perhaps even your internet service provider (ISP). 

  • Never send or receive sensitive personal email from a business email system, even if you are planning to leave your employer.
  • Personal and explicit messages sent through business computers and systems could very well become widely known to the public in a very damaging and humiliating way. There are many e-discovery and open records laws that provide access to business email systems.

  • You can ruin your business, and possibly personal life, if you send non-business information using the business email system. You could also ruin the lives of those with whom you are exchanging emails.
The Future of Surveillance is Scary
... and in many ways, the future is already here. 

What follows is a quick round up of the ways people, agencies and businesses can trick you into giving away your most private and personal information:

Ghosting cell phones:  Malware, placed on cell phones by federal agencies, such as U.S. Homeland Security, collects data undetected. Less sophisticated, but just as effective, is when law enforcement takes the phone of someone close to a suspect and engages them in a text conversation.  (Thanks to Colleen Kinney for this pointer!)

Taking your DNA:  Popular consumer genealogy firms are retaining the ownership rights for the DNA of their customers. What happens when law enforcement someday compels them to hand it over? Will they comply? (Thanks to Michel Kabay for this pointer!)

Following you in a crowd:  Computers and other technology, such as artificial intelligence, machine learning and facial / biometric recognition are getting very good at spotting people in a crowd and following their movements. Check out this video, shared by Joe Shook, to learn how they are doing it.

Slowly removing choice:  When Twitter rolled out its new privacy policy, it removed the "Do Not Track" option. This feature once allowed users to opt out of being tracked by advertisers. 

SeventhPrivacy Professor On The Road & In the News  

On the road...

One of my favorite things to do is visit with leaders in different industries - health care and managed systems providers to insurance and energy (and beyond!). Below are a few of the events I have scheduled for the upcoming season.

June 14, 2017 : Giving webinar, "Building a Framework for Data Privacy and Protection in the Cloud," sponsored by IANS Research

June 15, 2017: Giving webinar, "Risk Assessment Models for Healthcare Organizations," sponsored by the ISSA Healthcare SIG 

July 27, 2017: Co-Chair of the " The Internet of Medical Things III: Engineering and Cybersecurity for Connected Devices," hosted by the BioPharmaceutical Research Council, Princeton, NJ.

September 15, 2017: Giving webinar, "Auditing Vendor Risk Management Programs,"  hosted by the AHIA.

In the news...

Information Security Buzz

Credit Union Times

The morning TV broadcast regularly covers privacy and security tips with their guest, the Privacy Professor! Each is a brief 10-15 minutes and covers topics ranging from insider theft to connected vehicles. Check out this online library to watch recent episodes.

Here  are my two most recent visits to the studio:

Questions? Topics?

Have a topic I should discuss on the  CWIowa Live morning show? Or, a question I can answer in my next monthly Tips? Let me know!

Best of wishes to each of you celebrating the successful graduation of the students in your life. I know from personal experience how fulfilling it can be to watch your loved ones do well and head out into the world. 

Thank you to all of you for engaging with me in this effort to make sure it's a secure world in which they move about and reach for the stars. Privacy and data security is so important, especially for those just starting out. 

Keep talking loudly and often about how much you care... those in influential positions are bound to hear! 

Have a fabulous June,
Rebecca Herold
The Privacy Professor
Need Help?

Permission to Share

Want to repurpose the information contained in this Tips? Yes, please forward in its entirety. 

If you prefer to use only excerpts, please use this attribution:

Source: Rebecca Herold, Founder, The Privacy Professor®,,,, 

NOTE: Permission for excerpts does not extend to images.
The Privacy Professor
Rebecca Herold & Associates, LLC
Mobile: 515.491.1564

Visit my blog    Follow me on Twitter