|
Curing Privacy & Security Madness
|
March madness typically describes the annual bevy of basketball tournaments. This year, though, it's a pretty accurate description of the ongoing battles happening on so many fronts: the pandemic, widespread weather events, power outages, and of course, cyber assaults by malicious actors exploiting poor business practices.
Especially in work-from-home situations, every person with sensitive digital files is vulnerable. The data security and privacy industry must do all we can to support them in the practice of consistent data and media information backups.
To do our part, we're providing tips for better backup practices, along with some news and other information you may find useful.
|
|
|
|
March Tips of the Month
- Data Security & Privacy Beacons
- Featured News Story: Avoid Zoom Mayhem
- Where to Find The Privacy Professor
|
|
Photo by Andreas Steidlinger on Scopio
|
|
Data Security & Privacy Beacons*
People and places making a difference
|
|
YouTube is providing tools to report and/or block inappropriate or abusive content or users; to report suspected hacked, hijacked or compromised accounts; and to point to more information for online safety and privacy.
*Privacy Beacons do not necessarily indicate an organization or person is addressing every privacy protection perfectly. It simply highlights a noteworthy example of privacy-aware practices.
|
|
Photo by alessandro castiglioni on Scopio
|
|
Featured News Story
Avoid Zoom Mayhem
|
|
As many of us have seen in the news, online meetings can easily be interrupted by Zoom bombing if users don’t take control of the settings.
You can also be embarrassed by simple mistakes of user error, such as the gentleman whose screen showed him as a cat throughout an important meeting.
- Join Zoom meetings through your web browser
- Ask that meeting participants sign in with a password.
- Set up two-factor authentication for your Zoom account.
|
|
Stories that caught our eye and inspired us to share.
The Verge: The Battle Inside Signal. "The fast-growing encrypted messaging app is making itself increasingly vulnerable to abuse. Current and former employees are sounding the alarm."
- Is your company using web gifs, aka tracking pixels? Make sure you know the privacy and data protection compliance implications.
-
Here's another related story: BBC News: 'Spy pixels in emails have become endemic'. A Princeton University study indicated data gathered was sometimes linked to a users' cookies, allowing an individual's email address to be tied to their wider browsing habits.
Three articles on the hot topic of facial recognition and related privacy and security issues, including the development of new laws:
Philadelphia Inquirer: How to avoid COVID-19 vaccine scams. "Scammers are using platforms like phone calls, text messages, and social media to try to steal personal information, money, or both. Don't fall for it." Before replying to any text messages about COVID-19 vaccines, call the legitimate source of the vaccines.
|
|
Did you celebrate Safer Internet Day on February 12? We did.
To mark the day, we put out a lot of free videos and eBooks with awareness tips and training for privacy, compliance, data and cyber/internet security. "We" refers to my son Noah and I. We launched our new business, Privacy & Security Brainiacs on another really important day, International Data Privacy Day, Jan 28, 2021!
Among the resources we shared was a free video for working from home. It includes several tips to strength security of IoT devices. Most of these devices communicate with clouds in the internet.
Feel free to share the above resources with family, friends and co-workers. We believe in continuous improvement, which relies upon feedback, so tell us what you think!
An important warning about Clubhouse.
A Tips reader recently invited me to join Clubhouse. I replied, “Thank you, but no thank you. Clubhouse has some significant privacy issues.”
“Oh…what are the privacy problems with Clubhouse?” the reader asked.
After I listed a few for him, he said, “I don’t like that! I will delete my account!”
I then shared another privacy issue: "Currently, there is no way for you to easily and immediately delete your Clubhouse account.”
Besides the curated articles from Debra Farber in the Beacons section, here are some additional sourcs of information about Clubhouse privacy concerns:
|
|
Privacy & Security Tips
How to perform effective backups & limit unwanted calls
|
|
Privacy Professor’s Tips for Backups…
Don't let your precious memories - or critical professional, business, financial, etc. information - get blown away, burned, drowned, frozen, altered or erased.
These include files and media, such as email, financial documents, photos, videos, social media. Basically, anything that you would be very sad to lose, could create a legal problem for you or others or could otherwise create problems for you.
Have you made backups of your data lately? Within the past month? No? Well, take some time to do so now! World Backup Day is March 31st, but you don’t need to wait to do it.
Do you think your backups are being automatically made to a cloud service? Have you checked those backup locations in the clouds to make sure you have all the files you need? Do it now!
Here are just a few additional actions to take to make sure all your valuable and treasured files are being backed up and secured wherever those backups are located:
-
Back up your emails, photos, videos, tax documents and contacts to multiple locations.
-
Use a surge-protecting power strip. Lightening can wipe out data and software literally in a flash.
-
Using cloud computing (an Internet-hosted service) is handy, but can also be risky. Be sure to research any cloud company thoroughly before depending on one to store your data.
-
For sensitive/confidential materials, back up to external drives, DVDs and/or USB thumb drives that you keep securely under your complete control. Store those devices (I use multiple devices) in a separate secure area. I keep some in my bank deposit box and others in a fireproof/waterproof safe on a different floor. Don’t keep your backup media in an area that could be flooded or ruined by mold and humidity.
-
Encrypt sensitive/confidential backup media to keep others who may obtain that media from actually getting access to the data.
-
For most people, making email backups once a week is sufficient and needed.
-
Backing up photos and videos depends on how often you create them; generally, the more often you do, the more often you should back up - immediately after you create the files.
- Scan and keep copies of your paper and other types of hard copy documents that you do not want to lose.
-
We will soon be releasing new Privacy and Security Brainiacs training and eBooks with much more detailed tips and instructions for making and securing backups. However, the tips above will provide you with a good headstart.
Privacy Professor’s Tips to Limit Unwanted Calls…
A friend recently posted online: “The Do Not Call List is the biggest joke. I believe I have received a telemarketing call from just about every state today!” Dozens of people quickly agreed with him.
Do you agree, also? Are you getting dozens of phone calls even though you’ve put your phone numbers on the US Do Not Call List?
Let’s step back and consider the long-standing US Do Not Call Registry.It was very effective when it was introduced in 2003. Consider a few statistics:
- In 2003 most people still used land-lines (over 92% in the US); 268 million households had landline phone numbers in the US. There were no smartphones, as we think of them today; there were 180 million cell phones with extremely limited internet capabilities and no apps. Those cell phones were very utilitarian.
- Studies showed the Do Not Call list was pretty effective in cutting down on unsolicited calls (except for calls from political organizations, charities, telephone surveyors and some organizations with which you have a relationship, which are exempt).
- However, today, the US has 260 million smartphones in use. Over 45 million in the US use VoIP from their laptops, tablets and computers to make calls. Compared to only around 38% (~48 million) of households that have landlines today.
- The average cell/smartphone user has downloaded more than 100 apps onto that phone. Even though the average person uses only 9 of those apps.
- There are more than 284 million people in the US who use the internet. The average US internet user spends a little over 3 hours per day on the internet, and over 76 minutes of that is on social media. Visiting hundreds of sites, participating in interactive games, quizzes, etc. and using many web-based apps.
What does this have to do with Do Not Call list?
Almost all of the apps you download ask for access to your phone number, and to use it. Most people click agree. BOOM! You just gave permission for your phone number to be used and "shared with trusted third parties," which usually means the app company is selling those phone numbers to a large number of marketing companies, who will now call you.
You take quizzes on social media. BOOM! You probably gave that quiz provider access to use your phone number through the way you set the security and privacy settings on the social media site.
You download "free" things on websites. BOOM! You have now given those sites permission to take your phone number and call you or sell it to others, if they asked you for one in return for the download.
Most people do not read the terms of use and "privacy" (often more like "no-privacy") policies/notices on social media sites, in apps or on websites, and they usually are giving thousands...maybe even tens of thousands...permission to use their phone numbers, and sell those phone numbers to others.
With that permission, the Do Not Call list you've put yourself on doesn't apply. You've given permission/consent (whether you realized it or not) for all those apps/websites/social media/etc. to use your phone number.
Add to these tens of thousands of entities, the credit reporting agencies that also monetize your phone numbers if you've not explicitly opted-out of them sharing/selling them to other entities.
For sure, The Do Not Call List is long overdue for an update. Not to mention the need for a comprehensive US federal privacy regulation. In the meantime, we all need to be more aware of what we are agreeing to when we are online and using apps.
|
|
Where to Find the Privacy Professor
|
|
Here are just a few of the podcasts, webinars I’ve done and news articles I’ve written or been quoted within.
|
|
I spoke recently with Corey Munson, VP of PC Matic, on his podcast about work from home security and privacy risks, and some specific risks that IoT devices within home work environments bring to businesses.
|
|
GDPR regulators are sinking their teeth into violators. 2020's fines are proof. Cybersecurity Dive
2020 Was a Privacy Wake-up Call: Don't Go Back to Sleep in 2021! SecureWorld
And Security for All hosted by Kim Hakim on the Voice America Business Channel.
|
|
Privacy & Security Brainiacs Resources
Free Training Videos:
|
|
On this episode of CompTIAWorld's Shoering Up Security, MJ Shoer and I talk about how to implement cybersecurity best practices—and how to get everyone involved in the conversation (not just IT). We also offer up advice for anyone thinking about starting their own business, as well as the terrific topic of women in tech.
|
|
On this Trility podcast, we discussed infosec and privacy specifically for senior living facilities.
|
|
Listen in to learn more about pandemic-era threats to consumer data security and privacy.
|
|
The topic here was how to protect your home, kids, finances, health data and business from hackers.
Here is another episode that covers privacy risks and impacts of contact tracing, IoT device use and the Surprising Places Your Data is Being Tracked.
|
|
|
Tips4Tech 12 Tech Resources
|
I was honored to be included in a list of a dozen resources for people turning to tech to help them through the COVID-19 crisis.
|
|
|
A couple recent industry articles to which I've contributed thoughts...
|
|
|
Defense-in-Depth (DiD) Strategies: Protect Higher Ed Users Against Cyberthreats
|
|
|
|
VA Did Not Disclose Huge Data Breach for 7 Weeks
|
|
|
|
|
Latest Episode
Next Episode
|
|
|
|
|
New IoT Cybersecurity Drafts from NIST Will Impact the Ecosystem
|
On December 15, 2020, NIST released four new draft IoT cybersecurity documents to provide guidance for federal agencies and device manufacturers. Additionally, NIST is updating its catalog of IoT cybersecurity capabilities.
Please provide your feedback to NIST.
|
|
|
|
In this video, Michael Fagan, technical lead for the NIST Cybersecurity for IoT program, and I, a subject matter expert (SME) on the NIST Cybersecurity for IoT program team, describe the path that led to the GitHub posting and its role in developing the Federal Profile.
|
|
|
Privacy & Security Brainiacs| Website
|
|
|
Permission to Share
If you would like to share, please forward the Tips message in its entirety. You can share excerpts, as well, with the following attribution:
NOTE: Permission for excerpts does not extend to images.
|
|
|
|
|
|
|