 |
|
|
Beware the Risks While Away from Home
Spring Break escapes and summer getaways are on a lot of minds right now, especially in my neck of the woods where unseasonably warm temperatures (albeit
mixed with periods of sub-freezing ice and snow) have us all dreaming of relaxing times ahead.
Sadly, travel is also on the minds of fraudsters.
Crooks know just how to prey on people who are out of their element. They understand exactly
how to exploit all the vulnerabilities as minds are on many other fun things
. As good
folk
s are gearing up for vacations, the
scoundrels are planning how to take advantage.
So, be smart as you're out exploring. And be sure to read and share the tips below before you take off!
|
|
 4 Unexpected Ways Your Privacy is at Risk in Hotels
|
|
Easy to let guard down when comfortable
Even as it's become an increasingly large target for fraudsters, the hospitality industry is doing a great job making guests feel at home. Sometimes, however, this can back-fire on guests' privacy. When we are most comfortable is often when we are most vulnerable.
Next time you visit a hotel, keep these things in mind...
Hotel staff have 24-hour access to your room. Just running to the vending machine or down to meet a colleague for a drink? Don't leave that laptop screen open. Confidential information can very easily fall into the wrong hands as cleaning, maintenance and other
personnel are allowed to enter your room without notice or consent.
And, if you leave the door open, which many people do in hotels, especially if they are just running down the hall to the vending machine or another room, anyone passing by can enter.
Do Not Disturb signs are a request, not an order. The signs and key cards that tell hotel staff you'd rather they not enter
are not a guarantee they will stay out. Since the
deadliest mass shooting in U.S. history, during which a gunman used a Las Vegas hotel for cover, hotels across the world are making it clear they will
ignore the signs if they have cause to enter the room.
Unseen eyes are watching you.
In the hotel lobby. In restaurants. On planes. Chances are, you display too much of your personal and sensitive information on screens when you are out and about. Invest the comparatively small amount in a privacy screen for your smartphone, tablet, laptop and any other type of computing device you use while traveling. Here are some examples. (Full disclosure, I'm a 3M Visual Privacy Council Board member who truly believes the company's privacy screens are valuable. Of course, these types of screens are available from a few other companies, as well.)
FOR HOSPITALITY INDUSTRY LEADERS
If you operate or lead a hotel, motel, bed and breakfast, hostel,
conference center
or any other lodging / hospitality business, now is a good time to review your privacy policies.
Questions to consider:
- Are you making each of the above points clear to your guests?
- Are you helping them understand when and how you may share their information or access their rooms?
- Do your employees and contractors know and follow these policies?
|
|
Privacy Hero: Mari J. Frank
|
|
Privacy expert leverages nearly every available media platform to advance message
Mari Frank, CIPP, is an attorney and author who has devoted her career to raising awareness of data security and privacy threats facing consumers and businesses.
In addition to her work to educate, she has donated countless hours to help victims of fraud and identity theft. Her devotion to this work is among the reasons she was named to Money Magazine's list of Money Heroes.
Mari has a keen understanding of the influence government officials have in protecting citizens from harm in our increasingly connected world. She has testified many times in Congress and the California legislature, as well as spoken at the White House, on important issues related to data security and privacy.
Several industries have come to rely on Mari's expertise. She has chaired the California State Bar Privacy Committee, and she advises 3M's Visual Privacy Council. She serves as a Fellow for the Ponemon Institute and was advisor to the California Office of Privacy Protection.
Want to hear some of Mari's advice? Listen to this Voice America show episode for a recent, insightful and wholly educational conversation we had about identity theft.
We want to know: Who is your privacy hero?
Each month in 2018, we'll introduce an individual who has gone over and above to advance data security and/or privacy in their corner of the world. To nominate, simply drop us a note and explain why we need to know your hero.
At the end of December, we will announce our Privacy Hero of 2018. He or she will receive a token of appreciation and commemoration of outstanding work.
|
|
U.S. Net Neutrality Laws Vary State by State
|
|
Travelers in America face different risks as they go
The FCC repealed net neutrality by officially relinquishing their authority for it in January of this year. And they did so in spite of st
rong objections, even from a minority number of the FCC's commissioners. It's
a move I, and many colleagues across industries, view as damaging to privacy and the overall experience of using the internet.
So now we are faced with a situation in which there is no U.S. federal authority ensuring net neutrality. As a result, different U.S. states are applying different rules to the internet service providers (ISPs) that operate in their jurisdictions. (Some are also suing the FCC.) Aside from creating a lot of confusion, especially for national and international companies and the consumers who buy from them, the patchwork legislation can create different experiences for Internet users as they move across the country.
What does this mean for you as a traveler?
Many things.
But one very important outcome is that the ISP providing internet service to your airport, cab, hotel or conference center may, in fact, be able to
collect and use data on your online activities without having to ask your permission.
2 THINGS YOU CAN DO
Use a VPN. A virtual private network gives you an
encrypted, private channel for accessing the internet. Of course, the
VPN can usually see what you're up to and could be compelled to share that data.
Use Tor.
Tor is, in general, anonymity software that allows users to remain anonymous online. It may even allow users to visit some dark web sites.
What the country needs, as the Internet Association supports, is a clear framework that protects the free flow of information online. This will prevent consumers from having to download cumbersome, inconvenient software. It will stop
ISPs and other online provides from nickel-and-diming customers, especially small businesses and startups that now may be asked to pay extra for being "findable" online.
Without net neutrality, ISPs can easily bury content if a customer doesn't pay up. That is not freedom, nor is it supporting the great potential the internet has to provide value and services to everyone.
|
|
Meeting 'Real' People in a Digital World
|
|
Catfishing and account spoofing are on the rise
If you get an online connection, such as a LinkedIn or Facebook friend request, always view it with skepticism. Especially after returning from a trip during which you met lots of new people, it can be tempting to assume the request is coming from a legitimately new acquaintance.
But, it may very well be fake.
It's a global problem. According to Australia's Stay Safe Online, the creation of fake social media profiles is now an industry
worth over $700 million. For it's part, Twitter says approximately 8 percent of its accounts are fake.
Facebook said in 2017 it had more than 200 million fake or duplicate accounts globally, an increase of 14 percent from 2016.
By and large, fake attempts to connect with you are initiated via machine learning and artificial intelligence robots. Crooks purchase inexpensive software that scours the internet looking for "easy marks." Here are a few things you can do to stay off the radar of these fraudsters and their computers:
Learn the social platform's privacy settings. And review them quarterly. Social brands are notorious for making frequent changes to their options.
Enable two-factor authentication. This makes it much less simple to hack your account, which spoofers do so they can impersonate you. Once they have your photos, your personal data and your connections, they can much more easily fool people into believing their account is legitimate.
Use a strong password. You've heard it before. No names, addresses or easily guessed passwords. NEVER use the same password on social media that you use on your financial accounts
.
Search by image on Google. I once caught a spoofer by putting his social profile pic into
Google Images.
In the April Tips I'll include a case study showing how fraudsters tried to catfish me!
|
|
Quick-Hit Travel Tips
|
|
Remember these simple rules when leaving town
Don't post until you're home. This can be a tough one. You want to share your experiences in real-time with your connections. But remember, not everyone is watching with a good heart. Instead of seeing that beautiful beach sunset,
a crook sees an unoccupied home or office.
Avoid using public charging stations. A good rule of thumb is never to put an unknown USB or other cord into your device. Malware could be present, and now all of your data has been exposed. There are
devices that sit between your phone or laptop and a public USB, so if using public charging stations is something you want to continue doing, you may consider investing in one.
See my YouTube videos, such as this one, for discussions of skimmers.
Watch out for fake WiFi.
Fraudsters create their own WiFi networks, sit in public spaces and wait for unsuspecting internet users to jump on. They use that connection to steal anything they want
off the connected devices, and from the transmissions - photos, files, account numbers, you name it! Use your own WiFi hotspot whenever possible.
Beware of unmanned terminals. ATMS, gas pumps - anywhere you are asked to swipe a card without a cashier present - are
vulnerable to skimming. If something looks out of the ordinary or tampered with, find a different machine.
|
|
|
|
My flight to Singapore on All Nippon Airways (ANA) 2016
|
|
HEALTH CARE SPOTLIGHT
|
|
Flash Alert Shines Light on Troublesome Vendors
The U.S. Office of Personnel Management (OPM) is not happy with one of its vendors, Health Net of California.
The federal government's chief HR agency claims
Health Net of California is obstructing OPM
from conducting vulnerability testing of its systems. What's worse, they claim, is that the vendor contract Health Net of California signed with OPM obligates the insurer to let OPM perform this testing.
Unfortunately, this continues to be a problem in health care and beyond. Securing vendor cooperation with vulnerability and penetration tests has been notoriously difficult. The same goes for other technology-based assessments, risk assessments and program audits.
2 simple things you can do...
Be aware of timing.
Companies should make efforts to work with vendors so testing does not occur during difficult times, such as a key employee's absence or the vendor's implementation of a new enterprise operating system or application.
Be clear in the contract.
Companies must include specifics in their vendor agreements. Contracts should cover what constitutes an acceptable refusal or reschedule of testing requests. It should also describe what action will take place if the vendor refuses to allow the testing.
|
|
Privacy Professor On The Road & In the News
|
|
On the road and in the ethernet...
One of my favorite things to do is visit with leaders in different industries - health care and managed systems providers to insurance and energy (and beyond!). Below are a few of the places I have been recently and a few of the events I have scheduled for the upcoming season.
April 17: Providing identity theft information at Compass Financial
April 24: Teaching online GDPR Compliance MasterClass for IT GRC Forum
April 26: Teaching ISACA ILLOWA Chapter 1-day ISACA ILLOWA Spring Seminar on Privacy Management & Privacy Impact Assessments (8 CPEs) at the ProCircular facilities in Coralville, Iowa.
May 30-31: Giving Keynote SecureWorld, Atlanta, Georgia.
September 19-20: Giving keynote and sessions at Data Privacy Asia, Manila, Philippines.
Privacy Professor in the news...
NEW RADIO SHOW!
I'm so excited to be hosting Data Security & Privacy with The Privacy Professor on the
VoiceAmerica Business network
. Our first several episodes are available for on-demand listening. Hear the perspectives of incredible guests as they talk through a wide range of hot topics, including identity theft, medical cannabis patient privacy, cybercrime prosecutions and evidence, and government surveillance.
Do you have an idea for a show topic? Or would like to suggest someone who would be a great guest? Please let me know!
CPO Magazine
Healthcare Info Security
Health Data Management
SIMBUS Blog Posts
The morning TV broadcast regularly covers privacy and security tips with their guest, the Privacy Professor! Each is a brief 10-15 minutes and covers topics ranging from insider theft to connected vehicles. Check out
this online library to watch recent episodes.
|
|
|
|
 |
|
My trip to Alaska, circa Feb. 2016
|
|
Time away is exciting enough without inviting fraudsters, scammers, crooks and cons into your experience.
By following just a few simple tips, you can greatly mitigate your security & privacy risks, ensuring you get to sqeeze every enjoyable moment out of our travels.
Here's to fantastic (safe, secure & private!) travels this Spring!
Rebecca
Rebecca Herold, The Privacy Professor
|
|
|
|
|
|
|
