Why are you getting this? Please read our Privacy Notice & Communication Info at the bottom of this message.
|
|
|
Surveillance is Ubiquitous
School is in full swing. Same with football, basketball, volleyball, baseball, hockey and lots of other sports. Add to that the many concerts, farmer’s markets, art shows and other gatherings to choose from. Please be safe out there!
In addition to staying safe from the ongoing pandemic, be smart about the risk of surveillance. Cameras and recorders of an endless variety, including smartphones in every pocket, proliferate our public areas. Fitness monitors and health trackers, not to mention smart cars, are recording everything we’re doing and where we’re doing it.
In a word, surveillance is ubiquitous. Below are some tips and stories about surveillance and the IoT devices that stealthily support the spying activities of which so many are unaware.
Because so many readers have enjoyed our content tie-in to wacky holidays, we are keeping it going. In addition to the surveillance and IoT news below, you'll also learn how six special days in October relate to security, privacy or both!
Did you like this issue? Do you have questions for us to answer? Let us know!
Rebecca
|
|
October Tips of the Month
- National Walk to School Day
- Privacy & Security Questions & Tips
- Data Security & Privacy Beacons
- National Train Your Brain Day
- National Get Smart About Credit Day
- National Financial Crime Fighter Day
- Where to Find The Privacy Professor
|
|
Excited to Announce...
... Paper Back Books!
|
|
We were overwhelmed by the positive response to the 3-volume set of books we published for Grandparents Day, “Cybersecurity for Grandparents: Q3 2021 Edition.” Thank you for sharing your feedback!
Several businesses, a retirement center, a long-term care center and an Alzheimer’s care center asked if we could create hard copy books from the original digital flipbooks. They found the information valuable for everyone, not just grandparents. So, we thought, let’s get them printed!
We also decided to print a different 3-volume hard copy set each quarter, so we will have another book available in November…just in time for gift giving! And, because Rebecca’s mother and Noah’s grandmother loved reading books (especially the stories Rebecca wrote for her all the way through high school), we are naming the series "Mary Ann Books" in her honor. We only wish she was here to read them.
The hard copy versions are similar to the digital formats with the exception of leading pages, the Mary Ann Books page, a Table of Contents, a few additional tips and information. We also added a glossary at the back of the bound hardcopy set of three books to explain some of the terms for which some readers may not be familiar.
We are so excited to get our own hard copies. We truly hope everyone who gets a book finds them informative and helpful. If anyone is interested in getting multiple books for a group of people, and/or have suggestions for topics to cover in upcoming editions, please let us know.
|
|
National Walk to School Day
October 6
|
|
National Walk to School Day encourages exercise, which we obviously support. One way to add to the fun? See how many surveillance cameras you can spot along the way. How many did you find? Let us know!
|
|
National Online Bank Day
October 11
|
|
The day celebrates the advantages offered by online banks. But, along with advantages, it also brings security risks. There are many actions and layers of technologies needed to protect bank sites.
Here are six things you can do to significantly improve the security of your online banking activities:
-
Do not rely on public Wi-Fi networks to access your online bank or other financial accounts. Even if you are using a VPN, someone in the vicinity may be able to connect directly to your device and gain access to your account while you're connected.
-
Do not use shared/public computing devices to access your online bank or other financial accounts. Login and account data are often kept in the memory or storage of your device. Anyone using the shared device after you could be able to get to your sensitive information in memory and/or storage.
-
Use multi-factor authentication for every bank and financial account you own. That way, if someone gets your password or PIN, they won't be able to access your account without the additional authentication factor.
-
Make strong bank and financial passwords by creating long combinations with upper and lower case alpha, numerals and special characters. This will prevent someone from easily guessing your password or cracking it by using one of many automated password guessing tools. One other tip: Never use default passwords no matter how strong they may seem; cybercrooks know those default passwords.
-
Do not use the same passwords for banking and financial accounts as you use for other types of accounts, such as social media sites, business accounts, online shopping accounts, etc.
-
Keep your computing devices updated. These can create backdoors into your device or pathways from your device to your banking and financial accounts. See our free flipbook, “Cybersecurity for Grandparents Volume 2 – Keep Your Computing Devices Updated!” with more information about this threat.
|
|
Privacy & Security Questons & Tips
Rebecca answers hot-topic questions from Tips readers
|
|
We continue to get more questions; thank you for sending them! We love that we are raising awareness, and resultingly raising the questions that readers and our radio show listeners have about a wide variety of security and privacy issues in their personal lives as well as work lives. We will continue to print questions and answers over time. Here are 4 of them. Please send us those questions you always wondered about related to security and privacy!
|
|
Q: I received this terms update notice from Houzz (above). It must be for a reason. What should I be looking for?
A: When businesses update their posted privacy, security, cookie and other policies, and their terms of use, they are obligated to let their users/customers/members/etc., know of the changes that will most directly impact them. These changes are often related to security and privacy.
We took a high-level look to help point you in the right direction.
-
“Terms of Use”: They previously had a “Terms of Use” that was implemented January, 2020, here. The key change in their terms of use from their previous one is the addition of the following: “Invoice Payments. If you use the Houzz Platform to pay an invoice for goods or services from a professional, you authorize us and our third-party payment processor to charge the method of payment associated with your account. You agree to pay the entire amount that you approve, including any taxes and fees. If such amounts are reversed and deducted from our accounts, you agree to remit the amounts to us and, if you fail to do so, you authorize us and our third-party payment processor to collect the amounts from you, using any legal manner without prejudice to any other right or remedy we may be entitled to under these Terms or by law. If you are involved in a credit card dispute involving a payment made through or in connection with the Houzz Platform, such as a chargeback, you agree to provide us and our third-party payment processor with all information relevant to the dispute.”
-
“Privacy Policy”: Their prior “Privacy Policy” implemented in January 2020 and modified in July 2020 is found here. A key change in their Privacy Policy is that they rewrote section 11. International Transfers of Personal Information, and removed the information about their participation in “Privacy Shield.” Here is something else that is not a change, but we found it interesting and worth pointing out. If you use a browser plug-in that indicates to sites that you do not want to be tracked, the Houzz site states: “unless required by law, we do not change system behavior within our Platform in response to browser requests not to be tracked.”
-
“Cookie Policy”: We did not find a previous version, so we could not do a side-by-side comparison to identify the specific changes. This seems to be an expansion and extraction into a separate document of the much shorter “Cookies and Similar Technologies” section from the previous version of the Privacy Policy.
If you do not want Houzz to be using, sharing or collecting your personal data or accessing your devices and doing actions on your behalf with them (so those actions would be attributed to you), the most secure and privacy-protecting action would be to contact Houzz. Notify them that you will be cancelling your membership and that you want them to completely remove all your personal data from their client and member databases. Request that they send you confirmation they did this. Given their Terms of Use and Privacy Policy, though, you may get a rejection of your request. If this is something you try to do, please let us know if you succeed!
Q: Long-time Tips reader, Jan Carozza, founder of Center for Direct Marketing, sent us this question: Do you have any recommendations for those caring for parents with dementia to protect devices the parents continue to use?
A: Jan, thank you for this important question. Parents and other loved ones with dementia and Alzheimer’s can benefit greatly from having smartphones and participating in online communities. However, they are also prime targets of online crooks and malicious actors. Here are a few recommendations for helping to protect them:
-
Review their privacy settings with them. Make sure they are set to the strongest security and privacy. Only allow their friends to see their profiles and posts. Make sure you are one of their friends so you can also watch what they are posting and what others are saying to them.
-
Ask them to share their password with you. Of course, different patients are at different capabilities of memory, based upon the progression of the disease. After a certain point, they will need to have someone else know their passwords. Rebecca’s mother died of early-onset Alzheimer’s, and while this was long before smartphones existed, there became a point that she needed help and for someone to intervene when a safety risk was in play. In addition to having access to your loved ones' passwords, make sure you secure them.
-
Ask trusted friends and family to connect with them online. Then, ask those friends and family to keep an eye on their activities, and to let you know if there is anything suspicious, such as new "friends" who may be phishing crooks.
-
Load a monitor app on smartphones and tablets. The ones that are used to monitor underage children are very good to use. Make sure you do not abuse your capabilities, though, and provide them with as much privacy as possible, appropriate to the progression of their disease.
Q: I was given an Amazon Echo Show as a gift. I’m afraid to use it. How can I tell if it is listening to me when I don’t want it to?
A: We are glad to know you are thinking about your privacy before using your new IoT device. The best way to ensure the Echo Show is not listening when you don’t want it to is to physically shut off and unplug the device. We have one, and that is what we do when we are in a meeting in the vicinity of the Echo Show, where it could hear conversations.
Yes, Amazon says that the device is not recording unless you have configured your device to record. However, the key capability of the Echo is answering your questions; it is ALWAYS listening so that it can respond after you say “Alexa” or whatever different wake word you’ve chosen. Therefore, listening is constant.
There have been many instances when people have been recorded (probably due to engineering glitches in the Echo) without using the wake word. This is true for other types of personal digital devices, as well.
You can also change your Alexa settings to not keep recordings. You can view the audio transcripts of your Alexa commands and delete them in the Alexa app. You can also ask Alexa to delete your recordings, but you'll need to enable the setting first. Then you can say "Alexa, delete everything I said today," or something similar.
Q: I got an email (excerpt below) advertising a smartwatch that would be perfect as gifts for my nieces and nephews. But, with all the things it says it can do, I’m thinking there may be privacy and security issues. Where can I find information about the security and privacy issues for this and other types of smart devices?
|
|
A: We are happy to know you are asking these questions. Many malicious messages advertising popular products and offering deep discounts are beginning to proliferate ahead of the holiday shopping season. These phishing messages will take you to a malicious site where they will infect your computer or do some other type of harmful action.
Here are some key steps to take when you get a tempting email with what seems to be an offer you can’t refuse.
- Do a right-click (NOT a left-click!) on any links contained in the email. Copy the URL.
- Paste the URL into a web address checker to see if it is malicious. This one was flagged right away (see screenshot below). So, this is likely a phishing message.
- If this had been a safe link, your next step would be to look at the privacy notice or privacy policy, on the product's website. If they do not have one, don’t buy the product.
- If the privacy notice/policy provides details that are acceptable, look at the security policy for the site. If it has acceptable details, proceed, but with continued caution. Also, keep copies of all your purchases, communications, etc., in case there is ultimately a dispute about the product purchased.
|
|
Data Security & Privacy Beacons*
People and places making a difference
|
|
A California federal judge won't let the owners of an explicit site escape a lawsuit. It alleges the site allows and encourages child pornography. The site's defense seeks immunity to claims from a woman who said her ex-boyfriend posted videos of her at age 16 to the site. It is good to see the courts supporting the privacy rights of children and disadvantaged populations, especially when intimate and abusive content is published, adding to their trauma and victimizing them again.
Kade Crockford won the EFF 2021 award for his research focusing on how surveillance systems harm vulnerable populations targeted by law enforcement—people of color, Muslims, immigrants, and dissidents. His work led to the Massachusetts ban on government use of face surveillance. Local police chiefs and legislators were convinced by his research that the technology endangered privacy in their communities.
The U.S. Department of Energy (DOE) is investing $1 million in a one-year collaborative research project to develop artificial intelligence (AI) and machine learning (ML) algorithms for biomedical, personal healthcare or other privacy-sensitive datasets. Privacy-preserving AI research is sorely needed by all manufacturers using AI. It is good to see the DoE being a role model in this regard.
eBay is proactively reminding users to check their profiles (see below). Kudos to them for asking their accountholders to review and update their information as necessary if they’ve not been in the account for a year or more.
|
|
*Privacy Beacons do not necessarily indicate an organization or person is addressing every privacy protection perfectly. It simply highlights a noteworthy example of privacy-aware practices. |
|
National Train Your Brain Day
October 13
|
|
Many online and social media puzzles, games and riddles were created specifically to gather more information about you. One trick is asking for your high school graduation year or mascot, typical phrases people rely on for the creation of passwords.
We will be providing more about this important topic in the November Tips.
|
|
National Get Smart About Credit Day
October 21
|
|
National Get Smart About Credit Day promotes learning about good credit. It is a national campaign in which volunteer bankers help counsel young people on responsible credit habits.
This is also a good time to request your credit report. Every US citizen has a legal right to obtain one free credit report each year from each of the three major credit reporting agencies, Experian, TransUnion and Equifax. Currently, you can access these reports free each week due to heightened identity fraud occurring during the COVID-19 pandemic.
|
|
Privacy & Security News
Visit the PBS News Page often!
|
|
The PSB News page contains news grouped by month and by topic. We curate the news we find of most concern and interest, so you can see the kind of info we pass along to our own clients and employees.
Revisit often to keep up with the news our team finds worthy of mention.
|
|
National Financial Crime Fighter Day
October 26
|
|
Not all superheroes wear capes! Sometimes, they wear suits, dresses or jeans and serve in the back offices of financial institutions.
National Financial Crime Fighter Day recognizes Bank Secrecy Act (BSA) and Anti-Money Laundering (AML) professionals. These are the people who protect the US financial industry. They include law enforcement officers and other government personnel.
What can you do to help fight financial crime? See the tips previously provided for Online Bank Day.
|
|
National Doorbell Day
October 31
|
|
National Doorbell Day will see more doorbells rung than any other day of the year thanks to the trick-or-treating tradition of Halloween.
The day recognizes the buzzes, unique tones and rings that alert us to visitors. How many of those buzzers are now “smart” IoT doorbells, recording everything in the vicinity?
If you have one of these smart doorbells, set aside 10 – 15 minutes to look at the settings. Make sure they are set with the highest levels of security and privacy in mind.
|
|
Where to Find the Privacy Professor |
|
Podcasts, webinars, news articles and other content featuring Rebecca's insight |
|
ChannelPro SMB Forum 2021: New England (Boston)
September 2, 2021
Rebecca joined Bruce McCully and Michael O'Hara to discuss zero-trust security on Thursday, September 2, in this hybrid event. She joined virtually from her office in Des Moines, Iowa.
|
|
InfoSec People Profiles: Rebecca Herold
|
|
This article is courtesy and permission of privacy and security expert Rebecca Herold, known as The Privacy Professor, who taught a workshop I attended on Microsoft’s campus to train for my information privacy certificate from the IAPP (International Assn. of Privacy Professionals).
|
|
Social media commenters asked me to provide examples of cryptocurrency security incidents, which I appreciate them asking for. My reply went beyond LinkedIn’s length limits, so I created this post....
|
|
|
|
Latest Episode
Businesses Need to Know About, and Have, Cyber Insurance with Judy Selby. Judy (left) is a partner in the New York office of the Kennedys global law firm. She was named as a 2021 Insurance Trailblazer by the National Law Journal and won JD Supra 2021 Readers’ Choice Awards in Insurance. Judy will explain what businesses need to know about cyber insurance, explore different types of cyber insurance, and talk through how to choose what is best for the business.
Next Episode
Software Development Security Practices Suck! Wise Up Now! with Dr. Rhonda Farrell. Why do so many business leaders insist on using unsecure systems and software development practices? No technology will be sufficiently secure unless the human, physical and technical controls are built within software from the time it is imagined through to the time it is no longer supported or used.
Airing first on October 2, 2021
|
|
|
|
Privacy & Security Brainiacs| Website
|
|
|
Permission to Share
If you would like to share, please forward the Tips message in its entirety. You can share excerpts, as well, with the following attribution:
NOTE: Permission for excerpts does not extend to images.
Privacy Notice & Communication Info
You are receiving this Privacy Professor Tips message as a result of:
2) making a request directly to Rebecca Herold; or
3) connecting with Rebecca Herold on LinkedIn.
When LinkedIn users initiate a connection with Rebecca Herold, she sends a direct message when accepting their invitation. That message states that in the spirit of networking and in support of the encouraged communications by LinkedIn, she will send those asking for LinkedIn connections her Tips message monthly. If they do not want to receive the Tips message, LinkedIn connections are invited to let Rebecca know by responding to that LinkedIn message or contacting her at rebeccaherold@rebeccaherold.com.
If you wish to unsubscribe, just click the SafeUnsubscribe link below.
|
|
|
|
|
|
|
