Is That Mobile Application Invading My Privacy?

Facebook now offers “Home.” Facebook says “With Home, everything on your phone gets friendlier. From the moment you turn it on, you see a steady stream of friends’ posts and photos. Upfront notifications and quick access to your essentials mean you’ll never miss a moment. And you can keep chatting with friends, even when you’re using other apps. Cover feed puts the spotlight on whatever friends are sharing now—photos, status updates, links and more.”

CNN reports “Built-in GPS technology means smartphones know where a person is at any given time. Phones with Facebook Home could access this information at any time to determine what businesses or neighborhoods you visit the most or even where you live. That data could then be used to serve up a more personalized ad, such as a coupon for a store you’re near or coffee shop you visit every Sunday. A Facebook representative told CNN that Home will not actively track users’ GPS location.”

Back in 2010, The Wall Street Journal was already warning us about app developers’ lack of transparency with regard to their intentions:

An examination of 101 popular smartphone “apps”—games and other software applications for iPhone and Android phones—showed that 56 transmitted the phone’s unique device ID to other companies without users’ awareness or consent. Forty-seven apps transmitted the phone’s location in some way. Five sent age, gender and other personal details to outsiders. The findings reveal the intrusive effort by online-tracking companies to gather personal data about people in order to flesh out detailed dossiers on them.28

One developer of online ads and mobile apps acknowledged, “We watch what apps you download, how frequently you use them, how much time you spend on them, how deep into the app you go.”

And since then, our level of engagement with mobile apps has only increased, while no meaningful steps have been taken to prevent applications’ access to your data. The motivation here is money. The more they know about you, the more targeted ads they can deliver, and the more likely you are to buy. The information also can be abused for identity theft and other malicious purposes.

Facebook Home may have the best intentions and could very well be a great addition for any heavy Facebook user. And keep in mind, every application you install wants more access to who/what/where/when about you so they can send you targeted ads.

Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures

How Do I Restore My Identity Once It Has Been Stolen?

The Federal Trade Commission offers invaluable tools for restoring your identity if it has already been compromised. The tools can be found at the FTC Recovery Guide page. On this website, you will find a complaint form, affidavit of your identity, and sample letters. You will also find a log to chart your actions while restoring your identity. It is important to utilize this log to keep a record of contacts you have made with the authorities, credit card com­panies, banks, and credit bureaus. If something gets lost in the process, the log ensures detailed notes to help prove your efforts, and ultimately, rescue your identity from a criminal.

If you have an all-encompassing identity theft protection service, your provider can take care of much of the restoration.

The first call you make should be to the police, to report the crime. According to the FTC, “A police report that provides specific details of the identity theft is considered an Identity Theft Report, which entitles you to certain legal rights when it is provided to the three major credit reporting agencies or to companies where the thief misused your information. An Identity Theft Report can be used to permanently block fraudulent information that results from identity theft, such as accounts or addresses, from appearing on your credit report. It will also make sure these debts do not reappear on your credit reports. Identity Theft Reports can prevent a company from continuing to collect debts that result from identity theft, or selling them to others for collection. An Identity Theft Report is also needed to place an extended fraud alert on your credit report.”

When filing an identity theft report, you will first want to fill out an ID Theft Complaint with the FTC, which you should bring with you to the police station.

They key to restoring a stolen identity is to exercise patience. Recognize this is not the end of the world, it’s an inconvenience and can be fixed with time and persistence.

10 Tips to Secure Online Banking

Online banking or mobile banking reduces expenses by allowing customers to review transactions, transfer funds, pay bills and check balances without having to walk into a bank branch or make phone calls to a bank’s customer service call center.

Mobile banking, m-banking or SMS banking refers to online banking that occurs via mobile phone or smartphone rather than with a PC. The earliest mobile banking services were offered over SMS, but with the introduction of smartphones and Apple iOS, mobile banking is being offered primarily through applications as opposed to over text messages or a mobile browser.

As convenient as this is, you still need to consider security.

  1. Set a passlock that times out in one minute to access your mobile.
  2. Set your computer’s and mobile’s operating systems to automatically update critical security patches.
  3. Make sure your PC’s firewall is turned on and protecting two-way traffic.
  4. Always run antivirus software on your PC and mobile, and set it to update virus definitions automatically.
  5. Run a protected wireless network. Don’t bank with your mobile on a public Wi-Fi network. Use a free service such as Hotspot Shield VPN.
  6. Never click on links within the body of an email. Instead, go to your favorites menu or type familiar addresses into the address bar.
  7. Beware of SMiShing, which is like phishing but in the form of malicious text messages instead.
  8. Download your bank’s mobile application so you can be sure you are visiting the real bank every time and not a copycat site. Do not check the box offering to remember your login information.
  9. Check your online bank statements frequently.

10. Use strong passwords with numbers and uppercase/lowercase letters and characters.

Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures

Self-checking Your Online Identity

Googling yourself (or “egosurfing”) is formally known as vanity searching—the practice of searching for one’s own name, pseudonym or screen name on a popular search engine in order to review the results.

The term egosurfing bugs me a bit because it insinuates people do it because they are narcissistic by nature. However, egosurfing really should be called “reputation surfing” because it’s extremely important to check your online reputation for any errors, inaccuracies, slander or unwanted exposure.

Think about background checks. Background checks are a necessary tool in today’s sometimes violent and certainly litigious society. It’s common sense to require employment background checks for school volunteers, coaches, teachers, janitorial staff—really, employees of all kinds. As a small business, one the worst things you can do is hire an employee who becomes a legal liability or has a history of crime that comes back to bite you.

As a self-check, you’ll want to perform your own background checks to make sure there isn’t any erroneous information out there, or to prepare yourself if a potential employer, landlord or school administrator points out something that makes you look bad.

Your online identity is also something that others can control, and you need to do your best to manage it. Managing your online reputation and protecting it is equivalent to marketing your personal brand, YOU.

Manage your online reputation and do a self-check often. Here’s how:

Start doing things online to boost your online reputation. Register your full name and those of your spouse and kids (owning your kids domains is better than someone else owning them) on the most trafficked social media sites, blogs, domains and web-based email accounts. If your name is already gone, include your middle initial, a period or a hyphen. It’s up to you to decide whether or not to plug in your picture and basic bio.

Set up a free Google Alert for your name and get an email every time your name pops up online. If you encounter a site that disparages you, Google has advice. Get a Google Profile. It’s free and it shows up on page one.

Go to Knowem.com. This is an online portal that goes out and registers your name at what it considers to be the top 150 social media sites.

Get a WordPress blog with your name in the address bar and blog often. You want Google to show your given name at the top of search results in its best light, so when anyone is searching for you the person will see good things. Frequent blogging buries bad stuff deep the in search results.

Buy a domain name that is, or is close to, your real name and plaster your name in the HTML header so it comes up in search results.

Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures

2013 SXSWi Security Trends in Technology

South by Southwest Interactive (SXSWi) is an incubator of cutting-edge technologies. The event, which takes place every March, features five days of compelling presentations from the brightest minds in emerging technology, scores of exciting networking events hosted by industry leaders, and an unbeatable lineup of special programs showcasing the best new websites, video games and startup ideas the community has to offer.

At the SXSWi conference this year, mobile was a big deal—which meant mobile applications and their security are high on developers’ radars.

Mobile Security

Access Point states, “Developers need to make sure they cover one other major concern when creating a mobile app: security. Consumers need to feel and know that their information is secure at all times, and developers need to lead the charge before they ask for additional measures. Creating simple but effective security checkpoints is a must—just make sure they are not so obtrusive that your users get annoyed and are resistant to adopting your application.”

Another point of interest at this year’s SXSWi was authentication. With all the data breaches over the last decade, the conversation to eliminate the username/password as a simple access point has begun. One painfully overlooked authenticator is the driver’s license. Gemalto presented a compelling program on why the simple plastic license needs a makeover.

Driver’s Licenses

Technology impacts our lives daily, but one item is not advancing—your driver’s license. A simple card made of plastic with a few bar codes, a magnetic stripe and a photo is all it is. By finding or even simply viewing one, someone can immediately access your personal information to use for fraudulent purposes. Stealing someone’s identity is way too easy. Most industries have already gone digital; now it’s time to tackle the DMV.

A new method of identification is needed: an electronic driver’s license (eDL). One simple chip (or smart card) could revolutionize decades of using the same technology—paper and plastic. EDLs stand to increase security and offer more privacy. The adoption of eDLs also lays the groundwork for a truly mobile wallet solution.

Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures

Maximizing the Use and Efficiency of Your Mobile Device

Time isn’t just money. Time is what you spend with your family, on a vacation or watching a kid’s dance recital. Time can be gained or lost based on how efficiently or inefficiently you use and implement mobile technology.

First and foremost, your mobile phone is a communication tool. It should be set up to access and communicate with everyone in your life that you depend on and who depends on you.

Contacts: There are apps built into all devices that store your contacts’ names, addresses, phone numbers and email addresses, and you really should make sure all these points of data are entered and backed up. Google’s Gmail Contacts is one way to have all your contacts backed up and in sync with your device. It baffles me whenever I text someone and the person responds, “Who is this? I lost my phone and my address book.” Gmail backs up automatically from your desktop or your mobile device.

Calendar: Every device has a built-in calendar. Again, I prefer Google Calendar. I can set appointments from my desktop or device, and every appointment has a set of alerts to remind me one to two days and then two to eight hours ahead of time. I get lots of pings and beeps as reminders, but with a busy life, I need that extra bit of reminding.

Docs: Yes, I use Google Docs too. There are dozens of documents I need access to wherever I am. I have yet to find a more efficient program than Google Docs to safely store and access my documents right on my mobile.

Google Chrome browser: The beauty of this browser on your desktop and on your mobile device is in that you can access whatever tabs you have open on your desktop from your mobile and vice versa.

All this works just as well on a tablet as on iOS and Android. Thank you for saving me time and making life more efficient, Google. Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures

How BYOD is Driving Innovation

One fourth of all global information workers use their own devices at home and at work for work purposes. A recent survey report, commissioned by Unisys and conducted by Forrester Consulting, involved 2,600 IT workers and 590 business and their IT executives.

CIO Insight points out that these are the “mobile elite,” a class of professionals who overwhelmingly opt to use their own tools because they claim these devices and applications make them far more productive than products supported and distributed by their companies’ IT departments.

Mobile-elite professionals appear to maintain a decided edge when it comes to client service and innovation. And they are also likely to take the initiative when it comes to sparking organizational change and introducing new technologies.

A recent Deloitte study highlights many common business and technology innovations being explored:

  • Improving time to market, customer satisfaction levels and sales
  • Improving infrastructure and data security, and reducing risk of incident or loss
  • Potentially reducing costs associated with hardware, monthly service fees, provisioning and ongoing support

A recent IDG report disseminated by DronaMobile enumerates the benefits of permitting employees to use their own tools.

Employees allowed to choose their own devices are happier and more satisfied in their work. With the added flexibility of choosing the applications and cloud services to use, employees get the leeway to be innovative. As smartphones and tablets blur the line between personal and work hours, employees pursue ideas at their own pace, time and location. Without the pressure of conforming to office hours and working on office equipment alone, workers are observed to be more productive, efficient, creative and appreciative of this privilege.

Robert Siciliano is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures

3 Wi-Fi Myths That Put Your Data at Risk

The holidays are over, the Consumer Electronics Show has passed, and now you have all these new shiny wireless gadgets you’re just itching to play with. Now, before you go and connect to the internet, please understand that it’s all fun and games until someone gets hacked. And many times, this means when you are using wireless.

But it’s often the security lies that can get us in the most trouble, and today I’m exposing them.

Hiding your SSID is bunk. Your router’s Service Set Identifier (SSID) is its broadcasted signal, and by default it might be called “Linksys,” “Belkin,” “Netgear” and so on. Or some people customize the SSID and name it “My Neighbor Should Clean His Yard.” Lots of security articles will tell you that one way to secure your wireless is to hide it or turn off its broadcasting. But really, this doesn’t help. There are a plethora of tools that can detect your hidden wireless network, so this presents a false sense of security. Broadcast your signal, but encrypt it.

The idea that Wired Equivalent Privacy (WEP) is “good enough” is bunk. WEP is bad enough in that if you use it to encrypt your wireless network, you might have your neighbor (the one who should clean his yard) hacking into your network and placing spyware on your devices so he can frame you for crimes you didn’t commit so you can go to jail and find that his lawn hygiene is the least of your problems. WEP is a dinosaur that was extinct a long time ago. Use WPA2 encryption and live happily ever after.

Turning off file sharing when using public Wi-Fi is partly bunk. Yes, you should turn off shared files on your devices when you leave your home network and access a public network, but that’s not going to protect all of your files. If you are on a shared public network without any encryption—which is what makes it public—then the data you share over Wi-Fi is vulnerable. When using public Wi-Fi, download a free program called Hotspot Shield to encrypt all wireless communications on your Windows, Mac, iOS and Android.

Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures

Dinner With the CEO Stars of Tech

A dinner, hosted by Yahoo’s CEO and another 11 CEOs and execs from Twitter, Google, Apple and more, recently took place in Silicon Valley. These major players, responsible for shaping our world of tech, simply sat down to break bread. You gotta wonder what the conversation was like.

So this got me thinking: With whom would I want to sit down to dinner, and what would I ask them? The “dinner” part of this dinner is already a problem for me. I’m thinking I’d want to eat ahead of time so I could engage my companions in conversation; otherwise, when I eat, it’s similar to a hyena taking down an antelope in the plains of the Serengeti. While some people do get a kick out of my eating drama and it certainly makes for great entertainment, it might not be the ideal scenario for a repast of this gravity.

Facebook CEO Mark Zuckerberg. Mark, fascinating platform you’ve built here. When you designed and built it, it was for college kids only. But what happened that made you decide to open it up to everyone? And at what point did you recognize the real value of connecting the way everyone has? How did you know that so many people would freely share they way they have? Is there a way you can prevent people from sharing so much? Don’t worry—I’m not bringing up privacy. I’m talking about how I’m pretty sure many of us have heard enough!

Gemalto CEO Olivier Piou. Olivier—I’m sorry, Mr. Piou…or is it Sir Knight? I’m sorry to be asking this, but in your bio it says you are “a Knight of the Legion of Honor in France,” and I’ve never been to France or met a knight. The closest I’ve come to a knight is the 1976 white Corvette that I bought when I was 18, with WHYNYT on its license plate. I know—corny, but the babes loved it. Anyway, I’m just going to call you Mr. Piou. Great company you’re running. My only question: What’s it going to take to convince all the world’s citizens that we need to be properly identified, proofed and documented, keeping their privacy in mind but in a way that prevents fraud, deception and identity theft by ensuring accountability for everyone? I know YOU are the guy to do it!

Zappos.com CEO Tony Hsieh. Tony, dude, NICE JOB! Love Zappos! Did you model your business after Amazon? Because you’ve made shopping for shoes and everything else as easy as Amazon has made it for getting books and macadamia nuts. Can you sprinkle some Hsieh dust on me?

Microsoft founder Bill Gates. Bill, thank you for all you’ve done. I know you’ve caught a lot of grief over the years, but seriously, thank you. And fabulous job you’re doing with saving the world with all your charity work. One question: Could you tell the developers at Microsoft to stop making Internet Explorer so annoying?

Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures

13 Digital Security New Year’s Resolution Tips for 2013

The best thing about the “New Year” is committing to new or old resolutions and starting fresh. Whether you are an individual or a small business, the following applies:

  1. Delete. Go through your files, deleting and organizing as necessary. Clutter is confusing. Security and “confusing” don’t work well together. Delete!
  2. Back up your data. Back up to a secondary hard drive inside or external of your devices. Utilize cloud-based backups, too. I have my data on four local drives and two cloud-based servers.
  3. Reinstall your operating system. Reinstalling your operating system every year or two eliminates bloat and malware and speeds up your PC.
  4. Get device savvy. Whether you’re using a laptop, desktop, Mac, tablet, mobile, wired Internet, wireless or software, learn it. Take the time to learn enough about your devices to wear them out or outgrow them.
  5. Get social. One of the best ways to get savvy is to get social. By using your devices to communicate with the people in your life, you inevitably learn the hardware and software.
  6. Implement social media policies. Social media is a great platform for connecting with existing and potential clients. However, without some type of policy in place that regulates employee access and guidelines for appropriate behavior, social media may eventually be completely banned from every corporate network. Teach effective use by providing training on proper use—especially what not do too.
  7. Get digitally secure. Your security intelligence is constantly being challenged, and your hardware and software are constant targets. Invest in antivirus, anti-spyware, anti-phishing and firewalls.
  8. Protect your mobile. Bad guys are paying attention to mobiles and creating thousands of viruses meant to steal your data. There has been a significant increase in Android-related hacking, and Android users therefore must download and install all the latest updates and invest in a mobile security product.
  9. Go EMV. EMV, which stands for Euro MC/Visa, also known as “chip and PIN,” is the new more secure credit card and is underway in North America. Both Canada and Mexico are going full-on EMV, and several major banks in the United States are beginning to test and even roll out EMV. EMV cards are far more secure than traditional credit cards, and consumers should embrace these new, more secure cards.
  10. Get physically secure. Security cameras, alarm systems and signage are essential to protect the perimeter of your property from vandals, as well as protecting the inventory from theft, or even the cash register from sweethearting or robbery. Security cameras are an essential component to any small business security system.
  11. Hire honest employees. Unfortunately, too many people lie, cheat and steal—and when they come to work for you, they drain company resources until they are fired. It’s best to use prescreening services.
  12. Upgrade wireless. If your wireless router is more than 2 years old then it’s time to buy new. Security standards continue to be upgraded and old is often not secure.
  13. Don’t’ worry about any of the above! Seriously! Now I didn’t say don’t do it, because you should, but don’t needlessly worry. Take action, get secure, keep on top of it, and have a Happy New year!

Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures