Having the Privacy Talk with your Kids

/in /by

Years ago, having “the talk” with your kids meant telling them where babies come from. Nowadays, “the talk” has a whole new meaning. Your kids may be able to explain in detail how a baby is created, but may be clueless (because so many adults are) about something called “data permanence.”

2PDon’t beat around the bush. Tell your kid outright, “If you post any racy images of yourself online—it will be there for the next million years for anyone to see. And it can be used against you.” Give this same warning about comments your child might post to an article. Things that your kids put online can come back to bite them many years later when they’re applying for employment. Tell them that.

Of course, warning your adolescent that something they post could come back to haunt them 20 years from now might not have much of an impact on them—kind of like telling your kid—who has endless energy—that smoking could cause heart disease 20 years from now. So how can you get through to your kids?

  • The more open the lines of communication are between parent and child, the more likely your message will get through about data permanence. Don’t make communication one-sided.
  • When your kids ask you how things work, even if it’s not related to cyber space, never act annoyed. Never make them feel it was a silly question. Never show impatience or judgment. If you don’t know the answer to their techy question, say, “I don’t know; let’s find out.” Don’t fudge a half-baked answer in an attempt to sound smart. Admit when you don’t know an answer, then hunt it down.
  • If you think it’s time to have “the talk” with your child, it is.
  • There’s never a perfect time to have “the talk.” Stop putting it off. Stop saying, “I’ll have it when…” Just do it.
  • Emphasize that raunchy images or nasty comments can come back to bite them in the near For example, they might have a crush on someone in a few years. What if that person googles them? What might they find? Ask your child, “What would you like them NOT to discover?”
  • Don’t be all lecture. Get your child thinking and talking opportunities. Ask them open-ended questions, such as the example in the previous bullet point. Get their brain cells working.
  • The privacy talk should be a process, not an event. That is, it should be a work in progress, ongoing, rather than a single event.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention.

Spy on your Kids yes or no

/in /by

It’s one thing to bust into your kid’s diary and read it, but if your kids want the privilege of engaging in the cyber world, they need to understand that parents are justified in “spying” on them. Or are they? Depends on whom you ask and how far they go at “spying” on their kids.

2WFrankly It’s not spying at all and both kids and parents should get over it. It’s called parenting. My kids are still young, but as they get older there will be hardly a thing they do online that I won’t be aware of. The internet isn’t a right, it’s a privilege to someone under age. No 13 or even 17 year old of mine will be on it without being supervised. Same goes for passwords. I’ll have access to all of them. This may be far-reaching to some, akin to the ancient form of spying: listening in on the extension phone to a phone conversation between your kid and his buddy. But really, it’s simply being a parent.

Spying can also be a life saver. Kids are being bullied today like never before. And as a result, they are hurting themselves. And then there are all the illegal things they may be doing. These same acts can get them killed. In this case, knowledge is definitely power to keep your kids safe.

Parent believe and they are right that spying is “an invasion of privacy and a violation of trust.” If you get caught, your relationship could be sabotaged, this is true. So spy openly and honestly. Tell them. Show them. Remind them. If kids know you are watching, they are often less likely to do things they aren’t supposed to.

The element of surprise, however, may be a factor. It makes a world of a difference if, from an early age, the parent establishes with their children that there will be “spying,” vs. never discussing this concept with the kids, and then one day you get busted.

Don’t use the word “spy,” either. Instead say “monitor” and let your kids know

How do you balance protecting your kids and maintaining trust? Team up with your kids. Make family agreements and contracts that show transparency. This will go far is keeping a close eye on their safety and security.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention.

Use an ePrivacy Filter to prevent Visual Hacking

/in /by

In an average year I’ll tally 75,000 airline miles. In an average week while waiting for the plane to board or while in flight I’ll see multiple laptop screens flipped open with an over the shoulder view of emails being sent and received, PowerPoint presentations being tweaked, proposals being written and various client and employee records being crawled through. The fact is, I’m a good guy with no bad intentions, but I can’t help seeing what I see, it’s distracting. The screens are bright and propped right in my face. If I was a bad guy, this would be considered “visual hacking”.

2PHacking can be done without viruses: with just one’s eyes. The visual hacker prowls the public, seeking out computer screens displaying sensitive data. The company 3M now offers the ePrivacy Filter. This software, when paired with a traditional 3M Privacy Filter, which blacks out content that can be viewed from side angles where hackers can lurk, alerts the user to snoops peering over their shoulders from just about every angle. I’m seeing more and more of these in flight. Which frankly, is nice, and less distracting.

More people will merely state that they prize visual privacy than will actually do something to protect this, according to a recent 3M study. The study revealed that 80 percent of the professionals who responded believed that prying eyes posed at least some threat to their employers.

Strangely, most of these workers opted not to give their visual privacy any protection when they were accessing information with an unprotected computer in a public location of high traffic.

Employees have a funny way of asserting a belief but acting otherwise. This shows that businesses need to educate employees on the risks of data leaking out to visual hackers.

The fact is employees more mobile than ever. And with corporate secrets being Wikileaked, “Snowdened”, and just plain hacked, customers require more assurance than ever that their data is protected.

An ePrivacy Filter, coupled with a laptop or desktop privacy filter helps protect visual privacy from virtually every angle. Compatible with devices that use Windows operating systems, the ePrivacy Filter will alert the user to an over-the-shoulder snooper with a pop-up image of his or her face, identifying the privacy offender. However, you don’t have to worry about your data if you step or look away briefly. The screen will be blurred and will only unlock when you return thanks to its intelligent facial recognition feature.

Please, stop hijacking my attention and get a privacy filter.

Robert Siciliano is a Privacy Consultant to 3M discussing Identity Theft and Privacy on YouTube. Disclosures.

The Right to Privacy

/in /by

The more technological advanced we become, the higher the degree the potential exists for an invasion of our privacy. Imagine how difficult it must have been for people’s personal information to get stolen—10,000 years ago.

2PWe now live in a world where someone half-way around it from you can nab your most personal information in seconds.

Our right to privacy is just as strong now as it ever was, despite the ease at which criminals and snoops can get your personal data.

Famed attorney and associate justice on the U.S. Supreme Court Louis Brandeis was a champion of a person’s right to privacy, and defined the right of a person “to be let alone” as “the most comprehensive of rights, and the right most valued by civilized men.”

To keep up with the increasing ease of stealing a person’s data, legal remedies and privacy enabling software have been developed.

The Internet is infested with spammers, scammers, and hackers. Do you know that these spammers and hackers can easily monitor your online activities and steal your personal data like credit card information and passwords?

Even your Internet Service Provider (ISP) spies on you! They monitor, track, and keep a record of all your web activities. The websites you visit, the software you download, your online purchases, and everything else are recorded and saved by your ISP.

If this bothers you, you now have options available to protect your privacy and identity. Just download and use Hotspot Shield software. It acts as an IP hider to mask or change your IP address and protect your privacy, while securing your Web browsing session at the same time.

“THE RIGHT TO PRIVACY,” by Samuel D. Warren and Louis D. Brandeis, appeared in the Harvard Law Review in December of 1890.

From that are derived six applicable limitations:

1. “The right to privacy does not prohibit any publication of matter which is of public or general interest.” Warren and Brandeis give elaboration on this exception to the right to privacy by stating:

In general, then, the matters of which the publication should be repressed may be described as those which concern the private life, habits, acts, and relations of an individual, and have no legitimate connection with his fitness for a public office which he seeks or for which he is suggested, . . . and have no legitimate relation to or bearing upon any act done by him in a public or quasi public capacity.

2. The right to privacy does not prohibit the communication of any matter, though in its nature private, when the publication is made under circumstances which would render it a privileged communication according to the law of slander and libel.

3. The law would probably not grant any redress for the invasion of privacy by oral publication in the absence of special damage.

4. The right to privacy ceases upon the publication of the facts by the individual, or with his consent.

5. The truth of the matter published does not afford a defense. Obviously this branch of the law should have no concern with the truth or falsehood or the matters published.

6. The absence of “malice” in the publisher does not afford a defense.

With regard to remedies, a plaintiff may institute an action for tort damages as compensation for injury or, alternatively, request an injunction.

A closing point to make is that Warren and Brandeis recommend that criminal penalties be imposed for violations of the right to privacy, but they decline to elaborate further on the matter, deferring rather to the authority of the legislature.

Source: http://faculty.uml.edu/sgallagher/Brandeisprivacy.htm

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Recognize Your Willingness to give up your Privacy

/in /by

If a stranger stopped you on the street and requested your e-mail address and birthdate, would you give it to that person? A rational person would never give up this information.

1PThis is the same guard you should have when giving out your personal information to set up an online account, setting up a social account or to get some bargain or great deal on a product or service. Most people will give up all their data for 10% off at a shoe store.

Many people blindly give out personal information online or in person to get that bargain. Sometimes, these choices are made by people who claim to value their privacy.

Those same people may not know that every time you log into free unencrypted WiFi you are most likely revealing everything you communicate on a PC, laptop or mobile? This is why an encrypted connection like one provided with Hotspot Shield is very necessary.

A study from Carnegie Mellon University, conducted by Alessandro Acquisti, turned up some very interesting results.

He sent some graduate students to a shopping mall near Pittsburgh. The students were instructed to offer a $10 discount card, with an extra $2 discount to shoppers in exchange for their shopping information. Half turned down the extra offer. The $2 wasn’t enough to get them to reveal their shopping cart items.

Another group of shoppers was offered a $12 discount and the choice to exchange it for $10 if they desired to keep their shopping data private. Ninety percent decided to keep the $12 discount, which meant they were willing to reveal their shopping data.

What gives?

It looks as though if people already have ownership of private data from the get-go, they’re more likely to value it. If it’s yet to be acquired, however, the value placed on it is less.

So getting back to cyber space then, have you ever wondered if the data, that the online advertising industry collects on you, is truly scrambled so that it’s not possible to identify individuals?

Acquisti conducted another experiment. With a webcam he took snapshots of about 100 campus students. It took only minutes for him to identify about 30 percent of these nameless students by using facial recognition software.

He then went a step further and gathered enough information on about a quarter of the identified students via Facebook to guess a portion of their Social Security numbers.

Acquisti showed how simple it is to identify people from scratch because they leave a data trail in cyber space—and this includes photos. This shows how easy it is for criminals to use Facebook to steal a person’s identity.

Though it would violate Facebook’s terms of service to register a fake birthdate, the user needs to be aware of the tradeoff: Identity thieves love to find birthdates.

Facebook says that the user can control who sees personal information. So you just have to weigh the pros and cons. Is receiving well wishes on your birthday worth the risk of a thief using your basic information to steal your identity?

And by the way, thieves can use your Facebook profile photo to help steal your identity. Maybe this is why some people use their baby’s or dog’s photo for their Facebook photo?

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Can your Privacy Policy be Read by a 5th Grader?

/in /by

Zero. The number of people who have ever read word for word—and understood—a website’s privacy policy.

2PWell, maybe not zero, but the actual number is pretty close to it. And this excludes the lawyers who compose these thick walls of tiny text that are filled with legalese.

How many people even open the link to the privacy policy? After all, it’s almost always at the bottom of the site page, called “Privacy Policy,” in a font that doesn’t even stand out.

It’s time that the privacy policy (aka transparency statement) be short, sweet and simple, with an attractive graphic to catch the visitor’s attention. The purpose of a privacy policy seems to be to inform the website visitor/user just how that person’s data will be used by the business or enterprise that the site is for.

But more accurately, the purpose is for the statement to protect the business in the event of a dispute.

Why don’t businesses introduce a short, in-plain-English statement with the sole purpose of explaining privacy and data protocols; right to the point, no legalese filler fluff? And easy to access while they’re at it. The larger, complicated privacy policy could back up the short, simple transparency statement. Over time, the way the big, and the little, statements work in tandem could be refined.

With this upgrade in the “privacy policy,” visitors to sites will be able to make better choices and have a firmer grip on how the site manages their data.

Just think how much smoother things would be if every website had a link titled “Transparency Statement” that took you to a one-page document with a friendly font size and no legalese. Better yet, why not call the “transparency statement” something like, “How we handle your private information.”

Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

Your Customers’ High Cost of Privacy

/in /by

This writer has said numerous times that privacy is waning and dying. Partly because we have allowed it with our bazillion posts to social and partly because of the shift from print advertising to digital. During that shift, lots of creative types figured out how to figure you out and get inside your digital head. But all at a cost of your privacy.

1PArwa Mahdawi in the Gurdian brilliantly posed “Privacy isn’t dead, but it’s getting very expensive.” So true.

Ask yourself: as a decision maker for your business or employer, when it comes to protecting your organization’s customers’ or clients’ personal data, how proactive are you? And even if you’re proactive, are you aware of just what is involved on the part of the customer/client to ensure that their personal information doesn’t get into the wrong hands?

Or perhaps you’re not very active in this realm at all, figuring that it’s “up to the customer” to figure out how to secure their data, or that it’s the responsibility of the banks and credit card companies.

I contend that businesses who collect valuable data from customers and profit from it – from email addresses, to credit cards to SSNs – have the responsibility to protect the data collected. Otherwise customers inclined to do so must pay a fee to have their personal information protected. That business is booming.

It’s fair to speculate that if businesses, such as retailers and healthcare organizations, had an excellent history of keeping customers’ data airtight, the protection of privacy wouldn’t have become something that people must pay for.

Of course, there are ways that consumers can protect their privacy without paying for it, such as giving up the use of credit and debit cards, always remembering to disconnect their mobile device in public when they don’t need to be online, never seeing doctors, disabling their cookies, etc.

But let’s face it, these free approaches are impractical or even impossible. How many Internet users even know how to disable their cookies, or even what a cyber cookie is? How many know what a VPN is?

Consumers should not have to be tech savvy or have a lot of money or make impractical lifestyle changes in order for their private information to be leak-proof.

Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

Risk Reduction: #1 Concern of Bank Boards

/in , /by

The Bank Director’s 2014 Risk Practices Survey reveals some very interesting information about the risk management programs that bank boards have in place.

11DIt’s classically challenging for many banks to assess how risk management practices affect the institution. However, banks that have worked at measuring the impact of a risk management program report favorable outcomes on financial performance.

Survey Findings

  • 97 percent of the respondents reported the bank has a chief risk officer in place or equivalent.
  • 63 percent said that a separate risk committee on the board oversaw risks.
  • 64 percent of banks that have the separate risk committee reported that the bank’s strategic plan plus risk mitigation strategies got reviewed; the other 36 percent weren’t doing this.
  • 30 percent of the respondents believed that the bank’s risk appetite statement encompasses all potential risks.
  • Of this 30 percent, less than half actually use it to supply limits to the board and management.
  • The survey found that the risk appetite statement, risk dashboard and the enterprise risk assessment tools aren’t getting fully used.
  • And only 30 percent analyze their bank’s risk appetite statement’s impact on financial execution.
  • 17 percent go over the bank’s risk profile monthly at the board and executive level, and about 50 percent review such only quarterly; 23 percent twice or once per year.
  • 57 percent of directors believe the board can benefit from more training in the area of new regulations’ impact and possible risk to the bank.
  • 53 percent want more understanding of newer risks like cyber security issues.
  • Senior execs want the board to have more training in overseeing the risk appetite and related issues.
  • 55 percent believe that the pace and volume of regulatory change are the biggest factors in leading to risk evaluation failures.
  • Maintenance of data infrastructure and technology to support risk decision making is a leading risk management challenge, say over 50 percent of responding bank officers, and 40 percent of survey participants overall.

Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

Private Identifiers Not Private

/in /by

Today’s commerce occurs very much online, with products and services ranging from A to Z. Hence, these many online merchants have hundreds of millions of people around the globe registered with them for convenient purchases.

1PTo verify authentication as the true user of these services, the registrant must supply personal data. If cyber criminals get ahold of this data, much of it can be changed by the user after the breach, such as user name, password and even the address they’ve been using.

However, the Social Security Number and date of birth cannot be changed. When cyber crooks get personal data off of these online retailers and service providers, it invades the customer’s privacy.

Online enterprises must take full responsibility for stolen data. It’s a real serious issue when permanent (“static”) data like DOB and SSN is breached, as opposed to temporary data like a password or answer to a security question.

Of course, the registrants to these sites do bear some culpability when they post their personal data in the public domain. But business sites make posting personal data a requirement to use their site. Unique data like the SSN should not be a requirement.

The online commerce world should know that such a requirement destroys confidence in current and potential customers, and that their competitors who abandon this practice will have the upper hand in gaining and retaining business.

More and more users are realizing that the security systems of online enterprises are weak, putting users at risk for identity theft—a risk that they’re catching onto.

NSS Labs, Inc., a world leader in information security research and advisement, has the following recommendations:

  • Online businesses should limit requiring data that can be shared among other enterprises.
  • Online enterprises should be designed with the anticipation of possible data breaches; this way they’ll minimize risk and be more prepared to mitigate problems.
  • Third-party data breaches should be analyzed by online companies to protect users if data seeps out.
  • “At risk” users should be able to be re-authenticated.
  • Governments need to reassess the idea of using static data like DOB and SSN.
  • Online enterprises must embrace the possibility that legislation will eventually make it illegal to require SSNs from users.

Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures

7 Ways we leak our Private Data

/in , /by

Smartphone apps. There are apps wanting your location when they do not need it. Are there any apps requesting your location? You should deny them this information unless it’s absolutely necessary.

2PAnother way your phone knows where you are in terms of location is through the data of a photo. Put up lots of photos on Facebook, and the metadata will contain your location. A stranger can then figure out your where you’ve parked yourself.

Solve this problem with these apps for iOS and Android: deGeo and Pixelgarde, respectively. They’ll rid your GPS data prior to the photos getting posted.

Too close for comfort. When services are linked together, your private information is more likely to get leaked. An example would be to hook an app into Facebook. If you link an account, that’s set to private, with a second, public account, anyone might see your activities. Unknowingly granting unwanted access to an app can result in data leakage. To make the process of figuring out all the different privacy rules, you can use MyPermissions. Don’t be lax on privacy issues.

Always being connected. Always staying connected to social networks means they can track your activities via cookies. If you don’t need to be connected online, then disconnect your device from the cyber world. However, it’s easy to forget to keep doing this.

A browser extension can solve this problem by preventing entities from tracking where you visit online. You should also make a habit of deleting cookies from your browser.

And if you want to know how your phone “knows” your shopping habits, it’s because your Wi-Fi is enabled when you walk into stores or even past a retailer without ever stepping inside; stores implement wireless technology to collect your data, even track your walking pattern inside the store. Turn your Wi-Fi connection off when being near retailers.

A retailer’s free service. Sign up for this and they’ll probably collect data from you, somehow, some way. The customer reward card that you get at the supermarket will likely collect lots of your private information.

Not encrypting. Encryption, by scrambling messages, prevents snoops from reading the messages you’re sending while they’re in transit, but the messages can still be found on your device. However, encryption is one way to reduce the amount of data that gets in unwanted hands. Encryption isn’t just for using a public computer; use it on your home computer and mobile too.

Using free WiFi. Every time you log into free WiFi you are either giving your data away through the carrier who logs your device or criminal hackers are sniffing out your information via unencrypted wireless. Never log into free WiFi without a virtual private network (VPN ) like that offered by Hotspot Shield.

Using a public computer to log into a private service. When you access one of your accounts on a computer at a coffee shop or hotel, this can leave your data on that computer. The browser’s private mode is the solution: use it. If you’re particularly concerned, use Tails, a private operating system.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.