Posts

What is private Information and what is not?

Data Privacy Day was Wednesday, January 28, and these days the concept of “privacy” can be ambiguous, generic or confusing. What you might think of as private actually isn’t. The definition of personal identifying information, by the U.S. privacy law and information security, is that of data that can be used to contact, identify or locate an individual, or identify him in context.

1PThis means that your name and address aren’t private, which is why they can be found on the Internet (though a small fee may be required for the address, but not always). Even your phone and e-mail aren’t private. What you post on Facebook isn’t private, either.

So what’s private, then? An argument with your best friend. A bad joke that you texted. Your personal journal. These kinds of things are not meant for public use. What about vacation photos that you stored in a cloud service? Well…they’re supposed to be private, but really, they’re at significant risk and shouldn’t be considered totally private.

And it’s not just people on an individual scale that should worry about privacy. It’s businesses also. Companies are always worrying about privacy, which includes how to protect customers’ sensitive information and company trade secrets.

But even if the company’s IT team came up with the most foolproof security in the world against hacking…it still wouldn’t protect 100 percent. Somewhere, somehow, there will be a leak—some careless employee, for instance, who gets lured by a phishing e-mail on their mobile phone…clicks the link, gives out sensitive company information and just like that a hacker has found his way in.

Even when employees are trained in security awareness, this kind of risk will always exist. An insider could be the bad guy who visually hacks sensitive data on the computer screen of an employee who was called away for a brief moment by another employee.

Tips for Training Employees on Security Savvy

  • Make it fun. Give giant chocolate bars, gifts and prizes out to employees for good security behaviors.
  • Post fun photos with funny captions on signage touting content from the company’s security policy document. It’s more likely to be read in this context than simply handed to them straight.
  • Show management is invested. Behavior changes start from the top down,
  • Get other departments involved. Even if they’re small, such as HR, legal and marketing, they will benefit from security training.
  • Stop visual hackers. Equip employees with a 3M Privacy Filter and an ePrivacy Filter which helps bar snooping eyes from being able to see what’s on the user’s screen from virtually every angle.
  • Don’t forbid everything that’s potential trouble. Rather than say, “Don’t go on social media,” say, “Here’s what not do to when you’re on social media.”
  • Make it personal. Inform workers how data breaches could damage them, not just the company. A little shock to their system will motivate them to be more careful.

Robert Siciliano is a Privacy Consultant to 3M discussing Identity Theft and Privacy on YouTube. Disclosures.

Data Privacy Day 2012

Lately, it seems that barely a day goes by when we don’t learn about a major Internet presence taking steps to further erode users’ privacy. The companies with access to our data are tracking us in ways that make Big Brother look like a sweet little baby sister.

Typically when we hear an outcry about privacy violations, these perceived violations involve some apparently omnipotent corporation recording the websites we visit, the applications we download, the social networks we join, the mobile phones we carry, the text messages we send and receive, the places we go, the people we’re with, the things we like and dislike, and so on.

How do they do this? By offering us free stuff to consume online and infrastructure for the online communities that tie us together. We gobble up their technologies, download their programs, use their services, and mindlessly click “I Agree” to terms and conditions we haven’t bothered to read.

What’s the point of all this? Sales, marketers, advertisers, other businesses benefit from knowing every last detail about you—the “33 bits of information” necessary to pin down your identity—in order to deliver precisely targeted advertisements to your digital device of choice, whether that’s a computer, tablet, or smartphone.

Should we care? What is the potential danger? “Back in the day,” examples might include telemarketers abusing your phone number by calling incessantly, or direct marketers filling your mailbox with junk mail.

Today, it’s spammers sending unwanted emails, or the same advertisement from the same company popping up again and again on every single website you visit. The concern is that this could go from annoying to frightening.

Privacy advocates are working to prevent the worst and most extreme outcomes of personal data collection. They know that without checks and balances, without consumers knowing their rights and actively protecting their own privacy and personal data, that data could be used unethically.

Privacy is your right. But realize that in our wired, interconnected world, privacy only really consists of what you say and do within your own home, legally, with the shades pulled down, between you and your loved ones, that is not communicated, recorded, broadcast, or reproduced on the Internet or any public forum in any way. Beyond that, especially when taking advantage of various online resources, be sure that you know what it is you’re agreeing to and take precautions to protect yourself.

Saturday, January 28th is Data Privacy Day which promotes awareness about the many ways personal information is collected, stored, used, and shared, and education about privacy practices that will enable individuals to protect their personal information.  This is a good time to check your privacy settings on social networking and other sites you use, ensure you have a strong password and be aware of where and with whom you are sharing your personal data with.

Robert Siciliano is an Online Security Evangelist to McAfee. See him discussing identity theft on YouTube.(Disclosures)