Posts

10 Ways our Privacy is invaded

2POnce you become active online…and especially once you become “connected” with a smartphone…your privacy will be in sizzling hot demand—and in fact, you can bet that as you read this, it is already being invaded in ways that you couldn’t possibly imagine. Here are some of those ways, provided by wired.com:

  1. Someone could be collecting information on you via a keylogger: It’s a little tool that records your keystrokes, that someone secretly inserts into your computer. A keylogger, however, can also be deposited by malware that you unknowingly downloaded.
  2. Tracking technology that retailers use. You are in a large department store and must pass through several departments to get to the one you want. Your smartphone is connected during this time. The tracking technology scans your face (or maybe it doesn’t) and connects with your phone, identifying you as a potential customer for the goods that are in the departments you are passing through or near to. Next thing you know, you are getting hit with ads or e-mails for products that you have no interest in.
  3. Video surveillance. This is old as far as the technology timeline, but it is still a favorite among all sorts of people including those with twisted minds. Video cameras can even be hidden in your front lawn. They can also be found at ATMs, placed there by thieves, to record users’ PINs as they punch them in.
  4. E-mail monitoring. Your e-mails could be being monitored by a hacker who has remote viewing capabilities of your computer (because you unknowingly let in a virus).
  5. Personal drones—those small-enough-to-by-held-by-a-child aircraft that are remote controlled; they can be equipped with cameras to take pictures of you, and they can even follow you around.
  6. Public WiFi. Snoops and hackers can eavesdrop on your unsecured WiFi internet with the right hardware and software. Use Hotspot Shield to encrypt your data.
  7. And in addition to these ways your privacy could be invaded, a hacker could be spying on you through the little Webcam “hole” above your computer screen (a piece of masking tape over it will solve that problem).
  8. Peeping Tom. And of course, there is the old fashioned way of intruding upon someone’s privacy: stalking them (on foot or via car), or peering into their house’s windows.
  9. Reverse peephole. A person could tamper with a peephole on a house’s front door, apartment door or a hotel door, then be able to see what’s going on inside.
  10. Remote access technology can be malware installed on your device designed to extract all your sensitive data. Make sure to keep your devices security software updated.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

When a Company Gets Sold, So Does Your Data

When you subscribe to an online service, be careful of how much information you give out about yourself.

1PMost businesses in their terms and conditions, say they “respect your privacy.” But what if these companies go under or are sold? An article from the online New York Times explores this concept. Today’s market-data-hungry-businesses can gather lots of data about subscribers. This data can be transferred to third parties in the event the company is sold or goes belly up.

The New York Times recently analyzed the top 100 U.S. websites, and the revelation is that it’s par for the course for companies to state that subscribers’ data could be transferred as part of a sales or bankruptcy transaction. Companies like this include Google, Facebook, LinkedIn, Amazon and Apple.

On one hand, such companies assure consumers that privacy is important. Next second they’re telling you your data will get into third-party hands if they sell out or fizzle out.

A real-life example is the True.com Texas dating site that attempted to sell its customer database to another dating site. However, True.com’s privacy policy assured members that their personal details would never be sold without their permission. Texas law stopped the attempt.

The Times article points out that at least 17 of the top 100 said they’d notify customers of a data transfer, while only a handful promised an opt-out choice.

This isn’t as benign as some might think. For example, WhatsApp was sold to Facebook. A user of both services ultimately complained that Facebook, without his consent, accessed his WhatsApp contact list, even though his Facebook account was set to prevent people outside his network from obtaining his phone number.

Another example is Toysmart.com. When it went bankrupt, it tried to sell customer data, which included birthdates and names of children. The company’s privacy policy, however, promised users that this information would never be shared.

To avoid fracases, companies are now jumping on the bandwagon of stating they have the right to share customer/subscriber data with third parties per business transactions.

Don’t be surprised if you read something like: “We value your privacy,” and in another section of the privacy policy, “Upon sale of our company, your personal information may be sold.”

 

Your Stolen Data around the World in 2 Weeks

Ever wonder just what happens to the data in a data breach incident? Does it go into some kind of wormhole in cyberspace, out through the other end? Well, the answer is pretty much so, when you consider that hacked data makes its rounds on a global scale, taking only 14 days to land in 22 countries spanning five continents—according to an experiment by Bitglass.

4HBitglass, a cloud access security broker, did some research, generating over 1,500 fake names, credit card numbers, SSNs and other data that were saved in an Excel spreadsheet.

Then the spreadsheet, which was tagged, was sent out into cyberspace, including to several Darknet sites. The watermark tag sent a signal (which included information like IP addresses) to the researchers every time the document was opened.

This experiment simulated a data breach and provided an idea into just where real stolen data actually goes. This research points fingers at Russia and Nigeria as far as being the location of closely related major hacking rings.

Not only did this spreadsheet make international rounds, but it was opened over 1,200 times within the two weeks. Need it be mentioned that the countries most notorious for hacking rings (e.g., Russia, Nigeria and China) did most of the opening. Other access points included the U.S., Germany, Finland, New Zealand and Italy.

This is sobering information for company leaders who fear a data breach. Bitglass points out that the average data breach takes 205 days to be detected. Wow, just how many access points would there had been in 205 days? Would it be a linear increase or an exponential increase?

Consumers are at a serious disadvantage due to the fact most of the data breaches occur with data out of their immediate control. Fret not however. The best thing a consumer can do is pay close attention to their statements and look for unauthorized activity or invest in identity theft protection which will often make your Social Security number less attractive to a thief.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention

Is your Website and Data secure?

Imagine a lifeguard at the beach sitting on his perch. His job is to patrol and monitor for signs of trouble. He sees a surfer being attacked by a shark. Wow, a lot of good it does that he’s in a completely helpless position; by the time he scrambles off his perch and runs towards the water, the victim has bled out. Ouch.

2DThis is the same concept behind cyber crime. By the time a business or everyday Internet user realizes they’ve been hacked…major damage has been done. We can’t just be reactive. We have to be preventive.

The damage can destroy a business, not to mention take down the everyday persons website who did not have their prized and sensitive data, blogs, or photos backed up.

Forbes points out that over 60 percent of small businesses, after a serious data breach, go belly-up within a year, cyber crime is a major threat to medium-size businesses as well.

Companies worry a lot about their product and service, but are slowly coming around to the idea that a potent draw to potential customers and clients is the advertising of powerful IT security to fight off data breaches.

Customers and clients (and potential) want to know what a company is doing for prevention, not just what it’ll do after the attack.

What if you can’t afford a top-flight IT team? There are still things you can do for your business’s safety as well as for your home computer’s safety.

  • First off, back up all of your data.
  • Use antivirus software and make sure it’s always updated.
  • Use antispyware, antiphishing and a firewall and make sure that’s always updated as well.
  • If you have a website, scan that with your antivirus/malware or have your host provider do it. A website and web applications can be attacked by hackers.
  • Update to the latest version of the sites primary software and plugins.
  • An unexplained spike in traffic to or from your network is a red flag.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

Consumers sacrificing Privacy for Convenience

It’s hard to believe that, according to a recent poll from the Pew Research Center, most Americans aren’t too upset that the government can track their e-mails and phone calls. There’s too much of a blasé attitude, it seems, with people thinking, “I don’t care if I’m monitored; I have nothing to hide.”

2PThis blows it for those of us who actually DO mind that the government is snooping around in our communications, even if we’re as innocent as a butterfly.

Privacy experts believe that governmental monitoring of online activities is just such a fixed part of Americans’ lives that we’ve come to accept it. But privacy experts are pushing for an increased awareness of the importance of digital privacy, and this begins with the U.S. masses putting out some demands for privacy.

An article on arcamax.com points out that as long as Americans are sitting pretty with cheap and easy-to-use Internet experiences, nothing much will change. “People are very willing to sacrifice privacy for convenience,” states Aaron Deacon, as quoted in the article. He manages a group that explores issues pertaining to Internet use.

The article says that Pew’s research reveals that since the NSA revelation, 20 percent of Americans have become more privacy-conscious in a variety of easy ways like using a private web browser.

But most Americans shy away from the more complicated privacy protection methods. Furthermore, some people don’t even know of the extent of governmental monitoring.

Nevertheless, ease of use has made people complacent. Who wants to hassle around with encryption, decoding, coding, etc.? This stuff is great for techy people but not the average user.

The good news is that there is somewhat of a revolution geared towards making privacy methods less intimidating to Joe and Jane User. It just won’t happen overnight, but the market is “emerging,” says Deacon in the article.

Theoretically, if everyone turned techy overnight or privacy protection instantly became as easy as two plus two, this would make unhappy campers out of the businesses that flourish from tracking users’ online habits. The government wouldn’t be smiling, either, as it always wants to have fast access (e.g., “backdoor”) to electronic communications: the first communication choice of terrorists.

Thus far it seems that people have two choices: a fast, easy, cheap Internet experience that gives up privacy, or a techy, expensive, confusing experience that ensures privacy. The first choice is currently winning by miles.

Forewarned is forearmed. Pay attention. This is getting real.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.

4 Tips for Spring Cleaning Your Digital Life

Spring is in the air (if you’re in the northern hemisphere) and it’s traditionally a time to clean every nook and cranny and get rid of excess stuff in your house. But it’s also a good time to clean up your digital life. Just like your house, your digital life needs a good cleaning once in a while, but sometimes this can seem like a daunting task, so here’s some tips for you to get started.

http://www.dreamstime.com/stock-images-online-risks-sign-road-banner-image34668294First, begin by emptying your trash or recycle bin on your computer and clearing your browser cache of temporary files and cookies, both of which will free up valuable space on your hard drive, then follow these tips for cleaning your digital presence.

  1. Clean up apps and files. Are some of your apps gathering dust? Do you have files from high school (and it’s been years since you graduated)? If you’re not using these items, think about deleting them. Clearing out old, outdated and unused apps, programs and files leaves more space and memory on devices to fill with things you use.
  2. Back up your data. Our devices are a treasure trove of family memories like pictures and videos and they also often include key documents like tax forms and other sensitive information. None of us would want to lose any of these items, which is why it’s important to back up your data, and often. Back it up to both a cloud storage service and an external hard drive—just in case
  3. Review privacy policies. Are your accounts as private as you want them to be? Take the time to review the privacy settings on your accounts and your apps so you understand how they use your data. This is important for your social media accounts so you can choose what you want or don’t want to share online. For a good resource on social media privacy, see this article. This is also critical for your apps as many apps access information they don’t need. In fact, McAfee Labs™ found that 80% of Android apps track you and collect personal info–most of the time without our knowledge.
  4. Change your passwords. It’s always a good to idea to change your passwords on a regular basis and there’s no better time during a digital spring cleaning. To help you deal with the hassle of managing a multitude of usernames and passwords required to manage your digital life, use True Key™ by Intel Security. The True Key app will create and remember complex passwords for each of your sites, make them available to you across all of your devices, ensure that only you can access them simply and securely using factors that are unique to you, and automatically logs you in when you revisit your sites and apps—so you don’t have to.

So before you consider yourself done with your spring cleaning, make sure you finish this last bit of spring cleaning with these tips, and you’ll be well on your way to cleaning up your digital life.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.

How the Internet of Things is further killing Privacy

Privacy used to mean changing clothes behind a partition. Nowadays, say “privacy” and people are likely to think in terms of cyberspace. Stay connected, and you risk losing your privacy.

2PEven if you’re not connected, don’t even own a computer or smartphone, information about you can still be out there on the Internet, such as a listing for your address and phone number or a way for someone to get it with a small fee if you live in owner-occupied property.

An article on wired.com points out that the Internet of Things (IoT) is a privacy killer. But it’s also more than that. The evolution of technology forces us to redefine how we perceive our lives, says the article. Even an invention as primitive as the steam engine caused a rethinking among people. But whereas the steam engine was a slap, the IoT is a sledgehammer.

And the Internet of Things is only just beginning. Wired.com notes that the combination of the World Wide Web, big data, social identity, the cloud and more are all poised to erupt into something huge, and it won’t give us time to prepare.

The IoT will infiltrate the tiniest and most remote pockets of the planet, inescapable, impacting all who have a pulse, literally. It’s not like the steam engine in which, soon after its invention, many people were afraid to ride the train because they believed that God did not intend for humans to travel so fast, and thus, these folks easily avoided boarding the train.

We won’t be able to avoid the IoT. It won’t be a station we walk up to and then decide we don’t want to get on. We will be, as wired.com says, living inside the Internet. We’re too addicted to technology not to. Kids can’t imagine living without their smartphones. When their grandparents were kids, the only thing they felt needy for was an umbrella on a rainy day. You don’t miss what you can’t conceive of.

With the IoT slowly dissolving us, like a snake swallowing a giant rat and slowly dissolving it (certainly you’ve seen those unsightly images—you know what I’m talking about), our privacy will be dissolved along with us.

Strangers already can figure out what things we like to shop for without ever communicating to us. Your health habits, eating habits, dating habits…all the data that makes you YOU is continuously being shagged by Big Data. “Privacy” may one day become one of those words, like “oil lamp,” that’s no longer in use because by then, it will be such a far-removed concept.

Imagine living in a house made entirely of see-through structures, so that no matter where you are in it, people on the outside can see what you’re doing. There’s no brick, no aluminum, drywall or wood—just all some transparent material. That’s the Internet of Things.

Ways to shield your privacy:

Use a browser that has an “incognito” mode or privacy plug-in.

Use a VPN to mask your IP address and encrypt your data. Knowledge of where you’ve visited can be used against you by insurance companies and lawyers, to say the least; you just never know what can happen when something out there knows your every online move.

Turn of GPS location for photos. iPhone and other devices saves the location where you took the shots, which is no secret once you post the photos on FB, Twitter, Instagram, etc. Shutting down location based apps will help here too.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

What is private Information and what is not?

Data Privacy Day was Wednesday, January 28, and these days the concept of “privacy” can be ambiguous, generic or confusing. What you might think of as private actually isn’t. The definition of personal identifying information, by the U.S. privacy law and information security, is that of data that can be used to contact, identify or locate an individual, or identify him in context.

1PThis means that your name and address aren’t private, which is why they can be found on the Internet (though a small fee may be required for the address, but not always). Even your phone and e-mail aren’t private. What you post on Facebook isn’t private, either.

So what’s private, then? An argument with your best friend. A bad joke that you texted. Your personal journal. These kinds of things are not meant for public use. What about vacation photos that you stored in a cloud service? Well…they’re supposed to be private, but really, they’re at significant risk and shouldn’t be considered totally private.

And it’s not just people on an individual scale that should worry about privacy. It’s businesses also. Companies are always worrying about privacy, which includes how to protect customers’ sensitive information and company trade secrets.

But even if the company’s IT team came up with the most foolproof security in the world against hacking…it still wouldn’t protect 100 percent. Somewhere, somehow, there will be a leak—some careless employee, for instance, who gets lured by a phishing e-mail on their mobile phone…clicks the link, gives out sensitive company information and just like that a hacker has found his way in.

Even when employees are trained in security awareness, this kind of risk will always exist. An insider could be the bad guy who visually hacks sensitive data on the computer screen of an employee who was called away for a brief moment by another employee.

Tips for Training Employees on Security Savvy

  • Make it fun. Give giant chocolate bars, gifts and prizes out to employees for good security behaviors.
  • Post fun photos with funny captions on signage touting content from the company’s security policy document. It’s more likely to be read in this context than simply handed to them straight.
  • Show management is invested. Behavior changes start from the top down,
  • Get other departments involved. Even if they’re small, such as HR, legal and marketing, they will benefit from security training.
  • Stop visual hackers. Equip employees with a 3M Privacy Filter and an ePrivacy Filter which helps bar snooping eyes from being able to see what’s on the user’s screen from virtually every angle.
  • Don’t forbid everything that’s potential trouble. Rather than say, “Don’t go on social media,” say, “Here’s what not do to when you’re on social media.”
  • Make it personal. Inform workers how data breaches could damage them, not just the company. A little shock to their system will motivate them to be more careful.

Robert Siciliano is a Privacy Consultant to 3M discussing Identity Theft and Privacy on YouTube. Disclosures.

Online Data less safe than ever

It’ll get worse before it gets better: online data safety. It’s amazing how many people think they’re “safe” online, while one huge business or entity after another keeps getting hacked to the bone.

1DAnd “safety” doesn’t necessarily mean the prevention of your computer getting infected with a virus, or falling for an online scam that results in someone getting your credit card information. It’s also a matter of privacy. While targeted advertising (based on websites you’ve visited) may seem harmless, it’s the benign end of the continuum—that someone out there is tracking you.

So, do you still think you’re hack-proof?

That you can’t be fooled or lured? That your devices’ security is impenetrable? That you know how to use your device so that nobody can get ahold of your sensitive information?

Consider the following entities that got hacked. They have cyber security teams, yet still fell victim:

  • LinkedIn
  • Yahoo! Mail
  • Adobe
  • Dropbox
  • Sony
  • Target

You may think the hacking is their problem, but what makes you believe that the service you use is immune? Are you even familiar with its security measures? That aside, consider this: You can bet that some of your personal information is obtainable by the wrong hands—if it already isn’t in the wrong hands.

Are you absolutely sure this can’t possibly be? After all, you’re just a third-year med student or recent college grad looking for work, or housewife with a few kids…just an average Joe or Jane…and you use the Internet strictly for keeping up with the news, keeping up with friends and family on social media, using e-mail…innocent stuff, right?

You’ve never even posted so much as a picture online and say you don’t use a credit card online either.

  • But hey, if your passwords aren’t strong, this ALONE qualifies you as a potential hacking victim.
  • So, what is your password? Is it something like Bunny123? Does it contain your name or the name of a sport? Keyboard sequences? The name of a well-known place? The name of a rock band?
  • Do you use this password for more than one account? That gets tacked onto your risks of getting hacked.
  • You need not be someone famous to get hacked; just someone who gets lured into filling out a form that wants your bank account number, credit card number, birthdate or some other vital data.
  • If you just ordered something from Amazon, and the next day you receive a message from Amazon with a subject line relating to your order…did you know that this could be from a scammer who sent out 10,000 of these same e-mails (via automated software), and by chance, one of them reached someone at just the right time to trick you into thinking it’s authentic?
  • People who know you may want your information to get revenge, perhaps a spurned girlfriend. Don’t disqualify yourself; nobody is ever unimportant enough to be below the scammer’s radar.
  • Did you know that photos you post in social media have a GPS tag? Scammers could figure out where the photo was taken. Are you announcing to all your FB friends about when your next vacation is? Did you know a burglar might read your post, then plan his robbery? Between the GPS tags and your vacation dates…you’re screwed.

Well, you can’t live in a bubble and be antisocial, right? Well, it’s like driving a car. You know there are tons of accidents every day, but you still drive. Yet at the same time, if you’re halfway reasonable, you’ll take precautions such as wearing a seatbelt and not driving closely behind someone on the highway.

Most of your fate is in your hands. And this applies to your online safety. You won’t be 100 percent immune from the bad cyber guys, just like you’re not 100 percent immune from a car wreck. But taking precautions and having the right tools really make a tremendous difference.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention.

Having the Privacy Talk with your Kids

Years ago, having “the talk” with your kids meant telling them where babies come from. Nowadays, “the talk” has a whole new meaning. Your kids may be able to explain in detail how a baby is created, but may be clueless (because so many adults are) about something called “data permanence.”

2PDon’t beat around the bush. Tell your kid outright, “If you post any racy images of yourself online—it will be there for the next million years for anyone to see. And it can be used against you.” Give this same warning about comments your child might post to an article. Things that your kids put online can come back to bite them many years later when they’re applying for employment. Tell them that.

Of course, warning your adolescent that something they post could come back to haunt them 20 years from now might not have much of an impact on them—kind of like telling your kid—who has endless energy—that smoking could cause heart disease 20 years from now. So how can you get through to your kids?

  • The more open the lines of communication are between parent and child, the more likely your message will get through about data permanence. Don’t make communication one-sided.
  • When your kids ask you how things work, even if it’s not related to cyber space, never act annoyed. Never make them feel it was a silly question. Never show impatience or judgment. If you don’t know the answer to their techy question, say, “I don’t know; let’s find out.” Don’t fudge a half-baked answer in an attempt to sound smart. Admit when you don’t know an answer, then hunt it down.
  • If you think it’s time to have “the talk” with your child, it is.
  • There’s never a perfect time to have “the talk.” Stop putting it off. Stop saying, “I’ll have it when…” Just do it.
  • Emphasize that raunchy images or nasty comments can come back to bite them in the near For example, they might have a crush on someone in a few years. What if that person googles them? What might they find? Ask your child, “What would you like them NOT to discover?”
  • Don’t be all lecture. Get your child thinking and talking opportunities. Ask them open-ended questions, such as the example in the previous bullet point. Get their brain cells working.
  • The privacy talk should be a process, not an event. That is, it should be a work in progress, ongoing, rather than a single event.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention.