Posts

Spy on your Kids yes or no

It’s one thing to bust into your kid’s diary and read it, but if your kids want the privilege of engaging in the cyber world, they need to understand that parents are justified in “spying” on them. Or are they? Depends on whom you ask and how far they go at “spying” on their kids.

2WFrankly It’s not spying at all and both kids and parents should get over it. It’s called parenting. My kids are still young, but as they get older there will be hardly a thing they do online that I won’t be aware of. The internet isn’t a right, it’s a privilege to someone under age. No 13 or even 17 year old of mine will be on it without being supervised. Same goes for passwords. I’ll have access to all of them. This may be far-reaching to some, akin to the ancient form of spying: listening in on the extension phone to a phone conversation between your kid and his buddy. But really, it’s simply being a parent.

Spying can also be a life saver. Kids are being bullied today like never before. And as a result, they are hurting themselves. And then there are all the illegal things they may be doing. These same acts can get them killed. In this case, knowledge is definitely power to keep your kids safe.

Parent believe and they are right that spying is “an invasion of privacy and a violation of trust.” If you get caught, your relationship could be sabotaged, this is true. So spy openly and honestly. Tell them. Show them. Remind them. If kids know you are watching, they are often less likely to do things they aren’t supposed to.

The element of surprise, however, may be a factor. It makes a world of a difference if, from an early age, the parent establishes with their children that there will be “spying,” vs. never discussing this concept with the kids, and then one day you get busted.

Don’t use the word “spy,” either. Instead say “monitor” and let your kids know

How do you balance protecting your kids and maintaining trust? Team up with your kids. Make family agreements and contracts that show transparency. This will go far is keeping a close eye on their safety and security.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention.

Feds warn of more Online Predators

What goes on in the home life of a 14-year-old girl such that she feels there’s nothing better to do than send nude photos of herself to a man whom she’s been corresponding with online? Though this goes well-beyond the parents not bothering to find out what their kids do online, another huge issue is the proliferation of online predators.

2WAnd for parents who DO care enough to monitor their kids’ cyber activities, here’s some unsettling news: A 2013 survey called  Digital Deception: Exploring the Online Disconnect between Parents and Kids revealed that 69 percent of the young respondents reported they knew how to conceal their online activities from their parents. The study also showed that 80 percent of the parent-respondents said they wouldn’t even know how to figure out what their kids’ online activities were. Conclusion: Parents are clueless.

This makes it easier for predators to find victims. There’s the case of a girl who, at age 13, sent an image of herself to a 26 year old man who for the next five years cyber-harassed her, demanding more images. The girl was driven to two suicide attempts and finally alerted authorities who found him.

Another predator tricked a 15-year-old into sending him photos who turned out to be a 50 year old man. They do this by sending photos of younger cuter boys around the same age as their victim females. Parent need to have ongoing dialog with their kids that this is going on everyday somewhere and “it can happen to you too”

These act can often be prevented which once again, brings to mind what kind of parenting or lack of parenting is going on. Though parents can’t monitor their kids’ activities every second, something has to be said about why a young person’s life would be so empty that they end up sending out nude photos of themselves—even if the victim thinks the recipient is the same age!

What Parents Should Do

  • Educate kids about online predators
  • Educate yourself about online predators
  • Warn kids about never sending images into cyber space
  • Make sure kids understand that they will never be shamed for reporting a perilous situation
  • Tell kids that no matter how aggressive or threatening a cyber predator seems to be, they ultimately don’t have that much power; they’re ground meat once the authorities find them.
  • The less time kids spend tinkering around on the Internet, the less likely they’ll meet up with a predator. Get your kids involved in confidence-building activities that develop independent thinking skills and assertiveness.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Use an ePrivacy Filter to prevent Visual Hacking

In an average year I’ll tally 75,000 airline miles. In an average week while waiting for the plane to board or while in flight I’ll see multiple laptop screens flipped open with an over the shoulder view of emails being sent and received, PowerPoint presentations being tweaked, proposals being written and various client and employee records being crawled through. The fact is, I’m a good guy with no bad intentions, but I can’t help seeing what I see, it’s distracting. The screens are bright and propped right in my face. If I was a bad guy, this would be considered “visual hacking”.

2PHacking can be done without viruses: with just one’s eyes. The visual hacker prowls the public, seeking out computer screens displaying sensitive data. The company 3M now offers the ePrivacy Filter. This software, when paired with a traditional 3M Privacy Filter, which blacks out content that can be viewed from side angles where hackers can lurk, alerts the user to snoops peering over their shoulders from just about every angle. I’m seeing more and more of these in flight. Which frankly, is nice, and less distracting.

More people will merely state that they prize visual privacy than will actually do something to protect this, according to a recent 3M study. The study revealed that 80 percent of the professionals who responded believed that prying eyes posed at least some threat to their employers.

Strangely, most of these workers opted not to give their visual privacy any protection when they were accessing information with an unprotected computer in a public location of high traffic.

Employees have a funny way of asserting a belief but acting otherwise. This shows that businesses need to educate employees on the risks of data leaking out to visual hackers.

The fact is employees more mobile than ever. And with corporate secrets being Wikileaked, “Snowdened”, and just plain hacked, customers require more assurance than ever that their data is protected.

An ePrivacy Filter, coupled with a laptop or desktop privacy filter helps protect visual privacy from virtually every angle. Compatible with devices that use Windows operating systems, the ePrivacy Filter will alert the user to an over-the-shoulder snooper with a pop-up image of his or her face, identifying the privacy offender. However, you don’t have to worry about your data if you step or look away briefly. The screen will be blurred and will only unlock when you return thanks to its intelligent facial recognition feature.

Please, stop hijacking my attention and get a privacy filter.

Robert Siciliano is a Privacy Consultant to 3M discussing Identity Theft and Privacy on YouTube. Disclosures.

Steps to Manage a secure online backup

Cyber storage does not always = secure backup. Users of cloud storage have many potential tools at hand to beef up security. And just because cloud services have some loopholes doesn’t mean you should just throw in the towel, as the saying goes, and figure “What’s the point?”. Here are some ways to beef up cloud storage security and manage your online backup.1D

  • Take inventory of what’s stored in your cloud account. Evaluate how important each data item is. If the cloud service can access your data, you may want to make some adjustments, since some of your data might not be compatible with the service’s terms.
  • Consider encrypting your most sensitive data if you don’t want to remove it from the cloud and then back it up locally.
  • Don’t put all your data in one basket, either. Suppose all your data is stored in one cloud service, and that service gets hacked or something else happens and you lose your data—or it’s in the hands of thieves. If you use more than one cloud service, then at least if one gets hacked, you’re not totally screwed. Think of this as being like having your precious jewels locked in several small safes throughout your house, rather than in one giant safe. What are the odds that an intruder will find all the safes and get into all of them?
  • If your cloud account has any devices, services or applications linked, very carefully inspect and modify their settings to optimize security. Discard useless, old, unused connections so they don’t become portals to your data.
  • Use two-factor authentication on every cloud password when available. If the service doesn’t offer two-factor, consider dumping it.
  • Make your answers to security questions crazy-nutty, but also memorable.
  • Assess your cloud passwords. They should be very different from each other. If you can’t handle memorizing a bunch of long, convoluted passwords (which are the best kind), use a password manager.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Beware These College-Related Scams

The last group of college students has headed off to school for another semester of dorm rooms, late-night library sessions, and the occasional college party. For many students, college is the first time they’ve lived away from home. They are young, open to new things, and sometimes, naïve. These traits make them prime targets for scams.

9DHere are some of the most popular college scams:

  • Fake College Websites
    Here’s how this works. Scammers copy a college’s website but use a fictitious name on the site (in essence creating a spoofed site). They use this site to collect application fees and gather personal information. They even go so far as to send out rejection letters to applicants to try and “maintain” their credibility. But all this application will get you is financial loss and the potential to be victim for future phishing scams.
  • Diploma Mills
    These are unaccredited colleges or universities that provide illegal degrees and diplomas for money. Many spoofed college websites are also used as diploma mills. Though some diploma mills may require students to buy books, do homework and even take tests, the student will be passed no matter what. In some cases, users get a diploma simply by purchasing it. In any case, you’re out of money and have no valid diploma.
  • Fake Scholarships
    Let’s face it. College is not cheap. Therefore, many students look for scholarships to help ease the financial cost. Scammers profit on this need by creating fake scholarships, which require you to submit a fee when applying for the money. You never see a dime and you’ve lost that application fee as well as given up some of your personal info.
  • Wi-Fi Scams
    Computers are an essential part of the college experience and wi-fi connectivity is a necessity. So while you may not want to pay or can’t afford to pay for wi-fi connectivity, you need to be careful when using free wi-fi as hackers can easily intercept your communications.

So while college is a time to learn and experience new things, you also want to avoid getting scammed. So here’s some tips on how to make sure you don’t get taken by one of these scams:

  • To protect yourself, develop the habit of not giving personal information to strangers and double check the authenticity of the organization.
  • Before sending in any online application, double check the accreditation for any college or university. In the United States, you can do that on the Department of Education site.
  • Verify that a scholarship is valid, by checking with an organization like FinAid.org.
  • Avoid doing any sensitive transactions like shopping or banking when using free wi-fi connections.

Yes, there are plenty of scams out there. But with common sense and a willingness to double-check, students can avoid being lured in.

Have a great school year!

For more tips on how to stay safe online, follow McAfee on Twitter or like them on Facebook.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

Is private NSA proof E-mail possible?

You can buy encryption tools to prevent people from reading the contents of your e-mails should they intercept them. But what about those who have NSA-caliber resources and skills?

7WThe problem is that encryption services usually leave wide open the e-mail’s metadata: e.g., sender, recipient, subject line and timestamp.

But a new service, ShazzleMail, delivers e-mail straight from sender to recipient without any metadata.

ShazzleMail software is downloaded, then encrypts e-mails, but your device must be switched on so that the recipient could download the e-mail.

If the recipient doesn’t have ShazzleMail, they’ll get a message headline, “Secure Message from Jack Jones,” plus a message text: “Jack Jones has sent you a secure, encrypted e-mail via ShazzleMail. Click to View.” ShazzleMail is free, though there’s an enterprise version for a monthly fee of $5.

Can a hacker defeat ShazzleMail? Well, without any metadata, how can a hacker track the message’s path? There’s no middleman; the messages go straight from sender to recipient. ShazzleMail says, however, that it’s not fool-proof against the NSA if the NSA wants to really go at it. Nevertheless, ShazzleMail puts a lot more barbed wire on that fence.

And then there’s Enlocked, which offers “military-grade e-mail security” for professionals by encrypting e-mails before they’re sent. However, the metadata is visible. This is a big problem if the mere communication between two parties is significant, or the timeline or whom the parties are is very telling.

Another option is Raellic Systems, which has software that lets users select from three levels of privacy.

Hushmail is another contender. They state: Hushmail can protect you against eavesdropping, government surveillance, unauthorized content analysis, identity theft and email forgery. When you are using Hushmail, the connection between your computer and the Hushmail server is protected by encryption. That means that if someone is eavesdropping on your Internet connection, they will not be able to read the traffic that you send to the Hushmail website. This is especially important if you are using your computer on a public or office network, or if you are using a wireless connection that is not encrypted.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Back to School Time Means Online Safety Time

It’s August which for parents (and kids) means it is back to school time. It can be easy to reminisce about your school days—passing notes to the cute girl or boy in class, late-night study sessions with friends, or playing tag on the playground.

4HBut your kids’ school experience is way different from when you were in school. Snapchat, Facebook, and text messaging have replaced those folded handwritten notes. Educational apps have replaced flash cards. A lot of your kids have their own smartphone or are probably asking for them.

Your kids are growing up as digital natives, with technology playing a part in almost every aspect of their lives. In a study conducted earlier this year, McAfee found that 54% of teens and tweens spend more than 10 hours online per week and over 60% use either Snapchat, YouTube or Instagram on a daily basis.

And while our kids may be digitally savvy, McAfee found that while 90% of tweens and teens believe their parents trust them to do what is right online, almost half (45%) would change their online behavior if they knew their parents were watching.  So it’s critical that we stay one step ahead of our kids.

With all this technology available, there comes new responsibilities for us as parents. It’s important that we take the time to teach our children how to safely navigate the digital world. Here’s some ways to protect your kids online:

  • Turn off GPS services. Encourage your child to disable this option to keep their location invisible to strangers.
  • Enable privacy settings. This is something we should all do and the McAfee study found that over 1/3 of youth did not use these on their social networking profiles.
  • Discuss the reality of cyberbullying. In the McAfee study, 87% of kids have witnessed cyberbullying and 24% said they would not know what to do if they were cyberbullied.
  • Teach them what is appropriate to share. 50% of tweens and teens share their email address, while 30% post their phone number and a whopping 14% posted their home address.

To help keep our kids safe online, McAfee and HP have teamed together to promote online safety during the Back to School season —and give you a chance to win prizes. To learn more, go to www.BTStips.com to enter to win!

For more tips, like McAfee on Facebook or follow them on Twitter.

Cheers to a safe, fun school year!

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

The Right to Privacy

The more technological advanced we become, the higher the degree the potential exists for an invasion of our privacy. Imagine how difficult it must have been for people’s personal information to get stolen—10,000 years ago.

2PWe now live in a world where someone half-way around it from you can nab your most personal information in seconds.

Our right to privacy is just as strong now as it ever was, despite the ease at which criminals and snoops can get your personal data.

Famed attorney and associate justice on the U.S. Supreme Court Louis Brandeis was a champion of a person’s right to privacy, and defined the right of a person “to be let alone” as “the most comprehensive of rights, and the right most valued by civilized men.”

To keep up with the increasing ease of stealing a person’s data, legal remedies and privacy enabling software have been developed.

The Internet is infested with spammers, scammers, and hackers. Do you know that these spammers and hackers can easily monitor your online activities and steal your personal data like credit card information and passwords?

Even your Internet Service Provider (ISP) spies on you! They monitor, track, and keep a record of all your web activities. The websites you visit, the software you download, your online purchases, and everything else are recorded and saved by your ISP.

If this bothers you, you now have options available to protect your privacy and identity. Just download and use Hotspot Shield software. It acts as an IP hider to mask or change your IP address and protect your privacy, while securing your Web browsing session at the same time.

“THE RIGHT TO PRIVACY,” by Samuel D. Warren and Louis D. Brandeis, appeared in the Harvard Law Review in December of 1890.

From that are derived six applicable limitations:

1. “The right to privacy does not prohibit any publication of matter which is of public or general interest.” Warren and Brandeis give elaboration on this exception to the right to privacy by stating:

In general, then, the matters of which the publication should be repressed may be described as those which concern the private life, habits, acts, and relations of an individual, and have no legitimate connection with his fitness for a public office which he seeks or for which he is suggested, . . . and have no legitimate relation to or bearing upon any act done by him in a public or quasi public capacity.

2. The right to privacy does not prohibit the communication of any matter, though in its nature private, when the publication is made under circumstances which would render it a privileged communication according to the law of slander and libel.

3. The law would probably not grant any redress for the invasion of privacy by oral publication in the absence of special damage.

4. The right to privacy ceases upon the publication of the facts by the individual, or with his consent.

5. The truth of the matter published does not afford a defense. Obviously this branch of the law should have no concern with the truth or falsehood or the matters published.

6. The absence of “malice” in the publisher does not afford a defense.

With regard to remedies, a plaintiff may institute an action for tort damages as compensation for injury or, alternatively, request an injunction.

A closing point to make is that Warren and Brandeis recommend that criminal penalties be imposed for violations of the right to privacy, but they decline to elaborate further on the matter, deferring rather to the authority of the legislature.

Source: http://faculty.uml.edu/sgallagher/Brandeisprivacy.htm

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Recognize Your Willingness to give up your Privacy

If a stranger stopped you on the street and requested your e-mail address and birthdate, would you give it to that person? A rational person would never give up this information.

1PThis is the same guard you should have when giving out your personal information to set up an online account, setting up a social account or to get some bargain or great deal on a product or service. Most people will give up all their data for 10% off at a shoe store.

Many people blindly give out personal information online or in person to get that bargain. Sometimes, these choices are made by people who claim to value their privacy.

Those same people may not know that every time you log into free unencrypted WiFi you are most likely revealing everything you communicate on a PC, laptop or mobile? This is why an encrypted connection like one provided with Hotspot Shield is very necessary.

A study from Carnegie Mellon University, conducted by Alessandro Acquisti, turned up some very interesting results.

He sent some graduate students to a shopping mall near Pittsburgh. The students were instructed to offer a $10 discount card, with an extra $2 discount to shoppers in exchange for their shopping information. Half turned down the extra offer. The $2 wasn’t enough to get them to reveal their shopping cart items.

Another group of shoppers was offered a $12 discount and the choice to exchange it for $10 if they desired to keep their shopping data private. Ninety percent decided to keep the $12 discount, which meant they were willing to reveal their shopping data.

What gives?

It looks as though if people already have ownership of private data from the get-go, they’re more likely to value it. If it’s yet to be acquired, however, the value placed on it is less.

So getting back to cyber space then, have you ever wondered if the data, that the online advertising industry collects on you, is truly scrambled so that it’s not possible to identify individuals?

Acquisti conducted another experiment. With a webcam he took snapshots of about 100 campus students. It took only minutes for him to identify about 30 percent of these nameless students by using facial recognition software.

He then went a step further and gathered enough information on about a quarter of the identified students via Facebook to guess a portion of their Social Security numbers.

Acquisti showed how simple it is to identify people from scratch because they leave a data trail in cyber space—and this includes photos. This shows how easy it is for criminals to use Facebook to steal a person’s identity.

Though it would violate Facebook’s terms of service to register a fake birthdate, the user needs to be aware of the tradeoff: Identity thieves love to find birthdates.

Facebook says that the user can control who sees personal information. So you just have to weigh the pros and cons. Is receiving well wishes on your birthday worth the risk of a thief using your basic information to steal your identity?

And by the way, thieves can use your Facebook profile photo to help steal your identity. Maybe this is why some people use their baby’s or dog’s photo for their Facebook photo?

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Can your Privacy Policy be Read by a 5th Grader?

Zero. The number of people who have ever read word for word—and understood—a website’s privacy policy.

2PWell, maybe not zero, but the actual number is pretty close to it. And this excludes the lawyers who compose these thick walls of tiny text that are filled with legalese.

How many people even open the link to the privacy policy? After all, it’s almost always at the bottom of the site page, called “Privacy Policy,” in a font that doesn’t even stand out.

It’s time that the privacy policy (aka transparency statement) be short, sweet and simple, with an attractive graphic to catch the visitor’s attention. The purpose of a privacy policy seems to be to inform the website visitor/user just how that person’s data will be used by the business or enterprise that the site is for.

But more accurately, the purpose is for the statement to protect the business in the event of a dispute.

Why don’t businesses introduce a short, in-plain-English statement with the sole purpose of explaining privacy and data protocols; right to the point, no legalese filler fluff? And easy to access while they’re at it. The larger, complicated privacy policy could back up the short, simple transparency statement. Over time, the way the big, and the little, statements work in tandem could be refined.

With this upgrade in the “privacy policy,” visitors to sites will be able to make better choices and have a firmer grip on how the site manages their data.

Just think how much smoother things would be if every website had a link titled “Transparency Statement” that took you to a one-page document with a friendly font size and no legalese. Better yet, why not call the “transparency statement” something like, “How we handle your private information.”

Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.