Posts

Your Customers’ High Cost of Privacy

This writer has said numerous times that privacy is waning and dying. Partly because we have allowed it with our bazillion posts to social and partly because of the shift from print advertising to digital. During that shift, lots of creative types figured out how to figure you out and get inside your digital head. But all at a cost of your privacy.

1PArwa Mahdawi in the Gurdian brilliantly posed “Privacy isn’t dead, but it’s getting very expensive.” So true.

Ask yourself: as a decision maker for your business or employer, when it comes to protecting your organization’s customers’ or clients’ personal data, how proactive are you? And even if you’re proactive, are you aware of just what is involved on the part of the customer/client to ensure that their personal information doesn’t get into the wrong hands?

Or perhaps you’re not very active in this realm at all, figuring that it’s “up to the customer” to figure out how to secure their data, or that it’s the responsibility of the banks and credit card companies.

I contend that businesses who collect valuable data from customers and profit from it – from email addresses, to credit cards to SSNs – have the responsibility to protect the data collected. Otherwise customers inclined to do so must pay a fee to have their personal information protected. That business is booming.

It’s fair to speculate that if businesses, such as retailers and healthcare organizations, had an excellent history of keeping customers’ data airtight, the protection of privacy wouldn’t have become something that people must pay for.

Of course, there are ways that consumers can protect their privacy without paying for it, such as giving up the use of credit and debit cards, always remembering to disconnect their mobile device in public when they don’t need to be online, never seeing doctors, disabling their cookies, etc.

But let’s face it, these free approaches are impractical or even impossible. How many Internet users even know how to disable their cookies, or even what a cyber cookie is? How many know what a VPN is?

Consumers should not have to be tech savvy or have a lot of money or make impractical lifestyle changes in order for their private information to be leak-proof.

Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

Spring Clean Your Online Reputation

Spring is fast approaching, which means that spring break and college graduation are not too far away. Things could get ugly if your friends take photos of you acting foolish and then post them online for everyone to see.

14DWhether you’re searching for your next career move or are on the verge of graduation and feverishly sending out your resume, like it or not, potential employers are going online and Googling you. (Yes, Googling is considered a verb now.) Every time they find something online that is appropriate, they print it out and attach it to your resume. While I can’t confirm whether or not people are pulling your past and laughing at your expense, let’s just say I’d put money on it.

When was the last time you cleaned up your online (especially on social media) profile so that prospective employers can’t discover “bad” things about you? McAfee conducted a study, and the results show that 13.7% of people ages 18-24 know someone who was given the pink slip, courtesy of online postings.

Job seekers and upcoming college graduates take note: Difficulty getting or keeping a job due to negative social media content is a reality. I assure you anything on your social media profile that makes you look less than desirable as an employee, even an innocuous comment such as, “I always have trouble being on time,” can kill your chances at getting that dream job.

Tips on how you (the job seeker) can make your online profile look good:

DON’T:

  • Don’t friend someone you don’t know, just so you can crank up that friend-total tally. (Wow, 8,000 friends! Really?)
  • Don’t let anyone photograph or video you holding alcohol, smoking, being promiscuous or aggressive, shirtless, using vulgar gestures, or even doing something perfectly legal but stupid looking like the seflie fishy face.
  • Don’t use offensive language online, even if your privacy settings are at the highest. If you really need to get your point across, use “fudge,” “freakin,” “effing,” etc.
  • Don’t log on when your judgment may be compromised by raging hormones or alcohol/drugs.
  • Don’t negatively comment online about any person in authority (your boss, former boss, parents, a political candidate). Exception: The object of your scathing remark is a puppy beater.

DO:

  • Make sure your social network privacy settings are on high, but remember that this doesn’t give you the green light to be inappropriate.
  • Look at the past year of what you’ve posted on social media profiles. Delete every photo, video and comment that is even remotely off color.
  • Google your name, address, phone number, email address and pseudonyms to see what’s out there about you. If it’s bad and it’s deleteable, then delete.
  • If it’s not deleteable, but under the control of someone else, see what your options are to have them remove it. Email, call, beg and plead if you must.
  • Once you’ve removed what you can then start the process of pushing out good stuff. This means propagating social and search with digital content that would make your mother actually proud she spawned you. The more good stuff that shows on the first few pages of search, the more the bad stuff will be pushed down into the abyss.

If you are saying “I’m not concerned, my life is an open book, if a potential employer doesn’t want to hire me because of who I am, then I don’t want that job anyway.” Fine. But when it comes time to pay the bills, you’ve been forewarned.

You may be a college grad with a 170 IQ or a businessman with 10 years of experience, but to a prospective employer, your fishy face selfie makes you look like a tool. Be careful what you do online!

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

6 Tools to protect your Privacy Online

The more advanced that communications become, the more likely your personal information is getting leaked out—every time you search the Web, send texts or e-mails, etc. Your private data is literally “out there.” However, there are six software programs to protect your privacy online.

1PExpiration date tag. Files, photos and messages are tagged with an extinguish date, then erased from your smartphone. The iOS and Android application for this is Wickr and it’s free. The only content that passes the wire is encrypted. The user’s device will encrypt and decrypt.

Block the intrusion. Where you go on the Web is tracked so that advertisers know what to market to you, but this technology is intrusive. How would you like to return the favor? You can with the free Ghostery service, an extension for the main Web browsers. It records who’s tracking your online activity, providing you information on these entities. You can instruct Ghostery to block such activity.

Multi-prong privacy features. This free program produces disposable e-mail addresses; e-mails are forwarded to the user’s main address, but a detection of spam will shut off e-mails; a login and password manager will keep track of multiple passwords and also help generate strong new passwords.

These features come with an extension for the Firefox and Chrome browser and is called MaskMe. Additional masking features come for $5/month, such as a one-time credit card number.

Easy encryption setup. If that can ever be easy, GPG Suite has made it so. With this Mac-only software, you can set up public and private encryption keys. The encrypted message, which works with Apple’s Mail, is sent by clicking a lock. The GPG Keychain Access component searches for and stores another user’s public key, plus import and export keys. The suite is supported by donations.

Stay anonymous. Today’s technology can identify you simply based on your online search history. Your search terms are retained by search engines, but if this data gets in the wrong hands, it could spell big trouble, or more likely, just be plain embarrassing.

DuckDuckGo is the alternative, as it does not record your search terms or leave them with the site you visit. It doesn’t record your computer’s IP address or the browser’s user agent string.

 VPN Use a VPN to be protected from cookies that track where you’ve visited. Knowledge of where you’ve visited can be used against you by insurance companies and lawyers, to say the least; you just never know what can happen when something out there knows your every online move.

A VPN will encrypt your online sessions with an HTTPS security feature, protecting you from non-secure Wi-Fi such as at airports and hotels. VPN will mask your IP address from tracking cookies. Hotspot Shield is a VPN provider that’s compatible with Android, iOS, Mac and PC, running in the background once installed.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

6 ways College Grads can Protect Online Reputations

Here’s what you, the new college grad, can do to clean up and protect your reputation in the online world.

14DThese days, it’s crucial for college grads seeking jobs to have an online reputation that’s as clean as a whistle. I’m an online-security and ID theft expert, so trust me when I say that yes, employers DO take into account what you did at that party during your sophomore year.

How College Grads Can Clean up Their Online Reputation

A prospective employer will likely Google your name, then read the sites it’s on. And don’t assume that you’re protected by a “Joe Smith” kind of name. An astute employer will find the right Joe Smith.

One of the first things a new college grad should do, to prepare for a job interview, is to prepare for what the person hiring is likely to do (either before or after the interview): look you up online.

Find out what people are saying about you in cyberspace. Use a tool like Google Alerts, Tops, Social Mention and Sysmosys, among others. Monitor these on a daily basis.

If your own search turns up nothing bad about you on Facebook, Twitter, YouTube, LinkedIn and other biggies, this doesn’t mean nothing bad exists. Go deeper into the search results. Type in your middle name or just initial, or some associative fact like hometown name, to see if that alters results.

Cleaning up your online reputation, then, begins with seeing if it needs to be cleaned up in the first place. This is more important for a college grad than, say, getting that perfect manicure for job interviews or that perfect hair tinting job.

The prospective employer these days may be more interested in what your name pulls up in search engines than how perfectly coordinated your shoes are with your power suit.

Being digitally proactive keeps your online presence clean.

  1. Digital security is a must. We’ve all read about politicians, celebrities, news organizations and major corporations who’ve been hacked and negative stuff was posted from their accounts. Even when you regain control of your hacked account those unwanted posts can leave searchable breadcrumbs.  Make sure your devices are protected with antivirus, antispyware, antiphishing and a firewall. Secure free Wifi connections with Hotspot Shield VPN.
  2. New college grads should invest time picking apart their Facebook page and any other kind of social media where they have the ability to change what’s on it. Delete anything relating to drinking, sex, drugs, being tired all the time, political and religious views, use of offensive words, anything that fails to benefit your reputation online.
  3. Even a comment like “Old people are bad drivers” can kill your chances of landing a job. Think before you post.
  4. Unfortunately, if someone has posted something negative about you on their blog, there’s nothing you can do unless you want to pay something like $2,000 to hire a company to knock negative Google results deep into the search pages (a prospective employer probably will not go past a few pages deep once they locate information about you). But paying someone is a viable option you should consider.
  5. A college grad can protect their online reputation by never using their name when signing up for a forum board where they may make posts that, to a prospective employer, make the job seeker look bad. If you want to post on the comments page for Fox Sports, for instance, don’t use your real name.
  6. Don’t even use your real name for signing onto support sites for medical conditions, for that matter. You just never know what may rub a prospective employer the wrong way.

The college grad’s reputation needs to appear as perfect and “pure” as possible in the online world.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Meeting a Stranger: Safety Tips for Online and In-Person

A simple yet comprehensive guide to staying safe when meeting a stranger in person or dealing with one online.

1SDI have been involved in the security industry for years, and one of the most common questions I get is how to be safe when meeting a stranger online or in person.

Safety Tips for Online Stranger Encounters

  • When online, give out as little info as possible.
  • If possible, meet people on sites that scrutinize their users, though even an extensive profile can be convincingly faked. Do your homework on these sites.
  • Don’t rely only on profiles. Seek out their name online to see what comes up.
  • Use a disposable e-mail address (or phone number) service or app.
  • Speak on the phone first; it’s harder for a man to pretend he’s a woman this way.

In-Person Safety Tips with Strangers

  • Use your smartphone to share where you’ll be with family and friends. There are apps that will let trusted people view where you’re at.
  • Choose more than one meeting place (well-lit, very public). This is because you may want to go to a second location if it’s a date, or if it’s a buy-sell, the other person may get lost.
  • For a buy-sell, bring someone with you.
  • For dating or business, bring minimal cash, only the amount you expect to pay for an item. Keep extra cash (for haggling) separate and unseen by the stranger.
  • If the stranger must come to your home to view an item you’re selling, leave your front door open. Try to have someone with you.
  • Do a background check on anyone whose house you’re going to (such as to clean or babysit).

Safe Strategies with Strangers

  • Never get into a car with a stranger.
  • Arrange a nearby meeting place for you and trusted friends, after your blind date or business meeting. If it’s a blind date, your friends could be across the street having dinner; only one text message away.
  • Stick to your meeting place plans; don’t veer off-course.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Privacy is more than locking your Doors

There are 10 distinct meanings of privacy.

2PProtecting Reputation

You’ve heard of money management, right? Well, there’s also reputation management. There’s a difference between having facts about a person and then making judgments based on those facts. Often, judgments are skewered, and the result is a soured reputation.

Showing Respect

We must respect one’s desire to keep personal data about themselves personal. That’s why it’s called personal data. It’s not so much that revealing one’s private information would do little, if any, harm. It’s the principle of respect that’s the bigger picture.

Trust

Trust is vital in any kind of relationship, from personal to commercial to professional. When trust is broken in one relationship, this could cause a domino effect into other kinds of relationships.

Social Boundaries

We all need a sanctuary from people’s interest in us. When boundaries are crossed, relationships can be tarnished. Nobody really wants everyone to know everything about them, or vice versa.

Freedom to speak freely

We’re all free to think whatever we want without fear of repercussion, but turning those thoughts into speech is what can create problems—both real and perceived.

The Second Chance

Thank goodness that once we get our foot stuck in the railroad track, we can yank it out and start over. Having privacy promotes the second chance, the ability to make changes.

Control

You’ll be hard-pressed to come up with a transaction you can complete in public or online without forking over your personal data. Minus cold cash transactions, just about every move we make requires some revealing of personal information. And the more that your data is out there, the more likely someone can use it to control you.

Freedom of Political Association

Due to privacy, we can associate with political activities, and nobody ever has to know whom we voted for for a political office.

What others think of You is none of your Business

Privacy means never feeling you must explain or validate yourself to those near or far.

Robert Siciliano home security expert to Schlage discussing home security and identity theft on TBS Movie and a Makeover. Disclosures. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.

Why Should You Care About a Site’s Privacy Policy

Most websites should have a privacy policy (although I don’t think it’s always the easiest thing to find). And then once you do find it, you’ll see a huge amount of what I consider to be legal mumbo jumbo. And because you really should care about this stuff, the question becomes how do you sort through all this stuff?

2PMost privacy policies usually begin with something around them collecting, using and sharing your personal information or data. For example, here’s how Google, Twitter and Apple’s privacy policies start out:

  • Google (http://www.google.com/policies/privacy/) – “There are many different ways you can use our services – to search for and share information, to communicate with other people or to create new content.”
  • Twitter (https://twitter.com/privacy) – “This Privacy Policy describes how and when Twitter collects, uses and shares your information when you use our Services. Twitter receives your information through our various websites, SMS, APIs, email notifications, applications, buttons, widgets, and ads (the “Services” or “Twitter”) and from our partners and other third parties.”
  • Apple (http://www.apple.com/privacy/) – “Your privacy is important to Apple. So we’ve developed a Privacy Policy that covers how we collect, use, disclose, transfer, and store your information.”

Here’s what you really need to understand about a website’s privacy policy as this can affect you

  • How it gathers information – sites usually use cookies to collect or track information.
  • The type of information it gathers – it is keeping track of your name, age, or email address.
  • What it is doing with the information – make sure you understand how the site is using your information, whether it’s just to provide a better experience for you when you return to the site or it is sharing your data with third parties.
  • Security measures it has in place – how a site is protecting your information that it gathers is critical. This should be not only when the data is being transmitted to them, but also once they have it.

And why is this important? Those factors above can affect you if the site is not taking care of your personal information. It could lead to unwanted spam, identity theft and financial fraud depending on what type of information they have gathered from you and how they are using it or taking care of it.

You should also know that the sites should provide options for you to opt in or opt out of how they share your information. Another key thing is to find out how long the site keeps your information. Some sites keep it forever, while others delete it after a certain amount of time. For instance, you should know what happens to your data if you delete your account.

Yes this is something else for you to check. But in our digitally connected world, it’s something you just gotta do.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

How to Protect Your Information Online

5DEvery week I receive emails from people asking how they can protect their privacy online. It seems like there have been more and more data security breaches, and therefore awareness about the potential to have our information exposed is growing. In fact half of us worry about the amount of personal information about us that is available online compared to only 33% who were concerned about this in 2009.

recent Pew survey found that 86% of Internet users have taken steps online to remove or mask their digital footprints—ranging from clearing cookies to encrypting their email. And while most of us would like to be anonymous online, most of know that this is not always possible. Some other startling facts from the study:

21% of Internet users have had an email or social networking account hijacked, and 11% have had vital information like their Social Security number, bank account data or credit cards stolen

13% of Internet users have experienced trouble in a relationship between them and a family member or friend because of something the user posted online

6% have had their reputation damaged because of something that happened online and 4% have been led into physical danger because of something that happened online

Yet even though we want to keep our information private, most of us still knowingly post information online. The study found that half of us knew that our birth date was available online, and a whopping 30% knew that their home address was available online. And what else was revealing was that 26% of us didn’t’ feel that it was that important if people knew our location when we were online.

So while we may be concerned with privacy, there’s also a discrepancy in terms of what we have posted online or what we consider private or personal. Of course, this is a personal choice, but we should all be aware of things we can do to protect our information online, especially since it is not always in our control.

Be careful what you share online: Do what you can to control what information you reveal about yourself online. You should think about the Internet as akin to writing in permanent pen…once it’s there, it’s there forever.

Be cautious about where you give your information to: In today’s world a lot of information about us that is available online is not something that we posted ourselves. So think twice when giving your information, even if that’s in paper form since most employers, medical offices, etc, keep your information in electronic format and also what information you actually give out.

Lock down your privacy settings: Make sure you know how to use the privacy settings on social media sites, email, and other online applications and don’t connect with anyone you don’t know in the offline world.

Be careful what you download: Know what you are downloading, whether that be a photo from a friend or that fun new app for your smartphone. Many apps access information on your mobile device that you may not know about so make sure you check the permission it is accessing.

Keep your devices clean: Use comprehensive security on all your devices (not just your PCs) like McAfee LiveSafe™ service  and keep your devices’ operating systems and browsers up-to-date to protect your information online.

Use tools to help keep protect your privacy: You can use things like browsing in “incognito” mode or clearing your cookies. You should also make sure that you don’t have your browser set to “remember me” or your apps set to automatically log you in. That way if anyone else uses your computer or gets a hold of your mobile device, they can’t access that information.

While we can’t control everything about us that is online, we can be proactive about what information we post online about ourselves and what information we give out.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

5 Ways to Ensure Online Privacy for Kids

Congress and the Federal Trade Commission (FTC) have taken special steps to ensure that children under 13 years of age don’t share their personal information on the Internet without the express approval of their parents. Congress passed the Children’s Online Privacy Protection Act (COPPA) in 1998 and the FTC wrote a rule implementing the law. The FTC currently is conducting a review of what changes, if any, should be made to COPPA to reflect the changes that may have been brought about from technology, such as the rapid adoption of mobile devices.

Parents who lack experience with the Internet, computers, or mobile devices must learn the basics before they can adequately monitor their children’s habits. A parent’s discomfort or unfamiliarity with technology is no excuse to let a child run wild on the Internet. In fact, in McAfee’s study, “The Digital Divide: How the Online Behavior of Teens is Getting Past Parents” showed that an alarming 70% of teens have hidden online behavior from their parents.

As with any task, one should start with the fundamentals. Spend as much time as possible with kids in their online world. Learn about the people with whom they interact, the places they visit, and the information they encounter. Be prepared to respond appropriately, regardless of what sort of content they find. Remember, this is family time.

Here’s some tips to help you protect your kids:

Narrow down devices: In the past, many of us set up our family computer in a high-traffic area, like the family room, but this becomes less feasible as more children have their own laptops and mobile phones. I recommend limiting time online and also limiting the number of devices your child has.

Teach then appropriate online behavior: Kids will be kids, but that doesn’t mean it’s okay to say cruel things, send racy pictures, make rude requests, or suggest illegal behavior, just because they are online. If it isn’t okay in the physical world, it isn’t okay on the Internet. Also discuss with your kids what is and is not okay with regards to the kinds of websites they may visit and what type of content is ok to share or not share. They should also be taught to not open attachments or click on links from people they don’t know.

Use parental controls: Consider investing in software with parental controls, which limit the sites your kids can access, times they are allowed online and the amount of time they spend online each day.

Discuss stranger danger: Just like in the real-world, kids should be taught to never meet someone they know only online in person and that they should not chat or friend people they do not know.

The Internet is forever: You and your kids need to understand that once things are posted online, they could live on forever. You no longer have control over that photo or video and it could come back to haunt them. They should follow the rule of thumb that they should not post or share anything they would not share with everyone.

The key to good online parenting lies in the basics of good offline parenting. Talking to your kids about the “rules of the road” for the Internet is just as important as talking to them to about things like looking both ways before they cross the street.

Robert Siciliano is an Online Security Evangelist to McAfee(Disclosures)

Your Rights To Online Privacy

“Americans have always cherished our privacy. From the birth of our republic, we assured ourselves protection against unlawful intrusion into our homes and our personal papers. At the same time, we set up a postal system to enable citizens all over the new nation to engage in commerce and political discourse. Soon after, Congress made it a crime to invade the privacy of the mails. And later we extended privacy protections to new modes of communications such as the telephone, the computer, and eventually email.” The Whitehouse.

Corporations, without any FTC or privacy advocate oversight, would pretty much invade your online privacy.  Most major websites now install cookies on your computer, which, over time, help develop a profile that serves as your digital fingerprint. This is why, after searching for a specific product, you may notice advertisements for that particular product or brand appearing on various other websites. This is generally harmless.

A cookie is a small piece of text or code that is stored on your computer in order to track data. Cookies contain bits of information such as user preferences, shopping cart contents and sometimes user names and passwords. Cookies allow your web browser to communicate with a website. Cookies are not the same as spyware or viruses, although they are related. Many anti-spyware products will detect cookies from certain sites, but while cookies have the potential to be malicious, most are not.

With privacy watchdogs addressing this kind of advertising as a major concern, and the Obama administration now stepping in, we will surely see the implementation of some standards in this kind of marketing practice over the next few years.

The New York Times reports “The Obama administration and the nation’s chief privacy regulator pressed Congress to enact online privacy legislation, saying new laws would level the playing field between companies that already had privacy policies and those that lacked them, and thus escape regulatory oversight.”

The White House has put forward what it calls a Privacy Bill of Rights to provide basic online protection guarantees. Read up, and recognize you have rights.

The Obama Administration’s framework consists of four key elements: A Consumer Privacy Bill of Rights, a multi-stakeholder process to specify how the principles in the Consumer Privacy Bill of Rights apply in particular business contexts, effective enforcement, and a commitment to increase interoperability with the privacy frameworks of the US’s international partners.

Robert Siciliano, personal security expert contributor to Just Ask GemaltoDisclosures