Posts

Keeping Your Zoom Event Secure and Private

There are many public forums out there, and wherever you are or whatever you are using, anyone with some smarts can disrupt an event that is meant for bringing people together. Here are some tips on keeping your next Zoom meeting secure and private:

You definitely don’t want anyone taking control of your screen or sharing information with the group. Thankfully, you can restrict this by controlling screen sharing. Preventing participants in your meeting from sharing is done by using the host controls before starting the meeting.

You also might want to familiarize yourself with the features and settings available from Zoom. The Waiting Room, for instance, has a number of controls available, and is a setting you should always be using. It essentially allows you to control who comes in. As a host, you can customize all of these settings, and even create a message for people waiting for the meeting to start, such as meeting rules.

You shouldn’t use your PMI, or Personal Meeting ID for hosting public events. You also only want to allow users who are signed in to join your meeting. You can also lock the Zoom meeting. This means that no new participants can join, even if they have the meeting ID and the password.

Another thing you can do is set up your own version of two-factor authentication. With this, you can generate a random Meeting ID, and then share that with participants, but then only send the password via a direct message.

If there are disruptive or unwanted participants in your meeting, you can also remove them via the Participants menu. Is a removed participant wants to rejoin, you can also do that by toggling the settings that you did in the first place. This is helpful if you remove the wrong person.

You can also put anyone in the Zoom meeting on hold. This means that the video and audio connections of the attendees are disables. To do this, you can click on a video thumbnail and select “Start Attendee On Hold.” Totally disabling the video is also possible. This will allow you, as the host, to turn off someone’s video. You can also block things like inappropriate gestures or distracting behavior.

Muting participants is also a possibility during a Zoom meeting. This allows you to stop the sounds of barking dogs and crying kids during these meetings. If you have a large meeting, you can also choose to mute everyone by choosing Mute Upon Entry.

File transfers are a possibility during Zoom meetings, but you might not want to allow this. In this case, you can turn off the file transfer capabilities before starting the meeting. Additionally, you can turn off annotation, which allows people to markup shared documents or doodle. Finally, you can also disable private chat. This will stop people in the meeting form talking to each other, which helps to cut back on any distractions that they might have during the course of the meeting.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity and Personal Protection security awareness training program.

Half of American Adults on FBIs Biometric Database

Here’s a bit of a shock for you: about half of all adult Americans have a photograph stored in the FBI facial recognition database. What’s even more shocking, it is that these photos are being stored without the consent of the individuals. Approximately 80 percent of the photos the FBI has are of non-criminals, and might take the form of passport or driver’s license photos. Furthermore, there is a 15 percent rate of inaccuracy when matching photos to individuals, and black people are more likely to be misidentified than white people.

You can’t deny that this technology is very powerful for law enforcement, but it can also be used for things like stalking or harassment. There is also the fact that this technology allows almost anyone to scan anyone else. There are no laws controlling it, either.

If you think that’s scary, consider this: The technology to do this has been used since around 2010, and the FBI never informed the public, nor did they file a privacy impact assessment, which is required, for five years. Where is the FBI getting this information? From the states.

Basically, the FBI made arrangements with 18 different states, which gives them access to driver’s license photos. People are not made aware that the FBI has this access, nor are they informed that law enforcement from across the country can access this information.

Just last year, the GAO, which is the US government accountability office, took a look how the FBI is using facial recognition and found that it was lacking accuracy, accountability, and oversight. They also found that there was no test for a false positive nor racial bias.

What’s even more interesting is that several companies that develop this technology admit that it should be more tightly controlled and regulated. For instance, one such company, and the CEO, has said that he is “not comfortable” with this lack of regulation, and that the algorithms that are used commercially are much more accurate than what the FBI has. But, many of these companies are not willing to work with the government. Why? Because they have concerns about using it for biometric surveillance.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Protect your Privacy on your iPhone

If you have an iOS device, you may be leaking personal information about yourself—without even knowing it—because you’re not familiar with the privacy settings.

1PApps have “permissions,” meaning, they can access private information such as your social calendar stored on the phone, appointments, anything. Go to the privacy menu under “settings” to learn which apps can gain this access and deactivate it. And there’s so much more to know…

Ads

  • The Limited Ad Tracking option controls how targeted the ads are to your habits, not the amount of ads you see.
  • This feature does not apply to ads across the Internet; only the iAds that are built into apps.

Location

  • At the screen top is a Location Services entry.
  • Explore the options.
  • Shut down everything not needed beyond maps or “Find My iPhone”

Safari, Privacy

  • Check out the Allow from Current Website Only option; it will prevent outside entities from watching your online habits.
  • You can limit how much Safari tracks your habits (by activating Do Not Track requests).
  • You can also disable cookies, but you won’t prevent 100 percent of the data collection on you.
  • Want all cookies and browsing history deleted? Choose the Clear History and Website Data option.
  • In the Settings app, go to Safari, then Search Engine to change the default search engine if you feel the current one is collecting too much data on you.

Miscellaneous

  • Every app has its own privacy settings. For every app on your device, you should explore the options in every privacy menu.
  • Set up a time-based auto-lock so that your phone automatically shuts off after a given time if you’re not using it.
  • The fewer apps you have, the less overwhelmed you’ll be about setting your privacy settings. Why not go through every app to see if you really need it, and if not, get rid of it?

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Ins and Outs of Call Center Security

Companies that want to employ at-home workers for their call centers to save money and reduce the hassles of office space have to look at security considerations. In addition to thorough vetting of the agents and their equipment, organizations also need to ensure that the security is top-notch. A cloud-based contact center combats these issues. 3DHere are some considerations:

  • Will it anger customers to have an agent who can’t speak clear English? Not only does poor speech of the employee drive some customers away, it also concerns customers who are accessing their data over seas.

When choosing an outsourcer, organizations look for important factors including: (1) agent language capabilities, (2) security capabilities, and (3) financial stability of the outsourcer. – Study conducted by Ovum

  • There comes a point where businesses need to put customer comfort first, especially when it comes to security, such as in the case of healthcare and financial concerns—more complex issues. “Homeshoring” eliminates the awkwardness that sometimes arises when someone is trying to bushwhack through the broken English of the customer support. Though homeshoring will cost companies more, this will be offset by lower turnover rates, small learning curve and a higher rate of first-call resolution.
  • Telecommuters (agents) should be screened vigorously, including (as a minimum) a background check for Social Security Number, criminal history and citizenship.
  • Then, a contract should be drawn up that should include an agreement to customer confidentiality as well as learning specifications.
  • A system should allow the customer to enter, via phone keypad, sensitive information such as credit card number—but without the agent seeing this entry.
  • Sessions between agents and customers can be infringed upon by hackers who want to gain access or snoop, creating a need for an end-to-end security system.
  • Zero-day attacks, which give hackers access, are a big threat. To prevent this, companies must have regularly updated and patched-up systems.
  • A firewall is a must, for server protection and back-end systems.
  • Also a must is two-factor authentication. This superb verification method includes the factor of device location and other identifiers. An agent must have a way of receiving a one-time code sent by the company to gain access to a critical system. A hacker, for instance, won’t be in possession of an agents cell phone to receive the texted code.
  • In tandem with two-factor authentication, the cloud service should require a very uncrackable password so that only at-home agents can gain access. A strong password is at least eight characters (preferably 12) and contains caps and lower case letters, plus numbers and other characters like #, $ and @.
  • Cloud services should be 100 percent PCI Level 1 compliant. To enhance security, have a minimum of two PCI-compliant data centers.

Offshoring and outsourcing for call center agents places an even higher demand for security—which is already greatly needed by virtue of the at-home, virtual workplace. When choosing an outsourcing solution consider all of the above. Ask lots of questions and get quality references.

Robert Siciliano is a Personal privacy, security  and identity theft expert to Arise discussing identity theft prevention. Disclosures.

10 Ways our Privacy is invaded

2POnce you become active online…and especially once you become “connected” with a smartphone…your privacy will be in sizzling hot demand—and in fact, you can bet that as you read this, it is already being invaded in ways that you couldn’t possibly imagine. Here are some of those ways, provided by wired.com:

  1. Someone could be collecting information on you via a keylogger: It’s a little tool that records your keystrokes, that someone secretly inserts into your computer. A keylogger, however, can also be deposited by malware that you unknowingly downloaded.
  2. Tracking technology that retailers use. You are in a large department store and must pass through several departments to get to the one you want. Your smartphone is connected during this time. The tracking technology scans your face (or maybe it doesn’t) and connects with your phone, identifying you as a potential customer for the goods that are in the departments you are passing through or near to. Next thing you know, you are getting hit with ads or e-mails for products that you have no interest in.
  3. Video surveillance. This is old as far as the technology timeline, but it is still a favorite among all sorts of people including those with twisted minds. Video cameras can even be hidden in your front lawn. They can also be found at ATMs, placed there by thieves, to record users’ PINs as they punch them in.
  4. E-mail monitoring. Your e-mails could be being monitored by a hacker who has remote viewing capabilities of your computer (because you unknowingly let in a virus).
  5. Personal drones—those small-enough-to-by-held-by-a-child aircraft that are remote controlled; they can be equipped with cameras to take pictures of you, and they can even follow you around.
  6. Public WiFi. Snoops and hackers can eavesdrop on your unsecured WiFi internet with the right hardware and software. Use Hotspot Shield to encrypt your data.
  7. And in addition to these ways your privacy could be invaded, a hacker could be spying on you through the little Webcam “hole” above your computer screen (a piece of masking tape over it will solve that problem).
  8. Peeping Tom. And of course, there is the old fashioned way of intruding upon someone’s privacy: stalking them (on foot or via car), or peering into their house’s windows.
  9. Reverse peephole. A person could tamper with a peephole on a house’s front door, apartment door or a hotel door, then be able to see what’s going on inside.
  10. Remote access technology can be malware installed on your device designed to extract all your sensitive data. Make sure to keep your devices security software updated.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Things to tell your Kids about Privacy Online

Those were the days when all parents had to worry about was the creepy guy lurking near the playground. Now parents have to worry about creeps all over the world reaching their kids via computer. And there’s more to worry about. Here’s what to teach your kids: 2P

  • Screen names should not be revealing about location, age or even gender. Never use the full name. Choose a name that would never outright point to the user, such as “Chris J,” when everyone knows the user as Tina Jones. “Chris” can make Tina (Christina) still feel connected to the screen name. And “sweetcheeks” isn’t a good screen name for anyone, especially a kid.
  • Before posting anything, make sure the answer would be “yes” if asked if your grandmother would approve.
  • Deleting an image or comment doesn’t mean it’s removed from cyberspace. While it was up, it could have been shared and recirculated. The No. 1 rule is: Once it’s online, it’s permanently there, no matter what you do with it afterwards.
  • Don’t assume that just because the privacy settings are high, that only a very limited audience will view the posting. Somehow, some way, there’s always a way for something to “get out.” An example would be an authorized viewer sharing the image or posting.
  • Racy images and offensive posts may seem harmless now, but down the road can return to haunt the user when they apply for college, a job or are in a lawsuit.
  • Never impersonate anyone.
  • Discourage sharing personal things online; it’s better to just yak about it in person or over the phone. As for things like address and Social Security number, this information should never be given out unless for a job or school application.
  • Be polite online. “Speak” coherently, use punctuation, don’t ramble, don’t swear and don’t use all caps. Use spell check when possible.
  • Avoid sex talk online at all costs. A predator can pose as anyone and win the trust of kids.

Parents should learn about how privacy settings work so that their kids aren’t left to figure it out themselves. Otherwise, uninformed kids might just let it go and not bother. This approach will let the whole world see what they’re posting. Privacy settings for all accounts should be high, including chat and e-mail accounts.

  • Keep the lines of communication open with your kids.
  • Peruse the social networking sites your kids use to see if they’re posting anything risky or inappropriate, such as announcing vacation plans (something that burglars search for).
  • Tell your kids to report anything suspicious online, just as they’d report to you if someone was hiding in the bushes outside your house.
  • Review the friends list of your kids.
  • Install Hotspot Shield VPN. This is security software which, in addition to antivirus/phishing software and a firewall, will help prevent hacking.
  • Make the non-negotiable rule that you can check your kids’ devices at will, and that any online “friend” your child wishes to meet must meet you first.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

The White Hat Hacker

These days, it is hard to pick up a newspaper or go online and not see a story about a recent data breach. No other example highlights the severity of these types of hacks than the Sony breach late last year.

11DWhile a lot of information, including creative materials, financials and even full feature-length movies were released – some of the most hurtful pieces of information were the personal emails of Sony executives. This information was truly personal.

You have a right to privacy, but it’s not going to happen in cyberspace. Want total privacy? Stay offline. Of course, that’s not realistic today. So the next recourse, then, is to be careful with your information and that includes everything from downloading free things and clicking “I agree” without reading what you’re approving, to being aware of whom else is viewing your information.

This takes me to the story of a white hat hacker—a good guy—who posed as a part-time or temporary employee for eight businesses in the U.S.. Note that the businesses were aware and approved this study. His experiment was to hack into sensitive data by blatantly snooping around computers and desks; grabbing piles of documents labeled confidential; and taking photos with his smartphone of sensitive information on computer screens.

The results were that “visual hacking” can occur in less than 15 minutes; it usually goes unnoticed; and if an employee does intervene, it’s not before the hacker has already obtained some information. The 3M Visual Hacking Experiment conducted by the Ponemon Institute shed light on the reality of visual hacking:

  • Visual hacking is real: In nearly nine out of ten attempts (88 percent), a white hat hacker was able to visually hack sensitive company information, such as employee access and login credentials, that could potentially put a company at risk for a much larger data breach. On average, five pieces of information were visually hacked per trial.
  • Devices are vulnerable: The majority (53%) of information was visually hacked directly off of computer screens
  • Visual hacking generally goes unnoticed: In 70 percent of incidences, employees did not stop the white hat hacker, even when a phone was being used to take a picture of data displayed on screen.

From login credentials to company directories to confidential financial figures – data that can be visually hacked is vast and what a hacker can do with that information is even more limitless.

One way to prevent people from handing over the proverbial “keys to the kingdom” through an unwanted visual hack is to get equipped with the right tools, including privacy filters. 3M offers its ePrivacy Filter software, which when paired up with the traditional 3M Privacy Filter, allows you to protect your visual privacy from nearly every angle.

Robert Siciliano is a Privacy Consultant to 3M discussing Identity Theft and Privacy on YouTube. Disclosures.

How the Internet of Things is further killing Privacy

Privacy used to mean changing clothes behind a partition. Nowadays, say “privacy” and people are likely to think in terms of cyberspace. Stay connected, and you risk losing your privacy.

2PEven if you’re not connected, don’t even own a computer or smartphone, information about you can still be out there on the Internet, such as a listing for your address and phone number or a way for someone to get it with a small fee if you live in owner-occupied property.

An article on wired.com points out that the Internet of Things (IoT) is a privacy killer. But it’s also more than that. The evolution of technology forces us to redefine how we perceive our lives, says the article. Even an invention as primitive as the steam engine caused a rethinking among people. But whereas the steam engine was a slap, the IoT is a sledgehammer.

And the Internet of Things is only just beginning. Wired.com notes that the combination of the World Wide Web, big data, social identity, the cloud and more are all poised to erupt into something huge, and it won’t give us time to prepare.

The IoT will infiltrate the tiniest and most remote pockets of the planet, inescapable, impacting all who have a pulse, literally. It’s not like the steam engine in which, soon after its invention, many people were afraid to ride the train because they believed that God did not intend for humans to travel so fast, and thus, these folks easily avoided boarding the train.

We won’t be able to avoid the IoT. It won’t be a station we walk up to and then decide we don’t want to get on. We will be, as wired.com says, living inside the Internet. We’re too addicted to technology not to. Kids can’t imagine living without their smartphones. When their grandparents were kids, the only thing they felt needy for was an umbrella on a rainy day. You don’t miss what you can’t conceive of.

With the IoT slowly dissolving us, like a snake swallowing a giant rat and slowly dissolving it (certainly you’ve seen those unsightly images—you know what I’m talking about), our privacy will be dissolved along with us.

Strangers already can figure out what things we like to shop for without ever communicating to us. Your health habits, eating habits, dating habits…all the data that makes you YOU is continuously being shagged by Big Data. “Privacy” may one day become one of those words, like “oil lamp,” that’s no longer in use because by then, it will be such a far-removed concept.

Imagine living in a house made entirely of see-through structures, so that no matter where you are in it, people on the outside can see what you’re doing. There’s no brick, no aluminum, drywall or wood—just all some transparent material. That’s the Internet of Things.

Ways to shield your privacy:

Use a browser that has an “incognito” mode or privacy plug-in.

Use a VPN to mask your IP address and encrypt your data. Knowledge of where you’ve visited can be used against you by insurance companies and lawyers, to say the least; you just never know what can happen when something out there knows your every online move.

Turn of GPS location for photos. iPhone and other devices saves the location where you took the shots, which is no secret once you post the photos on FB, Twitter, Instagram, etc. Shutting down location based apps will help here too.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

The Right to Privacy

The more technological advanced we become, the higher the degree the potential exists for an invasion of our privacy. Imagine how difficult it must have been for people’s personal information to get stolen—10,000 years ago.

2PWe now live in a world where someone half-way around it from you can nab your most personal information in seconds.

Our right to privacy is just as strong now as it ever was, despite the ease at which criminals and snoops can get your personal data.

Famed attorney and associate justice on the U.S. Supreme Court Louis Brandeis was a champion of a person’s right to privacy, and defined the right of a person “to be let alone” as “the most comprehensive of rights, and the right most valued by civilized men.”

To keep up with the increasing ease of stealing a person’s data, legal remedies and privacy enabling software have been developed.

The Internet is infested with spammers, scammers, and hackers. Do you know that these spammers and hackers can easily monitor your online activities and steal your personal data like credit card information and passwords?

Even your Internet Service Provider (ISP) spies on you! They monitor, track, and keep a record of all your web activities. The websites you visit, the software you download, your online purchases, and everything else are recorded and saved by your ISP.

If this bothers you, you now have options available to protect your privacy and identity. Just download and use Hotspot Shield software. It acts as an IP hider to mask or change your IP address and protect your privacy, while securing your Web browsing session at the same time.

“THE RIGHT TO PRIVACY,” by Samuel D. Warren and Louis D. Brandeis, appeared in the Harvard Law Review in December of 1890.

From that are derived six applicable limitations:

1. “The right to privacy does not prohibit any publication of matter which is of public or general interest.” Warren and Brandeis give elaboration on this exception to the right to privacy by stating:

In general, then, the matters of which the publication should be repressed may be described as those which concern the private life, habits, acts, and relations of an individual, and have no legitimate connection with his fitness for a public office which he seeks or for which he is suggested, . . . and have no legitimate relation to or bearing upon any act done by him in a public or quasi public capacity.

2. The right to privacy does not prohibit the communication of any matter, though in its nature private, when the publication is made under circumstances which would render it a privileged communication according to the law of slander and libel.

3. The law would probably not grant any redress for the invasion of privacy by oral publication in the absence of special damage.

4. The right to privacy ceases upon the publication of the facts by the individual, or with his consent.

5. The truth of the matter published does not afford a defense. Obviously this branch of the law should have no concern with the truth or falsehood or the matters published.

6. The absence of “malice” in the publisher does not afford a defense.

With regard to remedies, a plaintiff may institute an action for tort damages as compensation for injury or, alternatively, request an injunction.

A closing point to make is that Warren and Brandeis recommend that criminal penalties be imposed for violations of the right to privacy, but they decline to elaborate further on the matter, deferring rather to the authority of the legislature.

Source: http://faculty.uml.edu/sgallagher/Brandeisprivacy.htm

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

15 tips to Spring Clean Your Digital Security

As a security analyst for both off-line and online activity, which is personal protection and information security, I’m constantly analyzing my own security situation. This means paying attention to my surroundings, systems in place, the security of my hardware, software and data. One way to get a closer look at all of this and to get refocused, is to remove the clutter, upgrade technologies, and do a Spring Clean. I heavily recommend that you perform the following 15 tasks for tightening up your digital security affecting your overall security position.

7WClean up and secure your digital life:

1. Do away with useless files. Go through all folders, including the recycle bin, and discard files that you no longer use.

2. Organize media. Put music, photos, etc., in appropriately labeled folders. Maybe create a master folder for different kinds of related media.

3. Consolidate desktop icons. Perhaps you can put a few icons into another one if the topic is related: Put the “Muffin” and “Rover” files in one file labeled “Pets.” A desktop cluttered with icons will slow boot-up time. Consider “removing” an icon you hardly use; this won’t delete the program, but will get rid of the shortcut.

4. Uninstall programs you’ll never use. This will speed things up and reduce potential malware targeted software.

5. Review passwords. Update as necessary, making them unique, never the same, and use different characters upper/lower case and numbers. Install a “password manager”. Google it.

6. Make backups of important data on a flash drive or use online storage. Ideally, make a backup of your prized data that exists outside your house. I backup on 3 local drives and in the cloud in two places.

7. Consider reinstalling your operating system. This means gathering all your software and backing up all your data. Do a search on your devices OS and seek out “How to reinstall operating system Windows/Mac (your version)”

8. Mop up your system’s registry. This will clean out temporary files you do not need that have been picked up by your system over time. An accumulation of these files will slow your computer and make it prone to malware infections. CCleaner is a free tool that will do this job.

9. Update Internet security software. Use antivirus, antispyware, antiphishing and a firewall. Get a VPN for when using free wireless internet. Hotspot Shield is perfect. Google it.

10. Defragment your hard drive. For Windows 8 go to Files, then “defrag.” For older systems go to Program Files, Accessories, then System Tools. For the iOS, run its built-in Disk Utility app.

11. Install program updates. Updates include critical security parches: very important. For Windows go to Go to Start, Control Panel, All Programs and Windows Update. Click on “Check for updates” to see if you are up to date. For the iOS, go to the app store, then Updates.

12. Do not forget your mobile device. Update your smartphone, including weeding out unneeded apps. Update your mobile OS to the latest version. Several companies offer security apps that will scan a mobile’s apps. Some apps have features like a remote lock/locate/wipe that will prevent a thief from using your device should you lose it.

13. Social setting cleanup. Have you locked down how your private information on Facebook can be shared? If not, go to Privacy Settings, then Apps, then click “edit” which is next to “Apps others use.” Delete all your “friends” who really aren’t your friends.

14. Home security system. Upgrade this if it is old technology. New wireless home alarms connect to your network and include home automation features too. This includes surveillance cameras, motion detectors, glass break sensors and controlling lights and temperature. Opt for remote monitoring from any device using apps on mobiles and tablets.

15. Declutter your e-mail files. These can get very messy over time. First start with your in-box. What’s been sitting there for ages that you’ll never open? Delete it. Next go to the sent/trash folders and weed out no-longer-needed emails. Also scour through any other e-mail folders. Delete folders you no longer need, and/or trim down ones you still use but contain messages that are now meaningless.

Follow these 15 tips to spring clean your digital security. A freshly cleaned-out digital life will give you peace of mind and enhance your personal security. Taking the time to clean up your digital life will be well-worth it, so do not put it off any longer!

Robert Siciliano is a personal security expert to SecurityOptions.com discussing home security and identity theft on TBS Movie and a Makeover. Disclosures.