|
Eyes Peeled for
Data Security & Privacy Foolery
|
April is an apropos month to be on the lookout for "fools" coming for your personal data, money, biometrics and other items of value.
To help, we're providing a mix of physical and digital data security and privacy news, as well as a few practical tips for staying safe. We've designed the content below to be helpful for both personal and business use.
We have also added more mentions of news items this month. We had several readers (Thank you Sue, Pax and Ivan!) write to say they like links out to data security and privacy to news. Do you agree? Please let us know.
Use (and share!) the information below to keep those attempting to take advantage of lingering 2020 chaos at bay.
|
|
|
|
April Tips of the Month
- Data Security & Privacy Beacons
- Privacy & Security Tips: How to spot a two-way mirror and backup Outlook
- Privacy & Security News: Ransomware, Surveillance, Vulnerable Software & More
- Where to Find The Privacy Professor
|
|
Data Security & Privacy Beacons*
People and places making a difference
|
|
The University of Michigan’s MORPHEUS technology emerged unscathed from the university's bug bounty effort. DARPA pitted 500+ hackers against this computer chip, and t he chip won. Congratulations to all of the engineers and developers who obviously prioritized data security in the design and development of MORPHEUS.
If it works, Rita Personal Data is a great idea. We’ve not actually tested the service, but certainly love what it stands for. Inspired by GDPR, the service promises to find all of a user's data online then enable users to restrict which companies have access. It's difficult to believe a single entity would be able to find every piece of data on an individual, not to mention compel other organizations to pay you for using that data. But the concept is intriguing. Have any of you tried this?
Nicole Nguyen's WSJ article, The Best Password Managers and Security Tips: How to Solve Your Login Problems, stands to help a lot of people. As Rebecca has shared in the past, however, locally stored password managers (those on your own storage drive, not in a cloud) are the most secure option.
The U.S. Federal Trade Commission (FTC) has once again earned a privacy beacon, this time for providing free weekly credit reports during COVID-19. The agency has extended the service through April 2022. Take advantage of this! As the FTC reported, “If you’re feeling anxious about your financial health during these uncertain times, you’re not alone. That’s why the three national credit reporting agencies, which last year gave people weekly access to monitor their credit report for free, are extending that benefit until April 20, 2022.”
California officials created the California Privacy Protection Agency Board, a first of its kind privacy board in the U.S. Thank you to each of the appointees for serving in this important and historic capacity:
- Jennifer M. Urban, Chair
- John Christopher Thompson
- Angela Sierra
- Lydia de la Torre
- Vinhcent Le
*Privacy Beacons do not necessarily indicate an organization or person is addressing every privacy protection perfectly. It simply highlights a noteworthy example of privacy-aware practices.
|
|
Privacy & Security Tips
How to spot a two-way mirror and backup Outlook
|
|
For Your Physical Privacy and Security...
There's an apparent uptick in reported incidents of hidden two-way mirrors in public bathrooms, dressing rooms, fitness gyms, restaurants and nightclubs... even other people's homes. Here are just two recent incidents...
Sadly, Rebecca has personal experience with this, having discovered such a mirror early in her career at a Las Vegas hotel off of the strip. She was in town to attend an IT audit conference when she found the analog surveillance "device." And, she's not the only one. A Privacy Professor Consultancy client recently shared their story of finding a similar mirror in vacation home rental and thought it could be a good tip to share here in the Monthly Tips.
Here are a few privacy tips to check for the presence of two-way mirrors.
-
Shine a cell phone flashlight at the mirror. If you can see the light pass through from the mirror side, it is hollow behind.
-
Place a pencil or finger tip up to the mirror. There should be a visible gap between the object and the reflected image. If not, you may be looking at a two-way mirror.
-
Knock on the mirror. A standard mirror should not echo.
-
Check for bubbles. A mirror film is often used to disguise a see-through situation.
It's important to keep in mind these tips are far from exhaustive, and new technology will one day (if it's not already) enabling the development of two-way mirrors capable of passing these simple tests. Use caution whenever you are in front of a mirror you don't own.
For your Digital Privacy and Security...
Outlook users, take note! Have you backed up your emails lately?
Our business just performed an Outlook back up this past weekend, creating copies of all messages on an external drive dedicated to email. We then deleted all emails older than two years from the Outlook inbox, freeing up A LOT of space.
Besides being a good data hygiene practice (See more about data hygiene in Rebecca’s article referenced later), it also helps your Outlook run much faster with a smaller .pst file (which houses all your emails).
Microsoft has created a set of instructions for making a backup to a local hard drive. Check it out and let us know if you find the process easy to follow.
|
|
Privacy & Security News
Ransomware, surveillance, software vulnerabilities and more
|
|
Ransomware News
This company was hit by ransomware. Here's what they did next, and why they didn't pay up "When it hit, we ran to our server room and data center and started pulling plugs out." How one company was hit by ransomware, but refused to pay up.
Surveillance News
Below are three different views of the same problem: Cameras, sold by startup Verkada, have the capacity for facial recognition, attracting the attention (and the bad deeds) of hackers. The company has reported an attack.
-
Security startup Verkada hack exposes 150,000 security cameras in Tesla factories, jails, and more. Hackers gained access to over 150,000 of the company’s cameras, including those in Tesla factories and warehouses, Cloudflare offices, Equinox gyms, hospitals, jails, schools, police stations and Verkada’s own offices.
How Many Times are Americans on Camera Every Week? Research found the average American is filmed by security cameras more than 230 times a week, a number that has increased rapidly over the last decade and will continue to do so in the near future.
Tracking the Vaccinated by Name, Race Challenges Privacy Laws. First of all, we strongly support getting vaccinations! So, please do not interpret this as being against fighting the COVID-19 pandemic to make the public safer. However, even with the best programs used to improve and protect the public, privacy issues must be taken into account. A shout-out to Maria for pointing out this article.
News of Software Vulnerabilities
Another Google Chrome 0-Day Bug Found Actively Exploited In-the-Wild. According to IBM, the vulnerability is rated 8.8 out of 10 on the CVSS scale, and could allow a remote attacker to execute arbitrary code on the target system. "By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system," the report stated.
Breaches
Voting and Elections Security
Deepfakes
Woman allegedly made deepfakes to kick rivals off daughter's cheerleading squad. According to law enforcement, a cheerleader's mother sent coaches AI-altered photos and videos of rivals on her daughter's cheerleading squad to portray them drinking, smoking or naked. Lesson: Think twice before believing photos and videos you see online. Deepfakes are becoming easier to make, and the consequences of people believe them could be life-changing to those involved.
Scams
|
|
Where to Find the Privacy Professor
|
|
Here are just a few of the podcasts, webinars Rebecca has done and news articles she's written or been quoted within.
|
|
In this webinar event, Rebecca will discuss for 20 minutes, current and emerging threats that exist in today’s sophisticated cyber environment, and the technological advancements being made to countermeasure and manage these risks. The discussion will be followed by 10 minutes of open Q&A.
|
|
Rebecca spoke recently with Corey Munson, VP of PC Matic, on his podcast about work from home security and privacy risks, and some specific risks that IoT devices within home work environments bring to businesses.
|
|
Head’s Up! Rebecca will be speaking at the NIST Workshop Addressing Public Comment on NIST Cybersecurity for IoT Guidance on April 22 from 10:00am – 4:00pm EDT. Registration is free! See more here.
|
|
PRO TIP: Use the translate option in your browser to convert to another language if you do not know Thai.
|
|
A couple recent industry articles to which I've contributed thoughts...
|
|
|
Latest Episode
Next Episode
Airing first on April 3, 2021.
|
|
|
|
Privacy & Security Brainiacs| Website
|
|
|
Permission to Share
If you would like to share, please forward the Tips message in its entirety. You can share excerpts, as well, with the following attribution:
NOTE: Permission for excerpts does not extend to images.
|
|
|
|
|
|
|