Now that Data Privacy Day is past, will privacy go by, unnoticed and unconsidered, for another long year? I hope not!

Each person is a privacy officer and cybersecurity VP…for each of their own lives. Every person needs to take responsibility for asking vendors hard questions about how their personal data is secured, with whom it is shared and how individuals can obtain copies of the personal data each organization possesses about them.

The more you realize the importance of privacy and cybersecurity to your life, and the lives of your family and friends, the more you will realize how important it is to be proactive about privacy.

It is time to fall in love with privacy and cybersecurity! And in this month of Valentines and hearts, it is a great time to start.

Have you found a way to meet the privacy and cybersecurity challenges of work-from-home situations? I am in the final few weeks of finishing my 20^th published book (from CRC Press), “Security & Privacy When Working from Home and Travelling.” I’m including tips based upon real-life situations and events (all names and other identifying info can be removed) from pros who have met one or more challenges with these situations.

Send me your advice or tip related to improving the security and privacy of work-from-home situations, and I may include it in my book (and provide you with a copy!l). Get it to me soon, though, I will be submitting my manuscript for my book by the beginning of March.

The goal is to shorten each month’s issue and to point to more free resources that my team at Privacy & Security Brainiacs made available in the past month. I know many of you share my Tips with your family, friends and co-workers. And, many of you have asked for other types of awareness media, such as more pointers for my podcasts and audio clips, e-books, infographics and videos.

So, even though my Tips are shorter now, you will be getting a wider variety of multi-media items to read, listen to, watch and use for your own awareness-raising initiatives.

I welcome your feedback about these changes!

Read on to learn more about the ways in which we are all being watched and otherwise surveilled, as well as what we can do to reduce the everyday intrusions into our private and professional lives.

Marie Claire published a privacy-focused edition in October 2020! In addition to the feature article, Invasion of Privacy, the editorial also pointed to nine other articles about specific privacy topics. They included discussion of a range of apps, including fertility, dating and contact-tracing, as well as issues such as employee monitoring. Also included was a quiz for readers to measure how well their personal data is protected online. It is great to see a mainstream magazine, focusing on women’s issues throughout the globe, dedicate a large portion of the monthly magazine to privacy.

The FCC has a history of publishing warnings to the public about scams. They had a couple of great publications in the past month warning consumers about a wide range of scams and how to avoid them. These would be useful for organizations and their employees to know. as well. One covered warnings for a long list of COVID-19 scams. Another provided warnings and tips for online shopping scams, for which consumers are particularly vulnerable during the pandemic and with online shopping activities at an all-time high.

The Verge is a beacon this month for providing easy-to-follow instructions for how to make a copy of, and then remove, all information from Facebook. I also like how they included the following warning: “Beware: once you delete your account, it cannot be recovered.”

If you haven’t heard about the SolarWinds hack in December 2020, you've missed news of a very significant hack. Everyone needs to be aware when things like this happen.

If you are a business leader or person who does business online; if you're a person who uses a computing device (including that phone in your hand); if you are ever online; if you use any one of the hundreds of social media sites, this news impacts you directly!

Here’s a quick overview of the SolarWinds hack:

SolarWinds, a US-based cybersecurity software business with about 300,000 customers, including Fortune 500 companies and government agencies, hired FireEye to perform a breach investigation in December 2020.

FireEye discovered that SolarWinds Orion updates had been corrupted and weaponized by hackers. This breach event is often referenced as SUNBURST. (Other variants include SUPERNOVA, Teardrop and Raindrop.) As it turns out, there were many vulnerabilities within the practices and technologies used by SolarWinds.

The result of the SUNBURST breach was that a large number of SolarWinds' clients, including U.S. government agencies, business customers and consulting firms, were hacked, as well. Notably, at least four of those clients were security companies, a fact we only just learned on January 20, 2021. 

Hacks like this underscore the need for strong security controls to be built into EVERY application, server and system. They also demonstrate the surreptitious, insidious, and harmful ways in which supply-chain attacks often occur, doing significant and often unrepairable damage for a long period of time before they are even noticed. This makes repair extremely challenging, and for some of the damage. 

In February, Privacy & Security Brainiacs will offer high-level overviews of the SolarWinds attack in both an eBook and a short video.

In the meantime, you can learn more within the following:

The SolarWinds Hack: How Companies Should Assess the Damage. (Good for the general public)

The SolarWinds Hackers Used Tactics Other Groups Will Copy. (Good for those with technical knowledge)

Everything we know about the SolarWinds Orion app vulnerability. (An even deeper technical dive)

In related news, we may soon see more attention being paid to cybersecurity and privacy if this funding bill is passed: Biden-Harris Admin Proposes $10B in New IT and Cyber Funding for Federal Agencies.

Stories you may have missed, but should know about. Don’t let these happen to you...

Be aware of swatters! Swatters hijack smart home devices to watch emergency responders.

EXTRA! Hear more about swatting in my VoiceAmerica show episode, Swatting Dangers and Defenses with Tom Conley, President & CEO of The Conley Group.

Everyone needs to be on the lookout for ransomware. 2020 was a great year for ransomware gangs. For hospitals, schools, municipal governments and everyone else, it’s going to get worse before it gets better.

Time to request your personal data to be deleted? Google announced on January 14, 2021, it had completed the purchase of Fitbit. From a privacy viewpoint, it's concerning that all the fitness, health and personal data owned by Fitbit may now be combined with all the other personal data Google possesses about virtually everyone on the planet. This creates the potential to gain much deeper insights into everyone’s lives, especially when fed into artificial intelligence (AI) technology. Now would be a good time to limit the amount of data Google has about you (and your family and friends) by requesting Fitbit delete all the data it has about you that you no longer need. You can remove data you don’t want to be retained by following these instructions. You also have the option to completely remove your Fitbit account. This is a short, nice video on how to do so.

Unemployment Fraud in the Criminal Underground. This report reviews the current threat landscape of unemployment fraud in the United States within closed sources and underground reporting. It will be of interest to organizations seeking to better understand unemployment fraud within the criminal underground, as well as investigators of threat actors performing such attacks.

Windows 10 Serious Flaw Could Corrupt Hard Drive If You Open A Folder. Microsoft has said it will fix a Windows 10 bug that can corrupt a hard drive just by opening a folder or just by looking at an icon.

Online scammers are getting rich; millionaires! A newly uncovered Russian-based cybercrime operation helped classified-ads scammers steal more than $6.5 million in 2020 from buyers across the US, Europe and former Soviet states. Here’s a long (but not even all!) list of current scams to be on the lookout for!

Delivery message scams find a legal loophole that can cost you a lot of money. Delivery scams are now topping the list of the most reported fraud because more people are buying and shipping packages during the pandemic. If you receive a confirmation email from United Parcel Service (UPS), watch out. It could be a trick. Scammers are posing as the UPS and shooting out fraudulent emails to trick you into clicking malicious links. Similar traps are being set in Ireland, as Gardaí issued a warning to online shoppers over courier payment scams in the country.

WhatsApp scam tries to steal your account: how to avoid it. WhatsApp is a hunting ground for crooks looking to swindle your PIN.

Looking for inauguration gear? Watch out for fakes, scams.

Investment scammers prey on dating app users. Interpol has issued a warning about the emerging threat.

No such thing as a free lunch, or free Netflix. If you get a text message for a free year of Netflix, you’re being scammed.

Identity Theft Scam Hits Elk Grove Village, IL, Hard. Cases in this corner of the world rose from 40 In 2019 To 315 in 2020. What's more, there were already 58 cases in the first 13 days of 2021. The former police chief was among those targeted.

Recently, I was motivated to post to Twitter about the entities that must comply with the US Health Insurance Portability and Accountability Act (HIPAA). The post was inspired by months of social media posts from a wide variety of folks (politicians, business leaders and the general public) threatening to sue various organizations "...for violating HIPAA!”

I’m greatly honored to be a member of CompTIA’s new Cybersecurity Advisory Council! CompTIA Introduces New Cybersecurity Advisory Council. Top security executives will offer advice and guidance on staying ahead of cyber threats.

I was also honored to be named a top "100 Most Influential People in Cyber Security" by Cyber Security Newsletter.

Security Threats Soar From Nation-State Bad Actors as the New Year Gets Underway. Published in the Health Care Compliance Association journal.

GDPR regulators are sinking their teeth into violators. 2020's fines are proof. Cybersecurity Dive

2020 Was a Privacy Wake-up Call: Don't Go Back to Sleep in 2021! SecureWorld

Customer Data Privacy 2021: It's No Longer Just Business, It's Personal Panel discussion held Thursday, January 28, 2021.

NIST Cybersecurity for IoT Draft Guidance: Rounding Up the Requirements Fellow NIST authors and I presented key ideas on January 26, 2021.

“Everything you Need to Know About the Internet of Things” 

9 Lessons We Learned from Cybersecurity Experts in 2020

12 Tech Resources for the COVID-19 Crisis

IANS Security, Privacy and Compliance Law Update: Q4 2020

Blog: 2020 Was a Wakeup Call: Don’t Shut the Curtain and Go Back to Sleep in 2021! An expanded version of my SecureWord blog.

eBook: HIPAA Enforcement Summary Q3 2020

eBook: HIPAA Enforcement Summary Q4 2020

eBook: Data Privacy Day 2021: Personal Data Privacy