Hunkering Down Takes Many Forms
The fallout from disasters, both natural and man-made, seems to be all around us these days. Time and again, however, we see the benefits of planning ahead.
Thinking through how you and your family, your business, your home will weather the storm can make all the difference to a speedy recovery.
Read on to learn some of the information security and privacy threats that may be ahead, as well as some practical tips for how to prepare.
|
|
October is Cybersecurity Awareness Month
|
You can participate with these easy, weekly tasks
A lot of people ask me what they can do to mark October's Cybersecurity Awareness Month. I typically encourage them to block off just a small amount of time each week throughout the month to do something simple, yet meaningful, to improve their personal data hygiene.
Here are some ideas.
Back up your computer:
If you use a cloud service, double up and use a physical device, too. Make sure that device is not attached to your computer (except when actually backing up, of course).
Buy a cross-cut shredder and establish a routine: Invest in a good piece of equipment so you don't get frustrated having to stop and clear rogue papers or staples every five minutes. (They have dropped a lot in price in recent years.) Once you have your shredder in place and plugged in, commit to a time each day, week or month (depending on how much paperwork goes through your life) that you will use it.
Plan your social after life: It's difficult enough to get people to plan for end-of-life by obtaining insurance, planning funerals and drafting wills. It's even more challenging to get them thinking about what will happen with their Twitter, Pinterest, Gmail, Facebook and other online and social accounts after they've passed. Many of these tools have settings and services designed to help with this. Choose one online or social site each week to contact and configure for the inevitable.
Smartly and safely dispose of old electronics: Research the local providers in your area that can properly dispose of your old phones, tablets, smart watches, smart picture frames, computers, printers, etc. Remember, anything that has the ability to house data should be wiped clean before disposing; sometimes this can be done by resetting the device to the manufacturer default. But make sure you have done your homework to understand if that truly wipes the device clean.
(See below for more info on device disposal.)
|
|
Privacy Hero: Daniel J. Solove
|
|
Internationally known expert in privacy law devotes career to raising awareness
Daniel Solove is the John Marshall Harlan Research Professor of Law at the George Washington University Law School. He founded
TeachPrivacy, which provides privacy and data security training to businesses, schools, health care institutions and other organizations.
One of the world's leading experts in privacy law, Daniel is the author of 10 books and more than 50 articles. As a long-time expert in privacy law, he has contributed so much to the business community. I am the proud owner of several Daniel Solove books. And, I know many business leaders who also use his books as an important legal resource when they are confronting privacy issues.
Over the many years I've known Dan, I've always been impressed by his dedication to increasing awareness of privacy laws and related risks. He does so much to raise awareness of privacy issues through his many speeches, events and his own training business.
Please take the time to poke around
his website. It's full of great information and inspiring educational pointers and take-aways. The
Privacy+Security blog is especially rich with content.
We want to know: Who is your privacy hero?
Throughout 2018, we'll introduce an individual or team who has gone over and above to advance data security and/or privacy in their corner of the world. To nominate, simply
drop us a note and explain why we need to know your hero.
If you have someone in mind, don't wait; we only have two months and two privacy heroes left to name!
At the end of December, we will announce our Privacy Hero of 2018. The hero will receive a token of appreciation and commemoration of outstanding work.
|
|
Physical and digital insecurity causes concern
Intelligence agencies have confirmed suspicions that Russian hackers were behind 2016 cyber attacks on U.S. election and related servers.
Other digital attacks on voter registration servers have occurred in nearly every state (if not all states). In a few cases, hackers have even accessed voter records (fortunately no actual ballots, yet). Now, we have voting occurring in non-traditional channels, such as email, fax and even mobile apps.
These incidents have shown the entire U.S. voting infrastructure -- from polling places to records servers -- carry significant security vulnerabilities. This is mainly due to a wide diversity of systems and administration practices throughout the country, along with a growing number of risks from aging technology.
I recently discussed this issue with the president of Verified Voting, Marian Schneider, when she appeared as a guest on my radio show Data Security & Privacy with The Privacy Professor.
The episode is available for on-demand listening, so when you get a chance, tune in. We talk through the growing number of security risks in U.S. voting systems, software and technology and the benefits of risk-limiting audits. It's an important topic everyone should be aware of, particularly as we go into October's Cybersecurity Awareness Month.
What to know more about voting security?
Another great thing to do during Cybersecurity Awareness Month is check out this series of radio shows on voting security (I'm hoping to have another one for Oct. 23.).
|
|
'Bring Your Own Device' Threats Often Overlooked
|
Employees unwittingly expose companies to risks with personal gadgets
The average employee does not consider cybersecurity at work, unless they work in technology, security or privacy divisions, of course. The last thing many think through is that the personal smartphone, laptop, tablet or wearable they bring into the office could be opening a digital door to their employer's systems.
Here's a quick round-up of considerations relevant to the growing Bring Your Own Device (BYOD) threat.
- Any electronic device that can access or store personal data of EU citizens or those living in the EU is subject to GDPR restrictions. This includes employee-owned devices used for work-related tasks. How often do your employees check work emails from their personal smartphones? How many of those emails contain customer information?
- Gadgets that get power from a USB port (e.g., portable speakers, cup warmers, reading lights, desktop fans) are often low cost and produced overseas by no-name companies. Any one of them could be loaded with malicious software that infects your office the minute it's plugged into a networked computer.
- Employees are not the only ones to bring unsecured devices into a space. Guests, too, can put a company at risk. Hospitals, universities, meeting facilities and organizations that operate public venues cater to a segment of the population that expects easy access to the Internet when they are visiting. Do you have controls in place to check devices for anti-malware before allowing them a connection to your Wi-Fi?
Each of the above underscores the need for a strong BYOD policy (and I could have easily added dozens more!). If you need help researching or putting together one such policy for your company, I'd be thrilled to help.
Drop me a note!
|
|
What Do Your Apps Know about You?
|
At the very least, they may know what you've been searching for
Trend Micro, Inc., which distributes apps on the Mac App Store, was recently caught collecting users'
Safari, Chrome and Firefox browser histories.
One such app, Dr. Unarchiver, was at one time the No. 12 most popular free app in the U.S. Mac App Store.
The data was captured anytime a user launched the app. A zip file containing all of the information was then sent to the developer's servers.
This finding should serve as a reminder to keep only those apps you REALLY need and frequently use on your device. Make it part of your monthly routine to go in and delete any apps you no longer use or don't recall downloading.
... and in breaking apps news...
Breaking just from today... Have you used Facebook's "View As" feature? If you have in the past year or so, I recommend you change your Facebook password. 50 million user accounts, those who have used the "View As" feature, were breached.
|
|
U.S. States As Laboratories of Privacy Laws
|
Vermont, Illinois, California take action to protect citizens
As the U.S. government wrestles with how to more comprehensively protect the privacy of its citizens, some states are taking matters into their own hands.
Here are a few examples of what they're up to:
- Vermont's new data privacy law seeks to protect consumers from data brokers by forcing the brokers to register with the state and to adopt comprehensive data security programs.
- California recently enacted its Consumer Privacy Act, which imposes new rules on companies that gather, use and share personal data. Because the regulation will impact any state that has patients or customers from California, many have referred to it as the U.S. state-level version of the EU GDPR (It does, however, have significant differences). The rules are to become effective in 2020.
- Illinois has a law on the books that, created nearly 10 years ago, was fairly progressive and some might consider ahead of its time. Called the Biometric Information Privacy Act, the legislation seeks to regulate the collection, use, safeguarding, handling, storage, retention and destruction of biometric identifiers and information.
If you're curious how U.S. states rank for their privacy laws, check out this map by Comparitech. Scores are displayed as percentages (e.g., a score of 20 out of 20 is 100 percent).
|
Where to Find the Privacy Professor
|
|
In the classroom...
After years of
providing a regularly updated set of online employee training modules for my SIMBUS business clients,
and on-site certification teaching for IAPP, I'm excited to now also be teaching online IAPP-approved CIPP certification classes.
As an instructor for AshleyTrainingOnline, an IAPP-registered certified training partner, I will host a full schedule of classes
.
Do you have a team or group you'd like to coordinate training for? We can often arrange a discounted price for organizations and associations based on the number you have participating.
Hope to see you in the virtual classroom sometime soon!
**
I also teach CIPM and CIPP/US classes, so if you are interested in those, let me know!**
On the road...
One of my favorite things to do is visit with leaders in different industries - health care and managed systems providers to insurance and energy (and beyond!). Below are a few of the events I have scheduled for the upcoming season.
|
Photo courtesy of Roeland van Zeijst |
I was disappointed my recent trip to the Philippines for the Data Privacy Asia was cancelled due to Typhoon Mangkhut. But, thanks to my ability to create a video of my keynote on Day 1, and a video of my workshop on Day 2, then connect to the live event via Skype to virtually attend and answer questions, I was able to attend the full conference digitally!
On the air...
HAVE YOU LISTENED YET?
I'm so excited to be hosting the radio show
Data Security & Privacy with The Privacy Professor on the
VoiceAmerica Business network
. All episodes are available for on-demand listening on the VoiceAmerica site, as well as iTunes, Mobile Play, Stitcher, TuneIn, CastBox, Player.fm and similar apps and sites.
Hear the perspectives of incredible guests as they talk through a wide range of hot topics. We've addressed identity theft, medical cannabis patient privacy, cybercrime prosecutions and evidence, government surveillance, swatting and GDPR, just to name a few. Several episodes provide career advice for cybersecurity, privacy and IT professions.
SPONSORSHIP OPPORTUNITIES: Are you interested in being a sponsor or advertiser for my show? It's quickly growing with a large number of listeners worldwide. Please get in touch! There are many visual, audio and video possibilities.
In the news...
Digital Journal
HCCA Report on Patient Privacy
Healthcare Info Security
Make Use Of
SC Magazine
Successful Meetings
Recent Recognition
I am always sincerely thrilled when I receive these. Thank you!
Clear Risk
|
|
3 Ways to Show Some Love
The Privacy Professor Tips of a Month is a passion of mine and something I've offered readers all over the world for since 2007 (Time really flies!). If you love receiving your copy each month, consider taking a few moments to...
1) Tell a friend! The more readers who subscribe, the more awareness we cultivate.
3) Share the content. All of the info in this e
mail is sharable (I'd just ask that you follow
|
|
Here's hoping the planet calms down for a bit and gives us a break from the torrent of storms. I'm equally as hopeful we can all weather the security and privacy tempests that seem to be around every corner.
Here's to a safe, healthy and happy October!
Rebecca
Rebecca Herold, The Privacy Professor
|
|
|