Latest "Online Privacy" Posts
When was the last time you checked your privacy settings on your social media profiles? Being aware of the information you share is a critical step in securing your online identity. Below we’ve outlined some of the top social media sites and what you can do today to help keep your personal information safe.
FACEBOOK Social Media Privacy
Click the padlock icon in the upper right corner of Facebook, and run a Privacy
Checkup. This will walk you through three simple steps:
- Who you share status updates with
- A list of the apps that are connected to your Facebook page
- How personal information from your profile is shared.
As a rule of thumb, we recommend your Facebook Privacy setting be set to “Friends Only” to avoid sharing your information with strangers. You can confirm that all of your future posts will be visible to “Friends Only” by reselecting the padlock and clicking “Who can see my stuff?” then select “What do other people see on my timeline” and review the differences between your public and friends only profile. Oh, and don’t post anything stupid!
Come on, admit it. Don’t you feel just a little satisfaction watching 37 million adulterers exposed in the Ashley Madison hack? “They do kind of deserve to be cheated just a bit for being cheaters,” someone in one of my keynote speeches commented.
Cyber Leadership Only Gets Attention AFTER THE ATTACK
I am the first to admit that protecting your company against cyber attacks and the resulting data breach is a daunting task. There are thousands of moving parts connecting your systems, people, customer/employee data and the Internet. Most companies that are breached (e.g., Target, Home Depot, Staples, Chase Bank) take more steps than the average business to protect their customer data. But just taking more steps isn’t always enough; you have to take the right steps.
The recent Sony “Interview” Cyber Attack, in contrast, shows a blatant disregard of basic cyber leadership principals, making it a perfect case study for what you should NOT do as an executive protecting the data on which your business runs. Let’s go back a step. Sony Corporation suffered a crippling cyber security attack (supposedly from North Korea at the hands of a group calling themselves the Guardians of Peace) because of the controversial nature of its movie, The Interview, which depicts the attempted assassination of it’s leader, Kim Jong-un. The consequences of the hack will number in the hundreds, the costs in the hundreds of millions.
Did Edward Snowden Actually Comment on the Dropbox Breach? No.
Almost as fast as every media source out there could jump on the “Yet Another Breach” bandwagon and report that Dropbox had been hacked, the company was denying it. So let’s play a little game of true or false to try to sort out fact from fiction:
Statement: Hackers were able to access logins and passwords of Dropbox users and then leaked 400 account passwords and usernames on to the site Pastebin.
Statement: The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox. Attackers then used these stolen credentials to try to log in to sites across the Internet, including Dropbox.
True. (In fact that is a direct quote from the Dropbox blog of October 13, 2014 in which they bluntly proclaim “Dropbox wasn’t hacked”.)
Product Review on Password Manager Software
It often amazes me to find out how many people shy away from implementing ideas that they KNOW will make them safer. There are a multitude of reasons I know:
- Ignorance: “I didn’t know there was a helmet law in this state.”
- Fear: “But if I put my money in a bank, there could be a run on it. It’s safer under my mattress.”
- Misunderstanding: “Well, I thought that sign meant I could park here for free on Sunday.”
- Laziness: “It’ll be okay to leave my laptop on the table while I run to the bathroom real quick.”
When you read the recent blog post from Facebook about how they’re going to “Make Ads Better” and “Give People More Control”, you really want to believe them. You want to believe that they’re really just trying to make your life easier by providing ads relevant to your “likes” and apps you choose to install. Sure, if I have the MLB app, why wouldn’t I want to know about a sale on caps for my favorite ball team? Or if I’m an exercise nut, getting the latest gear for my next triathlon might be really important to me and save me the time of searching for it.
But the bottom line is this: Facebook is going back on something they promised years ago. Not only are they using our likes and apps to market to us, they’re also using our browsing history to target ads. They can “only” use information from sites that have Facebook buttons (to like, recommend or share) or that you can login to with your Facebook account, but these days, that’s practically any site!
Facebook Privacy Settings… Some may say it’s too little, too late. I’m relieved that Facebook is finally responding to concerns about their confusing and weak privacy settings. The social media giant (who has been losing customers of late) has recently made several changes to their settings.
Facebook Privacy Settings Update
- Additional photo settings. Your current profile photo and cover photos have traditionally been public by default. Soon, Facebook will let you change the privacy setting of your old cover photos.
- More visible mobile sharing settings. When you use your mobile phone to post, it is somewhat difficult to find who your audience is because the audience selector has been hidden behind an icon and this could lead to unintended sharing. In this Facebook privacy settings update, they will move the audience selector to the top of the update status box in a new “To:” field similar to what you see when you compose an email so you’ll be able to see more easily with whom you are sharing.
You certainly don’t need to be an internet privacy expert to be bothered that Google and Bing track every word you type into your browser, compile that data into a meta-profile of who you are and then sell it downstream to people who want to get to know you intimately (including criminals). Cases of browser surveillance have been documented for years. So, for example, if your daughter types the word “bankruptcy” into your browser while doing a high school report, that information is sold to the credit card company you happen to visit next who serves you to a page with a higher APR since you’ve been “flagged” as a high-risk customer (thanks to your daughter’s innocuous search term).
The implications are even greater for companies, who have a lot to lose when surfing behavior falls into the hands of competitive spies, foreign governments or organized criminals. Case in point: I recently delivered a keynote address as an internet privacy expert to a group of Latin-American journalists at a BlackBerry conference. One of the most common questions the journalists asked was how to keep Google from recording their private (and potentially politically sensitive) search terms.
Until Microsoft issues a security fix, I recommend discontinuing your use of Internet Explorer, regardless of version.
A Security Advisory released by Microsoft on April 26, states that the company is “aware of limited, targeted attacks that attempt to exploit a vulnerability” in Internet Explorer versions 6 through 11.
According to the release, the vulnerability would allow an attacker to host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.
An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes users to the attacker’s website, or by opening an attachment sent through email.