We trust our information with companies every day, but online privacy protection may not be their highest priority.

Some of the most widely-used tech companies in the world do a miserable job of protecting users’ online privacy. The Electronic Frontier Foundation has gathered data on the privacy protection efforts practiced by organizations like WordPress, Apple, Comcast and others (many of whom have also been victims of data security breaches recently) for its annual “report card.” Then it awarded stars to the companies as if they were hotels.

The results are abysmal for anyone who still thinks that corporate behemoths have their users’ best interests at heart.

Stars were given based on how well a company performed in various categories. Out of 18 companies measured, only two passed with flying colors in all six categories: Twitter and internet service provider Sonic.net. The rest scored poorly. Facebook earned 3 out of 6 stars, Apple and AT&T scored one star and Verizon struck out with zeroes across the board. If this were a real report card, most of these companies would have been expelled.

One category assesses whether these businesses enforce transparency—or the ease with which you can access and understand the data that they are collecting on you. Another category judges how much of your information they share, when requested, with the government. Although LinkedIn and—surprisingly—Google performed well in this area, social networks like FourSquare, Facebook, and MySpace came up short

Yahoo recently agreed to purchase Tumblr for the very purpose of aggregating more of Tumblr-users’ data. According to the report card, Yahoo makes little effort to protect your privacy, and Tumblr isn’t much better.

Paying attention to online privacy protection is like weeding your garden. If you don’t take some time to do it early in the Spring, you’ll spend the rest of the year unsuccessfully trying to undo the consequences.

The post Scorecard grades tech companies’ online privacy protection efforts appeared first on John Sileo, Privacy & Identity Theft Expert.

Do you know your social media privacy rights as they pertain to your workplace?

They will be different depending on where you live because the laws vary from state to state. Utah recently became the fifth state to put into effect such a law that governs the rights of both employees and employers. Legislation has also been introduced or is pending at the Federal level and in 35 states.

This has become a hot topic because more than 90 percent of employers use social media sites to help screen applicants. Since applicants have the ability to determine their online privacy settings to decide what is out there for public viewing, some employers have asked for access to their private social media content to get the real picture.

In addition, employers contend that having access to social media accounts of employees allows them to protect sensitive company information such as trade secrets and financial figures. Employees argue that the information may be used to discriminate against them and inherently invades their privacy. In reality, most of the current legislation actually seeks to protect both sides.

Utah’s Internet Employment Privacy Act enforces protection of employees’ online identities, dictating that an “employer may not request disclosure of information related to [a] personal Internet account.” Also known as House Bill 100, this law, which applies to both employees and applicants, includes asking for usernames and passwords. If employers are found guilty of this, they may face up to a $500 fine. Additionally, the law states that employers may not “take adverse action, fail to hire, or otherwise penalize” anyone who will not disclose their information.

There are exceptions built in to protect the employer. They may legally require such information if the employer has provided the device and/or service or if the information is needed to carry out a disciplinary investigation, particularly if the employee’s actions in some way compromise the company – i.e. sharing of proprietary/confidential information or financial data. In addition, the employer can still view publicly available information in order to conduct due diligence.

In the ever-changing world of social media privacy legislation, one thing is clear; it will keep changing! Both employees and employers should check the current status in their state. The National Conference of State Legislatures provides a good listing to help you do this. As always, know your rights and act on your responsibilities.

John Sileo is a social media privacy expert and professional speaker on building digital trust. His clients include the Department of Defense, Pfizer, Visa, and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business.

The post Social Media Privacy Laws Provide Protection for Employers and Employees appeared first on John Sileo, Privacy & Identity Theft Expert.

The post Cyber Security Expert John Sileo on Free WiFi Hotspots appeared first on John Sileo, Privacy & Identity Theft Expert.

At the time, Weiner’s indiscretions left him a laughingstock and a near-disgrace in one fell swoop. Now, as he ramps up a possible New York City mayoral campaign, he’s returned to the same social platform that almost cost him his political career. Is it possible that we will forget and forgive so soon?

A natural byproduct of our 140-character driven world is that everything is always old news. By the time the next tweet or Facebook post appears, we have forgotten the last one. Our online reputation, on the other hand, never disappears. And at some point, we will again value character in our public figures – making digital reputation a permanent, if often inaccurate, representation of that character.   

The lesson here is that you must cultivate your online reputation with the world view that it will forever be public, permanent and powerful. Because our posts and tweets, photos and videos are recorded for all of time, shared with all of humankind and used by ethical viewers and manipulative abusers alike, we must think before we hit the send button.

The post How long will Weiner’s bad online reputation haunt him? appeared first on John Sileo, Privacy & Identity Theft Expert.

USA Today recently opined

Take some recent cases in point: China hacking into the New York Times and Wall Street Journal, or the Syrian Electronic Army cracking into the Associated Press and 60 Minutes. If you’re looking for corporate examples, look no further than the $45 million stolen by cyber thieves via MasterCard pre-paid debit cards. Cyber security is the new darling of the Obama administration, the media and Sandhill Road because all three are finally learning how much they have to lose (or in the case of VCs, gain) by ignoring cyber security.

To the venture capitalists’ credit, many of the newly minted information security startups in Silicon Valley, the DC Beltway and elsewhere will in fact make huge profits. After all, nothing sells like fear. The mission of a venture capitalist is almost soley to make money. Acknowledged and forgiven. But making money doesn’t solve cyber crime. So what does? That’s where we encounter the lie. So far we have two truths: 1. spending on cybersecurity is justified and 2. VCs aim to make money. Now for the lie. 

The Lie: Technology is the Rosetta-Stone-Solution that solves cyber security threats.

If you look at the recent funding frenzy described in the USA Today article, a majority of the VC investments target hardware and software companies that solve one (or maybe several aspects) of our new cyber reality. Some make firewalls, other protect the cloud. This one targets malware and that one WiFi encryption. These are all important pieces of the virtual puzzle. And yet, none of the startups I have seen incorporate solutions for the common denominator of nearly all cyber security breaches: we humans.

Behind every great firewall is an employee who brings their own unauthorized device into the company network (ever emailed a business file using your personal account?). At the heart of many a great hack are usernames and passwords that are identical for a user’s Facbook account, bank account and workplace login. Steal the Facebook login and voila, you are into the corporate network as a privileged user.

Security does not exist in a technological vacuum. It lives in the gaps between innovative tools like firewalls and the humans that configure, update and utilize them. If you don’t properly train the humans on cyber security, identity protection, fraud prevention, social engineering and the like, the technology becomes useless.

And the company that finds a solution to the human problem and incorporates it into the technology won’t just make a load of profits, they will make a world of difference.

John Sileo is the CEO of The Sileo Group and an advisor on the human element of cyber security, social engineering and fraud prevention. His body of work includes engagements with the Department of Defense, Visa, Homeland Security and hundreds of businesses of all sizes. View John’s client testimony, interactive keynotes & national media coverage.

The post 2 Truths & a Lie: Venture Capital Frenzy Misses Cyber Security Mark appeared first on John Sileo, Privacy & Identity Theft Expert.