iPad Vampires: 7 Simple Security Settings to Stop Data Suckers
Information is the currency and lifeblood of the modern economy and, unlike the industrial revolution, data doesn’t shut down at dinnertime. As a result, the trend is towards hyper-mobile computing – smartphones and tablets – that connect us to the Internet and a limitless transfusion of information 24-7. It is an addiction that employers encourage because it inevitably means that we are working after hours (scanning emails in bed rather than catching up with our spouse).
In the work we do to change the culture of privacy inside of organizations, we have discovered a dilemma: iPads are not as secure as other forms of computing and are leaking significant amounts of organizational data to corporate spies, data thieves and even competing economies (China, for example, which would dearly love to pirate the recipe for your secret sauce). Do corporations, then, sacrifice security for the sake of efficiency, privacy for the powerful touch screens that offer a jugular of sensitive information?
Of course not! That’d be like driving a race car minus seat belts and air bags.
iPads provide a competitive advantage, and like generations of tools before it (the cotton gin, the PC), individuals and organizations alike will be forced to learn how to operate this equipment safely or risk the bite of intellectual property vampires. Here are 7 Simple Security Settings to help you lock down your iPad much like you would your laptop.
Supercookie Monster Eating Your Privacy for Lunch
You already know that every word you type on your browser is being tracked and used to profile and deliver highly-relevant advertisements to you (Big Brother Lives in Your Browser). And you know that most websites install “cookies” onto your computer in order to store relevant information about you (account numbers) that make surfing more convenient, and to gather information that allows advertisers to know more about you. You probably even know how to delete them.
But new research has shown that deleting cookies doesn’t always help. A new breed of cookies, called supercookies, can reconstruct all of your profile history even after the cookie has been deleted. MSN.com and Hulu.com just got caught using supercookies to track your surfing habits in stealth mode (you have no way of knowing that it’s happening, and you can’t do anything about it). The Wall Street Journal had this to say about supercookies and history stealing:
Hulu and MSN were installing files known as “supercookies,” which are capable of re-creating users’ profiles after people deleted regular cookies… The spread of advanced tracking techniques shows how quickly data-tracking companies are adapting their techniques… ["history stealing"] peers into people’s Web-browsing histories to see if they previously had visited any of more than 1,500 websites, including ones dealing with fertility problems, menopause and credit repair… Supercookies are stored in different places than regular cookies… | WSJ 8/18/11 | Supercookies on WSJ for non-subscribers.
If You Hacked into Rupert Murdoch’s Voicemail…
If you hacked into Rupert Murdoch’s voicemail, you would hear the message I just left him:
Thank you , Mr. Murdoch, I owe you one. I’ve spent the past five years trying to convince the world of something you managed to do with one simple scandal. I’m sorry that you will probably lose your reputation and much of your company and wealth because of it (not to mention your self-respect), but the world will be a better place for it. Why? Not just because our phone is ringing non-stop with companies and individuals that want to protect their private information.
It’s because you, Mr. Murdoch, awoke the PRIVACY BEAST! Two weeks ago, no one paid very much attention to voicemails being hacked. The average Facebook user was shrugging off the knowledge that their data was being systematically collected, aggregated and sold to the highest bidder all for Facebook’s financial gain. Android users ignored the warnings that malicious apps disguised as harmless games were funneling their bank account numbers, contact lists and geographic whereabouts to locations in Iran and North Korea. iPhone users continued to load their phones with as much data as a laptop without even password protecting the darn thing. Most of us lived in a comfortable, pitiful, stupor of privacy ignorance. But today, everyone suddenly cares .
7 Data Theft Hotspots for Meeting Professionals
Everybody wants your data, especially when you are in the business of meetings. Your data doesn’t just have a high face value (e.g., the attendee data, including credit card numbers that you collect and store in your online registration system), it also has a high resale value .
Here is how the theft is most often committed in your industry:
- Competitors hire one of your employees and they leave with a thumb drive full of confidential files, including client lists, personally identifying information on talent and employees, financial performance data, etc.
- Social engineers (con artists) mine your employee’s Facebook profiles to gain a heightened level of trust which allows them to manipulate your human assets
- Cyber criminals hack your lax computer network or sniff the unprotected wireless connections you and your employees use while traveling (Starbucks, hotels, airports).
- Mobile Computing Thieves target your digital devices (Laptop, smartphone, tablet) and other weak points while on the road.
- Opportunistic Vendors (Cleaning services, painters, landlords) quietly collect data assets from your desks, filing cabinets, trash cans and dumpsters when you aren’t even in the office.
Research is screaming at us—more than 80% of businesses surveyed have already experienced at least one breach (average recovery cost according to the Ponemon Institute: $7.2 million) and have no idea of how to stop a repeat performance.
13 Data Security Tips for Meeting Professionals – SGMP
I just finished delivering a keynote speech for the Society of Government Meeting Professionals (SGMP) at their annual convention on identity theft and protecting data in the meetings industry. Data security is a top concern in this industry because it is probably one of the most highly-targeted groups for identity theft, social media fraud, data breach and social engineering. Here’s why:
- Meeting professionals collect, store and transmit massive amounts of private data on attendees
- Data theft risk skyrockets when travel is involved, which is a frequent occurrence for meeting planners and professionals
- Meeting professionals are busy nearly 24 hours a day once they are onsite for the conference or meeting, meaning that they are highly distracted
- A single data breach of attendee data can put the organization responsible for the event out of business due to excessive costs and tight compliance regulations
- Conferences are generally collections of highly professional, highly valuable attendees who travel with laptops, sensitive intellectual property, smartphones, unsecured WiFi connections, etc.
Meeting professionals have enormous responsibilities throughout every stage of the planning process. Identity thieves target conferences because of the sheer quantity and value of data circulating around these events. Protecting sensitive attendee data before, during and after the event has become not only a nicety, but a necessity. Data stolen during the planning, execution or clean-up phases of your event can hamstring your organization with financial liabilities and a public relations nightmare. Start by taking these steps:
3 Exposure Lessons Learned Via Anthony Weiner
Just for a minute, put yourself in the shoes of Anthony Weiner. You’ve done something exceptionally stupid, whether it’s sending sexually explicit photos of yourself to strangers you don’t even know, or another unrelated mistake. To compound the stupidity, you involve social networking – you Facebook or tweet or YouTube the act – or even simply email details of what you’ve done.
Everyone of us makes impulsively bad decisions (probably not as bad as Weiner, but bad nonetheless). Prior to the internet, you at least had a chance to recover from your past transgressions, as there wasn’t a readily accessible public record of the act unless you happened to be caught on tape (think Nixon, Rodney King, etc.). But now that pretty much every human carries either a camera or video recorder with them at all times (mobile phones), can communicate instantly with a massive audience (Facebook, Twitter, SMS, blogs), and have access to more information than exists in the Library of Congress just by pulling up Google, the equation of how you control sensitive information about yourself has changed radically. Every stranger (and even friend) is like a full service news station with video, distribution and commentary, just waiting to report on your missteps.
Here are three lessons the rest of us can take from the Anthony Weiner affair:
Sileo In the Media
Privacy Project Newsletter
Tools and tips for bulletproofing yourself against identity theft, data breach and corporate espionage. Subscribe to the newsletter and get John Sileo's 7 Survival Strategies for Starving Data Spies for FREE!
