iPad Vampires: 7 Simple Security Settings to Stop Data Suckers
Information is the currency and lifeblood of the modern economy and, unlike the industrial revolution, data doesn’t shut down at dinnertime. As a result, the trend is towards hyper-mobile computing – smartphones and tablets – that connect us to the Internet and a limitless transfusion of information 24-7. It is an addiction that employers encourage because it inevitably means that we are working after hours (scanning emails in bed rather than catching up with our spouse).
In the work we do to change the culture of privacy inside of organizations, we have discovered a dilemma: iPads are not as secure as other forms of computing and are leaking significant amounts of organizational data to corporate spies, data thieves and even competing economies (China, for example, which would dearly love to pirate the recipe for your secret sauce). Do corporations, then, sacrifice security for the sake of efficiency, privacy for the powerful touch screens that offer a jugular of sensitive information?
Of course not! That’d be like driving a race car minus seat belts and air bags.
iPads provide a competitive advantage, and like generations of tools before it (the cotton gin, the PC), individuals and organizations alike will be forced to learn how to operate this equipment safely or risk the bite of intellectual property vampires. Here are 7 Simple Security Settings to help you lock down your iPad much like you would your laptop.
U.S. is Dumb About Smart Cards
The typical US consumer still swipes their card, credit or debit, with those same old black magnetic stripes. And, we hold our breath and hope they work, and don’t lead to erroneous (fraudulent) charges we have to defend. The rest of the world has switched to Smart cards, according to Peter Svensson, The Associated Press, in The Denver Post. “The problem with that black magnetic stripe on the back of your card is that it’s about as secure as writing your account information on a post-card”.
Svensson comments “Smart-cards (chip-based cards) can’t be copied, which greatly reduces the potential for fraud. Smart cards with built-in chips are the equivalent of a safe: They can hide information so it can be unlocked only with the right key”.
This begs the question, why is the US lagging in this technology? How do we re-vamp our system to promote smart-card transactions? Some experts maintain that it is a lack of demand by everyone from consumers and issuing banks to retail establishments. In essence, we don’t want the added security. This, of course, is just a smoke screen to obscure the underlying issue: no one wants to pay for it. Consumer don’t feel like they should pay for the technology (through higher card fees) even if it makes them safer (Haven’t we always been pretty safe?). Banks don’t want to pay to issue higher-cost cards with chip technology (they probably think it is cheaper to weather the costs of fraud – it is not). And retailers don’t want the added expense of new, more sophisticated equipment.
If You Hacked into Rupert Murdoch’s Voicemail…
If you hacked into Rupert Murdoch’s voicemail, you would hear the message I just left him:
Thank you , Mr. Murdoch, I owe you one. I’ve spent the past five years trying to convince the world of something you managed to do with one simple scandal. I’m sorry that you will probably lose your reputation and much of your company and wealth because of it (not to mention your self-respect), but the world will be a better place for it. Why? Not just because our phone is ringing non-stop with companies and individuals that want to protect their private information.
It’s because you, Mr. Murdoch, awoke the PRIVACY BEAST! Two weeks ago, no one paid very much attention to voicemails being hacked. The average Facebook user was shrugging off the knowledge that their data was being systematically collected, aggregated and sold to the highest bidder all for Facebook’s financial gain. Android users ignored the warnings that malicious apps disguised as harmless games were funneling their bank account numbers, contact lists and geographic whereabouts to locations in Iran and North Korea. iPhone users continued to load their phones with as much data as a laptop without even password protecting the darn thing. Most of us lived in a comfortable, pitiful, stupor of privacy ignorance. But today, everyone suddenly cares .
How Secure is Your Gmail, Hotmail, YahooMail?
I just finished an interview with Esquire magazine about the security of webmail applications like Gmail, Windows Live Hotmail and YahooMail. Rebecca Joy, who interviewed me on behalf of Esquire, wanted to know in the wake of the Rupert Murdoch phone-hacking scandal, how secure our photos and messages are when we choose to use free webmail programs.
The simple answer? Not very secure. Just ask Vanessa Hudgens (nude photos), Sarah Palin (complete takeover of her email account) and the scores of celebrities and power figures who have been victimized by email hacking.
Think of using webmail (or any web-based software, including Facebook, Twitter, Google Docs, etc.) as checking into a hotel room. Unlike a house, where you have tighter control over your possessions, the same is not true of a hotel. While you definitely own the items you bring into a hotel room (laptop, smartphone, wallet, passport, client files), you don’t have nearly as much control as to how they are accessed (maids, managers, social engineers who know how to gain access to your room). In short, by using webmail to communicate, you are exchanging convenience for control.
Here are the five most common ways you lose control:
- The password on your email account is easy to guess (less than 13 characters, fail to use alpha-numeric-symbol-upper-lower-case, don’t change it often) and someone easily hacks into your webmail account, giving them access to your mail, photos, contacts, etc.
7 Data Theft Hotspots for Meeting Professionals
Everybody wants your data, especially when you are in the business of meetings. Your data doesn’t just have a high face value (e.g., the attendee data, including credit card numbers that you collect and store in your online registration system), it also has a high resale value .
Here is how the theft is most often committed in your industry:
- Competitors hire one of your employees and they leave with a thumb drive full of confidential files, including client lists, personally identifying information on talent and employees, financial performance data, etc.
- Social engineers (con artists) mine your employee’s Facebook profiles to gain a heightened level of trust which allows them to manipulate your human assets
- Cyber criminals hack your lax computer network or sniff the unprotected wireless connections you and your employees use while traveling (Starbucks, hotels, airports).
- Mobile Computing Thieves target your digital devices (Laptop, smartphone, tablet) and other weak points while on the road.
- Opportunistic Vendors (Cleaning services, painters, landlords) quietly collect data assets from your desks, filing cabinets, trash cans and dumpsters when you aren’t even in the office.
Research is screaming at us—more than 80% of businesses surveyed have already experienced at least one breach (average recovery cost according to the Ponemon Institute: $7.2 million) and have no idea of how to stop a repeat performance.
13 Data Security Tips for Meeting Professionals – SGMP
I just finished delivering a keynote speech for the Society of Government Meeting Professionals (SGMP) at their annual convention on identity theft and protecting data in the meetings industry. Data security is a top concern in this industry because it is probably one of the most highly-targeted groups for identity theft, social media fraud, data breach and social engineering. Here’s why:
- Meeting professionals collect, store and transmit massive amounts of private data on attendees
- Data theft risk skyrockets when travel is involved, which is a frequent occurrence for meeting planners and professionals
- Meeting professionals are busy nearly 24 hours a day once they are onsite for the conference or meeting, meaning that they are highly distracted
- A single data breach of attendee data can put the organization responsible for the event out of business due to excessive costs and tight compliance regulations
- Conferences are generally collections of highly professional, highly valuable attendees who travel with laptops, sensitive intellectual property, smartphones, unsecured WiFi connections, etc.
Meeting professionals have enormous responsibilities throughout every stage of the planning process. Identity thieves target conferences because of the sheer quantity and value of data circulating around these events. Protecting sensitive attendee data before, during and after the event has become not only a nicety, but a necessity. Data stolen during the planning, execution or clean-up phases of your event can hamstring your organization with financial liabilities and a public relations nightmare. Start by taking these steps:
U.S. Lags Europe on Credit Card Security
We can be as patriotic as we want to be, but today, the US lags behind other countries in credit card technology and consumer safety. Our current-day magnetic-strip technology is archaic compared to the chip-embedded cards of our European counterparts. Though some larger US retailers are offering support of the “smart-chip” cards, a mandate for their use (and greater protection for the consumer) is down the road. (Click here for the original story on NPR).
According to Andrea Rock, a senior editor at Consumer Reports who wrote an article about the security gap in the credit card industry (emphasis mine):
“The account information that’s needed to make a transaction on American cards is stored, unencrypted, on a magnetic stripe on the back of each card,”
And that means, until the industry changes, you are at risk. In the mean time, here are a few steps you can take to increase your security:
- Limit use of your debit card. The bank offers you less protection on debit transactions than credit transactions. Additionally, with debit cards, there is a PIN involved, potentially providing immediate cash access to your accounts by clever thieves. If fraud occurs, you are out the money until it is resolved.
- Use your credit card instead. It’s safer. Typically, credit card issuers offer zero-liability for losses associated with unauthorized transactions. You also have a longer time frame to catch and report the fraud.
Sileo In the Media
Privacy Project Newsletter
Tools and tips for bulletproofing yourself against identity theft, data breach and corporate espionage. Subscribe to the newsletter and get John Sileo's 7 Survival Strategies for Starving Data Spies for FREE!
