Posts

Your Apps Are Watching You

,

Statistics say 1 in 2 Americans will have a smart-phone by December 2011. Many people keep their address, bank account numbers, passwords, PIN numbers and more stored in their phone. The mounds of information kept in smart-phones is more than enough to steal one’s identity with ease.

What most people don’t consider are the applications that they are using on a daily basis. What information is stored there? According to a recent Wall Street Journal article, more than you think.

After examining over 100 popular apps, they found that 56 transmit the phone’s unique device ID to companies without the user’s knowledge. Forty-seven of the applications transmitted the phone’s actual location, while five sent other personal information such as age and gender.  This shows how many times your privacy is potentially compromised without your knowledge, just by playing music on Pandora.

Here are a few of the culprits:

  • Textplus 4 is a popular text messaging app. It sent the unique phone ID to over 7 different ad companies.
  • Pandora, a popular music application for both smart-phones and computers sends age, gender, location and phone ID to many advertisers.
  • Paper Toss sends your phone ID to 5 different advertisers.
Smartphone providers such as Apple and Google state that they make sure applications get approval from users in order to transmit this type of information. Apple declined to comment after it was found that a popular pumpkin carving app was sending location information without gaining permission first.  Although it is written in Apple’s privacy policy that apps must obtain permission, this clearly is not happening. On the other hand, Google, creator of the Android, does not monitor their apps and what they are transmitting at all. Neither company requires their apps to have privacy policies and 45 of the 100 apps examined didn’t have one.
Here’s what you need to know in a nutshell:
  • Apps are capturing and transmitting a variety of your personal information. If you are using smart-phone apps, your information is being transmitted.
  • Paid apps tend to transmit less personal data than free apps. After all, the free apps have to make money somehow!
  • Get rid of any applications you don’t use.
  • If an app gives you the option to opt out of information sharing, take it.
Even if the application you are downloading and accessing does ask for your permission to gather location information, they don’t disclose who they are sending it to or how they are using it. With so many loop-holes, inconsistencies, and a lack of policing applications, it is clear your information will continue to be transmitted without your knowledge or permission.

Opening Pandora's Privacy Box

,

I am a huge fan and frequent user of Pandora, the internet radio station that plays songs based on learned music preferences (if you like the Avett Brothers, it knows you will probably also like Dave Matthews, etc.). Pandora is an overwhelmingly popular online radio network app for computers, smart phones and the iTouch. It provides listeners with an informed collection of songs and play-lists based on a comprehensive analysis of over 400 qualities of a song that make it specifically appealing to you. While the financial cost to users appears at first site to be nothing (if you don’t mind the occasional ad), the privacy cost can be exponentially high with Pandora selling your web-surfing habits to advertisers.

Pandora clearly states in its FAQ that they are sharing information such as your age and gender with advertisers.

“…the free version of Pandora is mostly supported by advertisements, and we want to be able to show the most relevant ads to our listeners… Since this means that you’re more likely to see an ad that’s relevant to you, we hope it’s a good thing for our listeners as well as for our advertisers, and therefore also for Pandora as a whole.”

So are they sharing more sensitive identity information? While Pandora admits that they share your age and gender, a recent Wall Street Journal Article says they are sharing more. They state that Pandora shares age, gender, location, and phone ID information with marketing firms on both its iPhone and Android mobile versions. So while advertisers won’t have your name and email address, they’ll get their hands on a lot of info about your mobile phone behavior.

Just remember when you log into Pandora and stream your free music play list, there is a cost. When you are getting something for “FREE”, there is always a cost, and it’s often your personal information. While you may not be able to immediately understand the financial impact of this, just know that your privacy is slowly flowing out of your control – one song at a time.

To increase your privacy on Pandora, visit www.pandora.com/privacysettings and restrict access as much as possible.

Is your organization trying to stem the flow of information leakage via identity theft, corporate espionage, data breach and social networking exposure? Contact keynote speaker John Sileo to inspire your audience to change their poor privacy habits from the inside out.

Information Security Speaker: 5 Information Espionage Hotspots Threatening Businesses

, , ,

You and your business are worth a lot of money, whether your bank accounts show it or not. The goldmine lies in your data, and everyone wants it. Competitors want to hire the employee you just fired for the thumb drive full of confidential files they smuggled out. Data thieves salivate over your Facebook profile, which provides as a “how to” guide for exploiting your trust. Cyber criminals are digitally sniffing the wireless connection you use at Starbucks to make bank transfers and send “confidential” emails.

Every business is under assault by forces that want access to your valuable data: identity records, customer databases, employee files, intellectual property, and ultimately, your net worth. Research is screaming at us—more than 80% of businesses surveyed have already experienced at least one breach (average recovery cost: $6.75 million) and have no idea of how to stop a repeat performance. These are clear, profit-driven reasons to care about who controls your data.

Information Espionage Hotspots

Here are 5 Information Espionage Hotspots that your business should address now:

  1. Lousy training. One of the costliest data security mistakes I see companies make is attempting to train employees from the perspective of the company. This ignores a crucial reality: All privacy is personal. In other words, no one in your organization will care about data security until they understand what it has to do with them. Strategy: Give your people the tools to protect themselves personally from identity theft. In addition to showing them that you care (a good employee retention strategy), you are developing a privacy language that can be applied to business. Once they understand opting out, encryption and identity monitoring from a personal standpoint, it’s a short leap to apply that to your customer databases and intellectual property. See the video above for an example of bridging the worlds of personal privacy and corporate data security.
  2. Human weakness. The root cause of most data loss is not technology; it’s a human being who makes a costly miscalculation out of fear, obligation, confusion, greed or sense of urgency. Social engineering is the craft of extracting information out of you or your staff by pushing buttons that elicit automatic responses. Strategy: Immunize your workforce against social engineering and poor decision making. Fraud training teaches your people how to handle requests for login credentials, passwords, employee and customer data, unauthorized building access and an office full of information whose disappearance will land you on the front page of the newspaper. The latest frontier that thieves are exploiting are your employees social networks, especially Facebook and LinkedIn. It is imperative that you have a well-thought-out, clearly communicated social networking policy that minimizes the risks of data leakage, reputation damage and trust manipulation. 
  3. Wireless surfing. There are two main sources of wireless data leakage: the weakly encrypted wireless router in your office and the unprotected wireless connection you use to access the Internet in an airport, hotel or café. Both connections are constantly sniffed for unprotected data being sent from your computer to the web. Strategy: Have a security professional configure the wireless router in your office. Here is your laundry list of things to ask her to do. She will understand the terminology: Utilize WPA-2 encryption or better; Implement MAC-specific addressing and mask your SSID; While she’s there, have her do a security audit of your network; To protect your connection while surfing on the road, purchase an encrypted high-speed USB modem from one of the major carriers (Verizon, Sprint, AT&T) and STOP using other people’s free/fee hotspots.
  4. Inside spies. Chances are you rarely perform a serious background check before hiring a new employee. That is short sighted, as most of the worst data theft ends up being an “inside job” where a dishonest employee siphons information out a “digital door” when no one is looking. Many employees who are dishonest now were also dishonest in the past, which is why they no longer work for their former employer. Strategy: Invest in a comprehensive background check using a product like CSIdentity.com’s SAFE before you hire instead of wasting much more money cleaning up after a thief steals valuable data assets. Follow up on the prospect’s references and ask for some that aren’t on the application. Investigating someone’s background jump starts your intuition and discourages dishonest applicants from the outset.
  5. Mobile data. In the most trusted research studies, 36-50% of data breach originates with the loss of a laptop or mobile computing device (smart phone, thumb drive, etc.). Mobility, consequently, is a double-edged sword; but it’s a sword that we’re probably not going to give up easily. Utilize the security professional mentioned above to implement strong passwords, whole disk encryption and remote data wiping capabilities. In addition, physically secure this goldmine of data down when you aren’t using it. Strategy: Utilize the security professional mentioned above to implement strong passwords, whole disk encryption, and remote laptop-tracking and data-wiping capabilities. Set your screen saver to engage after 5 minutes of inactivity and check the box that requires you to enter your password upon re-entry. This will help keep unwanted users out of your system. Finally, lock this goldmine of data down when you aren’t using it.

Your espionage countermeasures don’t need to be sophisticated or expensive to be effective. Targeting the hotspots above is a savvy, incremental way to keep spies out of your profit margins. But it won’t start working until you do.

John Sileo speaks professionally on identity theft, data breach and social networking exposure, and is the author of the newly released Privacy Means Profit. His clients include the Department of Defense, the FDIC, FTC, Pfizer and the Federal Reserve Bank. Learn more about bringing him in to motivate your organization to better protect information assets.

Identity Theft Training

,

John Sileo knows identity theft and data breach first hand – he became “America’s Leading Identity Theft Speaker and Expert” after losing his business and more than $300,000 to these costly crimes. He has provided these Identity Theft Resources to help you protect your organization from suffering from the losses that result from unprotected private information. Visit John’s Identity Theft Prevention Store to learn more.

Hire John to train your employees to prevent identity theft, data breach and corporate espionage

Safe data is profitable data, whether it’s a client’s credit card number, a patient’s medical file, an employee’s benefit plan or sensitive intellectual capital. By the time John finishes his hilarious closing story, your audience will be fully empowered to protect private information, at home and at work.

John’s Most Requested Identity Theft Training Presentations (Keynote Topics)

Think Like a Spy
Information Survival Skills

The biggest threat to our identities (and to valuable corporate data) is our lack of a Privacy Reflex. Few of us have ever been trained to respond appropriately when someone requests our sensitive information. Think of how easily you give your information away on the Internet when someone promises you a free gift. This presentation will give your audience the fundamental building blocks to proactively protect valuable information assets. The result is a safer individual with strategic privacy skills that protect your organization’s bottom line.

To bridge the gap between personal protection and professional privacy, Think Like a Spy can be paired with one or more of the profit-focused supplementary presentations below.

Bulletproof Your Business Against Breach
Extinguishing Privacy Hotspots

Once we understand how to protect our personal identities, we have the tools and motivation to begin protecting valuable corporate data. Identity theft and corporate data loss are a huge financial cost and legal liability to corporations and organizations. It is imperative in our information economy that we train our workforce on how to protect those information assets, whether they are digital, physical or intellectual.

7 Sins of Social Networking
Controlling Information Over-Exposure

Every parent and young adult should be aware of the fact that college-age students are at the highest risk of identity theft and general abuse of private information. Just like most young adults were taught Stranger Danger in school, they should also be taught how to protect their increasingly-threatened identities. This program is appropriate for both parents and young adults, but is geared to instill a Privacy Reflex in the younger generation.

Your Financial Institution as Hero
Protecting Customers Against Identity Theft

No one is in a better position to educate individuals about identity theft prevention than financial institutions. Not only do they have the “financial ear” of their clients, but they have a responsibility to protect their customers and members from this highly financial crime. This speech applies to banks, credit unions, insurance companies, brokers, financial planners, accountants, etc.

Organizations that proactively educate their team members about identity theft protection drastically reduce their chances of a costly data breach. Your audience will experience first-hand what data theft feels like, and the resulting costs of poor privacy practices. John gets the audience up on their feet, laughing and learning. Increased awareness inside of your organization translates into an immediate return on your speaking investment.

Getting What You Want
Weapons of Maniuplation and Tools of Influence

Now, more than ever, knowledge is power – once you can identify the tools of persuasion being used against you, your vulnerability drops radically. The benefits are immediate, whether you are buying a used car, evaluating a potential date, hiring a new employee or discipling your teenager. In this speech, discoverhow to avoid manipulation so you can positively control the outcomes in your life.

John’s satisfied clients include the Department of Defense, the FDIC, Pfizer and the Federal Trade Commission. For more information on John or his training, call us at 303.777.3221 or send us an email.