Archives For privacy

Data Privacy Day 2016!

John Knights —  January 20, 2016

Data Privacy Day (DPD) is observed on January 28th. Data Privacy Day is focused on, “respecting privacy, safeguarding data and enabling trust.” This international effort is held on January 28th and the goal is to “create awareness about the importance of privacy and protecting personal information.”

Want to get involved with Data Privacy Day, check out how at StaySafeOnline.org at http://www.staysafeonline.org/data-privacy-day/get-involved/.

Also, join in on the the two Twitter chats hosted by @STOPTHINKCONNECT, taking place this month. The first today at 3pm, use #ChatSTC to join! More information available at https://stopthinkconnect.org/campaigns/twitter-chat-series.

There are various ways to stay connected with us:

banner 728x90_2016_R1DPD-Championbanner 468x60_2016_R1

The next time you post something on Facebook that anyone can see, you will be greeted by a small blue blast from the past.  A tiny blue dinosaur (article and example from Sophos) now reminds users without privacy settings enabled to read and understand them better before they share information online.  The dino addresses the user by name and hopefully will encourage more people to be safer online.  This is a much needed step towards privacy and transparency for the social network giant.

The cartoon popup is just a test program but is already receiving great feedback and hopefully it will spur more companies to follow suit by making their user’s privacy a bigger priority.  The exact message you will receive is: “You haven’t changed who can see your posts lately, so we just wanted to make sure you’re sharing this post with the right audience. (Your current setting is Public, though you can change this whenever you post.)”. It then gives you different options to limit who can see your post.

 

What better place to catch unsuspecting people who are bored and want to go online than the airport? Next time you’re flying be cautious of the wireless network you choose to join on you mobile device because it could easily be an ad hoc network (phone to phone connection) or another trap set by a hacker. Often times a hacker will intercept information over an unsecured Wi-Fi network and acquire people’s passwords to social media or worst yet, their credentials used to access their bank account online. Think of unprotected Wi-Fi like a mailing a letter in a transparent envelope and placing it in an unsecure mailbox, you have to leave the information in it and wait for the mail carrier (website) to pick it up. If a hacker gets to the information before the website (mail carrier), he could view the contents and even tamper with it. The safest thing is to never input sensitive information on an unprotected Wi-Fi network.

If you need to check your bank account on a mobile device, use a 3G or 4G connection whenever possible as it is more secure. If you are on a laptop, connect using a Virtual Private Network, or VPN service to create a secure connection, which will then secure your information. (For Wentworth employees that require VPN access to the campus network when working remotely, please email our Information Security Office to find out more.), Always be cautious when in a public space, even when connecting to “secured” or encrypted WiFi hotspots as they may not employ the most up-to-date settings. At Wentworth, our LeopardSecure WiFi network utilizes strong encryption, so you can be sure that your communications are secure.

A few other things to consider when using public WiFi hotspots. First, make sure that your sharing settings are off. This will ensure that you are not broadcasting your computer to others on the same network, limiting your potential exposure. Secondly, be careful even when you’re on a secure Wi-Fi network when it comes to your personal information. Chrome’s Incognito and Mozilla’s Private Browsing modes will cover your tracks on your computer but they leave the data you share vulnerable. Many sites allow for secure connections using an encrypted channel to their web site, through HTTPS. The problem is that even though it is available, many sites use the unencrypted HTTP as a default to ensure connectivity. There is a tool that you can use with your browser named HTTPS Everywhere. HTTPS Everywhere is a browser plugin that solves this problem and secures your data. Stay encrypted while browsing by default on every website that allows it. This is available for Mozilla Firefox, Google Chrome, and Opera.

We’ve all seen news reports or at least heard someone mention identity theft before, but most people don’t think twice about it.  Meanwhile, identity theft has increased 66% from 2012 to 2013 and the general public is still very susceptible. Many hear about identity theft, but because they do not experienced it personally or know of an account first-hand, many choose not to address it. So, as the temperature heats up around tax season and more hackers are looking for easy targets, the public needs to be more responsible with their online data.

In the film “Identity Theft”, the criminal calls the unsuspecting main character and fools him through some simple social engineering over the phone. The criminal poses as a representative from his bank and tells him that someone has stolen his identity and he should register for the complimentary identity recovery program offered by the bank.  She then asked him for his name, bank account, and social security number so that she can “protect him”.  He doesn’t think twice and gives out his personal information to a stranger over the phone who has provided no evidence that she is affiliated with his bank.  The film then escalates very quickly, with pretty much everything that could possibly happen with identity theft happening.  The criminal then creates a false driver’s license and credit card with the main character’s information.

While many things are exaggerated in the movie, the risk of identity theft is very real and many people are just as unprepared and unsuspecting as the main character.  Always be wary of random phone calls or emails demanding information without any sign that they belong to an institution you trust, such as a bank or hospital.   Safeguard your important personal information, especially your social security number.  Only give your SSN for tax, credit, or employment reasons and make sure you know how it is going to be used.

Over the course of Data Privacy Month we will cover many things you should know about keeping your information safe and ways to protect yourself.  To explore more now, visit our information security web site and follow us on Twitter.