A "Gentle Reminder" for everyone to be extra vigilant with their Privacy!

Many of us actually turn a blind eye to the fact our private information is being, as this Australian reporter puts it, furiously scooped up by corporations, governments and others.

Why? Because we see it as a harmless tradeoff for whatever convenience or bit of entertainment we get in return. However, as this video details, more consumers are becoming aware of exactly what that tradeoff entails. And they're coming to it through social experiments like the one conducted in Australia. A reporter arranged for baristas to behave like an online app. After taking the java order, the baristas asked their customers to give them details like their home addresses or their last four text messages. The coffee buyers were super uncomfortable.

As we see in the video, the sharing of private information is no longer viewed as a harmless tradeoff when put in the faces of consumers. It's viewed with skepticism and dismay, just as some may argue, it always should be. The other day, a friend told me the fast-food restaurant chain app she downloaded asked for access to her camera and all the photos and videos stored on it!

The takeaway? Pay closer attention to the information your new apps are asking to access. If something throws up a red flag, investigate. Or simply don't install the app.

What Becomes Of Your Online Accounts After You Die?

...until death do us part

Have you ever wondered what becomes of your online accounts after you die? The Washington Post recently looked into the question, and reports that "The immortality of one's digital accounts is one of the more morbid philosophical wrinkles of modern life."

Here are a few of the take-aways from the article: Family who want to access these accounts often can't. Digital asset laws vary greatly by state and country.

The spookiest take-away: Artificial intelligence-like technology may someday Tweet in a user's voice after he or she dies.

Facebook Users should enable Two-Factor Authentication

Securing Your Facebook Account With 2-Factor Authentication

This Facecrooks article discusses a very important topic - "Securing your Facebook profile" - and gives step-by-step instructions for enabling two-factor authentication. The idea is to keep out anyone attempting to access your profile from a device Facebook doesn't recognize.

Astoundingly, two years ago at least  13 million U.S. Facebook users didn't use or weren't aware of the social network's privacy control settings. Based on various news reports covering Facebook privacy, it is anticipated that this number has not gotten smaller, but more likely has increased (perhaps by a significant amount now that there are more than a billion active mobile Facebook users).  

How many of these millions are within your employee, patient or customer communities? How does this impact you personally, or put your own information at risk? Remember, your privacy can be impacted simply by being associated with "friends" who don't activate their privacy control settings. 

Understanding how your stakeholders use Facebook and other social networks is a critical component to protecting yourself, your organization and the people it serves.   

Creepy Way Facebook Advertisers Use You!

How Facebook Is Using Your Photos in Ads?

Gmail isn't the only online platform guilty of repurposing your photos. Facebook and its advertisers, too, have become really good at using your image to inspire your friends' confidence in the products they are pushing.

A friend who recently experienced this said, "I did not realize that 'friending' [a company on Facebook] to get coupons probably means I've agreed to be used in their ads. Seeing a friend's picture [used this way] makes me suspicious my picture is doing the same thing on other people's Facebook pages."

What I find particularly interesting is the way Facebook explains away its practices with this statement, (which you can see for yourself if you follow the prevention steps below): "Everyone wants to know what their friends like. That's why we pair ads and friends."

Fortunately, there is a way to stop Facebook from using your profile picture in advertisements.

1) Go to "Privacy Settings"

2) Click on the "Ads" tab on the left hand side.

3) In the Third Party Sites section click on "Edit"

4) In the drop down menu, click "No one" and then "Save Changes"

5) In the Ads & Friends section click "Edit"

6) In the drop down menu, click "No one" and then "Save Changes"

NOTE: You cannot opt out of receiving Sponsored Stories, which are essentially another type of ad. If you like a story on a brand page or share that you engaged with a brand, that brand can pay Facebook to ensure that it shows up in yours and your friends' timeline feeds.

How Much Information You Are Leaving Online?

Do you ever feel like you're being followed?

Perhaps that's because you are. While it may not be the boogeyman who's hot on your trail, there are many groups of watchers who have made it their business to know as much about you as possible.

Each day, we are tracked by the 'smart' systems, mobile apps, personal communication devices and other surveillance platforms that have become commonplace in our daily lives. In an effort to educate more people about the data trails they are leaving behind (and the companies, data bureaus and marketers who are sniffing out that trail).

How comprehensive profiles Google is capable of building based on all the information we voluntarily share?

How valuable your online information is to burglars?

Notice all they can get off of *your* social network sites...and those of your friends, family and co-workers. Be aware of what you put out there!

For those of you in charge of or influencing your company privacy policies, consider how you are gathering and sharing your customers' data. Are you doing so in a manner that is transparent and compliant?

5 Quick Lessons on Privacy

Privacy Matters - How Easily Someone Could Hack Into Your Life?

Being diligent about your personal privacy is a learned behavior. Often the best way to practice is to take a closer look at the every-day activities in which you and your friends, colleagues and family members take part. 

Below are some quick-hit resources that serve as good reminders of the privacy threats we are exposed to each day.

• A Quick Guide to YouTube Privacy 
• The Financial Dangers of Retailer Prepaid Cards
• Why Your WiFi May Be On, Even When It's Off
• Ramifications of Hacking a Friend's Facebook Account (not that you would do that anyway, right?)
• Just How Hackable Your Life Really Is (infographic)

Sex Matters: Men & Women differ on data security

Surprise: Women are also more likely to take steps to control what's visible to strangers on social media although they take less security precautions online!

Two Microsoft studies have found that when it comes to technology, men and women may have different priorities when it comes to staying safe and secure.

The first study, which surveyed more than 10,000 mobile and desktop users worldwide, found that 35 percent of men kept their mobile devices protected behind a passcode and used secured wireless networks to go online.

Women, the study found, took those same security precautions at a slightly lower rate of 32 percent.

Following that trend, 32 percent of men kept the software on their mobile devices up-to-date, an important defense against malware attacks. Only 25 percent of women did.

The numbers seem to show that men take mobile security slightly more serious than their female counterparts, but also that both sexes adopt these common-sense security precautions at an abysmally low rate.

Jacqueline Beauchere, chief online safety officer at Microsoft, said in a statement. "We know from earlier research that men and women practice mobile safety very differently."

Despite their slight edge in security, men appear to fall victim to mobile-based attacks more frequently than women. They receive slightly more phishing emails, intrusive pop-ups and messages from impostors.

When it comes to defending their reputations, women tend to be more cautious than men about what they're willing to share online, the study found.

Women are also more likely to take steps to control what's visible to strangers on social media. The study also found that women are less cavalier than men when it comes to the content of their text messages.

A different Microsoft survey, this one conducted on Facebook, asked more than 800 people about their mobile pet peeves.

Many respondents cited loud talkers, constant phone checking and socially inappropriate use of mobile phones as among their top annoyances.

10 Great Online Privacy Guides

Best Practice Guidelines for Maintaining Your Privacy Online

I've stumbled across so many great privacy resources online lately, that I just can't keep them to myself. Here's a good collection for you to consider bookmarking.

1. Facebook Privacy Settings Guide   
2. 4 Tips to Keep Your Privacy on LinkedIn 
3. Security and Privacy Tips for Twitter Users 
4. 3 Tips to Keep Your Privacy on Twitter 
5. 3 Tips to Keep Your Privacy on Google+ 
6. Snap Chat Privacy Issues 
7. Help Avoid Instant Message Viruses 
8. Using Instant Messaging and Chat Rooms Safely 
9. A Renter's Guide to Privacy: Top 5 Privacy Tips for Renters 
10. 10 Online Privacy Tips for Librarians (that can be used by anyone)  

"Likes" provide an incredible amount of insight into our private lives

Your 'Likes' Lead to Snap Judgments, False Assumptions

Much of our online behavior leaves a trail. Sometimes we are aware of it; sometimes we aren't. "Liking" on Facebook (or "+1-ing" on Google+, and all the other clickable options allowing you to show your appreciation for posts) may be one such behavior done with reckless abandon. Often a user will "Like" something only because a friend asked him or her to. These users may not be aware of the picture those "Likes" can paint.

The Wall Street Journal has written a fantastic article that may change mindless "Liking" behavior somewhat. The article highlights a recent study that revealed our "Likes" provide an incredible amount of insight into our private lives. Individually, the "Likes" may not reveal much; but monitored and analyzed overtime, they can shed light on very personal, private details. One example:

The researchers found that "Likes" for Austin, Texas; "Big Momma" movies; and the statement "Relationships Should Be Between Two People Not the Whole Universe" were among a set of 10 choices that, combined, predicted drug use.

Whoa. How's that for crazy assumptions? Or scarier, how's that for accuracy? You can bet this research is only the beginning and that the algorithms these researchers used are soon to be commercialized and sold to any number of entities... with any number of intentions.

The takeaway for now? Watch what you "Like," and keep up-to-date on the privacy settings that can prevent others from tracking your online trail. 

TIP

If you use the Chrome browser, you can go "incognito" and hide many of your online activity trails  automatically collected. To do this, press <CTRL><SHIFT><N>. See this Google resource for more information.  

Beware of "Facebook Black"

"Facebook Black" malware spreading fast on Facebook

A new virus is hitting Facebook users with an Fake Facebook Black template which would allow the users to use an black template instead of the known white template.

The malware is spreading crazy on Facebook as it asks the users to click on a link that will install an application. This Black Facebook scam uses the trust of the Facebook users and then forwards the malware to their network and friends.

So please be warned do not click on the Facebook black template.

Revoke access

This malware uses an Facebook API to gain information. If you wish to revoke the access of the Facebook Black template virus then you have to do the following:

• Navigate to the following url: http://www.facebook.com/settings?tab=applications
• Search for the Facebook Black malware and delete it.

Sex Tape Scam Featuring Rihanna and `His’ Boyfriend Hits Facebook

Popular celebrities used by cyber-criminals for hoaxes and fraud

BEWARE! Facebook users are being hit by yet another alleged sex tape featuring Rihanna, one of the most popular celebrities used by cyber-criminals for hoaxes and fraud on the social network.

This time, the scam alleges the American singer was caught with `his boyfriend’ [sic] during sexy times.

Check out how the #scam works and how to protect your Facebook account here: http://bit.ly/Rihanna_Sex_Tape_Scam

How Facebook Got Hacked?

Zero-Day Exploit Bypassed Java Protections to Install Malware

Even the most savvy information technologists aren't immune from cyber-attacks. Just ask Facebook. The social-media titan says it fell victim to a sophisticated attack discovered in January in which an exploit allowed malware to be installed on employees' laptops.

In a blog posted by Facebook Security on Feb. 15, the company said it found no evidence that Facebook user data was compromised.

Here's what happened at Facebook, according to its blog:

Several Facebook employees visited a mobile developer website that was compromised.

The compromised website hosted an exploit that then allowed malware to be installed on these employees' laptops. "The laptops were fully-patched and running up-to-date anti-virus software," the blog says.

"As soon as we discovered the presence of the malware, we remediated all infected machines, informed law enforcement and began a significant investigation that continues to this day." Facebook Security flagged a suspicious domain in its corporate DNS (Domain Name Servers) logs and tracked it back to an employee laptop.

The security team conducted a forensic examination of that laptop and identified a malicious file, and then searched company-wide and flagged several other compromised employee laptops.

The social-media company says it is working with law enforcement and the other organizations affected by this attack. "It is in everyone's interests for our industry to work together to prevent attacks such as these in the future," Facebook says.

The Facebook attack is reminiscent of the 2011 breach at security provider RSA, when a well-crafted e-mail tricked an RSA employee to retrieve from a junk-mail folder and open a message containing a virus that led to a sophisticated attack on the company's information systems

How To Control "Tagging" on Facebook?

Tame the "Tagging"

Being "tagged" on Facebook means another user has added content and publically associated you with that content. A friend may post a picture of you at the beach. By tagging you, that photo will show up on your profile (if your settings allow).

There is a setting in Facebook that allows users to approve any tags before they are posted to their timeline. This blog post on Business2Community does a great job of showing readers exactly how to set Facebook to alert them to requests for tags.

This isn't just a good way to easily give friends permission to tag you; it's an excellent way to keep track of the content in which you've been tagged. Who needs to have someone else associate them with things to which they have no legitimate connection?

The post goes on to explain the difference between Facebook Profiles (now known as "Timelines") and Facebook Pages. There are some unique features about Pages that make these tags post differently, so if you manage a Product, Brand or Person Facebook Page, this will be an especially good article for you. 

For more emerging tagging concerns, see: 

• Tags becoming easier to find
• Disabling tag suggestions
• Difficulty in removing damaging content

US FFIEC: Proposed Guidance on Social Media

Regulators Address Emerging Social Media Risks to Banking Institutions

The US Federal Financial Institutions Examination Council has issued proposed risk management guidance for the use of social media.

"Social Media: Consumer Compliance Risk Management Guidance," was posted on the Federal Register Jan. 23. It provides an overview of the impact social media sites have on compliance with consumer protection and other applicable laws, especially when interactions between institutions and consumers take place on social media sites such as Facebook and Twitter.

Employees could be using social media from different devices or from home at night. If their accounts are taken over, then a criminal could be posting on that site, giving advice to steer customers to do something they shouldn't, or posting a link that leads them to a malicious site.

There certainly are a lot risks banks need to think about when they start to use social media. The proposed guidance is really about risk assessment. The guidance is intended to help financial institutions understand potential consumer compliance, legal, reputation and operational risks associated with the use of social media, along with expectations for managing those risks.

Although the guidance does not impose additional obligations on financial institutions, the FFIEC expects financial institutions to take steps to manage potential risks associated with social media, as they would with any new process or product channel.

The FFIEC will accept comments on the proposed guidance through March 25. It will publish a final version once it reviews comments received.

Term Of The Month: "Geotagging"

Commonly used via social media applications such as Twitter, Facebook etc.

Geotagging, in general, means geographical identification has been added to various media you may have created, such as a geotagged photographs, videos, websites, SMS messages, QR Codes, or RSS feeds, just to name a few.  

Look at a recent Facebook post you made. Was your location included with it, such as shown in this example?

That is one type of geotagging.

Simply by posting a photo of a meal you have just been served or the great trick your kid performed on the playground, you are potentially broadcasting your whereabouts.

This can be very dangerous if you think someone is stalking you, so consider disabling your smartphone's and/or mobile device's GPS embedding feature.

More Privacy Changes from Facebook

Mark Zuckerberg's Sister Complains Of Facebook Privacy Breach

In November, Facebook made changes, including several improvements, to its privacy policies. At the same time, those changes allowed everyone who has a Facebook account to become searchable. Whereas users were once able to block certain people from finding them on the social network, that functionality has now been removed.

This has implications for victims of stalkers, violent ex's, or really anyone others are trying to track down. By finding a person in a search, there are ways to then get more information about them through unsecured or unblocked information posted on their Facebook friends' timelines.

The recent changes had some unintended consequences that ultimately resulted in a private photo of no-other-than Mark Zuckerberg going viral.

This is a good example of how you should expect ANYTHING you post online could be seen by the world, even if you think you have privacy settings set correctly.

You can still block certain users from seeing some of your content. However, you will be findable as a Facebook user. Be aware of this, particularly if you have certain people interested in locating you, learning of your connections, your whereabouts or your appearance.

Careful with your Instagrams

Did Instagram ever find itself in hot water just before the holidays!

When the popular photo sharing social network updated its policies on sharing users' images, the backlash was immediate. 

For any Tips readers using Instagram (which is now owned by Facebook), please be aware of the upcoming changes, taking effect January 16.

You will not be able to opt-out. Be sure to read the new Terms of Use; if you don't like them, you may want to delete all your Instagram accounts and content before Jan 16.

In response to the severe negative reaction, Instagram has apologized, saying the misunderstanding is due to what it calls "confusing" language in the Terms of Use statement.

They have promised to revise it and said "it is not our intention to sell your photos." Yet it remains unclear exactly how much access will be given to user content... and to whom.

Stay tuned, as I will be watching the new Terms of Use language closely and will plan to report on it here in the Tips message.

BeAware of Facebook Scams

Scammers are targeting Facebook users

There is a new phishing scheme targeting Facebook users. Falsely notifying the user of a blocked account via email, the scam attempts to get victims clicking - leading them straight to a malicious website that will steal their information. 

See below for example this current social engineering attempt.

If you get an email like this, simple delete and never click anything! Optionally, before deleting you can forward the email to the Facebook security team so they can fight against such scams.

Techniques to Protect Yourself on Social Networks

Security tips from ISACA Journal

Vigilance continues to spearhead the security and, thus, the privacy of the information. It can be broken down into a few techniques that are simple but could make all the difference:

Choice of “friends” and contacts—Users should be extremely careful in their choice of friends on these networks. It is common practice to accept contact from friends of friends who are frequently complete strangers. This can lead to one’s private life being exposed to potentially harmful individuals.

Restricting private content to close friends and family only—Social networking sites are increasingly allowing their users to configure restrictions on access to their information. It is, therefore, important to use these restrictions and to ensure that they are properly configured, given that our information is public by default.

Careful choice of information to be broadcast—The key to the protection of privacy is, in fact, what information one broadcasts. Name, surname, date of birth, place of birth, photos, videos, comments and opinions should be carefully screened prior to being posted. Keep in mind that information posted on a network may one day be used against its author.

Awareness—Every sector of the population should be made aware of the need to protect themselves against the risk that the use of social networks may entail. In the business world, this awareness must form part of the IT security program.

Finally, social networks are a great way to express oneself and share with others. They help users lift the barriers of space and time and communicate with the world. However, there is another side associated with the proven dangers of user privacy violation.

These dangers are even more of a threat now thanks to the increasingly widespread trend of registering on several sites using a single user account. In response to this situation, each Internet user must remain vigilant and governments must put more pressure on the operators of these sites to safeguard the security of Internet users.

Read Guy-Hermann Ngambeket Ndiandukue’s full article, “Social Networks and Privacy—Threats and Protection,” in the current issue of the ISACA Journal, in which you will also find additional coverage of timely and relevant issues affecting the ISACA professional communities.

Don't post risqué photos online

Hackers Have Home-Field Advantage

Many of you reading that warning may be thinking "No kidding." But, you'd be surprised how many seemingly self-aware, intelligent, should-know-better adults continue to participate in this risky behavior. 

Even if you believe you are posting photos in a private or password-protected location, keep this in mind: If it's on the Internet, it's vulnerable. Hackers have been at this for years and know exactly how to get into "protected sites" to gain access to your information. Plus, the people to whom you've given access to your spicy photos can also copy and post them elsewhere for the world to see and to your embarrassment.

This is particularly evident with the emergence of a recent hacker trend called "fusking." Fuskers hack their way into secure sites with the sole intention of finding nude and other compromising images. And doing unthinkable and unsavory things with them.

Keep in mind the young people in your life may lack the common sense or the perspective necessary to understand just how vulnerable images like these can be, nor what kind of an impact their publication could have on their lives. Frequent reminders and modeling appropriate online behavior are the best ways to prevent your children and others from a potentially life-changing bad move online.