Month: May 2018

What is this GDPR Thing and Why Should I Care?

by at

You may have seen a flood of updated privacy policies from your online service providers flooding your in-box over the past couple months. These are the direct result of new data privacy laws, the General Data Protection Regulation (GDPR) taking  effect across the European Union (EU) today. These laws provide consumers with more control over their personal data.

What Is It?

GDPR was ratified in April 2016 and establishes a single set of personal data protection rules across Europe.  Companies and online service providers outside the EU are subject to this regulation when they collect data concerning any EU citizen. Personal data is defined as any information relating to a person who can be identified directly or indirectly including information that can be linked back to an individual. There is no distinction between personal data about an individual in their private, public or work lives.

Companies will be required to implement appropriate technical and organizational measures in how they handle and process personal data. Data protection safeguards must be appropriate to the degree of risk associated with the data being collected and held. If there is a data beach and any of the laws were not properly applied fines could be as high as 20 million Euro or 4% of annual revenue, whichever amount is higher.

Since US companies with EU citizens as customers must follow DGPR laws US citizens may benefit from the laws.

Why Should I Care?

The theft or accidental disclosure of an individual’s data by an online service provide exposes that individual to any number of potential issues. The intent of the law is to provide individuals with more control over which data on them is being collected and places significant restrictions on how companies manage data to reduce of eliminate that exposure.

Under GDPR companies obtaining data from individuals must detail the purpose of data and how it will be used, if the data will be transferred internationally , how long it will stored. Individuals retain the right to access, lodge a complaint, or withdraw consent at any time. They also have the right to be forgotten. The data must be erased if it is no longer needed for the reason it was collected.

If any company experiences a data breach, they must notify the individuals whose data was stolen must be informed with 72 hours. This is in contrast to many more recent security breaches which come out in the news months later.

Another part of the regulation requires that consent for the company to collect data must be given by the individual by a clear affirmative action. This consent does not need to be explicitly given and can be implied by the person’s relationship with the company. Any data being collected and retained must be for specific, explicit and legitimate purposes.

Resources

Russell and Fuller. GDPR For Dummies. 2017. Wiley & Sons.

 

Want to Delete Your Facebook Account? Not So Fast ….

by at

Many people that decided to quit Facebook after the revelations over the data sharing practices of some of their partners. What some have learned when trying to delete their account is that it is not as simple as hitting the delete button.

To permanently delete Facebook account:

  1.  Select Quick Help in the top-right corner, then Search.
  2.  In the Search field enter delete account.
  3. Select How do I permanently delete my account? from the search results.
  4. You will be given you instructions to “log into your account and let us know.” Select the let us know link.
  5. Then follow the steps: Enter your password and solve the security captcha.

The thing to remember is one just  makes a request to delete an account.  Facebook delays the process and will automatically cancel a request if the account is log into during that time period.  Make sure to delete the app from all devices since if one of them access an account will cancel the request.

Deactivation

The alternative to deleting an account is to deactivate it. After one deactivates their account everything goes back to normal the next log in, as if nothing has happened. Deactivating is not the same as deleting. Deactivating one’s Facebook account simply hides information from searches and Facebook friends. Although nothing is visible, the account remains intact on Facebook’s servers.

  1. Go to settings and click General.
  2. Select Manage your Account.
  3. Select Deactivate your Account and type in your password.
  4. You will be shown  photos of “friends” you’ll miss (“Eric will miss you”) followed by a survey to detail reasons for leaving.
  5. After all that, select Deactivate.

 

Resources:

https://www.wired.com/story/how-to-delete-your-facebook-instagram-twitter-snapchat/?mbid=social_twitter&mbid=social_twitter

Email: The Cybercrime Gateway

by at

Billions of email messages are sent each day.  The ease of use, speed of transmission, and relative anonymity of email has made it a tool for cyber criminals. One survey indicates that 91% of all cyber crime starts with an email.

Using email to commit cybercrime is almost as old as email itself. While there are many ways email can be expoited, here are the more common ones:

Phishing

The term Phishing is a generic term used to describe the very broad category of email techniques used by cybercriminals. Future posts will go to Phishing techniques in greater detail.

Scamming

Based on the centuries old Spanish Prisoner, the infamous Nigerian 419  email scam of the 1990’s is still alive and well in one form or another and is a classic phishing scam. It involves promising the potential victim share of a large sum of money, in return for an up-front payment. If someone actually makes the payment, the scammer either invents a series of further fees for the victim to pay or simply disappears.

Spoofing

A spoofed email is one that appears to originate from one source but is actually sent by another. Like Neighbor Spoofing, falsifying the name and / or email address of someone the receiver is likely to know increases the odds the person will respond or take requested action (check out funny joke in the attachment!) It is actually not too difficult to spoof an email adddress using relatively simple tools.

Spreading Trojans, Viruses and Worms

Emails are perhaps the fastest and easiest way to spread malicious code. For example, the Love Bug reached millions of computers within 36 hours back in 2000,  all thanks to email. Cybercriminals will bind the malicious code in e-greeting cards, fake virus patches, et and email them in messages which are written in a way to make the reader feel like immediate action is required.

Attachments

Attachments are a very common way to spread malicious code. The rule of thumb is to open only those attachments that you are expecting – even if coming from someone you know (remember: email address spoofing!). File names can been spoofed as well so that an attached file that is actually a computer program can look as though it is a simple word processing file. If you are unsure, contact the person and ask if they sent it.

Links

Don’t immediately click on the link(s) in emails. Keep in mind email spoofing since a message may look like it is coming from someone you know! Hover your curser over any links to double check if the destination URL is what it’s claiming to be. To be extra careful, type out URLs manually instead of clicking links.