Data Privacy Day is January 28, 2013

Data Privacy Day is an effort to empower people to protect their privacy and control their digital footprint and escalate the protection of privacy and data as everyone’s priority.

Data Privacy Day began in the United States and Canada in January 2008, as an extension of the Data Protection Day celebration in Europe. The Day commemorates the 1981 signing of Convention 108, the first legally binding international treaty dealing with privacy and data protection. Data Privacy Day is a celebration for everyone and held on January 28th every year.

In our online world, data is free flowing.  All of us – from home computer users to the largest corporations – need to be aware of the personal and private data others have entrusted to us and remain vigilant and proactive about protecting it.

Being a good digital citizen means being a good steward of data. Data Privacy Day is an effort to empower people to protect their privacy and control their digital footprint and escalate the protection of privacy and data as everyone’s priority.

Data Privacy Resources:

• Privacy Considerations When Posting Content Online, NNEDV
• Who’s Spying on Your Computer? Spyware, Surveillance and Safety for Survivors, NNEDV
• Tech Savvy Teens: Choosing Who Gets to See Your Info, NNEDV

Privacy and Dometic Violence

Survivors and victims of domestic violence need to safeguard the privacy of their personal information. And now, with the ease of access to personal, revealing details on the Internet, it’s more important than ever that these individuals take steps to control the spread of their information online.

Data Privacy Day provides this page dedicated to privacy and domestic violence.  Data Privacy Day has joined with Reputation.com to make available to victims and survivors of domestic violence the opportunity to safeguard privacy online and remove personal data from the Internet.  On this page, you can review information about domestic violence, resources for victims and survivors of domestic violence pertaining to protecting privacy online, and a special invitation from Reputation.com to use MyPrivacy, a service that will help you secure your privacy.

What is Domestic Violence?

• NNEDV answers Frequently Asked Questions About Domestic Violence
• Sexual Violence, Stalking and Intimate Partner Violence Widespread in the US, CDC, Dec. 14, 2011

Why do victims and survivors need to protect their privacy?

Domestic Violence Privacy Education and Resources from the National Network to End Domestic Violence (NNEDV):

• Privacy Considerations When Posting Content Online, NNEDV
• A High Tech Twist on Abuse: Technology, Intimate Partner Stalking and Abuse by Cindy Southworth, Shawndell Dawson, Cynthia Fraser and Sarah Tucker
• Who’s Spying on Your Computer? Spyware, Surveillance and Safety for Survivors, NNEDV
• Tech Savvy Teens: Choosing Who Gets to See Your Info, NNEDV

Visit NNEDV’s Resources and Publications page for many more helpful and informative materials.

During this Holiday season it is the busiest time for Cyber Criminals pushing Malware, Phishing and spam.  Be careful of online offers that sound to good to be true.  If it sounds to good to be true it may be a scam or phishing attack to steal your personal information.  When it comes to avoiding malware, spam and Phishing attacks, there are a few tips to help you to be safe and smart online:

1.      Tune up your defenses.

Before you shop online, make sure you have your systems security (firewall, anti-virus and anti-spyware) installed and updated with the most current updates.  Also, keep your operating system and web browser up-to-date with the latest versions and updates.

2.    Check sellers out.

Conduct independent research before you buy online from a seller you have never done business with. Some attackers try to trick you by creating malicious Web sites that appear legitimate, so you should verify the site before supplying any information. Locate and note phone numbers and physical addresses of vendors in case there is a problem with your transaction or your bill. Search for merchant reviews.  Never, ever give out personal or credit card information on web sites you are not sure of.  Think before you “Click”

3.   Make sure the site is legitimate. 

Before you enter your personal and financial information to make an online transaction, look for signs that the site is secure. This includes a closed padlock on your Web browser?s address bar or a URL address that begins with shttp or https.  This indicates that the purchase site is encrypted or secured.  Never use unsecured wireless networks like the ones in hotels, airports, cyber cafes, etc. to make an online purchase.  Think before you “Click”. 

4.   Use Good Passwords.

Don?t use the same passwords for email, social networking and online accounts.    Use special Passwords for Online banking and other financial transactions.  Never, ever give out your ID and Password to anyone.  Create passwords that are at least 8 Characters long (the longer the better) that are made up of Upper and lower characters, numbers and special characters.  Don’t  use any dictionary words for passwords.  Finally change your password at a minimum every 180 days.

At the presentation given by IBM’s Ed Potter, he talked about Cloud Computing and protecting your self in the Cloud.  So what is Cloud Computing and how do you Protect yourself in the Cloud?

Well “Cloud Computing” is all about delivering computing resources (hardware and software) to you as a service.  You can have your own Cloud on Site or you can contract with and outside Company to deliver the services to you.   If you offer Cloud Services from your on Private Data Center then that is called Private Cloud.   If on the other Hand you contract out to an outside company for services then that is Called Public Cloud.  The combination of some services offering from your private Data center and some service offerings from an outside company is called Private/Public or Hybrid Cloud.

Some of the types of Service Offerings that can be offered to customers using the Cloud are as follows:

SaaS   – Software as a Service

Paas   -  Platform as a Service

STaas  -  Storage as a Service

IaaS   -   Infrastructure as a Service

Daas  -   Data as a Service

The end users are basically renting application software, database, file storage, etc. and the Cloud Provider manages the hardware infrastructure and storage on which the applications are running.  The users in most cases access the applications through a Web Browser or a Light Weight Virtual Desktop Interface (VDI).

The entire Business Model of Cloud Computing is based on reducing cost by sharing resources and delivering the necessary services like a utility company delivers electricity to the home.  You Pay for what you need without paying and maintaining for things you don?t need.

Cloud Storage is a service provider offering DaaS -  Data as a Service to you.  You access your files from a Web Browser and move the files from the Cloud via the Internet.   Current popular Cloud Storage providers are:

Microsoft SkyDrive -  7GB freecloud  storage and integrated with Outlook.com users

Google Drive  -  5GB free cloud storage and integrated with Google Users

iCloud  -  5GB free cloud storage and integrated with Apple iPod, iPhone, iPad, etc. users

Dropbox  -  2GB fee cloud storage and integrated with the MS Windows desktop

Protect your Personal Identifiable Information (PII) and don’t post this or any sensitive information in these Cloud service environments.  They are great for pictures and normal documents but I would not store anything that could be use by the cyber criminals to steal my identity.

In the last few days we have had two great presentations for our National Cyber Security Awareness Month here at FAU. 

At the first presentation Dan Matthews of DELL/SecureWorks talked about mobile devices and the need to ensure that we treat them just like our desktops. Dan explained that we need to lock the devices with a security code as a first line of defense. He warned against “jail breaking” our mobile devices.  Jail breaking is when you circumvent the manufacturer?s setup and operating system (OS) and basically do your own thing with the security of the device and its OS.

Dan said a common way mobile devices get infected is from the download of applications from the different App stores.  You can easily install an infected application without knowing it. Google Store is notorious. You download an app that is OK at first but the hackers subsequently update the app with a malicious update that will install malware on your mobile device. Dan’s final comments directed us not to be the “low hanging fruit” for the cyber criminals.  He advised us to do the following:

• Avoid the temptation to be “lured” by links
• Password protect our mobile devices
• Patch OS/applications on our devices to reduce vulnerability
• Enable encryption when possible to slow down the cyber thieves
• Stick with the conventional Apps Market places
• Pay attention to what you install
• Reduce app clutter; if you don?t use it delete it
  

Bob Demmery of Sprint focused on the need for us to turn off the different radios that are in our mobile devices. He showed a video that demonstrated how hackers can control and listen in on your device even when it is not turned on. He said in a lot of cases you should remove the battery from your phone.  If you want to check to see if someone is listening in on your phone check your bill to see if any three-way calls are listed.

Bob explained that we could easily be hacked by cyber criminals using our Bluetooth, WI-FI or RFC radios in the newer mobile devices. He mentioned anti-malware programs for mobile devices that we should consider using to reduce vulnerability. Bob uses an anti-malware app detection called “Lookout Mobile” on his devices.  Some other Apps mentioned in the presentation were:

• AVG
• Lookout Mobile
• Smrtguard
• Norton
• Droid Security
• Cellguard
• Antispy 

Bob also stressed that we should be very careful of the apps that we download from the iTunes and Google app stores for our mobile and tablet devices.  We must keep up with our updates on our devices because zero-day exploits are being released to attack faster than the vendors can send out updates for them.

“Be Cyber Wiser” and keep your mobile device apps and their OS updated!

For more information please go to our security web site at www.fau.edu/security or contact Larry Thomas, lthomas@fau.edu, 561-297-3259

What antivirus software do you use?  Regardless whether you use a Mac or a PC, make sure you have antivirus protection on your systems and make sure you keep it updated. Without the appropriate security patches applied, your systems and your applications are vulnerable to attacks or malware exploits. Make it a practice to update your software regularly, on a certain day and at a certain time. My software is set to auto update daily, at 3:00 a.m.  I also do a full security scan of my Microsoft Windows 7 system every Sunday morning starting at 1:00 a.m.

So you may ask, what antivirus software do I use on my personal system? I use Microsoft Security Essentials on all my home systems. MS Security Essentials is a free product and it works well for me. It is the same product as the Microsoft Forefront security product that we use at FAU minus the extra bells and whistles for centralized management and management console features.

And what about you?  What do you use as an antivirus product and how often do you keep it updated?  There are lots of great products out there. The top-rated “Pay for” security and antivirus products for 2011 were Symantec, McAfee, Sophos, Trend Micro, and Kaspersky Labs. If you do decide to buy an antivirus product, just be sure you keep it updated.

Finally, make sure you keep your web browsers and plugins up to date with the latest versions and security patches.  Be cyber wiser! Keep your Antivirus software updated and patched, and set to auto update.  For more information please go to our security web site at www.fau.edu/security or contact Larry Thomas, lthomas@fau.edu, 561-297-3259