Tag Archives: Privacy

AVG

Ashley Madison hack – the importance of securing your personal data

Leave a comment

I have just read the informative blog written by my colleague Michael McKinnon, detailing the extent of the data breach that AshleyMadison.com suffered earlier this month.

As with all data breaches, the first thing people ask themselves is, “does it affect me and what precautions can I take?”  When a large amount of data is stolen that includes personal details such as credit card numbers and date of birth, you can take measures now to minimize the risk of your data being misused in the future.

What can we do to protect ourselves after a data breach?

  • Ensure your online accounts are not using the email address and a password that could be guessed from personal information, if you are then change the password.
  • Keep a close watch on your credit reports. This will help you identify if someone is using your identity to take a line of credit in your name. Most credit scoring agencies allow you to run a report for free at least once.
  • Spammers may send emails that look like they are coming from valid sources. Make sure to carefully scrutinize these emails – don’t click on links that look suspicious – and if in doubt contact the sending organization directly to ensure it’s an official communication.
  • Avoid using the same email address or profile name across multiple online accounts. For example, have a primary email address used for recovery of forgotten passwords and account information. Have a secondary email address for offline and online retail transactions. Have a third for financial accounts and sensitive information.
  • Set privacy settings.  Lock down access to your personal data on social media sites, these are commonly used by cybercriminals to socially engineer passwords. Try AVG PrivacyFix, it’s a great tool that will assist you with this.
  • Check electronic statements and correspondence.  Receipts for transactions that you don’t recognize could show up in your mail.
  • Use strong passwords and two-factor authentication: See my previous blog post on how to create complex passwords that are easy to remember.
  • Have updated security software.  Updated antivirus software will block access to many phishing sites that ask for your personal data.

Lastly, you may want to consider enlisting an identity monitoring service.  Commercial companies that have been breached often offer this reactively to the victims but understanding where or if your identity is being abused in real-time will give you the ability to manage issues as they happen.

Follow me on Twitter @TonyatAVG

AVG

Ashley Madison Hack – what has been leaked?

Leave a comment

As with all privacy breaches there are multiple victims here. The customers whose personal data has been leaked, as well as the company trusted to keep it secure; a trust that may never be regained.

However, what makes this case highly significant is the collateral damage that will likely spread beyond just the direct privacy breach.  Family ‘secrets’ are revealed and victims are ‘ousted’ – seemingly at the hands of anonymous hackers with a point to prove.

Another oddity in this case is that AshleyMadison.com charges only men for their subscriptions and message credits, while female users are able to use the site free of charge.  This has resulted in the victims consisting mostly of men, connected by way of their credit card transaction histories, causing an asymmetry rarely seen in data breaches made public.

While the hackers have released the data in what could best be described as a harsh and judgmental way, they do offer some clues about how trustworthy the data may or may not be, “Find someone you know in here? Keep in mind the site is a scam with thousands of fake female profiles.”

On that note, remember that the information obtained and released by hackers in data breaches by their very definition is never verified by the companies who are breached, and so this brings into question the integrity of all the data, regardless of how authentic it might seem.  For example, there may be deliberately false information inserted by the hackers designed to damage reputations or serve another agenda.

Accordingly, as already reported the hackers also provided this disclaimer of sorts, “Chances are your man signed up on the world’s biggest affair site, but never had one.”  In short, make sure you have all the facts before a potentially dangerous and damaging real-life Internet hoax unfolds in your own backyard.

Here’s a summary of the exact data that was breached:

  • Full names and addresses
  • Birthdates
  • Email addresses
  • Credit card transactions
  • GPS Coordinates
  • User Names & Passwords
  • Sexual Preference
  • Height, Weight, physical characteristics
  • Smoking and drinking habits

Lastly, while it may be easy to fall into the trap of victim-blaming and judging based on your own set of moral or ethical standards in this case – as social media opinions begin to rush forth in the coming days and beyond, it’s important to keep sight of the broader picture of what is transpiring.

Today’s breach may well affect nearly 30 million victims, and maybe you don’t know any of them… this time.  Next time, in another context, it could be you.

In the meantime, let’s hope that the active investigation into the perpetrators behind this hack are brought to justice, because as the statement from Avid Life Media rightly asserts, this is an act of criminality.

Until next time, stay safe out there.

Avast

Understanding tech companies’ privacy policies and their effect on users

Leave a comment

Tech companies’ privacy policies have the ability to help or hinder users.

When was the last time you sat down and read through the entirety of a tech company’s privacy policy, even if you visit the site every day?

In an article recently published by TIME in collaboration with the Center for Plain Language, a selection of the world’s leading and regularly visited tech websites were ranked in a list in relation to their privacy policies. In short, they rated the companies based on the manner in which they communicated with the public while walking them through their privacy policies. In this case, it wasn’t the actual data that these companies collect from current and potential new users that was being analyzed. Instead, this study looked at the way in which that information is brought to the attention of these users.

When picking apart a company’s policy, it’s important to think about how users can actually benefit from taking the time to read it. While that may sound obvious, we’ve all come across our fair share of unfortunate company pages (such as T&Cs, FAQs, or even About Us sections) that add up to a bunch of unintelligible language that we ultimately digest as gibberish. Regarding the level of clarity in a company’s policy, TIME writes:

Does the policy, for instance, make it easy for people to limit the ways in which the company collects their personal information? Or are instructions about opting out obscured in the policy’s hinterlands with no hyperlinks?

In addition to Google, within the list are three social media platforms that many of us use on a regular (if not daily) basis: Facebook, LinkedIn and Twitter. When taking a closer look at these four websites’ policies, it becomes clear that they approach the issue of individuals’ privacy and personal information in very different ways:

1. Google: Unsurprisingly, Google does a great job of spelling out their policies using language that users can easily understand – hence, it came in first place in this study. The Center for Plain Language concluded that by reading through Google’s privacy policy, users’ trust in the company can actually increase. Impressive, considering that most people’s trust in Google is already considerably high to begin with.

2. Facebook: While certain policies simply acknowledge that they store and analyze user information, Facebook’s “What kinds of information” section takes it a step further, breaking down each kind of interaction users have while using the site and clearly explaining which information is collected and stored while those interactions are being executed.

Photo via TIME

3. LinkedIn: Coming in at number three on the Center’s list, LinkedIn is an example of a company with a privacy policy that is mediocre in its clarity and messaging. However, LinkedIn does claim to have crafted “the policy to be as clear and straightforward as possible”, so the company’s third place rating could be a bit of subjective judgement call.

Photo via TIME

4. Twitter: Jump down to the second to last place on the list, and that’s where you’ll find Twitter. In a series of long and hard-to-read paragraphs, users are left wondering what it was that they just read when trying to pick apart Twitter’s privacy policy. This social media channel is a good example of what not to write when attempting to be transparent with audience members.

This study goes to show that it’s not only privacy policies that are crucial – it’s also important to pay attention to the way in which these policies are written and shared with users. Users should always be able to feel that they understand how and why their personal information is stored, analyzed, and/or shared on websites that they frequently use. Read the full report from the Center for Plain Language for a complete privacy policy analysis.

Follow Avast on FacebookTwitterYouTube, and Google+ where we keep you updated on cybersecurity news every day.

Security

Twitter Adds Email Privacy Data to Transparency Report

Leave a comment

The number of information requests Twitter is receiving from the United States government is increasing steadily, having risen roughly 50 percent in the first six months of this year compared to the last six months of 2014. In its latest transparency report, Twitter said that it received 2,436 information requests from the U.S. government from […]

AVG

Parents, have you signed a school digital policy?

Leave a comment

When your child starts school in the next few weeks, they may be taking a laptop, tablet or phone to school so that they can access work and content to assist with their education. As parents, we assume that our kids will behave responsibly and obey school rules for online activity.

Most parents have had to sign a school digital policy, detailing exactly what “acceptable behavior” looks like, but how many of us really read the ‘acceptable usage policy’ before we signed it?

I recently had a conversation like this with a colleague here at AVG. They stated that they had signed no such policy and had no clue what I was talking about. Sure enough, a few days later they confirmed that they had signed it and did not read or know it even existed. We assume that all the signatures are for things we fully understand; after all, we went to school, how different can it be?

 

Check the school policy

Take a look at the policy from Virginia Minnesota Public Schools, in section XI – C, it states ’must be read and signed by the user, the parent or guardian, and the supervising teacher’. I bet the majority of parents signing this never read it and probably don’t even remember signing it.

It’s important that when we send our kids to school with gadgets, that we respect the school rules on devices and usage. My own son went to a school in the Bay Area that even stipulated a minimum specification for the machine, processor, memory etc.

 

Purchasing a device

As a basic principal, I think its accepted that laptops are productivity devices and tablets are content consumption devices. This is of course changing, as more tablets appear with keyboards and are becoming a hybrid of the two.

When we purchased my son’s laptop, I made sure it was robust ( in fact it has a metal case rather than plastic!) and on advice of the AVG IT department I purchased accidental breakage insurance for the laptop. Sure enough, they were right and we are already on the second one!

The school my son attends has strict rules on laptop use. A teacher needs to give permission for devices to be used in a classroom and there are penalties for use without permission. I like this structure. I watch my son doing homework and gone are the days when the homework needs to be carried back to school. Electronic delivery straight back to the teacher and a log system that shows submission dates and overdue work makes school life very different from my school days.

 

If in doubt, check

What I am keen to learn about is how school policies stand up to wearable devices. For example, take a smartwatch that allows texting, reading emails and some basic app functionality. Can a child wear this in class and look at their watch during a lesson? I think this makes policing device use challenging for educators as technology moves to devices that are less obvious and wearable by the user.

Be sure that when running to the shop to get your kids new devices this summer that you connect with the school and ensure what you are buying fits with both their recommendation and also that you understand the usage policy and can re-enforce this with your kids.