privacy settings checkup uthsc it security team. what portable computers do you own? macbook pc...
TRANSCRIPT
Privacy Settings CheckupUTHSC IT SECURITY TEAM
What portable computers do you own?
• MacBook
• PC Laptop
• ChromeBook
Which Smartphone/Tablets do you own?
• iPhone
• iPad
• Android Phone
• Android Tablet
• Windows Tablet
• Kindle (Fire) Tablet
UTHSC
Which online applications do you log into?• Facebook
• YikYak
• Tumblr
• Dating Sites
• SnapChat
• Youtube
When was the last you checked you privacy settings on both your device(s) and online application(s)???
Website Privacy
• In the 90's website were little more than digital brochures and “interactivity” meant signing up to receive a monthly e-newsletter.
• Modern websites have evolved into complex and powerful information platforms – collecting, processing and sharing data at blinding speeds on massive scales.
• When we share personal data with these online platforms it is often passed on to numerous third parties, such as advertisers, vendors, and partners. • Protecting privacy in this spider web of data flows is no easy task: it's easy to see how
personal information can be compromised, either accidentally or intentionally.
• Fortunately, many websites, from social networks to eCommerce website, provide Internet with privacy enhancing options:
Privacy Controls• While websites today share more information, they also provide their users with great specificity and
control over these sharing activities.
• On many websites you'll find that you can define your audience when you share personal information or content, whether it's an audience of one or the entire public.
• YouTube, for example, allows users to upload “Private” videos visible only to people whom the author specifically authorizes via email or make videos available to their millions of monthly visitors (learn more on YouTube Private videos here).
• Facebook also offers the same selective sharing ability to its more than 400 million users. • A Facebook user can, for example, choose to make a photo album visible only to their immediate family (learn more
about Facebook's privacy options here).These are just two examples of privacy controls available on modern websites. • You can often find privacy controls on a site by navigating to a control panel or settings menu. Sometimes, websites
will draw attention to privacy controls while in other cases they will group them under broader categories like “Account Settings”.
• Privacy controls may also be offered during the sign-up process for a new online service or account. To best protect your privacy you should explore and understand privacy controls available to you on a given website/platform before you share personal information on or with the site.
Privacy Policies• Privacy policies communicate a site's privacy practices to its visitors.
These policies can be lengthy documents, filled with language only readily comprehensible to lawyers.
• Given an increasing focus on privacy, however, major sites are experimenting with way to make privacy notices more consumer friendly and actionable.
• Taking the time to read a privacy policy in part or in whole to understanding the data relationships that exist on the site will help you make informed decisions when using available privacy controls on a site.
The public/private distinction• For a number of websites today making information public and open is the name of the
game. It's important to understand when signing-up for a new online service or account what model the site defaults to and how its users share information on the site.
• Twitter, for example, is an example of an online service where the default is public: unless you specifically opt-in to private mode your messages exchanged using Twitter are available to the general public.
• Some websites straddle the line between public and private, while some websites that have been traditionally private are moving toward a more public model. When signing up for a new online service or account take the time to understand the information sharing defaults on the service and the site's general information model: are they trying to keep information private are they pushing to make it public and interconnected with the greater Web?
• Blindly signing up for an online account or service understanding and appreciating the site's public/private model can lead to privacy disasters.
Email Privacy
• Email has remained largely unchanged in the last decade. Methods of exploiting email, however, have evolved significantly and protecting personal information in email environments has become more challenging.
• In the past decade hacking has become more effective and phishing techniques, more elaborate.
Here are some strategies for protecting your privacy when using email:
Use a secondary, “spam” email address• Signing up for new accounts and services or making purchases
online usually requires you to share your email address.
• If you do not trust a website it's helpful to have a secondary email address you can use in these cases.
• This way, if the website shares your email address with marketers or other third parties without your permission you will not be inundated with spam or potentially malicious emails at your personal email account.
Use email service providers with strong security and spam filters
• Does your email service provider offer message encryption? Do they have robust spam filters?
• These are questions to ask before signing up for a new email account. Three of the world's most popular email services, Microsoft Outlook, Yahoo Mail, and Gmail offer their users the ability to encrypt emails, which prevents third parties from intercepting messages.
• If you use an email service provider that does not offer built-in encryption capabilities you can use free email encryption protocols such as OpenPGP.
Exercise caution when opening emails
• Be especially wary of emails sent from individuals or businesses you do not recognize. You should never download attachments from unrecognized senders, as they are likely to contain viruses or malicious software that can take over your computer and/or harvest your personal information.
• Another type of malicious email practice known as “phishing” uses elaborate ruses to attempt to trick a recipient into handing over personal information or money. Sometimes “phishers” will claim they have a large sum of money that they need your help transferring or depositing and will reimburse you in exchange. Others will claim they need you to “verify your account” or “confirm your billing information” by providing them with the requisite personal information. A good rule of thumb for email is that if it sounds too good be true or seems potentially fraudulent, it probably is and you should not download the attachment or respond.
• Even emails sent from acquaintances or from allegedly legitimate businesses or entities can be malicious. Viruses, for example, can take over your friend's email account and automatically distribute malicious messages to your friend's email contacts.
Recognize that email is evolving towards openness and interconnectivity
• While the basic function of email – sending and receiving messages and content via a private channel - has remained largely unchanged in the last decade, recently we've seen a push to make email more open with embedded features that mirror the functionality of social networks.
• Both Yahoo and Google made changes in this direction to their respective email services with the introduction of Google Buzz and Yahoo! Pulse. Email service providers are increasingly moving toward models that publicize and interconnect the data in your account. For email this includes information like your contacts and communication habits, and, in some cases, even the contents of your emails.
• If you don't want to participate in this evolution toward openness you should set your privacy controls appropriately.
Use strong passwords and remember to sign-out• Setting a strong password is an important part of email privacy. As a rule
of thumb, the more complex the password, the better. Your password should include letters and numbers, make use of upper and lower cases, and incorporate characters such as exclamation points and dollar signs.
• Microsoft provides a helpful guide on setting strong passwords available here and a secure password strength checker, available here.
• Also, remember to sign out of an online service or account when you are finished with your session, especially if you are using a public or shared computer. This will prevent others from being able to access your account, which can still be open and signed in even after you have closed the browser.
Mobile Privacy• 1. On mobile devices your personal information is more likely to be compromised via device theft or loss -
take appropriate precautions
• Because they're smaller and more portable, you're more likely to suffer device theft or loss compared to your desktop computer or even laptop. These mobile devices can also store vast amount of data comparable to desktop computers and laptops. Considering using encryption, and enabling options that will allow you remotely wipe data on the device in the event of loss or theft. For users of Apple's popular iPhone, Apple “Mobile Me” product allows iPhone users to remotely wipe data on a lost or stolen phone (learn more here).
• 2. Your mobile device may be aware of your location and may share that data with applications and advertisers
• Mobile devices with GPS capabilities are fast becoming the norm. Location aware mobile applications can use GPS data to help you navigate, alert you to events, friends and deals in the area, and serve you location specific advertisements. For example, Fandango mobile applications for Blackberry, iPhone, Palm and Android devices allows users to identify nearby movie theaters and buy movie tickets (learn more here). Most mobile platforms enable you to turn off this location feature, and some mobile platforms offering application specific location controls. If you feel that location-aware applications are invading your privacy, take appropriate action with your privacy controls.
Check your native DEVICE settings
• Settings Option
• Privacy
• Photo Sharing
• Location Settings• Turn off when not in navigation mode
Facebook Privacy Checkup Tool (http://www.cnet.com/news/facebook-launches-its-privacy-checkup/)
Google+ Privacy Checkup Tool (https://www.google.com/search?q=Google%2B+Privacy+Checkup+Tool&ie=utf-8&oe=utf-8)
Application – Website Privacy Settings
Common Application Website Settings
• LinkedIN – Settings/My Profile
• Twitter – Settings/My Profile
• General Email - Settings
• Yik Yak - Settings
• Snap Chat - Settings
• Instagram - Settings
Prevention is KEY! BEST ONLINE PRIVACY PRACTICES
Minimize personal information sharing
• Often you will see a laundry list of data fields to enter various bits of personal information when signing up for a new online service or account.
• Typically, only certain pieces of personal information are required to register, sometimes noted with an asterisk (*).
• If you don't trust the website with your personal information there is no need to enter more information that that which is required to use the service or sign-up for an account.
Look for trustmarks on websites and verify their authenticity
• The TRUSTe TRUSTed Websitesis the leading online privacy trustmark, but there are other types of trustmarks that provide consumers with online assurances about a business' integrity or practices.
• Security trustmarks, like those offered by Verisign and McAfee, demonstrate that a website uses technological measures like encryption to protect your data.
• Reputation trustmarks, like those provided by the Better Business Bureau, verify a business' legitimacy and legal status. To verify these seals' authenticity you should always click on them and see that the verification page is hosted by the respective company.
• For example, if you click on a TRUSTe seal and the site that pops up begins with anything other than “https://www.truste.com,” you know it's a fake
Consider temporary credit card numbers when shopping online
• Many credit card companies offer their customers the ability to activate temporary credit card numbers for online shopping use that are linked to their financial account, but are valid only for single or limited transactions.
• This technique protects a cardholder's actual credit card account from fraud and theft. Examples of this service include Bank of America's ShopSafe ® program, Citibank's Virtual Account Numbers and Discover's Secure Online Account Numbers.
Use strong passwords and remember to sign-out
• Setting a strong password is an important part of email privacy. As a rule of thumb, the more complex the password, the better.
• Your password should include letters and numbers, make use of upper and lower cases, and incorporate characters such as exclamation points and dollar signs.
Use anti-virus and anti-spyware protection
• When browsing online you may intentionally download any number of files, such as desktop applications and songs, and unintentionally download tracking files, some of which can be malicious.
• Ensuring your computer has up-to-date anti-virus and anti-spyware software is an important part of protecting your personal information online.
• Trojans and keystroke logging software can steal personal information from your computer when you use the Internet.
Take advantage of browser privacy enhancing capabilities and options
• Update your Web browser (Internet Explorer, Firefox, Safari etc.) to ensure that it's the most recent version so you can take full advantage of the included privacy features like ‘private browsing mode'.
Summary…
Check you device’s native privacy and location settings daily.
Only turn on your location settings when using navigation system. You may turn it off when you arrive to your destination.
Conduct a weekly Privacy Checkup on all of your apps and online social media networking sites like Facebook,
Instagram, and Twitter.
Be reminded that many apps must have access to your location in order to perform like Yik Yak and Shopkick.
Instead of allowing an application to access your location, enter the closest zip code to satisfy location settings.
Always read and review Privacy Statements and other information before downloading an app or signing up for a site. Some applications may be able to access information stored or cached on your device like your credit card number or other private data.
Lastly, when in doubt, contact your UTHSC Information Security Team at (901) 448-1579 or [email protected].
Let’s Check Some Devices and Applications!!!
THANKS!
UTHSC Information Security Team
L. Kevin Watson
(901) 448-7010
Frank Davison
(901) 448-1260
Jessica McMorris
(901) 448-1579
Ammar Ammar
(901) 448-2163
• Information Security Email: [email protected]
• Website: security.uthsc.edu
• To report phishing and spam email forward it to [email protected]
• UTHSC Help Desk: (901) 448-2222 ext. 1 or [email protected]