NPR Corner: Those Silent Robot Phone Calls

Are you being inundated with inbound phony phone calls?  It’s not a new problem, but it’s getting worse.  Just last week Verizon started a free service to help filter Robocalls.  Hopefully more providers will jump onboard.

Verizon now offers 2 tiers of their Call Filter service:  A free service to filter calls and alert you of spam.  Then a “paid service for $3 per month, which will also identify unknown callers by name, even if they aren’t saved in your contacts. The paid version also includes a robocall risk meter, a spam number lookup feature, and lets you create a personal robocall list” (PC Magazine)

Learn more on what scammers are trying to accomplish from this NPR report below.

Read more at https://www.npr.org/sections/alltechconsidered/2015/08/24/434313813/why-phone-fraud-starts-with-a-silent-call

What’s the Deal With GDPR Compliance?

How Data Protection Affects You

GDPR, or General Data Protection Regulation, is a regulation from the European Union that helps protect web users’ data.  Wait, I know, I know.  Before you say it: You are in the United States!  But before you hit ‘delete’ calling this irrelevant, let me explain how it affects you.

If you collect names, IP addresses, session cookies, or e-mail addresses (which most websites do), you collect personal data. This personal data should be protected, right?  True.  But starting May 25th, some US websites were also required to abide by new European website privacy laws.  Of course my head was spinning trying to understand why we should be required to follow European laws.  So I did some research.

After digging deeper, this law will apply if you market (even by accident) to the EU (European Union) or a country within.  Business owners with no market share in the EU, who don’t target the EU in marketing, and don’t own an overseas domain name, have little to no required changes to make.  Or do you?

For those that might be (even inadvertently) marketing to Europeans, and those wanting to tighten your own privacy reigns, let’s take a look at their laws.  The theme is this: Be more transparent with your potential clients.  We can all learn about transparency and protecting our clients’ data!  So here are the highlights behind this regulation.

  1. Explain who you are, how long you’re keeping user data, why you need it, and who on your team or externally has access to it
  2. Get explicit and clear consent to collect data through an opt-in
  3. Give users access to their own data, the ability to download it, and to delete it from your records completely
  4. In the event of a hack or security breach, let your users know about it

So these aren’t too bad.  But the fines for not complying are!  “You could get fined 2% of your worldwide annual revenue for failing to disclose a data breach, or up to 4% for failing to ask for user consent when storing data.”1

What should I do?

Perhaps you don’t market to the EU and don’t service these clients.  It’s probably a good idea, however, to have an easy-to-read privacy policy and explanation on how you use personal data.  Get to know what personal data you actually collect, and make sure it’s being handled with care.  Lastly, (this will also improve your Google ranking) get an SSL to protect personal data in transit from your server to your customers.

If you sell or market to Europe (or the EU), now is the time to pony up and get that privacy policy written.  Get a clear statement on how you handle cookies and personal information.  Check out these easy-to-read articles by Elegant Themes here and here.  Also, you can check out this article by Fortune and this one by Forbes.

If you need help with compliance, we’d be glad to offer suggestions or setup your pop-up!

1 https://www.elegantthemes.com/blog/resources/a-quick-guide-to-data-protection-regulations

 

3 Privacy Concerns When Upgrading to Windows 10

Windows 10Are you upgrading to Windows 10?  There’s lots of buzz around this new update, released July 29th.  Many are (rightfully) skeptical, since the last major update (Windows 8) seemed to get a rating of “two-thumbs down!”  There are several privacy issues that Microsoft is now making assumptions about.  But when you customize your settings, the reviews show this update to be a better user experience.

Let me highlight some of the Privacy setting you accept by default or must manually change after upgrading.  As for me, if I used Windows 8, I probably wouldn’t upgrade, at least until the second version of Windows 10 comes out.  In other words, if you’re please with what you have, then don’t rush to upgrade.

When you install Windows 10, you can choose the “easy” installation or a custom installation. The easy install will give you the default, not-so-private privacy settings.  If you are installing afresh, choose “custom.”  If you have already upgraded, Go to Start>>Settings and select Privacy.  Here’s where you will change your settings.

New Features first seen on http://www.komando.com/tips/320246/3-windows-10-privacy-dangers-to-fix-now

1. Advertising

Like every other major online company, Microsoft is using targeted advertising to drive revenue. That means it’s sending advertisers your data so they know what ads to send you. While you can’t shut off the advertising, you can stop advertisers from seeing what you’re doing.

2. Location

Next in the Privacy screen, head to the “Location” area. Here, you can tell Windows to stop tracking your location entirely, or choose specific apps that can and can’t use your location.  Location is useful for apps like the weather or when you’re looking at maps because you don’t have to put in your address every time. However, other apps might use it to keep tabs on you. (…read more)

3. Cortana

As previously mentioned, Cortana is Microsoft’s digital personal assistant. It’s designed to learn about your movements, browsing habits, contacts, calendar and more.  That way, it can give you the information you need before you ask. Of course, that means it has to learn a lot about you.  (…read more)

Bonus: Wi-Fi Sense

We couldn’t write a story on Windows 10 privacy concerns without mentioning Wi-Fi Sense. In a nutshell, this feature lets your friends and family log into your Wi-Fi networks without knowing the password.  (…read more)

Windows 10 Additional Resources

Is Target Protecting Your Credit Card Numbers?

missed-targetWhile you were enjoying the holidays, someone (or people) were laughing all the way to the bank with credit card numbers.  It wasn’t until weeks later that it was discovered.  Is this strange to you?

New information on how Target and Neiman Marcus were attacked have been recently released.   But whether or not this has ended is still left to be seen. Michael’s crafts recently announced a breach as well, seemingly connected to the other two.  This isn’t to frighten anyone, but truth be told, the only reason why these retail giants came clean was to protect their image.  We’re glad they did!  It also means positive implications are on the horizon as well (we hope).  But if it could happen to the big dogs, then why can’t it happen to “mom-and-pop” shops?

First we need to understand how this happened to really understand if it can happen again.  Target officials have confirmed that malware was found on the company’s point-of-sale systems and the attackers were able to scrape card and PIN data from the terminals just before it was encrypted. Malware, which most of us have experienced as webpages redirecting incorrectly, is what caused this fiasco, according to the latest reports from these two retailers.  The data from the actual card swiper through each workstation to the store’s server is not encrypted.  So it passes through their computers unencrypted, opening it up to be “seen” by a vigilant malware program ready to send the information back to the crooks.

If you’ve ever typed “Google.com” in your web browser and you are taken to another website, then you’ve experienced malware.  Virus scans generally don’t pick up malware, unless you have a paid, souped-up version.  Viruses spread and infect.  Malware just does something malicious and doesn’t spread anywhere.  You can download Malware removal programs for free (my favorite for Windows is the free version of Malwarebytes, downloaded here) and they will detect and remove this stuff in about a minute.

“While the forensic and criminal investigations are ongoing, we know that malicious software (malware) was clandestinely installed on our system. It appears that the malware actively collected or “scraped” credit card data from July 16, 2013 to October 30, 2013. During those months, approximately 1,100,000 customer payment cards could have potentially been visible to the malware. To date, Visa, MasterCard and Discover have notified us that approximately 2,400 unique customer payment cards used at Neiman Marcus and Last Call stores were subsequently used fraudulently,” the statement said.

But there were actually two security breaches that happened, the first one most concerned me.  The first breach happened when the crooks were able to load this malware into the target computer framework.  They supposedly were able to attach it to a Target system update so that it was sent out with a routine update to all workstations.  This is what has baffled most computer geniuses so far, and probably what could get the company in trouble.  To be able to gain access in this type of way has serious implications for every company, assuming they had truly secured their system like they were supposed to.

The second breach was the actual loading of the malware package onto each workstation without being detected.  It’s not clear if PCC compliance (rules that govern how companies have to protect your data) states that every workstation needs to be scanned by virus and malware scannners.  PCI compiance will certainly need to be updated as a result of these breaches!

To make you feel a little better, pin numbers are encrypted at the actual card reader and is not unencrypted until it reaches the card processing company.  Either way, the card number, expiration date and CCV2 codes were all in plain site.

Story written by: Mark McGinnis

[author_info]

Further reading on PCI compliance:  http://www.computerworld.com/s/article/9245709/_After_Target_Neiman_Marcus_breaches_does_PCI_compliance_mean_anything_?taxonomyId=203&pageNumber=2