Tag Archives: Risk

  • 1

Private Information and Portable Devices

Category:Information Security,Infosec Communicator,Internet Safety,mobile device,Privacy,Risk,Uncategorized Tags : 
The entrance of the School of Medicine and Den...
Image via Wikipedia

Today, I had the privilege of being interviewed by our local YNN cable news about the challenges presented by placing private information on portable devices. A surgeon at the University of Rochester Medical Center had lost a flash drive containing the medical details of around 800 of his patients. The reporter, Anne Lithiluxa, asked me how loss of data could be prevented.

Generally, if you’re going to place private information on a portable device, either the device or the information needs to be encrypted The likelihood of exposure of private information through the loss of portable devices has increased tremendously lately due to the proliferation of smartphones and their use in accessing corporate email accounts. Good information security practice is always a combination of safe handling practices and technical protections.

However, the bottom line is that people are always the weakest link. Technical protections can always be defeated by poor practices.

Enhanced by Zemanta

  • -

Are location services on mobile devices a good thing?

Category:Cyberstalking,Facebook,Infosec Communicator,Internet Safety,Social Networking Tags : 

I’ve always had mixed feelings about the location services (such as Google Latitude) offered by various mobile devices and by social networking sites. For example, is it a good thing to let people know where you are when you’re tweeting?

When we talk to the incoming first year class at RIT each fall, we talk about the potential danger of cyberstalking, illustrating it humorously through the Facebook Stalker YouTube video. We don’t try to over dramatize the danger, but we do want students to be aware of the possibility. (We also discourage placing phone numbers and addresses in Facebook and other social networking profiles.)

We saw some evidence of cyberstalking with our daughter in high school. She would post info about where she would be and one person showed up there consistently.

Are we overreacting to the potential danger? On a risk map, I would rate cyberstalking as a low-probability high-impact risk. Is cyberstalking something you worry about? Do any of you use these “location services” on your mobile devices or Tweet with your location? Why or why not?

Ben


  • 6

On the Eve of the Latest Facebook Privacy Fix

Category:Facebook,Information Security,Infosec Communicator,Internet Safety,Privacy,Risk,Social Networking Tags : 

Facebook is releasing its latest privacy fix on Wednesday, May 26. I don’t have high expectations for the new controls as Facebook has not shown any ability to make the controls user friendly, or really understand what their users want for privacy.

A much bigger issue is that we seem to have abrogated OUR responsibility to protect our private information.

Fundamentally, information security is about managing risk. ANY involvement in social networking increases the risk of something negative happening–whether it’s loss of privacy, cyberstalking, identity theft, embarrassment, etc. It’s up to us to manage the risk. We should not expect the same amount of privacy protection from a free service that we would get from a credit card company, hospital, etc.

Although Facebook, Google, LinkedIn are all provided “free” to us, that freedom comes with a price–reduced privacy and some tracking of our web habits.

It’s up to us what we choose to share on social networking sites. We agree to EULAs (end user license agreements) that we click through to get to the “good stuff.” We blithely provide requested personal details and install apps that ask for even more and that tell us up front that they may share our information. Do you have to publish your date of birth? Hometown? 20 favorite things? (I’m just waiting for the next Facebook posting asking us, “What’s your mother’s maiden name?” and urging us to send the posting to all of our friends!)

Yes, Facebook, Google, and the other social networking applications have a responsibility to protect our information. However, WE have the responsibility to share ONLY the information we choose.


Categories