Thursday 29 January 2015

Happy Data Privacy Day!

January 28, 2015 marks the 8th Annual Data Privacy Day.  It is a day dedicated to raising awareness and promoting privacy and data protection best practices among users and businesses. Over the past several years, we have seen our online privacy rights eroded with our personal information compromised by hackers, thieves, big business and government. Actions and discussions related to keeping your personal information private on the internet should not be limited to one day a year, and there are many things you can do year round to protect your online identity and promote internet privacy rights in your country and internationally.

1.  Use a VPN Service like SumRando.
VPNs protect your internet privacy by encrypting your connection and anonymizing your IP address.  This prevents hackers and thieves, ISPs, and governments from gaining access to your personal information and what you do while you are online.  To learn more, check out our video about VPNs.

2.  Use strong passwords (and different passwords for different sites!).

Passwords like "password" or "12345678" are hardly secure.  Easy to guess by hand and even easier for password cracking software.  When creating passwords, use a combination of capital and lowercase letters, numbers, and special characters.  Think of a phrase that will be easy for you to remember, and get creative.  For example, take the phrase "I love SumRando."  Make that a secure password that you can remember using different characters like "i70v3$umRand0!" or "1L0v3SumR@ndo*!".  Easy to remember, hard to crack.  (And don't use these example passwords!)

3.  Use FireFox or Google Chrome with enhanced browser privacy settings.

FireFox and Google Chrome have more advanced privacy features than other browsers, and despite some of their shortcomings (current issues with Super Cookies and switching between regular and private browsing), they are better than the alternative, insecure options.  Combining a secure browser with a VPN service helps to provide additional protection.

4.  Consider using an encrypted SMS-alternative like SumRando Messenger.

Did you know that normal SMS-messages aren't encrypted, meaning your phone provider and anyone else who can gain access to your network can read along with your conversations?  Think about using an app that encrypts your text messaging, and better yet, use an app from a company you trust (WhatsApp and Facebook Messenger, two of the most popular SMS-alternative apps, are both owned by data-hungry Facebook.) and that has different privacy features - no required connection to your device (think phone number requirements) and the ability to completely delete conversations.  SumRando Messenger does not require you to provide any personal information when creating and using an account and also has a feature that allows you to destroy a conversation - from your account and the recipient's account.

5.  Protect your personal information - full name, full birthdate, country ID information, etc.

Your personal identifying information is just that - personal.  It helps define who you are amongst the world’s 7 billion people.  With it, you can get credit cards, forms of ID, accounts, and purchases.  Be careful what, where and with whom you are sharing this information as it is valuable information for thieves to steal and sell.

6.  Know your privacy settings on social media.
Social media was designed for us to be open.  We share everything from the exciting news of a new job to what we decided to have for dinner last night.  But have you ever paid attention to what you are sharing and where? On Facebook, if you see the little globe, that means whatever you are sharing is public to the world.  With Twitter, location information may be included in your tweets depending on your setting; all tweets are public unless you elect to "protect your tweets."  As a rule, make sure you take a look at your privacy settings, and know what and with whom you are sharing.

7.  Stand up for Internet Privacy.
There is an international movement working towards protecting Internet privacy.  Movements like ResetTheNet, Fight For the Future, Data Privacy Day, and other collective action to make demands on the international community and individual country legislators to take legal action and protect users’ privacy online.

The State of Cybersecurity in 2015

2014, the year of the cyber breach—think Target, Heartbleed, Home Depot, JP Morgan Chase, and, yes, Sony—has unsurprisingly led the United States to where it is today: with a president willing to move the conversation about cybersecurity to the forefront of politics. Last week, President Obama used his annual State of the Union address to set his agenda for 2015. “No foreign nation, no hacker, should be able to shut down our networks, steal our trade secrets, or invade the privacy of American families, especially our kids. We are making sure our government integrates intelligence to combat cyber threats, just as we have done to combat terrorism. And tonight, I urge this Congress to finally pass the legislation we need to better meet the evolving threat of cyber-attacks, combat identity theft, and protect our children's information,” he said.

Obama’s comments come amidst tangible action in Washington.  In the closing weeks of 2014, Congress passed several pieces of cybersecurity legislation, including the National Cybersecurity Protection Act of 2014, the Federal Information Security Modernization Act of 2014, the Cybersecurity Enhancement Act of 2014, and the Cybersecurity Workforce Assessment Act of 2014; this legislation will strengthen the ability of the public and private sectors to work together in preventing future cybersecurity breaches while also developing a more robust cybersecurity workforce.  Furthermore, Obama has planned a White House Cybersecurity Summit at Stanford University on February 13, which will provide an opportunity to develop further public-private sector collaboration and to explore cybersecurity best practices and technologies.

The legislation Obama referred to in his State of the Union address remains to be acted upon by a partisan Congress. The goals, however, are threefold: to encourage the private sector to share cyber threat information with the government through the use of liability protection for companies that adhere to consumer privacy protections; to strengthen the government’s ability to combat cybercrime by prosecuting the sale of botnets and criminalizing the sale of stolen financial information abroad; and to create a national standard for how and when companies report security breaches to the public.

Although cybersecurity experts are encouraged by Washington’s newfound urgency surrounding online privacy and security, many doubt politicians will be effective in creating a climate that will truly protect the public.  Increased sharing of information with the government assumes the government is a safe and secure place for information, which continues to beg blind trust and insecurity of consumers.  Congress is tasked with reauthorizing parts of the Patriot Act by June 1, 2015. Until the American public knows the extent to which the National Security Agency (NSA) is authorized to conduct surveillance, it should be hesitant to support the government’s proposed information sharing. Additionally, cybersecurity professionals at companies such as Nexus-Guard and Social-Engineer, Inc. find Obama’s proposed legislation to be “scary as hell,” as it would turn the hacking done in the interest of protecting companies against cyberattacks into a criminal offense.  

Obama was wise to refer to cyber-attacks as an “evolving threat” last Tuesday night.  However, he failed to recognize that partisan politics, slow-to-pass legislation, and business as usual will simply not keep up with cybersecurity’s evolving threats such that consumers will receive the security they deserve.

In an era in which the United States government is just beginning to grasp the significance of cybersecurity and has yet to produce a workable solution to protecting its citizens’ privacy and security, consumers everywhere need to take their online safety into their own hands. This Data Privacy Day, we urge you to take a look at the National Cyber Security Alliance’s provided resources to keep individuals and businesses secure in an otherwise well-intentioned but uncertain 2015.