FTC offers guide for businesses, others to safeguard personal information

Internet

Personal information is left behind wherever a person may go in these modern times, with the technology that brings communication across the world.  But with that technology, more personal information becomes available in many places and impacts credit cards, bank accounts, and personal records of all types simply as people go about their day.

The security breach that impacted 100 million Target customers over the Christmas holidays this past year has brought attention to how many people can be affected when security is compromised.  The seriousness of what happened gave impetus to finding ways to establish better security in various areas, for both businesses and private individuals.   The Federal Trade Commission offers a guide to businesses and consumers on how to safeguard information.  They advise using the following five key principles as important to use in establishing security:1.  Know what is contained in files and on computers and do an inventory of it.  For businesses this means across all computers, including peripheral devices and laptops employees take home.  For private individuals, it also means doing an inventory of where information is kept.2. Minimize the footprint of the information by scaling down.  Not all information needs to be stored.  The important information is what is important, and social security numbers for businesses may not be necessary and should not therefore be kept.  For individuals, there is a tendency at times to embrace so many platforms for storage and for documents that it becomes more and more difficult to maintain the information and remember where it is.  Therefore, it is important to store what's important and even have different locations for sensitive information and information that is general in nature.

3.  The FTC reminds businesses to lock the information so that it is protected with physical and electronic security measures.  That includes all devices, including peripheral storage drives.  Furthermore sensitive material should not be left unprotected, which includes the habit some people have of keeping a laptop in the car that may have important data that if stolen could create serious harm.

We are also reminded to change passwords to avoid risks, and that the more complex these passwords are, the more security they offer.4. When information is no longer needed, it should be shredded or burned, then tossed out.  Furthermore files should be erased in a fashion that the data can't be recovered once it is removed.5.  Finally, a good security plan for both businesses and individuals is to plan ahead in the event there is a personal security breach, a plan on how to respond that can help everyone involved, including who to contact in the event the worst happens.

Invasion of privacy must be weighed against security risks for bothindividuals and nations

Surveillance camera

A new tool, InternetReputation.com,  allows a user to remove personal information from places like People Search and other data resource sites.  Often these sites allow people to find out the background of a potential employee or a troublesome neighbor. At what point is there an invasion of privacy?

 So what is the balance of information resources with these new tools that allow people to erase their history and present themselves potentially as someone they are not?

While people worry about invasion of privacy, experts remind us there is a balance in seeking information for legitimate reasons and using personal information to do the reverse, commit a crime, harass or perpetrate some harmful mischief on an unsuspecting victim.  Many of these experts cite the potential violation of the Fourth Amendment to the United States Constitution.

On the other hand, there are people who advance themselves as having expertise they don't have in under to obtain money or power.  That neighbor who inserts herself into every decision made in a community group, claiming to have the expertise to manage the affairs, may indeed never have had any experience related to management and may, in fact, have had minor criminal offenses, personal bankruptcy or other problems that would negate such an individual from being a part of community leadership.

An employer has a job requiring money handling and needs someone with a track record of honesty and experience in money management, requiring employment screening and background verification.  What happens when agencies like Intellicorp find negative information about an information that can be scrubbed from an applicant's history?

These are the questions raised in a society where privacy is of value and yet so is security.  When it is possible to obtain a false identity and use that identity to prey on the helpless and hapless in a culture, then there is need to protect people from doing that.  Still others offer untrue statements that can cause harm to individuals and groups.

The balance between security and privacy concerns is not just a national issue, as in the case of the government obtaining records from various agencies and social media sites, brought up in recent discussions about Edward Snowden,  a computer expert hired to assist in gathering such information who unleashed a firestorm of public opinion when he stole records and reported government surveillance activities.  It also involves small groups or even private individuals.  That is why the situation concerning spying on others or having the ability to research information relevant to making an employment or financial situation becomes problematical in the case of laws that offer absolutes.  For in many cases, the solution is an ethical one and not an easy one to determine.    An individual who believes personal privacy must be protected at all costs must therefore be prepared to bear the burden of security risks as well, risks that can create harm in many ways to individuals and to nations.

Infiltration is a tactic used by business, in battle and whistleblowing

[caption id="attachment_18984" align="alignleft" width="220"] Controversial figure, Edward Snowden[/caption]

Gordon Matilla---Richard Martin, a consultant, businessman and executive coach tells us that one of the best ways to gain an advantage is through infiltration of one’s enemy camp, competitor or organization in order to gain advantage or obtain information.  What are the pros and cons of doing this?

The infantry uses infiltration as a way of scouting out enemy positions before a battle or to conduct short raids.  It can also little by little create deadly consequences in both psychological and material ways by causing a consistent, little by little, number of casualties.  This undermines the morale of the enemy.  This pattern of conducting war went on during both World Wars as well as in Korea, Vietnam and Afghanistan.

Competition among companies can also elicit infiltration, so that one company learns another’s secrets.  Certain products become known and find their way into other companies through folks finding their way in and making these known to competitors.  That competition will create a situation where one day a company finds out it is surrounded by competitors offering the same or better products and services, which is what has happened to Blackberry, Microsoft, and others.

Edward Snowden took a job with Booze Allen, in order to find out about their operations, Internet security and government secrets so he could take them and expose the information to the public.  This allowed him to gain advantage of information and therefore be in a position to share it with the highest bidder, an enemy country or just use as a bargaining chip as drip by drip it is shared in the news.

Infiltration is a device with hooks.  It is an end justifies the means concept, experts say, with motives and agendas.  It is the nature of war and the nature of a man who sees an opportunity and uses it for capital or personal gain.

Global Internet security risk imperiled by public, media apathy

Individual computer security as well as organizational security threatened on Internet[/caption]

Carol Forsloff — If you are one of those who belongs to a social media site, such as Facebook, Fandalism, or Twitter, you likely experienced errors and glitches doing Internet interaction. And if you were a business, it's likely you did as well. That's because the biggest online attack in the history of the Internet occurred this last week.

Kurzweil reports this online attack impacted many servers around the world. For that reason, users saw a widespread number of errors in commenting, posting new information, or even accessing sites.

The attackers faked IP addresses, replacing them with that of the target, a method called "IP spooking". It means that rather than the user going to the expected address on the Internet, instead the server pointed to the address of the fake address.

Despite this huge attack, the news about it was not high profile in the past week. This is in spite of the fact that most of the world's business is conducted over the Internet and the security risks have been discussed for many years. In 2001, some of these details were enumerated in a post by a consulting firm, dedicated to examining and enumerating security risks on the Internet. A security breach would risk the following factors necessary for good business and interaction, for as the consulting firm reminds us the expectations impact critical factors:

• Availability - assets and services are available to all authorised parties as required.


• Confidentiality - all private communications, transactions, and data are accessible only to authorised parties.


• Integrity - provides confidence that assets and data have not been modified by any unauthorised party.

Security issues can impact defense and government interaction and security, as reflected in a demonstration provided by Air Force Lt. Col. Buzz Walsh and Maj. Brad Ashley who met with military leaders and showed them how easy it is to get the Social Security numbers, codes and other key information from the Internet.

Walsh said, "You don't need a Ph.D. to do this,"Walsh said about the ability to gather the information. "There's no rocket science in this capability. What's amazing is the ease and speed and the minimal know-how needed. The tools (of the Net) are designed for you to do this."

But despite the problems related to security, many people neither know how critical these issues are nor are they aware of what to do to protect themselves. The lack of security for both individuals and businesses may relate to the short shrift given the problems. This means private information and financial data can be threatened by security attacks. The need to know is especially important since last week's security breaches reflect how critical it is to provide extra security, precautions, and information so that the public is served, since a global shutdown in many areas is a potential threat so long as security problems exist, businesses, governments and individuals do not have the proper safeguards to deal with them and the media fails to underline the seriousness of the issue itself.

How to handle negative, anonymous posts and Internet defamation

[caption id="attachment_14508" align="alignleft" width="300"] Gays and Lesbians Against Defamation[/caption]

Carol Forsloff - Mary is an outspoken advocate for social change and found herself at the end of a list of anonymous posts on a site without contact information.  How does one handle negative, anonymous postings that occur everywhere and often without recourse or reason?

At the level of world security and communication, some anonymous posters maintain they are operating within the guidelines of free speech and to protect "we the people."  For example,  Wikileaks and a group called Anonymous are teaming up to publish what they maintain is the "dirty laundry" about an intelligence firm.   Free speech is underlined as the foundation argument for being able to write anything about anyone, no matter the risk.

Some websites encourage anonymous posts because an individual can protect his or her identity while complaining about a problem.  On the other hand, the innocent victims of Internet defamation have no forum to argue their position in the same space where the original negative post may be lodged.  Whether that is a college campus website  that allows students to gripe anonymously or a website like Topix, known with its anonymous posts that insult businesses, politicians and even private individuals, in that arena of free speech, there is often no available recourse for those offended by others if the site, and its owners and administrators, either refuse to take action or believe they have the protection of free speech in a manner that allows them to post anything, including information that can hurt.  Some of the offensive language can continue to present problems for racially divided communities in their efforts to heal long-term grievances, as in places like Natchitoches, Louisiana.

An attorney who specializes in defamation tells us it is very important, if an individual or group wants to seek legal action against an offender, to respond quickly.  Delays can cause problems in locating some of the offensive material, allowing the possible guilty party to dodge the responsibility.   Often a resolution can be made and the offending material taken down when reporting is done immediately.

And if you are one of those who likes to get back at people anonymously through social media, forums or your own blog, the risks involved might not be worth the free speech argument, especially when that speech is demonstrated to cause harm to another person.   That video someone thought funny about a young man's sexual orientation, that was posted on the Internet,  caused that young man, Tyler Clementi, a student at Rutgers University,  to commit suicide.  Experts remind us the consequences of free speech turned to license is no remedy for irresponsible human behavior.

Beware the holiday scams

[caption id="attachment_13469" align="alignleft" width="260" caption="Phishing initiative - wikimedia commons"][/caption]

Here’s the letter bound to get your attention:  Dear  Taxpayer!You are encouraged to pay a penalty for the failure to file income tax returns prior to January 31, 2012.Note, IRC [Section 6038(b)(1)] provides for a monetary penalty of $10,000 for each [Form 5471]that is filed after the due date of the income tax return or does not include the complete and accurate information described in [Section 6038(a)].

That’s the kind of letter that would get anyone concerned,  especially if he or she is a late tax filer.  It is the kind of letter one opens, frets about and then it happens.  The computer freezes, crashes, or it simply scoops up the information linked to passwords and personal data, all upended and sent along from some unsuspecting victim to an Internet bandit in cyberspace.

The new scams are clever.  It is likely many people would notice very soon they are false and meant to mislead.  After you open the mail, the malware strikes.  If you are lucky, you have a program that will erase the bug.  But most often you won’t know until it is too late, and everything is gone.

This year the email system is loaded with these goodies that are sandwiched into mail from friends and that slip by spam gates to get at you anyway.

It’s important to read carefully anything that comes unexpectedly, asking for personal information and promising a reward if you give it up and a punishment if you don’t.  The IRS note would send chills down the spines of most folks, so it’s tempting to respond.  And then there are those banking emails, but the “obvious” is early, as my bank, and yours, likely don’t call you “dear.”

 Hello Dear!  We have received too many reports from our customers about fraudulent online and ATM transactions.  We have launched a new security system to secure old and new accounts from this kind of fraud.  To prevent your checking or savings account from this fraud, update your information on the attached file which you should download and open.  Thank you.  Bank of America Security.     

 Experts tell us that phishing is on the rise, particularly during the holiday season when folks order goods online and so have online orders and confirmations as well as emails that look authentic at the outset and relate to credit cards, banking and other alleged financial offerings.  Phishing is a technique used online where the scammers ask for personal information and introduce their request through fake messages that resemble a valid message from banks or shopping sites.  The recommendation is beware of these.  Consumers are warned not to open messages that arrive from these sources.  And be particularly cautious during the days when attention may be diverted to family business and legitimate shopping, as the criminals are aware that these are times when they can attract unsuspecting folk.  Don’t be a victim and stay particularly guarded, experts say, to avoid falling for these scams.