Category Archives: Privacy

Here’s How to Protect Your Data Privacy When You Sell or Recycle Smartphones and Computers (Video)


Video

 

Alyssa Newcomb

By Alyssa Newcomb, Business and Technology Contributor to Fortune   March 19, 2019

 

When it comes to data privacy, there’s more to security than changing passwords and encryption. You’re at risk if you do good by recycling computers and smartphones too. Research from security company Rapid7 shows that tech sold in secondhand shops are filled with the previous owners’ personal data, according to new research from security company Rapid7.

Over the course of six months, Josh Frantz, a researcher at Rapid7, purchased old electronics from businesses that sell refurbished computers, or accept donations, and promise to wipe the devices before they are sold. He spent $650. His haul included 41 computers, 27 pieces of removable media, which included flash drives and memory cards, 11 hard disks, and six cell phones.

What he found was the equivalent of people serving up their data on a digital silver platter. Frantz retrieved more than 366,000 files, which included documents and images. Perhaps most troubling was the load of personal information he was able to access. He found 41 social security numbers, 19 credit card numbers, six driver’s license numbers and two passport numbers.

“Whenever I brought a computer back, I booted it up to see whether it was bootable and whether it required a password to log in. I wrote a script in PowerShell that would run through and index all the images, documents, saved emails, and conversation histories through instant messengers. It would then zip it up nice and organized on the desktop, and I would pull it off with a USB drive,” he wrote in a blog post.

While many businesses promise to wipe donated old electronics, Frantz said the best way to prevent your data from leaking to potential thieves is to clean any device as best as you can before handing it over to a recycling program or a re-seller.

Performing a factory reset sometimes isn’t enough to keep experienced hackers from finding old data. Frantz shared a guide to how to wipe an Android device, which involves first using an app to encrypt your data before performing a factory reset. An iPhone or iPad can be reset by going to settings > general > reset > erase all content and settings.

And if you are planning to recycle your old computer, Frantz recommends a few different methods for destroying it, including a drill, hammer, or setting it on fire, as long as there aren’t any toxic byproducts.

“If you’re worried about your data ending up in the wrong person’s hands, destroy the data,” he said. “If you wish to do a good deed and donate your technology so others can benefit, make sure it’s at least wiped to an acceptable standard. Even if you get it in writing that your data will be erased, there’s no good way to know whether that’s actually true unless you perform the wipe yourself.”

How to turn off autoplay videos on Facebook, Twitter, Reddit, and more

Photo by Amelia Holowaty Krales / The Verge

Turn off this annoying and potentially harmful feature

By Cameron Faulkner, Writer, The Verge  @camfaulkner  Mar 15, 2019  3:39pm EDT

 

You’ve probably been caught off guard by videos that play automatically on Facebook, Twitter, and other services; in fact, just across the internet in general. They begin playing as soon as you load a page or (if they’re more deviously implemented) when you start scrolling through a page to catch your attention.

Automatic video play is a feature that, while nice to have when it’s surfacing content that’s related to your interests, can be pretty annoying. Autoplay videos can be harmful, too, exposing you to violent, offensive, or otherwise unwanted content that you shouldn’t have to see by default. Several browsers, like Google Chrome and Firefox, now have built-in measures to curb autoplay videos, but for the most part, turning them off is still a very manual process.

Whether you just want to put an end to autoplay videos on social media platforms, or are looking for a more comprehensive fix, we’ve got some tips. Keep in mind that you’ll need to adjust these settings for every device that you use, since your preferences on, say, your phone do not automatically push to your PC.

 

Illustration by James Bareham / The Verge

How to turn off autoplay videos on Facebook

If you’re using Facebook on your browser, you can turn off autoplay videos by navigating to the Settings menu found within the drop-down menu at the top right of the page. Look for the Videos listing on the left-hand menu. Inside of that option is a toggle where you can turn off autoplaying videos.

Facebook has similar options available for its iOS and Android apps, but it’s much harder to find than on a browser.

If you use an iPhone or iPad

  • Click the menu button on the bottom of your screen.
  • Once you’re there, tap “Settings & Privacy,” then “Settings.”
  • From there, scroll down until you find “Media and Contacts,” then tap “Videos and Photos.”
  • Finally, once you find “Autoplay,” you can turn off the feature.

If you use an Android phone or tablet

  • Click the menu button at the top right of your screen.
  • Once you’re there, scroll down and tap “Settings & Privacy,” then “Settings.”
  • From there, scroll down until you find “Media and Contacts.”
  • Finally, once you find “Autoplay,” you can set it to “Never Autoplay Videos.”

 

Illustration by Alex Castro / The Verge

How to turn off autoplay videos on Twitter

The steps to turn off autoplay videos on your browser differ if you’ve opted in for the newer design.

If you opted in for the new design

  • Click on your profile name, and “Settings and privacy” will be nested within the menu.
  • Once you’ve been taken to the settings menu, look for “Data usage” on the side panel.
  • Click on the “Video autoplay” setting. You can then switch off the autoplaying of videos on your feed.

If you haven’t opted in for the updated look

  • Click on your profile name, and “Settings and privacy” will be nested within the menu.
  • Once you’ve been taken to the settings menu, look for “Account” on the side panel.
  • Under the “Content” heading, you’ll be able to unclick “Video Autoplay.”

iOS and Android apps

The process involves a similar amount of steps on the iOS and Android apps.

  • Click the profile picture at the top of your phone screen.
  • Select “Settings and privacy” in the menu.
  • Navigate to “Data usage.” Under the “Video” section, set the “Video autoplay” option to “never.”

How to turn off autoplay videos on Instagram

The Instagram app doesn’t allow for autoplay videos to be turned off, so you’ll have to tread carefully here. Videos don’t autoplay if you use Instagram on your browser, but since almost all of the service’s users are using it on mobile devices, there’s currently no way around it.

 

Illustration by Alex Castro / The Verge

How to turn off autoplay videos on Reddit

Reddit, like most sites that host video, autoplays videos by default. However it’s pretty easy to turn it off.

If you use the newer design

  • Click your username in the upper-right corner and select “User settings” in the menu.
  • Select “Feed settings.” Within the list that is presented, toggle off the “Autoplay media” switch.

If you’re still using the legacy version of Reddit

  • Click “Preferences” next to your username in the top right of the window.
  • Under “Media,” look for “Autoplay Reddit videos on the desktop comments page.” Uncheck the box.
  • You’ll need to hit “save options” at the bottom of the screen to put the changes through.

On the mobile app, tap the icon next to the search bar, then hit “Settings.” Once you’re here, you’ll see “Autoplay” near the top of the page, and you can easily choose to turn it off.

 

Photo by Amelia Holowaty Krales / The Verge

How to turn off autoplay videos on Chrome or Firefox

If you use Google Chrome or Mozilla Firefox, recent updates have allowed (or will soon allow) you to disable videos from playing automatically, though there are some caveats.

For Chrome users, ensure that you have at least version 66 (version 73 is the latest stable release at the time of publication). There’s no toggle to make sure that videos don’t play automatically, but instead Google should remember your preferences based on your activity, as well as that of other visitors to the site. It’s by no means a perfect solution to the problem, but here’s how it currently works, according to this article from Tom Warren:

If you’ve just started using Chrome and have no browsing history, the browser will autoplay videos on more than 1,000 popular sites where visitors typically play sound on videos. “As you browse the web, that list changes as Chrome learns and enables autoplay on sites where you play media with sound during most of your visits, and disables it on sites where you don’t,” explains Google product manager John Pallett. “As you teach Chrome, you may find that you need to click ‘play’ every now and then, but overall the new policy blocks about half of unwanted autoplays, so you will have fewer surprises and less unwanted noise when you first arrive at a website.”

Chrome may not have a switch that turns off all autoplay videos, but you can manually turn off sound, images, and other settings on a per-site basis to achieve something that’s close enough.

  • Click the lock next to the web address bar, then hit “Site Settings” in the drop-down menu.
  • Once you’re here, you can adjust each setting to “Block.” If you’re specifically targeting autoplaying videos, turning off Javascript is the way to do it, but beware, it will probably break a lot of other site functionality in the process.

As of March 19th, 2019, Mozilla Firefox will have publicly rolled out its update (version 66) that mutes autoplaying videos. Compared to Chrome’s approach, Firefox is taking a harder stance on autoplay videos by muting them all, unless, as Chaim Gartenberg wrote, “explicitly allowed by a user. Users will also be able to manually allow sites to autoplay, allowing sites like YouTube (where most people tend to want the video they’ve selected to automatically play upon loading) to continue to work as normal.”

Unfortunately, this means that you still may see something that you wish you hadn’t seen on Firefox, but it’s a step in the right direction toward eliminating autoplay videos altogether.

Digital Transformation, Dynamic Threats and Growing Accountability

March 1, 2019

By Mark Sangster, Chief Security Strategist at eSentire, Inc., contributor to SecurityMagazine.com

 

Businesses today accept the presence of cyber risks. In fact, 70 percent assume a business-altering event will occur in the next few years (FutureWatch Report), but often have a more difficult time identifying specific risks, key factors and mitigation strategies. Worse, the board or senior leadership often makes assumptions about the safety of the firms that is overly optimistic when compared to confidence ratings of security practitioners.

The difference between awareness and understanding is driven by the communication gap between the board and executives steering the business, and the security experts close to the problem. Both parties struggle to comprehend the other’s needs and responsibilities.

A firm’s risks stem from a handful of business aspects, including the firm’s participation in high-risk industries, its appetite for emerging technologies, and willingness to properly invest in targeted security practices. While this sounds obvious at first, it’s lost when the line of sight from the security practitioners to the board is over the horizon.

This article will explore board-level concerns, key drivers to invest in security, and how emerging technologies outpace the evolution of security technologies and services. The data presented in this article was collected in late 2018, through third-party research that surveyed 1,250 security executives, managers and practitioners. Data was collected from the United States, Canada and the United Kingdom. Participants were equally represented across various industries and company sizes, ranging from less than 100 employees to 5,000 employee or more. Read the full FutureWatch Report.

Major Attacks Are an Assumption

Unanimously, business leaders such as the CEO, board members and technical executives (CIO) alike predict a major cyber-attack in the next two to five years. Over 60 percent of respondents assume a major event will occur. Interestingly, 77 percent of CEO and board respondents consider their organization prepared for such an event. As expected, technical leaders are approximately 20 percent more likely to predict an attack and are 10 percent less optimistic than their business peers in their organization’s preparedness.

Senior leadership fears operational disruption, reputational damage and significant financial losses over regulatory penalties as top consequences of a major security event.

While business leaders show a confidence in their firm’s ability to manage a security breach, the devil is in the details. Only 29 percent of respondents indicated that their high-value or high-profile information is not adequately protected. And two-thirds of respondents are not confident that their cybersecurity programs match their peers, nor that their programs are appropriately resourced.

The Cybersecurity Rosetta Stone

Boards and security practitioners still struggle to translate their concerns and objectives. Only one-third of business leaders are confident in their security executive’s ability to monitor and report on cybersecurity programs and 66 percent worry that these programs are not aligned to business objectives.

IT and security leadership sentiments echo this concern. Most organizations struggle to show the value of IT security spend to senior management, including status reporting difficulties. Aligning to enterprise risk management confounds over half of businesses, along with the ability to managed external risks with third-party vendors and the growing complexity of regulatory compliance.

On the positive side, progress has been made over the last few years. The CISO is no longer the least interesting person to the board, until they are the most important person.  Over half of respondents indicate their board is very familiar with the security budget (51 percent), overall strategy (57 percent), policies (58 percent), technologies (53 percent), and currently review current security and privacy risks (51 percent).  Moreover, line of sight from the CISO to the board is more direct. Forty-five percent of security officers report to the board or CEO, 33 percent continue to report to the CIO and a small handful (10 percent) report to a privacy or data officer.

Moreover, nearly two-thirds of security budgets are set to rise in 2019. Spend on the security side is still reactionary. While regulatory requirements is in the basement of the board’s concerns, it tops the list for security practitioners. A security teams spend is generally reactive to client demands, major technology purchases, a major security event or near miss, and the adoption of emerging technology.

Emerging Technology: A Double-edged Sword

IT and security teams find themselves in a difficult position between meeting the demands of the business to adopt emerging technologies that offer competitive advantage, while also carrying the burden of mitigating the risks that come along with new deployments.

Nearly three-quarters of respondents are currently using cloud services or plan to deploy cloud services in the next six months, with financial services, manufacturing and healthcare leading the adoption rate. Only law firms lag in their cloud adoption. Artificial Intelligence (AI), Internet-of-Things (IoT) and Industrial IoT (IIoT) top the list behind cloud.

Cloud security adoption is the priority, followed closely by identity and access management, threat detection and response, and endpoint detection and response. Security Information and Event Management (SIEM) moves beyond a compliance tool and now plays a role in the greater detection and response portfolio.

More than half of telecom, information technology, financial services and manufacturers invested in securing their cloud services. Similarly, financial services, healthcare and manufacturing also emphasize threat detection and response investments. These industries are equally investing in identity and access management as a response to a more distributed workplace. Again, law firms are significantly less likely to adopt these technologies.

Digital transformation is here to stay and brings with it a drive to always evolve and constantly change. Economics demand that vendors constantly improve and offer new features and technologies which outpaces our understanding of the associated risks. We focus on the benefits while assuming vendors have resolved the security issues. For example, cloud technology tops the list of security priorities today, but AI and IoT/IIoT are on track to surpass cloud as the primary risk concern in less than two years.

This challenge will only increase over the coming years as 5G facilitates a ubiquitous mosaic of always connected devices. Risk associated with emerging technologies becomes more concerning as adoption rates accelerate, compressing the time in which organizations and vendors can adapt and develop appropriate security controls and deploy protective solutions.

Most Susceptible to Risk: Law Firms, Transportation and IT

Law firms lead when it comes to risks associated with external actors and attacks and their ability to report status, show value and meet internal risk standards and regulatory requirements. Transportation and IT firms report higher than average levels of risk. Financial services tend to run just below industry averages across external attacks and internal or industry requirements.

Digital Transformation Outpaces Current Security Approaches

Digital transformation touches every facet of business operation and redefines how businesses engage with their customers. The emerging technologies underpinning this tectonic shift must constantly expand capabilities and adapt to survive in a competitive environment. Current security approaches are not fluid enough to keep pace with adoption of emerging technology and platforms.

Today, most firms identify their primary security posture as leveraging prevention technologies and device management. Firms that leverage a predictive security model such as threat hunting, machine learning, and device analytics reduce their risk by thirty percent. Less than one-fifth of firms identify as predictive. The trend is consistent across all industry segments with financial and healthcare services leading the charge and law firms lagging.

Firms adopting predictive security models are better able to identify never-before-seen threats and have engaged rapid response capabilities to reduce the risk of a business-altering event. Over the next two years, older preventative models drop to less than one-third, while predictive threat hunting will more than double to 40 percent. This trend correlates with the shift in business drivers away from regulatory dominance toward business-centric considerations such as operational disruption, reputational damage, and, of course, financial losses.

Interestingly, advanced firms are more apt to adopt emerging security technologies such as endpoint, threat detection and response, identity access management, and cloud security. Moreover, mature firms aggressively leverage SaaS and are more likely to adopt 100 percent cloud-based security services than firms using a device-management model. Outsourcing is a palatable alternative to recruiting and retaining threat hunting talent from a pool that cannot support the growing demand.

Digital Transformation, Dynamic Threats and Growing Accountability

Digital transformation continues to expand a larger and more fluid attack surface from the advanced methodologies used by well-resourced adversaries like organized criminals and nation-state actors. Regardless of industry, businesses operate in a world with ever-increasing accountability to protect their clients’ confidential information, adhere to state legislation, comply with privacy laws and meet the growing complexity of overlapping regulatory obligations.

This triad of risk demands that IT, security practitioners, and leaders align with business governance objectives, while senior leadership acknowledge their role in establishing expectations and providing resources to adequately protect the business, its investors, employees and customers.

We’ve left the world of prescriptive regulations as a measure of security end state. Many organizations recognize that the financial loss associated with operational disruption and reputational damage outweigh the penalties set out by regulators. In the future, organizations will likely move to a perspective driven by their clients. In this state, brand and reputation will form the barometer by which a company’s security performance is ultimately measured. Protecting the client will mean by extension, protecting their data and services, avoiding operational disruption and resulting financial losses.


Author: Mark Sangster, Chief Security Strategist at eSentire

Mark Sangster is an industry security strategist and cybersecurity evangelist who researches, speaks and writes about cybersecurity as it relates to regulations, ethical obligations, data breach incident response and cyber risk management.

A Practical Guide to Protecting Your Privacy Online

 

 

 

By John Mason, Founder and Chief Researcher of TheBestVPN and Contributor to TechNewsWorld
Feb 1, 2019  8:47AM PT
(This story was originally published on Nov. 7, 2018, and is brought to you today as part of our Best of ECT News series)

 

Do you take your online privacy seriously?

Most people don’t. They have an ideal scenario of just how private their online activities should be, but they rarely do anything to actually achieve it.

The problem is that bad actors know and rely on this fact, and that’s why there’s been a steady rise in identity theft cases from 2013 to 2017. The victims of these cases often suffer a loss of reputation or financial woes.

If you take your online privacy seriously, follow this 10-step guide to protect it.

1. Shield Yourself From Snoopy ISPs

You may not be aware of it, but your ISP already might know all about your online searches.

Each time you search for something online, your browser sends a query to a DNS server. Before the query reaches a DNS server, however, it first has to go through your ISP. Needless to say, your ISP easily can read and monitor these queries, which gives it a window into your online activity.

Not all ISPs monitor your browser queries but the ones that don’t are the exception and not the rule. Most ISPs will keep records of your Web browsing for a period of a few months to a year. Most ISPs don’t record your texts, but they do keep records of who texted you.

There are two ways to protect your privacy if you don’t want your ISP monitoring your browser queries: 1) Switch to an ISP that doesn’t monitor your online data, if practicable; or 2) Get a VPN to protect your data (more on this later).

2. Guard Your Login Credentials

One thing most people take for granted is the login credentials they use to access their many online accounts. Your username and password are the only things keeping your information and privileges from getting into the wrong hands. This is why it’s important to make them as strong as possible.

Choose a strong username that is simple and easy to remember but can’t easily be linked to your identity. This is to prevent hackers from correctly guessing your username based on your name, age, or date of birth. You’d be surprised just how cunningly hackers can find this information. Also, never use your Social Security Number as your username.

Next, pick a strong password. There are many ways to do this, but we can narrow them down to two options: 1) Learn how to make strong passwords; or 2) Use a password manager app.

Learning how to make a strong password requires time and imagination. Do you want to know what the most common passwords are? They are “1234,” “12345,” “0000,” “password” and “qwerty” — no imagination at all. A password combining your name and date of birth won’t cut it. Nor will a password that uses any word found in the dictionary.

You need to use a combination of upper and lower case letters, numbers, and even symbols (if allowed). Complexity is what matters, not length, since a complex password will take centuries for a computer to figure out. In fact, you can try your password if you want to see just how long it will take to crack.

If you don’t have the time and imagination to formulate a strong and complex password, you can use one of the six best password managers. These apps not only save you the hassle of memorizing your complex passwords but also auto-fill online login forms and formulate strong passwords for you.

Whether you want to learn how to make strong passwords or choose to install a password manager app is up to you. What you should never neglect, though, is 2FA (2-factor authentication). 2FA adds an extra layer of protection for your passwords in case someone ever does learn what they are. In fact, you may already have tried it when logging into an account on a new device.

The app or service requires you to key in the access code sent to another one of your devices (usually your phone) before you are given access to your account. Failing to provide this access code locks you out of your account. This means that even if hackers obtain your login credentials in some way, they still can’t log into your account without the access code.

Never use the same usernames or passwords for different accounts. This prevents hackers from accessing multiple accounts with just one or more of your login credentials. Also, never share your login credentials with anybody — not even your significant other.

3. Secure Your WiFi

Have you ever heard of a KRACK attack? It’s a proof-of-concept cyberattack carried out by infiltrating your WiFi connection. The hacker then can steal information like browsing data, personal information, and even text message contents.

The problem is that not even WPA2 encryption can stop it. This is actually why The WiFi Alliance started development of WPA3, which it officially introduced this summer.

Do you need WPA3 to defend against KRACK attacks? No. You just need to install security updates when they become available. This is because security updates ensure that a key is installed only once, thereby, preventing KRACK attacks. You can add additional layers of protection by visiting only HTTPS sites and by using a VPN.

You also can use a VPN to protect your device whenever you connect to a public network. It prevents hackers from stealing your information via a MitM (Man in the Middle) attack, or if the network you’ve connected to is actually a rogue network.

4. Browse With Confidence

If you read through your browser company’s Terms of Use and Privacy Policy, you might find that they actually track your online activities. They then sell this information to ad companies that use methods like analytics to create a profile for each user. This information then is used to create those annoying targeted ads.

How do they do this?

Answer: Web cookies.

For the most part, Web cookies are harmless. They’re used to remember your online preferences like Web form entries and shopping cart contents. However, some cookies (third-party cookies) are made specifically to remain active even on websites they didn’t originate from. They also track your online behavior through the sites you visit and monitor what you click on.

This is why it’s a good idea to clear Web cookies every once in a while. You may be tempted to change your browser settings to simply reject all cookies, but that would result in an overall inconvenient browsing experience.

Another way to address the monitoring issue is to use your browser’s Incognito mode. Your browser won’t save any visited sites, cookies, or online forms while in this mode, but your activities may be visible to the websites you visit, your employer or school, and your ISP.

The best way I’ve found so far is to replace your browser with an anonymous browser.

One example is TOR (The Onion Browser). TOR is a browser made specifically to protect user privacy. It does this by wrapping your online data in several layers of encryption and then “bouncing” it for the same number of times before finally arriving at the right DNS server.

Another example is Epic Browser. While this browser doesn’t run on an onion network like TOR, it does do away with the usual privacy threats, including browsing history, DNS pre-fetching, third-party cookies, Web or DNS caches, and auto-fill features. It automatically deletes all session data once you close the browser.

SRWare Iron will be familiar to Google Chrome users, since it’s based on the open source Chromium project. Unlike Chrome, however, it gets rid of data privacy concerns like usage of a unique user ID and personalized search suggestions.

These three are the best ones I’ve found, but there are other alternatives out there. Whatever privacy browser you choose, make sure it’s compatible with your VPN, as not all privacy browsers are VPN-compatible — and vice-versa.

5. Search Safely

Presenting risks similar to popular browsers are the search engines many people use. Most browser companies also produce their own search engine, which — like the browser — also tracks your online searches. These searches then can be traced to your personal identity by linking them to your computer, account, or IP address.

Aside from that, search engines keep information on your location and usage for up to several days. What most people don’t know is that persons in the legal field actually are allowed to use the information collected by search engines.

If this concerns you at all, you may want to switch to a private search engine. These private search engines often work in the same way: They obtain search results from various sources, and they don’t use personalized search results.

Some of the more popular private search engines include DuckDuckGo, Fireball, and Search Encrypt.

6. Use a VPN

What is a VPN, and why do I strongly recommend it?

A VPN (virtual private network) is a type of software that protects your Internet browsing by encrypting your online data and hiding your true IP address.

Since you already know how online searches are carried out, you already know that browser queries are easily readable by your ISP — or anyone else, for that matter. This is because your online data is, by default, unencrypted. It’s made up of plain text contained in data packets.

You also already know that not even built-in WPA2 encryption is good enough to protect against certain attacks.

This is where a VPN comes in. The VPN courses your online data through secure tunnels until it gets to its intended DNS server. Anyone intercepting your browsing data will find unreadable jargon instead.

You may hear advice against trusting VPNs with your security. I’m actually inclined to partially agree — not all VPNs are secure. However, that doesn’t mean all VPNs are not secure.

The unsecured VPNs I’m referring to are the “free lunch” types that promise to be free forever but actually use or sell your data to ad companies. Use only the safest VPN services you can find.

A VPN is primarily a security tool. While you may enjoy some privacy from its functions, you will want to pair it with a privacy browser and search engine to get the full privacy experience.

A VPN can’t secure your computer or device from malware that’s already present. This is why I always recommend using a VPN together with a good antivirus and firewall program.

Some popular browsers run WebRTC protocols by default. You have to turn off this protocol. This protocol compromises a VPN’s security by allowing your true IP address to be read.

7. Beware of Phishing

You may have the best VPN, anonymous browser, and private search engine on the market, but they won’t do you much good if you’re hooked by a phishing scam.

Phishing employs psychological analysis and social engineering to trick users into clicking a malicious link. This malicious link can contain anything from viruses to cryptojackers.

While phishing attacks usually are sent to many individuals, there’s a more personalized form called “spearphishing.” In that case, the hackers attempt to scam a specific person (usually a high-ranking officer at a company) by using information that’s available only to a select few people that the target knows.

So, how do you avoid being reeled in by phishing attacks?

The first option is to learn how to identify phishing attempts. Beware of messages from people you don’t know. Hover over a link before clicking it to make sure it navigates to the site it portrays. Most importantly, remember that if it’s too good to be true, it most likely is.

The second option is to install an antiphishing toolbar. This software prevents phishing by checking the links you click against a list of sites known to host malware or those that trick you into disclosing financial or personal information.

It then will prompt you, once it determines the link to be connected to one of those sites, and provide you with a path back to safety.

The best examples I’ve found are OpenDNS, Windows Defender Browser Protection, and Avira Browser Safety.

8. Encrypt Your Messages

If you’ve been following tech news in the recent months, you may have found an item about the FBI wanting to break Facebook Messenger’s encryption. Say what you will about the social network giant, but this news reveals one thing: Even the FBI can’t crack encrypted messages without help.

This is why you should always use “encryption mode” in your messaging apps. Apps like Signal, Telegram, and Threema all come with end-to-end encryption and support for text, calls, and even video calls.

If you require constant use of emails, ProtonMail, Tutanota, Mailinator, and MailFence are great alternatives to popular email services that actually monitor your email content.

9. Share Carefully on Social Media

Social media has become one of the best ways to keep in touch with important people in our lives. Catching up to everyone we care about is just a few clicks away. That said, we’re not the only ones looking at their profiles.

Hackers actually frequent social media sites as they hunt for any personal information they can steal. They even can circumvent your “friends only” information by adding you as a friend using a fake account. I don’t think I need to mention the problems hackers can cause once they’ve stolen your identity.

This is why you should exercise caution about what you share on social media. You never know if hackers are using the photos you share to target you for their next attack. You may want to skip out on filling out your profile completely. Avoid giving your phone or home number, and perhaps use a private email to sign up.

10. Update Frequently

You may have heard this before but it’s worth repeating now: Don’t ignore system updates. You may not be aware of it, but updates fix many vulnerabilities that could jeopardize your online privacy.

Most people put off installing updates since they always seem to come at inopportune times. Sometimes we just can’t put up with the dip in performance or Internet speed while updates are being installed.

It’s usually best to suffer what minor inconvenience they cause early rather than risk getting caught in the whirlwind of problems hackers can cause if you should get targeted. Most software and apps now come with an auto-update feature, so you won’t have to manually search and download them.

Bottom Line

Privacy is a human right, and our online privacy should be taken seriously. Don’t neglect to take the necessary steps to protect yours.

Beware of your Internet service provider, and always protect your login credentials no matter how strong they are. Remember to check the network you’re connecting to before you log in.

Watch what your browser and search engine are doing, and consider replacing them with more private ones. Prepare against phishing by learning to identify attempts and installing an antiphishing toolbar.

Always use encrypted messaging, and watch what you share on social media. Finally, never ignore system updates when they become available.

Follow these steps and you’ll soon be on your way to a more private browsing experience.


John Mason, an avid privacy advocate, is founder of TheBestVPN and serves as its chief researcher.

Gartner Indicates Seven Future CMO Spending Trends in Their Latest Survey

Viraj T

Gartner Surveys 600 Marketing Champions Across the US and the UK to Uncover Industry Trends for Enterprises to Prioritize Their Budgets and Allocate Funding

Innovation emerges as the loudest thought in a CMO’s cognizance! About 16 percent of Chief Marketing Officers have confirmed that they spent the maximum on innovation in 2018 — two-thirds confirmed that spending on innovation will grow next year. The irony here is that marketing leaders admitted they are not very confident about how to innovate or exactly where to spend — although beaming of huge ambition about being innovative.

MarTech Series runs down Gartner’s findings and talks about eight trends for 2019 and beyond where marketing leaders are most likely to spend.

1.    Digital Marketing

The winds of change have begun to flow! Businesses are going digital by the hordes and the pursuit to make businesses successful on digital mediums has now gotten the eyeballs of the entire C-suite. 57 percent of marketing leaders are confirming now that they would be inclined to spend on digital marketing endeavors.

We interacted with Derek Slayton, CMO Terminus, and asked him his views on 2019 CMO spend:

Derek Slayton
Derek Slayton

“I actually think marketers are going to have to spend on technology to help with the first two bullets (better targeting and better measuring progress). Most activity-oriented systems today don’t help with where we point the resources and how we measure success.

As far as my team goes — tech aside from Terminus tech (which we are using for segment identification and measurement) — we are excited about Vidyard because it helps us focus on creating great connections with key accounts and stakeholders.”

However, CMOs need to work in conjunction with CFOs. Convincing financial officers to invest for methodologies not yet in the limelight can be extremely hard for the CMO. More so, even if they agree, the CMO is accountable for ROMI.

Also Read: Gartner Predicts Digital Optimization Will Disrupt CRM Sales Technology

2.    MarTech

Marketing Technology is on the radar of CMOs for investment. MarTech spend has increased when compared to the percentage spend last year (29% in 2018 as against 22% in 2017). Evidently then, MarTech is the crux of CMO spend because it serves as the paramount source of marketing resources and initiatives.

As per Gartner’s survey, CMOs will be spending the most on the below mentioned ‘big three’ technologies:

  1. Email Marketing platforms
  2. Web Content Management
  3. Digital Marketing Analytics platforms

Although, Ewan McIntyre, who is the lead author of the report, asks CMOs to practice caution. MarTech is extremely effective but can be costly. Marketing leaders need to think this through in order to avoid financial disasters.

3.    Advertising

The survey reflects the CMO’s annual spend for 2018 was capped at 21 percent for advertising. This is for both offline and online (digital) models of advertising. However, as per the first trend of this report, CMOs now prefer to spend a lot more (two-thirds out of the 21 percent budget) on digital advertising. Paid advertising on digital channels such as search engines, social mediums, et al. are the focus areas of digital advertisement spending.

Also Read: Can Google’s Flutter Truly Solve the Developer Nightmare of Cross-Platform Application Programming?

We spoke to Jenn Steele, CMO, Madison Logic, to understand if she agrees with the trends:

Jenn Steele
Jenn Steele

“Well, ABM is still super-hot, so I see people continuing to spend on various ABM tactics. At our recent client summit, everyone was buzzing around how to use data in the best ways, so data sources and solutions should be in most marketers’ budgets.

Personally, I’m looking at AI tools such as Drift and Conversica so that I can do more with less (because we all have to do more with less, right?). These tools help us drive contacts to a more “ready” state before we have to get a more expensive human being involved.”

GDPR and the current atmosphere of user privacy and data security is the worst nightmare for owners of digital mediums. Even when red flags are being raised for brands as huge as Facebook, marketing leaders choose to continue ingesting a substantial chunk of dollars for paid advertising. Main reasons? Increasing revenues and proving to stakeholders that marketing is a critical cog to aid the enterprise’s engine to run smoothly. Other reasons are bolstering brand value gaining new business.

4.    Workhorses

Tech watchers are going gaga over emerging technologies such as ABM, AI, ML, Programmatic and Native among many others. Even then, CMOs spend a whopping 25% on workhorse technologies such as email, organic search, paid search, etc. So why do marketing leaders continue to invest in these technologies that belong to a prior phase of MarTech evolution? Here are the reasons:

  • These channels are easy to measure for ROI
  • Easier to groom in-house talent to operate workhorse technologies
  • Easier to prove the effectiveness of these channels to stakeholders compared to newer, impactful but complex technologies

Workhorse technologies still work, and really well!

5.    Innovation

Innovation is a major focus area for the CMO. According to 9 percent of the CMOs surveyed, innovation will be vital in enterprise growth over the coming 18 months. And they are right — the business eco-system overall is flux. Disruptions, changing consumer behaviors, M&As, and so many other factors are ensuring that it is difficult for enterprises to run their business. Hence, innovation automatically becomes the fallback element of every enterprise.

Also Read: Interview with Peter Isaacson, CMO, Demandbase

To confirm the growing importance of innovation, now, 63% of CMOs confirm that their spend on innovation will only grow in 2019.

Speaking about innovation, Jeff Nolan, CMO, Kahuna, said,

Jeff Nolan
Jeff Nolan

“Modern marketing is increasingly centered on data science, and if we accept that premise, CMOs will spend big on AI. The underlying neural networks are services now. It is the training model and ability to ingest massive amounts of data, which is generated by your systems but increasingly purchased from other vendors, that is the critical element in these initiatives. I am in a B2B market, so what I’m looking at are technologies that give me deep perspective on funnel and pipeline. I want to be able to look at my demand gen activities holistically but then down to increasing granular cohorts that I can gauge for the probability to close, or not.

This is important for me because this will give me insight into where I should be focused, which then guides strategy and tactics. Where existing analytics solutions come up short is that they start with a premise of “this is good, do more of it,” which leads to unnatural bias that gets increasingly narrow in scope, and then misses the opportunities that emerge that are outside of the static scoring models. Basically, I need a really intelligent system that is capable of generating human insights on data across a portfolio of groupings and metrics.”

Marketers nowadays employ a hybrid marketing strategy for their campaigns. Here the hybrid model will mean sticking to the core marketing tactics and methods while embracing and applying newer technologies. But as discussed before, Chief Marketing Officers’ abilities do not really match up to their ability to innovate. The survey is indicative though marketers want to change and be more matured and absorb innovation.

6.    Customer Experience

The start-up culture is going full throttle. Newer companies that offer innovative, cutting-edge and problem-solving technical capabilities are being founded in multitudes. This has given rise to stringent competition and made it harder for businesses to better serve their existing customers and gain newer ones. From a customer standpoint, their expectation from a brand about how they want to be treated has skyrocketed.

Spending on Customer Experience (CX) has been picking up speed from the past several years. According to the survey concluded, it will see a good amount of CMO spend over the coming one and a half years. CMOs that were a part of the survey have declared that they will be spending 18% of their budget on Customer Experience.

7.    Personalization

Personalization is an extension of existing enterprise efforts towards providing a maximum positive customer experience. CMOs are spending an average of 14.2 % of their budgets on personalization efforts. The interesting element here is that double-digit spends are common across industries. The spending is critically invested in gaining deeper insights into the accumulated customer data.

Richard Black, CMO at Aki Technologies, said,

Richard Black
Richard Black

“I think brand CMOs will continue to increase their spend on the media that actually works. These days, mobile is no longer a place to test; it’s where a brand has to be because consumers have their devices with them all day long. Eyeballs are always on mobile.

So, smart CMOs will look for tech that helps them optimize and maximize the impact of mobile dollars so they reach people when they are most receptive to marketing messages. AI developments will help there. And, of course, video can make mobile creative even more impactful. OTT is another area that I see spend increasing with better and better content coming through and more eyeballs heading that way.”

Considering GDPR, marketers need to be careful about not pushing too much in their efforts to obtain data. This might just completely drive away consumers. Marketers may have dollars and data but there is an atmosphere of uncertainty pertaining, where marketers must tread cautiously. Marketing leaders need to develop fool-proof strategies taking into account the current market and consumer complexities.

Clearly, 2019 seems to be the year for innovation and customer experience with statistics pointing at a maximum spending in these spheres. The survey also speaks of changing patterns of marketers towards their perspective on the whole marketing operations stream. Typically, to gauge marketing performance, businesses have a fixed set of KPIs that are crafted around ROI and customer satisfaction. However, marketers are adamant that they would want to design their campaigning around brand awareness.

Andrea Lechner-Becker
Andrea Lechner-Becker

Here is Andrea Lechner-Becker, CMO, LeadMD, with the parting note:

“I think they’ll spend on technology. But I wish they’d spend on headcount and training. Marketing teams, regardless of size, are missing core and important skill sets. We have not educated marketers well at the collegiate level in a decade. The pace of change in marketing is too fast to go to a conference or webinar here or there and maintain the ability to be “good” at your job.

Technologies I’m looking at… I’m obsessed with B2B data right now, or the lack of great data. I want someone to fix the buyer insights data problem for me.”

Recommended Read: TechBytes with Josh Martin, Sr. Director, Product Marketing, Brightspot CMS

Protect Yourself Against Social Security Identity Theft

Retirement The PBS website for grown-ups who want to keep growing

By Amy Zipkin, Freelance Writer and Journalist, Next Avenue Contributor and Contributor to Forbes
Jan 17, 2018, 01:11pm

Last fall, after the Equifax breach, Jim Borland, acting deputy commissioner for communications at the Social Security Administration wrote a blog post on the agency website headlined “Protecting Your Social Security.”  He said: “A my Social Security account is your gateway to many of our online services. Create your account today and take away the risk of someone else trying to create one in your name, even if they obtain your Social Security number.”

I took Borland’s advice, since anyone 18 or older with a Social Security number, an email address and a mailing address can open a mySocialSecurity online account and maintain it for decades before claiming benefits. But fewer than nine months after I opened the my Social Security account, I received an unexpected email from the Social Security Administration. It said: My account was being deactivated at my request.

Why Was My Social Security Account Deactivated?

I was mystified since I hadn’t contacted the agency. And no one else had access to personal details to change my password. So I called the next morning and requested a direct deposit block on my Social Security account to prevent any additional suspicious activity. (Even though I don’t collect Social Security benefits yet, a block offers two apparent safeguards: It prevents changes to direct deposit information through a financial institution or through the Social Security site. And it prevents someone else from changing my mailing address through the Social Security site.)

Also on Forbes:

I also asked the Social Security Administration to notify its Inspector General about suspected fraud.

Then I tried to find out what happened.

The U.S. PIRG (Public Interest Research Group) website offered a possible clue. “With full name, birth date and Social Security number a thief can try to open a  my Social Security account in your name and change your direct deposit information to his or her checking account.”

It continued, “Coupled with other information that can easily be found online such as place of birth, a thief can try to claim your benefits over the phone.”

The Rising Trend in Compromised Social Security Accounts

My compromised account, it turns out, was not alone.

In its 2018 Identity Fraud Report, the Javelin Strategy and Research firm found nearly a third (30%) of U.S. consumers were notified of a breach in 2017, up from 12% in 2016, to the tune of $16.8 billion dollars. And for the first time, Social Security numbers were compromised more than credit card numbers in breaches. What this means, according to Javelin, is that 35% of individuals who were notified that their personal information was involved in a breach in 2017 had their Social Security numbers compromised.

One reason Social Security number theft is up: scammers seem to have shifted tactics. “Over the past couple of months, our helpline has received fewer reports of the IRS scam [a con artist pretending to be from the Internal Revenue Service, demanding money] while complaints about scammers impersonating the Social Security Administration have been on the increase,” said Amy Nofziger, an AARP expert on frauds and scams.

“I am aware advisories have been put out for consumers to beware of impersonation schemes,” said Mike Litt, Consumer Campaign Director at U.S. PIRG based in Washington, D.C.

How to Safeguard Your Future Social Security Benefits

How do you safeguard your Social Security benefits if you are months or even years away from collecting them?

Perhaps its counterintuitive, but experts recommend signing up for a my Social Security account and closely monitoring it.

The way to do that, says Mike Litt, consumer campaign director at U.S. PIRG, is by logging into your Social Security account regularly and checking your personal information, such as your address or date of birth. If you see changes to the information you entered when you opened the account or information that doesn’t belong to you, contact the Social Security Administration (800-772- 1213 or by email: https://secure.ssa.gov/emailus).

“It may mean someone has tried to claim your benefits, perhaps by telephone,” Litt said.

To report possible fraud or identity theft, Nofziger suggests casting a wide net. “The more reporting entries the better,” she said. Besides the Social Security Administration Office of the Inspector General, the Federal Trade Commission and the Senate Select Committee on Aging fraud hotline 800-303- 9470 are options. (Note: The Federal Trade Commission is currently closed due to the lapse of government funding.)

If You Have a Password Problem

The Social Security Administration says that if you have password problems with your my Social Security account, call Social Security and answer “helpdesk” when the auto prompt asks the nature of your call.

The Social Security Administration uses Equifax credit reports for personal identification verification. “If a person has a security freeze, fraud alert or both with Equifax, a my Social Security account could not be created,” the agency said in an email.

While reporting this story I checked back with the Office of the Inspector General to find out why my account was closed without my authorization. “Due to privacy and law enforcement concerns, we cannot comment on any investigative action we take on the allegation going forward,” communications director Andrew Cannarsa wrote in an email.

After checking my credit report and making sure it was accurate, I then opened another my Social Security account. The block is still in place and Social Security sent me a confirmation. But if I call to request direct deposit or mailing address agencies, the agency said, I may be asked to visit my local Social Security office to confirm my identity.

—————————————————–

America is in the midst of an age boom and with it, an amazing transition. In general, those over the age of 50 are expected to live longer than any previous generation. Enter NextAvenue.org, a public media website devoted to the aspirations and concerns of grown-ups who …

Next Avenue is public media’s national journalism service for America’s booming 50+ population. Part of the PBS system, Next Avenue’s daily content delivers vital ideas, context and perspectives on issues that matter most as we age.

 

Where Tech Is Taking The Mortgage Lending Consumer Experience

 

By Maxime Rieman, Forbes Councils – Forbes Business Development Council, CommunityVoice.
Contributor and Product Manager at ValuePenguin (now Maxime Croll since the original publish date of her article)
May 22, 2018, 07:00am

For some time, advances in digital technology have been driving change in customer acquisition and experience in practically every sector of the economy. Among these, the mortgage industry appears ready for some of the most sweeping updates, particularly with regards to their sales approach and process. New tools like online user platforms and machine learning will make it easier for lenders to guide borrowers through the origination process and discover additional opportunities within the data they collect from loan applicants.

By the third quarter of 2017, outstanding mortgage debt for one- to four-family residences in the U.S. surpassed $10.5 trillion. While the industry hasn’t recovered all the ground it lost a decade ago in the financial crisis, home prices and the volume of originations have been trending upwards for the past several years. Despite these indicators of high demand, mortgage lenders still face a number of technical problems in delivering their services.

These problems typically have to do with the time-consuming complexity that plagues borrowers and lenders throughout the loan origination process. According to findings published by the Federal Housing Finance Authority, 18% of home loan applicants were forced to redo their paperwork in 2016, while nearly 24% ultimately had their closing dates postponed.

While the report goes on to note that borrower satisfaction with the closing process remains fairly high, the numbers also reflect diminishing levels of satisfaction among younger applicants. As more and more tech-conscious millennials enter the real estate market — and mortgage interest rates continue to rise — mortgage lenders will find themselves judged more heavily on the basis of usability and convenience.

To that end, lenders have already begun implementing technology to speed up mortgage origination. Where traditional mortgage lending relies on paperwork, innovators in the space have established an agenda to digitize the process from start to finish. Current efforts focus on two broad areas: streamlining the loan experience for consumers and improving the management of data required in underwriting mortgages.

Smoothing The Borrower Experience

The most visible sign of tech in lending is the growing adoption of online mortgage platforms, which allow users to apply for a mortgage without having to meet or call a loan officer. Giving customers the ability to upload documents and manage applications on their own schedule reduces the time and cost required for each origination.

A monthly survey of home loans from mortgage software provider Ellie Mae found that it took an average of 41 days to close a mortgage in March. Lenders that have moved towards online originations in an effort to reduce that number. Quicken Loans, the largest mortgage lender in the nation, claims an ideal closing time of 30 days for users who go through the company’s digital lending platform assuming no delays arise.

By offering customers faster closing and greater insight into the process, lenders like Quicken not only create a more convenient experience but also lower costs. Due to the role of subprime mortgage lending in the 2009 financial crisis, stricter regulations have driven up the cost of originating home loans. Production expenses hit $8,475 per loan by the end of 2017 — the second-highest in nearly a decade of quarterly reporting (purchase required) by the Mortgage Bankers Association (MBA).

Not all of these costs are passed on to customers, but some eventually find their way into the closing fees that borrowers must pay upfront. Mortgage lenders have turned to reducing these expenses by automating parts of the underwriting process. Beyond giving users a faster way to submit their details, this effort also includes the use of machine learning to verify and track information. The resulting cost savings translate into more affordable loan fees for the borrower.

The costly manual effort required to gather credit reports, property details and other personal data naturally invite greater investment in technology-based solutions. However, increased automation could potentially help mortgage lenders in more ways than one. Not only can lenders use data technology to handle customer information more efficiently — they can also use it to find new ways of analyzing and acting on that information.

Big Data And The Mortgage Backend

In April, the MBA hosted its annual Technology Solutions Conference & Expo, where participants from across the mortgage industry gathered to discuss the new ways in which lenders and service providers could benefit from developing technologies. Aside from discussing improvements to user experience, the conference touched on possible ways of drawing actionable conclusions from the mass of data that lenders collect throughout the loan process.

While the immediate area of focus for most lenders is to emulate and iterate on Quicken’s successful innovations in customer experience, the potential applications of machine learning are just as significant for work that takes place behind the counter. Machine learning algorithms could help lenders identify hidden trends in borrower data in order to market products and support customer needs more efficiently.

However, such programs are only as objective as the data that they learn from. This makes it critical for mortgage providers to guard against human biases creeping into its new data tools. The risk of data theft — starkly illustrated by recent fiascoes at companies like Equifax — is another major topic of concern, as mortgage lenders seek to leverage their deep involvement in consumer information.

The outsized growth of digital technology carries both opportunity and risk in every business, but mortgage lenders have more at stake than most. With a soaring economy and a housing market in which the main problem is the inability of supply to meet demand, there should be no shortage of aspiring homeowners in search of financing. It remains to be seen which companies and solutions will determine the shape of the mortgage industry.

———————————–

Maxime Rieman works at ValuePenguin, a company focused on educating and assisting consumers with insurance and other financial products.

Forbes Business Development Council is an invitation-only, fee-based organization for senior-level sales and business development executives. Find out if you qualify at forbesbizdevcouncil.com/qualify. Questions about an article? Email feedback@forbescouncils.com

« Older Entries