5 Basic Digital Privacy Tips for the Average Person

As interconnectedness and personalized browsing experiences have become the norm in today’s society, our lives – increasingly impacted by our digital footprint – have become less private.

The right to digital privacy has been a slow growing movement, and its biggest marker was the General Data Protection Regulation that affected the EU. It was a legislation that marked digital privacy as a right, not a privilege, and companies all over the world scrambled to make sure they met compliance requirements. Now, for users in the EU, the internet has become a more transparent place for how information can be used or accessed. But, of course, it is still a work in progress.

Digital privacy is a massive topic that can be very easy to get lost in, especially if you’re new to to it. However, you don’t need to be a security expert nor do you need any particular reason to bolster your privacy on the internet. So, here are some simple security pointers for the average web user:

1. Keep your OS updated

The first thing you will want to do on any device is to make sure that it’s updated. As annoying as the notifications can be, they’re there for a reason– updating is important, and not staying on top of them could mean your device has a critical security vulnerability. So whether it’s installing the new macOS update, iOS 12, or Windows update, etc. just make sure that you take the time to do it, or set up your device to update automatically (usually configurable in settings).

2. Be mindful of Public WiFi networks

Public WiFi and open networks are notorious for security vulnerabilities, and connecting to one could pose a risk to your information. While it’s better to avoid connecting to them at all, sometimes you need to, so if you do, here’s some steps you can take. First, you’ll want to make sure that you turn off network sharing (usually preferences can be found in wifi settings on your computer). On Windows devices, you can also make sure you have Windows Firewall enabled.

When browsing connected to a public network, it’s best to avoid anything sensitive, such as banking. You should check to make sure that what websites you navigate begin their web address with HTTPS, as well.

3. Use a secure web browser

Make sure that you are using a secure web browser. Mozilla Firefox and Google Chrome are some good choices depending on what you want. If your priority is maintaining as much privacy as possible online, Firefox is better as it has more options for privacy and security. It is also the more lightweight program of the two, which would run more smoothly on computers with less RAM.

Google Chrome is also a comparatively secure option in terms of protecting you from malicious websites, however it is less private as a lot of data about your internet usage goes to Google. That may be a positive or a drawback to you depending on your priorities – if you want privacy, it’s not so great, but if that’s not extremely important to you and your computer is equipped to handle Chrome’s resource demands, then it’s a solid choice as well for speed and reliability.

In either browser, make sure you take the time to navigate to the Privacy and Security settings and adjust them to your preference. Some of the settings you can choose are to clear your browsing data/history, unselect the option to send usage statistics to the company, enable Do Not Track requests, etc.

Additionally, you can install an ad blocker extension/addon, such as uBlock Origin, in both browsers that serve as an additional line of defense against unwanted scripts running on websites that you visit. This can be easily obtained for free through the Chrome Web Store or Firefox Addons.

4. Secure your social media profiles

One common mistake that people make on social media platforms like Facebook and Instagram is that they have their profiles set to public. This means that anyone, anywhere can view your profile and all the content on it. This is great for a business page, but maybe not so much for your personal profile.

Every big social platform has privacy and security options. These can usually be found in the settings menu, where you can navigate to the relevant sections to adjust what you want to be seen. On Facebook, you have full control over who can see your posts and friends lists, as well as whether you can be searched by your email address or phone number.

Location settings – especially in mobile apps – are important to adjust as well. Snapchat is a big one for this, as people on your friends list can observe your location in real time through the Discover function unless you have disabled this feature and turned on “Ghost Mode.”

5. Consider using a VPN

Finally, if you want to take your security one step further, you can look into getting a VPN — that is, a virtual private network. VPNs have significant privacy advantages by encrypting your connection and acting basically as an intermediary between your device and the internet. They mask your IP address, which is basically as telling in the digital world as your home address is otherwise. The VPN works by routing your traffic through its own servers, and gives you the option to appear to be from any location of your choosing.

But since you are relying on the VPN in this way, it’s important that you get a trustworthy one, such as F-Secure Freedome. Most free VPNs are unreliable at best or actively malicious at worst.

Overall, online security and privacy is what you make of it. But these simple steps will at least ensure that you’re going in the right direction. For more in-depth information on the topic, be sure to follow @CentryCyber on Twitter.

This article was written by Kristina Weber of Centry Global. If you would like help or have questions, feel free to contact us via email at info@centry.global! Be sure to subscribe to Centry Blog for original bi-weekly articles relevant to the security industry.

Centry Opens New Office in Mexico City!

el-angel-de-independencia--mexican-landmark-552812595-59863bb2519de2001116a0d0

We are pleased to announce the expansion of Centry Global to Mexico!

Our new office is now open, located on the 17th Floor Torre Magenta, Paseo de la Reforma 284, Colonia Juarez, Distrito Federal, Mexico CP 06600.

new office.PNG

As an international security company, our work takes us across the world. With the opening of this office, we are now able to better serve our clients in the region.

At Centry, our focus is to develop long-term, communicative working relationships to provide you with the best resolutions to your security challenges. While our combined expertise primarily revolves around security and risk management, you will find among our ranks professionals in corporate and private investigations, fraud control, and experts in programming, software development, and more.

We look forward to meeting and working with more clients across Mexico. Please don’t hesitate to contact us!

📧 info@centry.global 📱 +52 55 4739 2665

 

GDPR: Day One

The European Union’s General Data Protection Regulation (GDPR) officially went into effect today. The new regulation exists to give citizens of the EU control over how their data is used. It’s extensive and comes with the promise of harsh fines if non-compliant companies experience a data breach.

Centry’s GDPR Guide, shown on the popular webcast This Week in Law, breaks down the who/what/when/where and why of GDPR for those who want a quick briefing of what this means and why it’s important.

Now, on day one, we are observing the first ripples in the pond of this new policy. Already, BBC has reported that some US-based news websites are unavailable in Europe as the new regulations have come into effect. Some of these include the New York Daily News, LA Times, Chicago Tribune, Orlando Sentinel, and Baltimore Sun.

The above news sites are part of the Tronc media publishing group. Others under Lee Enterprises have been similarly affected. Freelance developer Owen Williams created a blog called GDPR Hall of Shame to provide a tongue-in-cheek illustration of the blunders some companies have made as they have taken the first steps of navigating the ruling.

One of the worst offenders is the social media/micro-blogging platform Tumblr, which requires users to manually deselect more than 300 boxes to prevent each entity from utilizing their data. There is no available option currently for mass selection.

Others are taking the change to data regulation in full stride. Microsoft has expanded their GDPR-compliant policy to protect all of their users, not just the ones based out of the EU.

If you have any questions or comments about GDPR, feel free to contact us on any of our social platforms!

For more content like this, subscribe to Centry Blog for weekly updates related to the security industry, cyber security, risk management, compliance, and global affairs.

GDPR & Consent

GDPR and Consent (1)

The deadline for compliance with the General Data Protection Regulation (GDPR) is approaching fast: May 25th, 2018 is when enforcement will begin.

Be sure to read Centry’s GDPR Guide for a concise, easy-to-read breakdown of what GDPR is and important details of what you need to know about it.

For any questions or comments, feel free to contact us at info@centry.global or on any of our social media outlets. We’re here to help you!

 

The Question of Privacy in the Smart-Tech Life

pexels-photo-267394

Smart-technology, wearable or otherwise, is undoubtedly a luxurious convenience. With products ranging from Fitbit for keeping track of your health to voice-activated vehicle consoles to home improvement and more, the market for this tech is seemingly limitless.

So how does this compromise your privacy?

Josh Lifton, CEO of Crowd Supply, said in a TechRepublic article: “…we’re entering this world where everything is catalogued and everything is documented and companies and governments will be making decisions about you as an individual based on your data trail…”

The European Union answered this question by issuing the new General Data Protection Regulation (GDPR), which bolsters the rights of individual data privacy, ensuring people have the right to know how, when, and where their personal information is used.

While it might not always be a bad thing for organizations to collect information about you, it’s important that those details don’t fall into the wrong hands.

The main concern among security experts when it comes to smart devices like Amazon Echo and Google Home is the degree to which they’re listening. Obviously, they are listening for the voice-activated commands the user might say. But if you own Alexa and have ever had it interrupt you when you weren’t intentionally speaking to it, you might wonder about what else it’s listening to?

Recently, an array of Bluetooth flaws that affect Android, iOS, and Windows devices were discovered in millions of AI voice-activated assistants, including both the Amazon Echo and Google Home.

The Blueborne Exploit is the name that has been given to the attack that takes advantage of these vulnerabilities, allowing external entities to run malicious code, steal information, and otherwise assume control. What is more threatening about this is that it does not require targets to click any links or fall for any other phishing scams; it can just assume control. Moreso, once an attack seizes one bluetooth device on a network, they can infect any other devices on the same network.

While both companies have since released patches and issued automatic updates for their products, it certainly serves as a cautionary tale to be mindful of what you say and do around these devices.

Wearable smart watches like Fitbit and jogging apps on smartphones run into their own security issues, which readers may have observed recently in the news, after a heat map of jogging and cycling routes released by Strava identified dangerous details of US soldier in war zones in the Middle East.

Overall, as much as it can be a minor inconvenience to do so, it is important that users don’t blindly press ‘accept’ on privacy terms for these apps and gadgets, and instead take the time to review how their information is collected and used. Such insight could lead to foresight that would ensure turning the relevant devices off in situations where that is appropriate.

This article was written by Kristina Weber, Content Supervisor of Centry. For more content like this, follow @CentryLTD on Twitter!

2018 World Economic Forum Highlights

davos_2018_2018125112752

Each year, world leaders, economic experts, industry leaders, celebrities, and other keynote speakers gather to meet in Davos, Switzerland for the annual World Economic Forum. The official program lasts for five days and features more than four hundred sessions, which center discussion around key issues of global relevance, such as globalization, markets, international conflict, environmental issues, etc.

As of today, January 26th, the 2018 forum just wrapped up.

With the immense volume of information, it can be difficult to get a handle on everything that was discussed. As such, we’ve put together some of the big bullet points here for your leisure:

  • India’s Prime Minister, Mr. Narendra Modi, listed his three greatest threats to civilization: terrorism, climate change, and reactionary backlash to globalization.
  • The German Chancellor, Ms. Angela Merkel, stated that global multilateralism has come under threat, as populist movements sweep through countries.
    • Upon this point, Mr. Emmanuel Macron, the President of France, voiced his enduring support for Europe, stating that France would not succeed without greater European success.
    • Although Brexit may come to mind on the point of Ms. Merkel’s statement of deteriorating multilateralism, the UK Prime Minister – Ms. Theresa May assured attendees of Davos that the United Kingdom would remain an advocate of global trade, with plans for bilateral deals with countries worldwide.
  • United States President, Mr. Donald Trump, discussed the state of the US economy, saying that “America First does not mean America alone,” in the context of the thought that as the United States grows, so too will the rest of the world.
  • Alibaba founder Jack Ma spoke about the IQ of love – a subject that we have discussed previously on Centry Blog.
  • The International Monetary Fund raised its forecasts for global crown in 2018 and 2019 to 3.9%, in the wake of the impact of the recent US tax reforms. These new estimates are 0.2 percentage points higher than the IMF’s previous projections in autumn of 2017.
  • Google CEO Sundar Pichai emphasized the importance of artificial intelligence, saying that despite the risks, the potential benefits of it could not be overlooked.
  • China’s three big movements for the future, as outlined by Mr. Liu He, will be: alleviating poverty, preventing major financial risks, and reducing pollution.

In light of the Davos forum, the WEF released this year’s risk report, outlining ten significant risks in terms of likelihood and impact. See Figure 1 below.

It should be noted that within the top 5, just behind natural disasters, the threat of cyberattacks and data breaches pose a remarkable risk to individuals and organizations worldwide. For an additional perspective on the landscape of geopolitics on the cyber field, be sure to read our article on how Cyber is the New Cold War, written by Centry CTO Dave Ehman.

For more content like this, follow @CentryLTD and @CentryCyber on Twitter!

Centry’s GDPR Guide

europe-3220208_960_720

What is GDPR?

The General Data Protection Regulation (GDPR) is a broad set of rights and principles, enacted into law by the European Union to ensure the protection and use of personal data pertaining to EU residents. These regulations are extensive, featuring 173 recitals, 99 articles, and 160 pages, and they will be enforced with teeth.

When will it be implemented?

The EU enacted GDPR on May 24th, 2016 and enforcement of it will begin on May 25th, 2018. Companies that are not compliant with the regulations by May 25th, 2018, and experience a breach of personal data, can expect to face steep fines, i.e. up to 4% of global revenue or 20 million Euro (whichever is higher)!

What does it affect?

  • Any organization that stores or processes personal information about EU subjects, including non-EU entities.
  • Any company that has a presence in an EU country, either by offering goods and services to or monitoring the behaviour of EU citizens.
  • If a company does not have a physical presence in the EU, but processes the data of EU subjects, it will still be subject to GDPR.
  • Large companies
  • Small-medium enterprises are affected if they conduct data processing that impacts the rights and freedoms of data subjects, or if it includes non-occasional sensitive personal data.

Data, Processes, & People

Data refers to any information that your business uses, processes, stores, or needs. Some things you would expect to see on this list are:

  • Customer data
  • Employee information (current & former)
  • Orders
  • Inventory
  • Financial Information
  • Documentation

But there are other things that you may not expect to qualify, such as: vendor lists, certifications, access to resources and credentials, physical access, unstructured [big] data, logs, etc.

Personal data includes any information relating to an identified or identifiable natural person. An identifiable person is one whose identity can be determined either directly or indirectly by reference to an identifier. Keep in mind there is a difference between personal data and sensitive personal data, where the latter corresponds to anything relevant to religious beliefs, sexuality, etc.  Sensitive personal data is protected to higher standards, and breaches are subject to larger penalties.

Processes refer to those that are critical to the business, such as:

  • Customer communications
  • Metrics
  • Relationships
  • Reputation
  • Social Media
  • Supply Chain & Materials
  • Industrial Controls
  • Power/Cooling
  • Physical Access & Trade Secrets

Finally, consider the people who are responsible for business operations, and what they have access to. For example, evaluate the following:

  • Current and former employees
  • Executives
  • Contractors
  • Partners
  • Suppliers
  • Customers and Potential Customers
  • Other

What are the goals of GDPR?

GDPR asserts that the protection of data privacy is a fundamental right. These regulations will give control back to the citizens and residents of the EU over their personal data. Furthermore, they will simplify the regulatory environment for international business, by unifying regulations across the EU.

Key Elements

  • Transparency for data subjects – meaning the people whose data is collected should be able to find out what the data is collected for, its purpose, who has access to the data, and how long the data lives in the system. Furthermore, they should be able to verify, correct, export, move, and erase their data as easily as it was provided in the first place.
  • Privacy by design, which minimizes data collection and retention, whilst gaining consent from customers.
    • This includes having a valid basis for processing personal data – it should answer the question of why the data is being processed, and what right does the company have.
    • Consent must be clear, precise, and understandable. It cannot be pre-set. It should also be just as easy to cancel the consent as it was to grant it to begin with.
  • Data Protection Impact Assessments (DPIA)
    • For certain data, companies will have to evaluate the risks to privacy (in advance).
  • Right to erasure and to be forgotten
    • Citizens have the right to request that companies erase personal data and inform them how long they will store the data.
  • Extraterritoriality – GDPR applies even if a company does not have a physical presence in the EU, but collects data about EU subjects.
  • Breach notification requirements to both data authorities and persons affect
  • Steep fines for non-compliance

Centry can help!

For any questions or comments, contact us at info@centry.global or @CentryCyber on Twitter!

This article was written by Dave Ehman and Kristina Weber of Centry LTD.