- If Apple, through a programming glitch, has the ability to allow someone to use your iOS device as a microphone to listen to your conversations without you even touching the device or knowing it was in use, then Apple can do the same thing through purposeful programming.
- If Apple can use programming to access your microphone, then it can also access your camera the same way.
- If Apple can do this, so too could nation states with sufficient access to the programming (If you doubt this, read this story of UAE hackers).
- If Apple and nation states can do this, so too can criminal hackers, with sufficient access. (Tuma explains more about this on WIOD in Miami, FL)
For decades our whole society has enjoyed the benefits of technology without accepting the responsibility of guarding against the privacy and security risks that go along with it. We have taken those things for granted and now it is time to pay the piper and become more responsible by being more cyber aware and using good cyber hygiene.
This is not just for the companies that provide this technology and collect and use our data. This is for all of us — we the people must learn to protect ourselves against these risks. (Tuma explains more about this on WJIM in Lansing, MI)
Here are a few points to consider to think about how we can do this:
- There is no such thing as 100% security when it comes to technology or data. There is always some measure of risk involved in the cyber realm.
- As you go through your day, imagine someone is listening and watching you through your telephone and think about what aspects of your private and business life you are unecessarily exposing through the technology and data we use.
- This isn’t intended to be alarmist and suggest that you purge all technology from your life, however, there are ways to minimize unnecessary risk:
- Do you really need your telephone in the private places you go, like your bedroom or restroom?
- Do you really need to share your company’s deepest, darkest secrets in an email when it could have been done in person?
- Do you need to have your telephone sitting on the table when you are discussing extremely sensitive private personal or business information, or, would that conversation go just as well (or even better) without the telephones?
“We’re going to start hearing stories now of people who had sensitive information revealed.” @shawnetuma explains the implications behind the recent glitch in @Apple’s FaceTime on #FOXNewsRundown https://t.co/UrjQiWWAEt
— FOX News Radio (@foxnewsradio) February 4, 2019
The most likely “cyber attack” that your company will face will come in the form of an email. One of the most common forms of email attack is the business email compromise (BEC) and the most popular time of the year for the W-2 version of BEC is right now — tax season.
Read the full blog post to make sure you and your company are equipped with answers to:
• What is a W-2 BEC Attack?
• How Do Attackers Use the W-2 Information?
• Why Do So Many of These Attacks Happen During Tax Season?
• What Can You Do Now to Protect Your Company?
• What To Do if Your Company is Hit by this Attack?
Are you at IAPP – International Association of Privacy Professionals P.S.R. #PSR18 in Austin? If so, please come to our Thursday 10:30 – 11:30 session on Vendor Risk Management: Maintaining Relationships While Limiting Liability in Lone Star Ballroom A, Level 3. It should be great as I get to be with great panelists Tami Dokken and Melissa Krasnow and we will have Mark Smith as our moderator.
While you’re there pick up your copy of Bloomberg BNA’s Domestic Privacy Profile: Texas!
If you can’t make it, here is a link to the .pdf (hey, I know people!).
Cybersecurity is a team sport and many people within a business must work together to help effectively manage their businesses’ cyber risk. In-house counsel plays a critical role in this process. A recent Law360 article (subscription required) identified the following key things they can do:
- Develop, implement, and table-top test an incident response plan
- Advise executives on their ethical obligations (and make sure to mention insider trading on knowledge of cyber incidents)
- Have an awareness of applicable laws and regulatory standards
- Understand and help manage third-party risk from vendors and business partners
I am adding one more because it is critical: Ensure the business has appropriate cyber insurance to address its unique risks.