by Felicien | Mar 15, 2018 | Education
My husband and I our local football team. We’ve been die-hard fans since we were children. And as season ticket holders, we rarely miss any home games. However, the last game was a nightmare for me. Not because the my team played poorly, but because my phone got hacked.
I used the public Wi-Fi at the stadium to purchase a tee shirt for my granddaughter. Of course, I had to key in my credit card number like I always do. But, because I was using public Wi-Fi, my card number was revealed and stolen. I didn’t find out until my statement came through with charges for items I never purchased. Luckily, I was able to file a claim with VISA, so I didn’t have to pay for the false charges. They canceled my card and issued me a new one. However, now I wonder what else the hacker found.
I learned my lesson. I’ll never use public Wi-Fi for shopping or anything else that could jeopardize my privacy. I also did some research about using public Wi-Fi. This is what I learned.
When using public Wi-Fi, you should only send information to websites that are fully encrypted. Most Public Wi-Fi hotspots don’t encrypt the information you send over the Internet and aren’t secure. A secure wireless network encrypts all of the data you send over that network. Public Wi-Fi doesn’t. Encryption keeps your personal information secure when you’re online. It scrambles the data you send over the Internet into a code so others can’t view it. Don’t send you confidential information over public Wi-Fi unless the website you’re visiting is encrypted. An encrypted website protects the information you send to and from that site.
Whenever you send an email, share photos and videos, or use social networks over unsecured public Wi-Fi your information can be exposed. Wow, I didn’t know this, did you? I upload photos to Facebook all the time using public Wi-Fi. And emails too! I’ll be very careful now to only do this over a secure Wi-Fi network.
The way to know that a website is encrypted is the https at the beginning of the web address. Sites with HTTP aren’t encrypted. Most banking sites use encryption to protect your information as it travels from your computer to their server. However, it’s important to know that some websites only use encryption on the sign-in page and not the rest of their web pages. If you provide confidential information on a page that isn’t encrypted your account can get hacked. So, make sure every webpage has https at the start of the web address.
Mobile apps don’t have an indicator like https, so you know that a website is secure. Another “Wow.” I never thought of this when accessing websites from my smartphone. I check for https when using my computer, but not when using my phone. Many mobile apps don’t encrypt information properly, so you shouldn’t use your mobile apps on unsecured Wi-Fi. If you want to use a mobile app to send confidential information, make sure you use a secure wireless network. You can also use your phone provider’s 3G or 4G data network.
If you use an unsecured network to log in to an unencrypted site other people using the same network can see what you’re entering. They can even “hijack” your session and log in as you! Evidently, the hackers have access to free tools to do this. They don’t need to be “computer geeks” to do this. They use these free tools to steal login credentials, personal information and even documents you send via email or messaging. Even worse, the hacker can use your accounts to scam other people on your contact lists. What a nightmare! I’ve emailed everyone I know to warn them that this might happen.
Remember to use two-factor authentication. This requires two pieces of information (a private password and code) before you can log in to your account. The best websites and services support two-factor authentication. This way, even if a hacker gets your password due to a security gap in public Wi-Fi, they still won’t be able to log into your account.
Make sure the public Wi-Fi name is legitimate. Hackers set up fake ones to trick you into signing onto their fraudulent site. The name will look similar to the real one. So, scrutinize the name and make sure you’re not signing onto a malicious network. If you do, your device is literally in the hands of the hacker. When I’m in a coffee shop or doctor’s office, I always double check with an employee to make sure I’m signing onto the right network.
The US Government’s Federal Trade Commission has some great info on how to protect your information when using public Wi-Fi. Here’s what they say you should know:
When using a hotspot, login or send personal information only to websites you know are fully encrypted. To be secure, your entire visit to each site should be encrypted – from the time you log in to the site until you log out. If you think you’re logged in to an encrypted site but find yourself on an unencrypted page, log out right away.
Don’t stay permanently signed into accounts. When you’ve finished using an account, log out.
Do not use the same password on different websites. It could give someone who gains access to one of your accounts access to many of your accounts.
Many web browsers alert users who try to visit fraudulent websites or download malicious programs. Pay attention to these warnings and keep your browser and security software up-to-date.
Consider changing the settings on your mobile device so it doesn’t automatically connect to nearby Wi-Fi. That way, you have more control over when and how your device uses public Wi-Fi.
If you regularly access online accounts through Wi-Fi hotspots, use a virtual private network (VPN). VPNs encrypt traffic between your computer and the internet, even on unsecured networks. You can get a personal VPN account from a VPN service provider. In addition, some organizations create VPNs to provide secure, remote access for their employees. What’s more, VPN options are available for mobile devices; they can encrypt information you send through mobile apps.
Some Wi-Fi networks use encryption: WEP and WPA are common, but they might not protect you against all hacking programs. WPA2 is the strongest.
Installing browser add-ons or plug-ins can help. For example, Force-TLS and HTTPS-Everywhere are free Firefox add-ons that force the browser to use encryption on popular websites that usually aren’t encrypted. They don’t protect you on all websites — look for https in the URL to know a site is secure.
I learned my lesson about using public Wi-Fi the hard way. I hope this information helps to keep you safe when online.
by Felicien | Mar 14, 2018 | Education
Phishing Season Is Here – Do Your Employees Know What To Look For?
Tax season is one of the most active times of the year for cybercriminals – without the right IT security support, your business could be an easy target.
It’s that time of year again – the CRA, tax agencies, and finance professionals across the country are once again urging everyone to be on the look-out for scams as they file this year’s taxes.
The most popular and effective type of cybercrime scam this time of year is phishing. Phone calls are made, and emails are sent to targets that appear to be from reputable sources in order to access and steal sensitive information such as passwords, account details, credit card numbers, social insurance numbers, and more. It doesn’t take as much as you may think for a cybercriminal to convince a target that they are a superior in order to persuade employees to give them money, data, or crucial information.
How Can You Pick Out A Phishing Call Or Email?
Effective IT security often comes down to simply knowing what to look for. The most recent trends and patterns in phishing scams include:
Phone calls from a “CRA employee” asking for personal information the agency already has on file.
Phone calls that advise that money is owed to the CRA and should be paid immediately using pre-paid credit cards or gift cards.
Emails that appear as urgent warnings telling recipients to update their online financial accounts as quickly as possible.
Emails that tell recipients to click a hyperlink and download important documents or contracts.
Emails that offer a tax refund once that recipient has verified their identity with private information.
In a nutshell? Cybercriminals will do whatever it takes to seem like they’re an official or familiar source. They will research you and your employees on social media, copy a superior’s email signature, scare the employee into action with a false sense of urgency, and more, just to get the recipient to act without thinking. Once the target has divulged private information, clicked a malicious link, or downloaded malware, the cybercriminal has won. This inevitably leads to extensive damage to the business where the recipient works, or to the recipient themselves.
How Can You Keep Your Business Safe?
So what’s the answer? What can the average business professional do to keep themselves and their company safe when criminals are employing sophisticated and sneaky methods designed to get targets to cooperate quickly? Your smartest move would be to educate and test your employees on your business’ IT security best practices and general cybercrime knowledge. Make sure they understand that they need to:
Stay Alert: No task is ever so urgent or so important that they can’t take the time to confirm the request first, especially if it involves giving out information or executing a potentially risky task.
NEVER Give Out Private Information: Entities like banks, government agencies, and the CRA will never under any circumstances contact anyone to confirm sensitive information. They already have your account numbers, social insurance number, and your passwords. If an email from a superior or external contact asks for that info, it is likely a scam, so always take the time to confirm the request by phone or in person, using contact information from a source other than the suspicious email.
Check Before They Click: Hovering your cursor over a link will show you where that link is actually taking you. Often, cybercriminals will send out what looks like the right link (www.YourBank.com), but when you hover over the link with your mouse, it actually will show something different (www.YourBank.2340937fvt5.com). If the two links don’t match up, do not click.
Check Up On Unexpected Email Attachments. If an email pops up from a familiar sender with an attachment that you weren’t expecting, call them or send them an email to confirm that they actually sent the file. Be sure to send a new email – if you reply to the suspicious one, you’ll be contacting the hacker, not your colleague.
All of this isn’t to say the security of your business falls entirely on your teams’ shoulders. As a business owner, you need to:
Invest In Advance Cybersecurity: Employee awareness may be a key component of good overall security, but that doesn’t make solutions like spam filters and firewalls any less vital. Tools like these can help keep dangerous emails out of your employees’ inboxes in the first place and protect your network from infections and intrusions that can compromise sensitive data and lead to thefts and fraud.
Enforce A Strong Password Policy: More often than not, employees choose to stick with passwords that are simple and easy to remember, which leaves them more vulnerable to hackers. Ensure that your staff is using passwords that include letters, numbers, symbols, multiple cases, and are at least 8 – 10 characters in length. Don’t just trust your employees to follow these guidelines; make sure they understand why you’ve put these policies in place, and that there will be consequences if they’re not followed.
Remember – cybercriminals keep going back to the same old tricks because users keep falling for the same scams over and over without ever learning from the experience.
Making mandatory network security education routine for your entire team – management included – has proven again and again to be the most reliable and effective way to stop a phishing attempt.
Don’t wait for another major scam or cyber attack to start making the rounds to decide it’s time to work on your staff’s cybersecurity awareness. The sooner you make scam and fraud awareness part of your company culture, the further ahead of the next phishing attempt your team will be.
Give us a call or email us to learn more about how these scams work, and what expert cybersecurity support can do to ensure you and your staff stay safe this tax season.
by Felicien | Mar 14, 2018 | Education
The Competition is Fierce in the World of Sports and Wearable Devices.
Wearable technology in sports is now commonplace as multiple teams and coaches look for ways to gain an advantage over their competitors. These wearable devices also allow non-professional athletes to track, monitor and improve their performance and well-being. Across all levels and types of sport, wearable device technology has a prominent presence, and it’s growing.
Sports teams are getting smarter. Their coaches and players have embraced wearable technologies to help them track and improve performance. Team coaches use the data from these devices to train athletes and to make tactical decisions. No longer do they have to rely on their gut instinct to coach a player. They now have hard data at their fingertips to improve their decision making. Wearable technology is now heavily ingrained into professional sports throughout the world.
As a result, the sports and fitness clothing market have quickly emerged as key industries “jump into the game” of wearable technology. Mind Commerce a research and strategic analysis organization for the Information and Communications Technology (ICT) industry, predicts that wearable technologies in sports and fitness will reach $9.4 billion globally by 2020.
Technology has changed both professional and amateur sports. Participants and coaches alike can make calculated decisions from metrics that can be taken into account and utilized. Although mainly used for performance monitoring, this wearable device technology is also being used to mitigate the risk of injury and player safety.
American Football: Today, improving speed and running ability requires careful analysis of technique, and the Sensoria Fitness Sock is designed to do just that. It’s sensor-filled sock, attachable anklet, and a smartphone app helps athletes and their coaches monitor running techniques. The sock contains e-textile sensors that measure speed, count steps and track calories, altitude, and distance. It also does something no other type of smart footwear does–track cadence, foot-landing technique and weight distribution on the foot. The electronic anklet snaps onto the sock and communicates real-time data to external devices like smartphones. And now, the NFL is now able to not only track their players’ performance via wearable devices but broadcast these stats to their TV viewers if they wish.
Baseball: Similarly, Major League Baseball has incorporated technology and data-based companies to help improve performance aspects for their players. The Whoop Strap 2.0 was approved by the league in 2017. The WHOOP device is designed to be worn day and night. It can be worn on various parts of the body, and it measures sleep, recovery, and strain. Before this approval, players could use these devices at any other time, but not during games. The sport’s playing rules committee recently approved two additional devices for use during games: The Motus Baseball Sleeve that measures stress on elbows and the Zephyr Bioharness that monitors heart and breathing rates.
Track and Cycling: Running and jogging are the most common form of cardiovascular fitness in the US today. However, a whopping 70% of runners, unfortunately, suffer from foot-related injuries. The team from Sensoria Fitness Sock hopes to help. Just like they do for football players the smart sock provides feedback that the runner needs. This comes in the form of audio when they’re running. It acts like a coach who analyses the way they take each step. If they exhibit heel striking or unequal weight distribution that can cause injuries, the runner is alerted. This way he or she can make corrections right away. Both professional and every-day runners and cyclists can benefit from this technology. Radar Pace, a joint effort between Oakley and Intel, developed glasses with earbuds attached to the temples that connect the athlete to their coach who advises them in real time about stride length and pace (for runners) or cadence and power output (for cyclists). And the Under Armor SpeedForm Gemini 2 Record Equipped shoe brings in the new era of the smart shoe with smaller sensors and batteries. Lumo Run gives all these a “run for their money” with their Running Coach that also provides audio feedback to help runners stay “on track.”
Basketball: At present, the National Basketball Association doesn’t allow the use of wearable technology during official games. However, when training, professional basketball teams are using them to track workloads and movement to prevent injuries. The Golden State Warriors’ record this last year serves as proof of the value that exists in data from wearable devices. They’ve gained a reputation for experimenting with wearable devices like the Catapult Sports and OmegaWave to assess a player’s functional readiness. Perhaps this is why the franchise has become one of the best teams in the league?
Winter Sports: Snowcookie is popular with skiers and was one of the finalists of the Make it Wearable Challenge by Intel. It’s a project from a Polish team to help improve skiing skills that utilize an Intel Edison to compile and process the massive data that skiers generate. Snowcookie connects skiers to a network of distributed devices that can improve skiing performance. The result is a better, safer, and more connected skier.
Water Sports: For all you “water babies,” Wearable Tech has rated the best fitness trackers for water sports. Some of them include the Nokia Steel HR, the TomTom Spark 3, Garmin Vivoactive 3, Fitbit Ionic, Fitbit Flex 2, Moov Now, Samsung Gear Fit2 Pro, Misfit Shine, and Apple Watch Series 3. They also rated these devices based on how much pressure they can withstand (not how deep they can go).
Wearable devices have demonstrated great success for any athlete who needs feedback on performance. They also hold great promise in minimizing sports-related injuries and helping to provide not only training but recovery platforms. The number of professional and consumer fitness devices that are available is growing every day. Today there are more than 300 wearable fitness devices on the market. Not only is the competition fierce when it comes to sports, but it’s also growing more so amongst the companies that market and sell these devices. This is good news for all of us. Having more choices is always a good thing!
by Felicien | Mar 14, 2018 | Education
Amazon’s virtual assistant is designed to support home and office automation, maximize efficiency and save user time and money. Can Alexa’s automation of professional processes translate into profit – and conquer the business world?
It’s no surprise to most consumers that Amazon loves integration and automation. After a successful “dabble” in a shipping membership, its Amazon Prime service now estimates 80 million users and generates $6.4 billion in annual revenue. After test markets proved successful with both Amazon Prime Now, expediting delivery on specific Amazon Prime products to within a two-hour window, and Amazon Fresh, a home delivery grocery service, Amazon’s acquisition of Whole Foods seemed a logical next step to offer consumers a one-stop shop for most purchases.
Simultaneously, the expanding Amazon Echo product line-up aims to help consumers with artificial intelligence-based home automation solutions.
“Alexa, order more laundry detergent…”
“Alexa, set a timer for 15 minutes…”
“Alexa, what is the weather supposed to be like today…”
Alexa is happy to call another Echo product by looking through your contacts to find who has an Alexa-enabled device, or to command your Roomba to start a clean cycle. A whole-house Sonos audio system will set you back a few thousand dollars, but a couple of Amazon Echo devices will cost you a few hundred dollars by comparison and can be linked together to play the same music with comparable sound quality. Amazon Echo products and the voice-activated Alexa smart assistant are becoming more commonplace in homes but isn’t seen as a valuable option for a virtual assistant in the workplace – yet. Consumers tend to feel a bit overwhelmed by the vast options for how users can take full advantage of Alexa’s capabilities. Amazon does send a weekly email with the latest tips on how to make the most off Alexa, but we’re betting you didn’t know you can enable the Chat Bot skill to have Alexa assist in posting to your Slack account in a specific channel.
Enable the “Alexa Things to Try” skill and Alexa will deliver a quick tip-filled brief every day on how she can help you.
Yes, Alexa can help you post to a Slack channel. Let that sink in. Did you know Alexa can also integrate with Salesforce tools? Through Amazon Web Services (AWS), developers can design innovative voice-enabled technologies to build an Alexa skill, much like the Chat Bot skill mentioned above. Alexa can fetch various reports, like expense reports and professional status reports, with a simple voice command. Voice-activated automation of simple and repetitive tasks increase both efficiency and productivity and are far more cost-efficient.
Those are the buzzwords of the day: efficiency and productivity. What can you do to increase each, and improve overall cost-efficiency for your company? Think about what tasks your business can automate. That is the initial goal.
Did you know Amazon allows developers to create skills through the Alexa Skills Set on the Alexa developer site? Whether only for your company’s use or if you choose to publish the skill to be used by others, this is a fantastic resource with all the tools for experienced developers.
What skills would help your business run more efficiently? Here are a few existing Alexa skills that you can already implement:
Quick Events
Alexa can help you keep organized and on time with this skill that can add items to your Google calendar and check for conflicting events on your schedule.
Complete Tasks
This skill requires users to also have the accompanying Complete mobile app on their smartphone or tablet and allows users to add tasks by voice command.
Kayak Explore
For users with a Kayak account, Kayak Explore will check flight status, track prices, allow you to set up travel plans and more with the ever-expanding skill.
Translated
Given the global nature of agreements and transactions in modern business arrangements, the Translate skill helps users by translating short sentences into 36 languages. The best part of this particular skill is since the nature of Alexa is voice-activated, this skill includes pronunciation!
Chineasy
Going one step further than Translated, Alexa users with the Chineasy skill can learn Mandarin Chinese in an easy-to-remember process with one sentence a day. The unique features of this skill also share interesting stories of Chinese history and culture with users.
Notion
Alexa will read your emails to you and also delete them, but what makes this skill a must-have is that Notion will prioritize your emails based on importance.
AstroBot
Like Notion, AstroBot is your new intelligent email assistant for your Gmail or Office 365 email from an Alexa-enabled device.
UPS
This skill works much like the UPS.com website or the UPS app. You can find a location, track packages, or get a shipping quote with this Alexa skill, once it’s linked to your UPS My Choice account.
Did you know that with Skill Finder, Alexa will also tell you a “Skill of the Day” to showcase one featured skill? This is aside from the “Alexa Things to Try” skill, which means Alexa really wants to help you learn what it has to offer!
In the last decade, every major organization needed to develop a website to stay competitive, but in the last few years, the requirement has become the mobile app. Organizations that wasted time, money and resources on a mobile app that didn’t add value for users found themselves removed from smartphone screen real estate and declining metrics via their mobile app dashboard. Consumers feel the same way about Alexa skills that are published to the Alexa Skill storefront. More importantly, allocate resources to developing an Alexa skill that just doesn’t offer much improvement in productivity for your organization will be even more frustrating.
How can you run your day-to-day operations more efficiently? What processes can you automate? Sure, you already automate many tasks using software programs, but Alexa is different. You can tell Alexa what you need it to do while you’re performing another function.
Between Notion and Quick Events, the next day your human assistant takes the day off, try an Alexa skill to see how Alexa can help you run your business and dominate your industry by saving you time and making you money!
by Felicien | Mar 14, 2018 | Education
Stranger things have happened – but in this case, we take a look at how the death of a Tyrannosaurus rex relates to your computer.
Sue Hendrickson was just poking around a cliff while waiting for a flat tire to be repaired when she made the most extraordinary archeological find of her life – or that of any to date. That hot summer day in 1990 in South Dakota, Sue stumbled upon the now infamous skeleton of a Tyrannosaurus rex, the most complete and best-preserved fossil ever discovered of a T-rex. The rather mundane series of events that led to this find only further underscore the mystery behind its existence.
Nicknamed “Sue” after the paleontologist that discovered the skeleton, the T-rex was found protruding from a cliff and was transported to a facility for cleaning and examination. Sue started to come alive again! Most of its teeth were still intact, and overall the skeleton was in incredible condition – not bad for being roughly 65 million years old!
What happened to Sue, the T-rex? How did she die? Was there a majestic battle to the death with another giant beast? Or was it much more boring and Sue perhaps died of what we today would call “natural causes”? Various testing proved Sue was about 28 years old at the time of her death. Small holes were detected in the skull that found Sue had a parasite akin to an ancient bird flu similar to an aviary illness today that is known to cause death by starvation due to neck swelling. Other stories of bodily injuries were told by the bones, but an exact cause of death was never proven. Scientists are good, but maybe not that good. Perhaps the “bird flu” saved Sue from a much worse fate, depending on your beliefs of the many claims of what happened to cause dinosaur eradication. The “giant meteor” (more likely an asteroid or a comet) is one popular working theory, and massive volcanic activity is another. No matter how it happened, more than half of the world’s species disappeared, leaving mammals, turtles, crocodiles, birds, frogs, and some sea life among others.
To better understand history, and also to prevent mass extinction from repeating itself, we devour information to educate ourselves on these creatures and maybe one day have an answer to what did happen. To get a picture of what we don’t know, we start with a picture of what we do know. To support the “giant meteor” working theory, data shows that metal only found in meteorites has been discovered all over the globe and shown to be the same age as the time when dinosaurs disappeared. Also, an enormous crater in Central America is roughly this same age. Coincidence?
The technology required to study the bones of dinosaurs and provide deep insights is equally incredible. It’s rather ironic to discuss technology and dinosaurs in the same sentence. Machines that are less than six months old are inspecting Sue’s bones, which are tens of millions of years old – and interesting paradox.
Speaking of technology, how old is your computer? You don’t need an X-ray to estimate its age – and if you have to think for more than a few seconds, your computer is probably too old. “Too old” – we sound rather harsh and judgmental when saying that.
“My computer runs just fine”.
Sound familiar? When was the last time you checked for system updates and ran thorough diagnostics? Outdated operating systems and applications can be super sluggish and even freeze. Letting security updates wait could put users at significant security vulnerabilities, leaving your computer open to hacks, viruses, malware, ransomware, or worse. Applications not kept up to date run slow and become “buggy”, where they freeze often or present glitches, losing valuable time and productivity – like Sue’s skull with the holes from the “bug” infection. For the record, holes in your skull are rarely a good thing…
Compare today’s computers, like the MacBook Air or the Microsoft Surface Pro 2, or the latest version of the Apple iPad, to the Tandy models in the early 1980’s. It’s pretty common to refer to those older machines as “dinosaurs” – but we think that insults dinosaurs! Even Sue still has something to offer. Sue teaches us about climate change, evolution, and even the food chain from her time. The Tandy models from the 1980’s have taught us that not everything is quite so black and white and that technology is an ever-evolving concept.
If you had a Tandy model today, what purpose would it even serve? It couldn’t run a word processor; nor could it support Internet usage for video streaming. That computer may as well be buried in the wall of a cliff in South Dakota, holding close its secrets for the future generations to learn about upon discovery by a (robotic) paleontologist.
Given how much technology impacts our daily lives, and how much we rely on software, the Internet, and all things digital, it’s pretty critical that we have a decent working model on which to rely. That’s not to imply we’re saying you should go out and purchase the latest model of the coolest gadget every six months – no, that’s excessive and wasteful spending. But what you do need to think about is how old your machines are, their current ability to function, and whether what you have is the best tool to do your job. Upgrades are expensive, but the cost of not upgrading is even greater. Slow machines equate to decreased productivity and efficiency, neither of which is a friend to business operations. Slow machines also translate into slower connectivity, slower email responses, slower sales proposal development and sharing. Bad, bad, bad!
A few things we can recommend to help get more out of your system:
Check for, and run updates regularly
Companies like Microsoft and Apple will regularly release updates for applications and security, and installing the latest packages help keep your system operating at its most efficient
Save or download files into cloud storage, when possible.
Taking less space on your hard drive supports faster processing speeds.
Maintain an active antivirus program, like Avast
Don’t let your machine operate in direct sunlight for extended periods
Heat is not a friend to machines! Prolonged heat can age a machine prematurely, quickly.
Keep your system clean
Literally, remove dust and dirt particles from your machine as often as possible, and prevent debris from infiltrating the “inner sanctum” of your computer!
These tips are just a few of the things you can do to keep your system running at its best, but the most important thing you can do above anything else is to keep aware of the latest technology available. Once a computer becomes obsolete, problems compound exponentially and users are faced with costly repairs or loss of time and resources in addition to the potential loss of data.
Avoid a fiery death for your computer and you’ll get more life out of it! Just remember, when it’s time to upgrade, do so before the giant crash to avoid using a dinosaur and a constant battle.
by Felicien | Mar 13, 2018 | Education
You Have Rights – Demand Them!
A statement from the Florida Virtual School Program (FLVS) revealed that a data breach involving the personal information of students occurred between May 6, 2016, and Feb. 12, 2018, but it wasn’t reported until March 9, 2018!
Yeah, right. Some news flash!
Why is it that we don’t learn about data breaches until months or even years after they happen? How are we supposed to protect ourselves?
It seems that this breach affected more than 368,000 current and former students and up to 2,000 teachers at the school. FLVS says school records included students’ names, dates of birth, school account numbers, their usernames, and passwords, plus parents’ names and emails.
FLVS is now offering free identity protection services to students, former students and others who were impacted by the incident.
Ha! Identity protection from Equifax maybe? Remember what happened to them?
Cybersecurity expert Dwayne Denny with Data Specialist Group says parents should take immediate steps to protect their children.
He says:
“So, the first thing you want to do is, if you are a parent, is contact all three of the credit reporting bureaus and tell them you want to lock down your child’s account. They can put a lock on your child’s account so that no credit can be applied using that social security number.”
The school released this statement:
“FLVS also contacted Leon County Schools and notified the Florida Department of Law Enforcement (FDLE) and the Federal Bureau of Investigation (FBI). FLVS is continuing its internal investigation and is fully cooperating with law enforcement agencies as they seek to apprehend those responsible for this crime.”
The statement also offers contact information for anyone who is concerned that their accounts were compromised:
“The offer is available to students whose information was in the FLVS database from May 2, 2016, to February 12, 2018, when this incident occurred. Qualifying students or their parents can learn more and sign up for identity protection services at this website http://www.experianidworks.com/FLVS or by calling (888) 829-6553. Students should reference engagement number DB05741.”
This is a little bit late, isn’t it?
Wouldn’t it have been nice for students and parents to have been informed about the breach back in 2016?
So, what are their rights? Should parents sue the school? Maybe they should demand their tuition back!
Guess what? We are all at the mercy of organizations that don’t take the proper steps to protect our confidential data. It sure is a scary world today.
However, the U.S. Federal Trade Commission is trying to help. They are holding businesses legally accountable for data breaches. Here’s what they promise to do:
The Federal Trade Commission (FTC or Commission) is an independent U.S. law enforcement agency charged with protecting consumers and enhancing competition across broad sectors of the economy. The FTC also has authority to enforce a variety of sector-specific laws, including the Children’s Online Privacy Protection Act, and the Telemarketing and Consumer Fraud and Abuse Prevention Act. Their broad authority allows the Commission to address a wide array of practices affecting consumers, including those that emerge with the development of new technologies.
When companies tell consumers that they will safeguard their personal information, the FTC can and does take law enforcement action to make sure that companies live up these promises.
The FTC has brought legal actions against organizations that have violated consumers’ privacy rights or misled them by failing to maintain security for sensitive consumer information. In many of these cases, the FTC has charged the defendants with violating Section 5 of the FTC Act, which bars unfair and deceptive acts and practices in or affecting commerce.
In addition to its general authority under Section 5 of the FTC Act, the FTC has authority to investigate and prosecute privacy violations and data security breaches under 33 different sets of rules, laws, and guides. The agency also enforces other federal laws relating to consumers’ privacy and security.
On March 26, 2012, the FTC issued its final report setting forth best practices for businesses to protect the privacy of American consumers and give them greater control over the collection and use of their personal data. The report expands on a preliminary staff report that proposed a framework for consumer privacy in light of new technologies that allow for rapid data collection and sharing that is often invisible to consumers. The goal is to balance the privacy interests of consumers with innovation that relies on information to develop beneficial new products and services.
Financial institutions are required to take steps to protect the privacy of consumers’ finances under a federal law called the Financial Modernization Act of 1999, also known as the Gramm-Leach-Bliley Act. The FTC is one of eight federal agencies that enforce provisions of Gramm-Leach Bliley, and the law covers not only banks, but also securities firms, and insurance companies, and companies providing many other types of financial products and services. Under the law, agencies enforce the Financial Privacy Rule, which governs how institutions can collect and disclose customers’ personal financial information; the Safeguards Rule, which requires all financial institutions to maintain safeguards to protect customer information; and another provision designed to prevent individuals and companies from gaining access to consumers’ personal financial information under false pretenses, a practice known as “pretexting”.
Congress and the FTC have taken special steps to ensure that children under 13 years of age don’t share their personal information on the Internet without the express approval of their parents. Congress passed the Children’s Online Privacy Protection Act in 1998, and the FTC wrote a rule implementing the law. The FTC has taken law enforcement actions against companies that failed to comply with the provisions of the law and has issued a report to Congress assessing how companies have complied with it.
So, what can you do?
It seems you can’t do much when even the credit-protection companies get hacked.
However, here’s what one concerned citizen did!
Troy Hunt is a Microsoft Regional Director and MVP who travels the world speaking at events and training technology professionals. He went to Capitol Hill to share his knowledge: https://www.troyhunt.com/heres-what-im-telling-us-congress-about-data-breaches/
You can do the same:
If you or your child are a victim of a data breach, or if you’re concerned about the privacy of your data, make sure your Congressional Representatives know. If we hold businesses, schools, colleges and the credit-monitoring agencies accountable, maybe they’ll increase their cybersecurity postures, and let consumers know their data has been breached in a timely manner!
