Weekly Cyber Security News – Data Privacy Day Edition
Welcome to Astria’s blog and and this week’s special Privacy edition post. In honor of Data Privacy Day, we’re sharing articles that focus on privacy aspects and how to improve your personal and business privacy. Let’s take a look!
1. WeLiveSecurity: “Privacy of fitness tracking apps in the spotlight after soldiers’ exercise routes shared online.”
Devices we carry often track far more data than we expect. Where we have been, how long we visit places, and common routes are all tracked by things like phones and fitness devices. But most people don’t realize how this data could be used against them.
In November, the fitness tracking app Strava posted a heat map that shows where their users walk regularly. This seems useful, as users may find new hiking trails to take on their walks. But it also revealed patrol routes around several military bases for the US, Russia, and even Turkey.
It seems that several soldiers also use the app to track their fitness data and were likely unaware that it also tracked their movements. The map clearly highlights bases in Iraq, Syria, and elsewhere, showing standard patrol routes around their perimeters. This brings up many security concerns for the military of these countries as the data could even highlight hidden bases.
However it is important to remember that this affects private citizens too. Bad actors could use it to see when you’re away from home or work to plan thefts or attacks. Remember to always check the privacy settings on apps you use and try to limit them as much as possible.
2. Secplicity: Daily Security Bytes: “Post-it Note Passwords.”
As we have more and more accounts, we have more and more passwords, and remembering them all can be a challenge. But one habit that is worth avoiding is using Post-It notes to keep your password on your computer. It’s one of the easiest places to spot your password, and it could be used when you’re not expecting it.
Hawaii’s Emergency Management Agency (HI-EMA) received critique last month for a false alarm missile warning. But photos from earlier in the year revealed other lapses in control methods. Employees left passwords posted on monitors that were clearly visible in the public photos that could have caused further problems for the agency. Fortunately for HI-EMA, it does not appear that criminals ever used the data while it was relevant.
Even if you don’t work in a government agency or have photos taken by your desk, it’s a bad idea to have passwords written out in plain sight. If you need to write down your password, keep it somewhere that you can secure. Wallets and pockets are much better for places to keep your password than to leave it in the open.
3. Krebs On Security: “Some Basic Rules for Securing Your IoT Stuff.”
Recently the Internet of Things (IoT) has been a hot topic in privacy. Many of these devices, such as smart watches, thermostats, and even doorbells have great benefits, but come with serious risks. IoT devices tend to have poor security that allows hackers to access your private data.
So what should you do about it? Brian Krebs lists out several great steps to take, which we’ll cover a few of here. First, don’t directly connect IoT devices to the internet. Make sure a firewall is between them and the web as they often have poor security built in.
Second, change default settings like IP addresses, admin usernames, and passwords. Crooks often have these details or can look them up easily, so changing any default settings to something custom makes it harder to break in.
Finally, update the firmware when possible. Vendors that do update devices often fix security weaknesses they find, so it’s best to keep devices up to date. However, many devices never receive firmware updates, don’t allow you to change defaults, or function with a firewall. Devices such of these are not worth the risks involved with using them, and it is highly recommended to remove them from your network.
Thanks for reading this week’s special edition of cyber security news! If you’d like more information on how the experts at Haider Consulting can help you improve your privacy online, visit this page or contact us.