The Ins, Outs, and Nuances of Internet Privacy

transcript

What data do they track?

Can I anonymize my online activity?

Does the web know who I am?

Can I anonymize my online activity? What about

privacy rights?

What about privacy rights?

Can I anonymize my online activity? What about

privacy rights?

This is me.

Voluntary.

Photos

build a life.

Photos

It’s automatic.: - 0

39%rejected

49 Data Channels!

- Rubicon Project- AdSonar (AOL)- Advertising.com (AOL)- Tacoda.net (AOL)- Quantcast- Pulse 360- Undertone- AdBureau (Microsoft)- Traffic Marketplace- Doubleclick (Google)

In-Voluntary?Voluntary?

In-Voluntary?

In-Voluntary?Voluntary.

test drive.

How does it happen?

Where does it go?

Traffic Analysis

Audience Profiling

Log Files

Web Beacons

Cookies

Consider this.

Risk / Reward

Badware

BadwareMalware

Spyware

BadwareMalwareSpyware

BadwareMalwareSpywareWeb Bug Phishing Rootkit Virus Worm Probe Keylogger Trojan Horse

Badware

MalwareSpyware

Web Bug Phishing Rootkit Virus Worm Probe Keylogger Trojan Horse Web Bug Phishing Rootkit Virus Worm Probe

What’s my defense?

Tell me,

what is privacy?

Tell me,

what is privacy?

Tell me,

what is privacy?

Tell me,

what is privacy?

Tell me,

what is privacy?

Tell me,

what is privacy?

Privacy

1 The quality or state of being apart from company or observation2 Freedom from unauthorized intrusion

Unlawful intrusion into private affairs, disclosure of private information, publication in a false light, or appropriation of a name for personal gain

Dictionary

Security

1 Freedom from danger, risk, etc.; safety2 Something that secures or makes safe; protection; defense

Internet security is a subset of actions aimed at securing information based on computers and in transit between them.

Dictionary

What you can doabout privacy and security.

Privacy From Two Perspectives

Tips For Consumers and Business Owners

Ask yourself are you trying to secure your information or your activities?

To Secure Activities on the internet consider Anonymity Tools The Onion Router (TOR) – Attempts to conceal your internet tracks by

bouncing you around several layers of proxy routers, hence the term onion in the name. Think WikiLeaks

To Secure information on your computer consider Privacy Tools

Firewalls Antivirus Software (Microsoft Security Essentials-Free) Antimalware Software (SpyBot, Malware Bytes) Always check for proper SSL (https://) encryption before submitting

any info to websites Change your Passwords!!!!!

Personal Privacy

Consumer Privacy Goals Maintain Secure Identity

Only give out personal information on a need to know basis

Check URL’s of websites to see that they match the SSL certificate before submitting personal info to sites

Computer Updates to OS Plug security holes

Data Backups Only as good as your last backup Backups can be infected as well if virus infections are not

caught early

URL SSL Encryption Example

Ever increasing customer privacy compliance requirements Data Breaches Hackers directly targeting individual companies

Sony PS network LulzSec / Anonymous Lockheed Martin (RSA)

Industrial Command And Control Virus Stuxnet (Iran)

A Business Owner’s Perspective (i)

LAN Security - Firewalls Wireless Security – Encryption (WPA2) Website Security – Encryption (SSL) PCI Compliance – External Network Probe For Security Database Security – Encryption of sensitive info on the DB Change Logs – Tracking all changes to sensitive information

storage and management Audit Yourself before “THEY” Do – Find issues and fix them,

its cheaper and easier….

A Business Owner’s Perspective (ii)

Email Filtering Spam Filtering Services – AppRiver, Postini Email Virus Filtering – AppRiver, AV on the email server

Daily Temp file deletion on workstations Clear Cookies, History from web browsers Daily AV Scans on all workstations Daily AV Scans on all servers before backups Cultivate a culture that allows staff to own up to virus

infections when they happen. Catching virus activity early is the best defense.

A Business Owner’s Perspective (iii)

All Websites and Apps must use SSL encryption when collecting user data.

Even something as simple as a email newsletter should be secured.

Opt-In on all data collection practices Clearly define what you will and won’t do with

client data in a Privacy Policy posted on your site Adhere to your policy or change it if you deem

necessary. Do not operate outside your stated policy

Define a Data Retention Policy (Usually 3 years) Secure Destruction of data after retention policy

A Business Owner’s Perspective (iv)Customer Data Collection

Know your countries privacy laws and adjust your internal collection practices to match.

Sometimes Opt-in is not enough US-EU Safe Harbor Framework COPPA – Under 13 in the US Going international opens up easier routes to

hacking corporate networks. Think China Hacking Google

A Business Owner’s Perspective (v)Going International

The Ins, Outs, and Nuances of Internet Privacy June 30, 2011

Greg HallOwner, 247 IT Outsourcing

ghall@247ITOutsourcing.com