Broker Check
APRIL SAVVY CYBERSECURITY NOTES

APRIL SAVVY CYBERSECURITY NOTES

June 15, 2018

In this issue:

  • How to protect your Facebook data in light of the Cambridge Analytica scandal
  • Savvy Cybersecurity quick links
  • Software updates

How to protect your Facebook data in light of the Cambridge Analytica scandal

Over 50 million Facebook users had their data wrongfully obtained and used by Cambridge Analytica, a strategic communications and data mining firm that worked for President Trump’s 2016 campaign, according to reports.

As part of its strategy for Trump’s campaign, Cambridge set out to create a database of voter personalities in the attempt to design communications that would influence their voting behavior. But Cambridge was missing the data needed to do so. So the firm hired a Cambridge University psychology professor, Aleksandr Kogan, to build an app that would scrape users’ Facebook information from their profile and the profiles of their friends. The fine print told users that the data collected would be used for academic research, and while Kogan was able to get data on 50 million users, only 270,000 consented to having their data harvested.

The result was the largest data leak in Facebook history. Facebook states that Kogan accessed the data in a legitimate way through his app but violated policy by giving the information to a third party, Cambridge Analytica.

In 2015, upon discovery of the data leak, Facebook demanded that Cambridge delete the data and provide proof of having done so. The firm did this, but Facebook later discovered that Cambridge Analytica still retained some of the data. Facebook has suspended Cambridge Analytica and others involved from the social media platform.

What about your data

Facebook itself has come under fire for allowing such data to be collected on its users. In response, many are rightfully worried about how their data on Facebook is being protected. Some are ready to delete their Facebook accounts altogether.

If you’re not ready to cut the social media behemoth from your life, here are some important steps to protect your data on the site.

  1. Limit the apps that can access your Facebook data. Chances are you’ve forgotten about many of the apps you have granted permissions to on Facebook since you first created your account. It’s convenient to create an account on new sites using your Facebook login, but many users fail to realize that doing so gives that company permission to see your Facebook data. It’s important to regularly review which apps have permissions and delete or limit those you no longer need.

 

To see what apps currently have permission to your Facebook data, log into your account, click the drop-down menu on the right side of the page, and select Settings.

 

 

On the left side of the Settings page, click on Apps. This will bring up all the apps that you are currently logged into with your Facebook profile. You can delete any app’s permissions by hovering your mouse over and clicking Remove. You can also limit the permissions the app has by hovering and selecting Edit.

 

  1. Stop yourself from granting permissions to third-party apps in the future. While you are on the App Settings page, click Edit under Apps, Websites and Plugins. Disabling this feature will make sure you don’t create third-party accounts with Facebook going forward.

 

(Note: Steps 1 and 2 will not protect data that you have previously shared with these apps, but it will stop any more data from being shared after this point.)

  1. Disable the Locations permission on your smartphone. Limit the information that you give Facebook, such as your physical location, by changing the settings on your smartphone. Go to your Facebook app settings on your phone and for Location select “Never.”
  2. Log out of Facebook before browsing the Internet. If you log into Facebook on your desktop computer, be sure to log out of the social media platform before going on other sites. Doing so will stop any Facebook pixels from being able to track the sites you are visiting.

As always, we’ll continue to update you as more information on the Cambridge Analytica Facebook leak becomes available. For now, we believe taking these steps will help your data stay safer while using Facebook.

Cybersecurity Shorts

The Financial Services Information Sharing and Analysis Center falls victim to phishing attack. The group, which shares data on cybersecurity threats to the banking and finance industries, was hit with a phishing email that an employee clicked on. As a result, an additional phishing email was sent out to FS-ISAC members. The company reports that most members deleted the email so the fallout has been minimal. FS-ISAC had already planned to implement multi-factor authentication for its email platform and hopes to speed up that process now.

Disney Princess Half Marathon runners get hacked after 13.1 miles. After returning home from the race, many women discovered that their credit cards had been hacked to make purchases around $1,000. The victims believe that the fraud originated on the website they used to register for the race. Disney has not made an official statement at this time.

Most susceptible to fraud? Millennials, according to the Federal Trade Commission’s annual report. The report found the 40% of 20-29 year olds who submitted fraud complaints to the FTC lost money compared with only 18% of people 70 or older. A similar survey done from the Better Business Bureau found that people between the ages of 25 and 34 are the most likely to lose money from fraud. While younger people fall for scams more often, they pay less. The report found those between 70 and 79 paid an average of $621 while those in their 20s paid $400.

Half of all Americans have not checked their credit report since the Equifax hack, according to a consumer survey. Consumers have a right to a free credit report from the three big credit bureaus every year through annualcreditreport.com. Checking your credit report regularly is important as you can catch fraudulent credit lines. Even if you have frozen your credit, it’s recommended to regularly check your report.

Three-quarters of companies do not have a cybersecurity plan according to an IBM security report. The study surveyed nearly 3,000 IT professionals. Over half of the respondents said it takes longer to resolve security incidents than before. Only about one third of the professionals said they had a large enough budget to protect the company.

Equifax CIO charged with illegal trading following the company’s massive breach last year. The Department of Justice and the Securities and Exchange Commission are investigating Jun Ying’s behavior after learning of the breach. Reports say that Ying was asked to work on a sensitive breach opportunity. He then put two and two together and realized Equifax may have been the victim. After searching what happened to Experian stock after its breach, Ying sold his Equifax stock.

U.S. energy sector networks were targeted by Russian hackers,says the U.S. Department of Homeland Security and the FBI. The agencies believe that the Russian government targeted U.S. commercial facilities with phishing and malware attacks to gain access to the networks and computer systems that operate sensitive infrastructure.

Over $1 billion spent on credit freeze fees following the Equifax breach. The study comes from Fundera and Wakefield Research, which surveyed 1,000 adults on how much they spent on credit freezes following the incident. The average cost was $23. The U.S. Senate recently passed a bill that would make credit freezes free in all states. Currently, some states waive the fee while others do not. The bill has become controversial as it is a part of S.2155, which would affect banking regulations that were put in place after the 2008 financial crisis.

Cortana, Microsoft’s voice assistant software, may allow your Windows 10 computer to be hacked.According to researchers, even if your Windows 10 computer is locked, a hacker could insert a USB network adapter and give verbal commands to Cortana to visit a malicious website. Similar instances have occurred with Apple’s Siri. Experts suggest disabling voice commands when the device is locked.

Software Updates

Adobe: As usual, Adobe released updates for its Flash Player this month, closing two critical security holes. If you do not regularly use Flash, it is best to delete the program. Adobe has begun phasing out Flash and it will no longer be supported come 2020. If you do need Adobe Flash, be sure you are running version 29.0.0.113 and that you update the program on your web browsers.

Microsoft: This month, Microsoft released updates for 75 security vulnerabilities affecting Windows, Internet Explorer, Edge, Office, and other programs. Many of these issues were labeled as “Important” so you should update as soon as possible. Windows 10 users will receive updates automatically by default and older Windows users can choose automatic updates. You can learn more here.