Cyber Security, Tip of the Week, Trends & Technology

Privacy Don’t Take it for Granted

Just imagined this scenario happening to you:

“Unplug your Alexa devices right now,” a voice on the other line said. “You’re being hacked.” Apparently, one of Amazon.com’s Alexa-powered Echo devices in their house had silently sent recordings to the caller without the family’s permission, according to KIRO 7, a news station covering Seattle and western Washington state that first reported the story. The person, an employee of the husband, was in the family’s contact list. “My husband and I would joke and say, ‘I’d bet these devices are listening to what we’re saying,’ ” a woman who identified herself only by her first name, Danielle, told KIRO. She added that the device did not tell her that it would be sending the recorded conversations. by Hamza Shaban of the Washington Post.”

See Video

Amazon Echo is a type of smart speakers developed by Amazon.com. Echo connects to the voice-controlled intelligent personal assistant referred to as Alexa.

It is ideally a device for convenience:

  • Voice interaction
  • Make calls
  • Music playback
  • Making to do lists
  • Setting alarms
  • Streaming podcasts
  • Playing audiobooks
  • Providing weather
  • Traffic
  • Many more real time information

See VideoBy Gary horcher of KIRO7

Solutions to increase your privacy at home or work

  • Best solution is to unplug the device
  • Be aware of your device’s capabilities
  • Minimize any future damages by: disabling the microphone prior to having a private conversation
  • Our technicians would use inexpensive black electrical tape to put over lap top’s camera or using a webcam slide cover
  • If you are using a home security device with a camera, turn it around so it is facing the wall instead and just return it to the appropriate position when leaving home or work (see Home security camera systems vulnerabilities)
  • More importantly if you have the Echo speaker, do not set it up to make calls
  • Google has calling capabilities similar to the Echo by setting up calls in the Google Home smartphone app
  • Do not use the “wake word” for Alexa
  • Consider using a different wake word – in Alexa’s case, it is Alexa, Echo, Amazon, or Computer

Just be aware that with technology such as devices with cameras, speakers, recorders, and real time interactions comes the issue of losing privacy. A good example is a city installing hundreds of surveillance cameras for the community to have a feeling of security. The community will have virtual block watch allowing anyone with an email address and internet connection to watch whatever activities the cameras capture.

 

Advertisements
Education, GDPR, General Data Protection Regulation, Tip of the Week

GDPR and Running Your Business

We at RISC Management and Consulting have our online store through Shopify and use a multitude of applications (apps). We’ve always managed our business in a transparent and ethical way. However, with the GDPR’s forthcoming effect tomorrow, we want to help you take steps to assure merchants your apps are GDPR compliant!

General Data Protection Regulation or GDPR is the EU Regulation 2016/679. This regulation deals with the “protection of natural persons with regard to the processing of personal data and on the free movement of such data”.  It will be applicable as of May 25th, 2018 in all member states to integrate data privacy laws across Europe. The regulation came into force on May 24th, 2016. If you serve sellers, retailers, and businessperson, that could have customers based in Europe, then this regulation will affect you.Coming soon

Key Issues of the GDPR

  • Consent
  • Data Protection Officer
  • Email Marketing
  • Encryption
  • Fitness/Penalties
  • Information Obligations
  • Order Processing
  • Personal Data
  • Privacy by Design
  • Privacy Impact Assessment
  • Records of Processing Activities
  • Right of Access
  • Right to be Forgotten
  • Third Countries

Shopify apps

Be mindful of data request and permissions needed

When merchants are deciding to connect your app to their store, it’s important for them to be clear on which parts of your store they’re giving you access to when they install your app.

if you request any permissions that don’t seem to align with what your app provides, we recommend that you:

  • Update your app listing to be clear on why your app requires permission to that/those piece(s) or data
  • Consider if your app does indeed actually require that permission, and disconnect from that API endpoint if it doesn’t

Merchants know that apps often need access to certain pieces of data in order to carry out certain actions or features. However, it’s important to remember that asking for permission to data that doesn’t seem necessary for your app to access can erode merchant trust.

Communicate your use of data through a privacy policy

Beyond letting merchants know what information you’ll be accessing, GDPR also requires that you provide all users of your product (i.e. your app) with detailed information about how exactly your app uses the personal information it collects. One simple but in-depth way to do this is through your app’s privacy policy. 

Ensure you have a secure, organized system for storing data

One of the most important data rights that GDPR specifies is the right all individuals have to access, correct, or have their personal data erased. This means that not only do you need to have a process for retrieving and deleting merchant data upon request, you also need to be able to easily delete your merchant’s customer’s data from your app as well. The first step in being able to do this is to ensure that all personal data you collect is stored in a secure and organized way.

We included the Fact Sheet from the European Commission where they addressed several improvements to execute with data protection violations in the future.