Privacy in today’s connected world is an illusion. All of our transactional data, both online and real-world can be mined. If someone truly wanted access to your information, they could have it with relatively little effort. As a result, privacy has begun to be regarded as a luxury item. What are the risks associated with your behavior? Why are data breaches so prevalent? What can you do to protect yourself? In this presentation, I share subject matter expertise derived from data security research and project-specific cybersecurity trend analysis. I share some practices I’ve developed in an effort to be better educated personally and make more informed choices about my own behavior.
7. 7
Predictive analytics can reveal surprising things about you
AND your friends
https://www.ted.com/talks/jennifer_golbeck_the_curly_fry_conundrum_why_social_media_likes_
say_more_than_you_might_think
9. 9
“Facebook was the source of the psychological
insights that enabled Cambridge Analytica to
target individuals. It was also the mechanism
that enabled them to be delivered on a large
scale.
The company (perfectly legally) bought
consumer datasets – on everything from
magazine subscriptions to airline travel – and
uniquely it appended these with the psych data
(developed earlier using Facebook ‘likes’) to
voter files. It matched all this information to
people’s addresses, their phone numbers and
often their email addresses…the personality
data enabled Cambridge Analytica to craft
individual messages. Finding ‘persuadable’
voters is key for any campaign and with its
treasure trove of data, Cambridge Analytica
could target people high in neuroticism, for
example, with images of immigrants
‘swamping’ the country. The key is finding
emotional triggers for each individual voter.”
https://www.theguardian.com/technology/2017/may/07/the-great-
british-brexit-robbery-hijacked-democracy
10. 10
MIT did a study where they
changed the gender of a
driverless car. When the car did
something wrong,
[respondents] were more
forgiving when it was female
versus when it was genderless
or masculine.
– HBR Ideacast, 12/12/2017
We are trusting of
technology
11. “There are three types of people in the world:
1. Those who have been hacked
2. Those who will be hacked
3. And those who are being hacked right now
Falling victim to public Wi-Fi’s dangers is a
question of when, not if.”
11
“More people are leery of
public Wi-Fi than public toilet
seats” and yet…
“70 percent of people connected to non-secure
Wi-Fi networks at [both the 2016 Republican and
Democratic National Conventions].”
https://hbr.org/2017/05/why-you-
really-need-to-stop-using-public-wi-fi
13. 13
Consent: to be informed
consumers we need to
understand and evaluate
the trade offs
14. If you are not paying for it, you’re
not the customer; you’re the
product being sold.
[Andrew Lewis on MetaFilter
https://www.metafilter.com/95152/Userdriven-discontent#3256046]
15. 15
Consider the cost of
privacy in today’s
society
We routinely choose “free” services over
paid models
We’ve become conditioned to expect
personalization (and the related
efficiencies)
We reward entities that deliver “radical
convenience” with our loyalty, word of
mouth
17. 17
Privacy has become a luxury good
• Secure platform that can
protect passwords, banking
information, pictures, videos,
and messages
• Stores information in a high-
security bunker in the Swiss
Alps
• Unlocked including via TouchID
and face recognition
• $53/year
• Israel-based technology
company Military grade privacy
protection (chip-to-chip 256-bit
encryption activated by a
physical switch that places the
cellphone in its secure mode)
• In secure mode, the device only
connects with other Solarin
handsets
• $13,000 Android smartphone
• Designed by Edward Snowden
and well-known hacker Andrew
Huang
• Connects to a phone's radio
transmitters, and shows when
the cellular, Wi-Fi or Bluetooth
connection is being used to
share or receive data
• The case acts as a kind of 'kill
switch' that disconnects the
phone's power supply when
unwanted data sharing is
occurring
18. 18
The Privacy Paradox:
People’s behaviors suggest they don’t
care as much about privacy as they say.
Although they like the idea of privacy, they
don’t seem to value their data enough to
take concrete steps to protect it.
– Harvard Business Review, 12/2017
https://hbr.org/2017/12/what-would-you-pay-to-keep-your-digital-
footprint-100-private
19. Lock up your data,
make it harder to use
19
Hackers
(objective: money)
Marketers/Corporations
(objective: drive behavior)
Hide your identity,
and use encrypted platforms
(e.g., Google Incognito Window)
Other People
(objective: various, e.g., 39% of all
data breaches are internal)
Use privacy settings,
encrypted platforms,
encrypted data
Government
(objective: various)
Requires “intense”
technology to erase your
digital prints
Personal cybersecurity priorities depend upon where
the risk originates
https://hbr.org/2017/12/which-of-your-employees-are-most-likely-to-expose-
your-company-to-a-cyberattack
20. 20
“After last week's MacOS High Sierra root
access glitch and this week's HomeKit bug—
which allowed hackers to remotely control
smart home products such as smart locks and
garage door openers—it might be time to
reevaluate Apple’s reputation as software
security model citizen.”
– Wired Newsletter 12/10/2017
Corporate repercussions are
considerable
21. 21
Security is a mindset; organizations must
educate & re-educate
• CIOs and CISOs need a primer on the business
• Security should be factored in when planning
new products/services
• All employees should be taught about
cybersecurity
• Incident-response plans/team should be
developed
• Security-mindedness should be built into the
culture
https://hbr.org/2017/11/boards-should-take-responsibility-for-
cybersecurity-heres-how-to-do-it
22. 22
Systemic changes are
coming…
“You’re starting to see the early signs of
governments that when you’re born you’ll
have an identity that sits on the blockchain,
and you’ll have your own private data locker,
and you’ll will be very much in control and
that you will be able to give permission to
companies and institutions to access that
data…that’s coming but, that’s a longer time
frame…”
– HBR Ideacast, 12/12/2017
23. 23
1. Security freeze
http://consumersunion.org/research/consumers-unions-guide-to-
security-freeze-protection/#MI
2. Print your credit report quarterly
www.annualcreditreport.com
3. Opt out of credit card offers
https://www.optoutprescreen.com/?rf=t
4. Consider the risk
…in the meantime
5. Educate yourself
6. Vary your online behavior, use
incognito browsers
7. Don’t use public Wi-Fi to access
sensitive sites
8. Only use HTTPS encrypted sites when
in public
9. Buy unlimited data plan and stay off
Wi-Fi completely
26. Thank You!
26
C O N T A C T
Mary Aviles
mary@connect4insight.com
www.connect4insight.com
248.633.5135
@connect4insight
Notas del editor
Facebook example…you are sharing a TON of information/behavioral data about yourselves and your network members
I would say most people, whether it’s the device or the app, they give their trust very easily to the device without thinking about sort of the lopsided tradeoffs that they’re signing up for. And this is because technology, what it does, is it actually accelerates trust. It makes things very seamless where we don’t think about what we’re really placing our trust in. – HBR Ideacast 12/12/17
Stop at 5:45
Dr. Jen Golbeck, Associate Professor at the University of Maryland
social data analytics pioneer
discovers people’s hidden attributes from their online behavior
leader in creating human-friendly security and privacy systems
Not everyone is using this information benignly
Iris, Siri, Alexa — they’re female names, and it’s really interesting when you look at the gender studies that just by changing the name or making it feel more female in the design, people are more trusting towards that technology and more forgiving…. – HBR Ideacast 12/12/17
Consumer awareness and consent
There’s a science behind what makes someone trustworthy. And there’s four traits to it.
So, there’s competence, and there’s reliability, and that’s really the how side of the equation: how well you are going to do something.
And then there’s the why side of the equation, which is integrity and benevolence: so, how much do you care? And I think the integrity is the most important piece, which is, do your intentions align with mine? What are your motives? – HBR Ideacast
“privacy paradox”. In short, people’s behaviors suggest they don’t care as much about privacy as they say. Although they like the idea of privacy, they don’t seem to value their data enough to take concrete steps to protect it.
https://hbr.org/2017/12/what-would-you-pay-to-keep-your-digital-footprint-100-private