Cyber Security Today: Feb. 4, 2019 — Wise words on privacy, insurance company fined for privacy breach, and secure that email

Wise words on privacy from a Canadian expert, a U.K.insurance company fined for mixing business and politics for Brexit and how to secure that email.

Welcome to Cyber Security Today. It’s Monday February 4th. To hear the podcast click on the arrow below:

Cyber Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

 

I was at a privacy conference in Toronto last week where I heard the respected Canadian expert Ann Cavoukian speak. She reminded attendees that privacy and security go together: They aren’t opposites. In fact, she said, privacy is essential to innovation. Companies that do both privacy and security will have an advantage over competitors because customers will trust them more. Is improving the control customers have over their personal information costly, including giving the ability to refuse to allow their personal data to be re-used or shipped to another firm? Maybe. But, Cavoukian adds, that’s nothing to the damage to your brand, loss of trust, and lawsuits that result from a data breach.

Speaking of privacy breaches, the U.K. information commissioner has fined a British insurance company that sent over one million emails to subscribers of the Leave EU Brexit campaign without their full consent three years ago. And the campaign was fined as well for unlawfully using the insurance company to 300,000 political marketing messages to customers. It is deeply concerning that sensitive personal data gathered for political purposes was later used for insurance purposes; and vice versa,” said the information commissioner. You can read her full report here

Fake email, where an attacker uses a phony “from” email address, a deceptive domain or a display name that impersonates a familiar company, is behind many successful data breaches. Someone clicks on a link or opens an attachment and in seconds they’re infected. If only there was a way to authenticate where email comes from. Actually, there is: It’s an open standard called DMARC. The good news is more companies are using it. The bad news, according to security vendor Vailmail, is not enough of them are doing it, nor are they configuring it right. In a study released on Friday, the company said 80 per cent of U.S. federal government domains now use DMARC. By comparison at least 50 per cent of Fortune 500 and large U.S. tech companies have adopted DMARC. Does your company have a way of authenticating email it sends? You should ask.

Finally, ever wonder how cellphone companies co-ordinate the billions of phone calls and text messages sent around the world? They do it through a protocol called SS7. This protocol has vulnerabilities. However, until recently it was thought only intelligence agencies could break into it. But last week the news site Motherboard confirmed a British bank was victimized by an SS7 hack, so it seems cybercriminals now have the capability as well. What this means is the six-digit text messages a financial institution will send you as part of a two-factor authentication login system are increasingly likely to be stolen. I’ve talked about this before: The standard text messaging app that comes with many smartphones may not be safe enough for two-factor authentication. Some cellphone companies say they have taken steps to better secure their text messaging. But if you use an email, company login or bank app that offers two-factor authentication in addition to a username and password, see if it offers the ability to get the special code through a safer messaging app. Four of them are Google Authenticator, Authy, Authenticator Plus, and Duo.

That’s it for Cyber Security Today. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

ITWC podcast network

Subscribe to ITWC podcasts and never fall behind on the conversation in technology again. Our daily podcasts are perfect to add to your smart speaker’s daily briefing or to your favourite podcast app on your smartphone. 

Cyber Security Today Podcast

#Hashtag Trending Podcast