As the 2022 Winter Olympics began, so too did increased concerns over security. While no threats have been detected so far, the FBI has warned that various cyber criminals could try to take advantage of the Olympics. Their aim may be to “make money, sow confusion, increase their notoriety, discredit adversaries, and advance ideological goals,” Tech Radar reported. 

Among the FBI’s major concerns is that these potential attacks could result in breaches to Olympic participants’ and workers’ personal information. The agency warned those involved to use a VPN and consistently monitor networks and endpoints. Furthermore, they should review security policies, user agreements, and patching procedures.

Organizations Fined Under the European Union’s General Data Protection Regulation (GDPR)

As we reported in a previous post, European agencies are issuing hefty fines on organizations they claim are failing to comply with the GDPR. In January, France’s data protection agency, the Commission Nationale de l’Informatique et des Libertés, fined Google and Facebook $210 million USD for allegedly violating the GDPR. Later, Austria’s Data Protection Authority found that the use of Google Analytics violates the GDPR. 

Given the widespread use of Google Analytics, this decision is expected to have a far-reaching and powerful impact. According to the International Association of Privacy Professionals (IAPP), the decision is the first of 101 complaints filed across EU nations by NOYB, an advocacy organization. 

The group alleges that the companies’ use of Google Analytics was not in line with the requirements for the Court of Justice of the European Union’s “Schrems II” ruling on data transfers. (Declared in July 2020, that decision invalidated the EU-U.S. Privacy Shield agreement. This is a framework for regulating transatlantic transfers of personal data for commercial use between the United States and the EU.)

According to the ruling, Google is collecting and transferring users’ personal data to the U.S. without shielding data from U.S. government surveillance. It also found that steps taken by the company to protect users, such as data encryption, were not enough. Some experts fear the decision could make legal data transfer between continents difficult, if not impossible. 

“In the absence of a breakthrough in Privacy Shield negotiations, data transfers – and consequently international trade – between the EU and U.S. face a bleak future,” says IAPP Senior Fellow Omer Tene. 

More Organizations Fined

The IAPP also reported that Belgium’s Data Protection Authority recently slapped IAB Europe, an association for the digital marketing and advertising ecosystem, with a €250,000 fine. The authority is claiming that IAB’s Transparency and Consent Framework (TCF), followed by many advertisers in the EU, does not comply with the GDPR. Among its accusations, the authority has claimed that IAB Europe acted as a data controller, which the organization denies. It also accused IAB Europe of failing to comply with a number of requirements under the GDPR. These include appointing a data protection officer, establishing a legal basis for processing, and performing a data protection impact assessment. IAB Europe has just two months to show that its framework is compliant with the rules. On 11 February, IAB Europe confirmed that it will appeal the ruling.

While data privacy laws can be confusing, one thing is clear: organizations that fail to comply with them can expect big penalties. Is your organization ready to deal with these new laws?

Data Privacy Engineering

As privacy grows in importance, the need for technical professionals to possess strong knowledge in the area also grows.

Protecting Privacy in the Digital Age, brought to you by IEEE Educational Activities in collaboration with IEEE Digital Privacy, is a four-course program. It provides a framework on how to operationalize privacy in an organizational context. It also covers how to make it usable for end users, and how to address emerging technical challenges to protecting digital privacy. Connect with an IEEE Content Specialist today to learn how to get access to this program for your organization. Interested in access for yourself? Visit the IEEE Learning Network (ILN).

Ethical transparency is critical to an organization’s success and it must be included in digital environments. Successful digital environments require rigorous ethical standards that incorporate honesty, impartiality, protection, security, and privacy.

AI Standards: Roadmap for Ethical and Responsible Digital Environments provides instructions for a comprehensive approach to creating ethical and responsible digital ecosystems. Contact an IEEE Content Specialist to learn more about how this program can benefit your organization. Interested in getting access for yourself? Visit the IEEE Learning Network (ILN) today!

Resources

Fadilpasic, Sead. (2 February 2022). FBI warns Beijing Winter Olympics could be a big target for cyberattacks. TechRadar.

Bryant, Jennifer. (2 February 2022). Belgian DPA fines IAB Europe 250K euros over consent framework GDPR violations. IAPP.

Bryant, Jennifer. (20 January 2022). Austrian DPA’s Google Analytics decision could have ‘far-reaching implications’. IAPP.

(11 February 2022). IAB Europe to Appeal Belgian Data Protection Authority Ruling. IAB Europe.

You are most vulnerable to cyber attacks when you are traveling. According to a recent research report conducted on behalf of IBM Security, those who are traveling do not take all of the necessary precautions, connecting to unsecured public Wi-Fi, charging their devices at public USB stations, and using their private information on publicly accessible computers.

What should be especially worrying to companies is that people are more likely to engage in these risky behaviors when traveling for business rather than for pleasure, with only 13% saying that they have never connected to public wifi. Because employees often work while traveling, many business travelers connect to public hotspots and surf the web.

More than 1 in 7 travelers surveyed admitted to having their information stolen while traveling.  In 2017, the travel and transportation industry was the tenth most targeted industry for cyber attacks, but the rankings have shifted dramatically. Recent data shows that attempted attacks on IBM customers revealed that in 2018, it was the second-most targeted industry.

Here are 15 tips to help you avoid putting your personal and business data at risk while traveling:

1. 1. Know your rights and the local laws before you go to a foreign country. Your local privacy rights, not to mention your federally protected rights as a citizen of your country, disappear at the border. If border guards request access to the digital contents of your laptop, you may have no choice but to provide it. Plan ahead and know your legal rights in that country and the rights the country may have to your data.
   2. Before leaving, reset all of your frequently used passwords. This includes PINs for a safe or security box in your hotel room. Take the effort to make sure your personal information is safe. Avoid using easy phrases or numerical sequences, including the all-too common “123456”. In the National Cyber Security Centre’s worldwide analysis of passwords belonging to breached accounts, 23.2 million accounts used this code. And if you’re a big music-lover or superhero fan, try to stay away from “blink182” and “superman”, the most common musical artist and fictional character used in passwords.
   3. Set up temporary email and cloud storage accounts. When it’s necessary to use a computer that doesn’t belong to you, work from these throwaway accounts. This is especially important if you plan to use hotel business center computers, which are clear targets for malware, keystroke recording equipment, and other cyber attacks while traveling.
   4. Leave personal data at home. Chances are, all your data is stored in the cloud. Before traveling, delete the local copy after disabling the sync feature on your laptop, so that there’s no important data left on your laptop. Make all your updates and edits on cloud-based copies while you’re away and re-enable the local cache when you return home.
   5. Protect copied data. Encrypt your information using products like Microsoft’s Active Directory Rights Management Service to make sure others cannot access it. Even if border guards or thieves gain access, it’s unlikely they’ll be able to view it later.
   6. Disable auto-connect on your phone. Although it’s a handy feature when used at home, it’s risky to use auto-connect while abroad. Before traveling, change this setting on your device so that you must manually connect each time you connect to the internet.
   7. Install anti-virus protection, host-based firewall, and host intrusion prevention software. This is one of the most effective ways to keep your personal data secure while aboard. Use a trusted brand of security software and update it regularly as new versions become available to make sure all security patches are applied. Also, turn off any file or network sharing features.
   8. Only work on secure network options. No matter where you go, steer clear of free Wi-Fi connections. Free internet access is appealing, but it’s also particularly vulnerable to security issues. If you must use internet cafes and free Wi-Fi hotspots, make sure it is not a fake Hotspot set up by hackers and do not log into personal accounts or use sensitive data.
   9. Disable Bluetooth connectivity. If Bluetooth is left on, nearby assailants can connect to your phone and potentially hack into your device.
   10. Make sure all your web surfing is protected by TLS-enabled HTTPS. Try to connect to secure websites only and avoid those trying to put fake digital certificates on your computer, which is a common practice among hackers. Remember that your two-factor authentication (2FA) methods may not work while you are out of the country due to the changes in your service plan.
   11. For business, Use your corporate VPN. If your company’s VPN connection uses split-tunneling, ask a member of the IT team to explain which traffic is secure and which is not secure. You can even use your own personal VPN router when traveling to make sure all connections are secure.
   12. Use a good privacy screen over your laptop display. This will keep wandering eyes off of your screen.
   13. Lock your computing devices anytime you’re not using them. This applies even in your hotel room when showering. Change the PIN numbers you regularly use on your phone, computer, and any other device you plan on accessing. This will help prevent a security breach should you misplace any of your devices.
   14. Be wary of accepting that free flash drive. Although malicious thumb drive attacks are generally uncommon, you may want to think twice about plugging in a USB drive that someone hands to you at a conference. All untrusted media should be approached with caution.
   15. Don’t share your current location with the world. Excessive sharing can create security threats in both your hotel room and at home. Think twice before using social media to advertise that your hotel room is empty while you’re out eating dinner or that your spouse and kids will be home alone for the next week. Wait until you return home to post about your travels so you can protect your assets and your loved ones.

Improve Your Security Techniques

Keep your staff members from making careless and costly mistakes that could put your organization’s information at risk while traveling. Cyber Security Tools for Today’s Environment, an 11-course program, is designed to help businesses improve their security techniques. It’s ideal for professionals in IT, computer science, and related fields who need to stay up-to-date on how to protect enterprise networks from potential threats. Connect with an IEEE Content Specialist today about training your organization on how to stay secure.

 

Resources

8 cyber security tips for business travelers. Norton.

Barlow, Caleb. (21 May 2019). How Cyber-Secure Are Business Travelers? New Report Says Not Very. Security Intelligence.

Grimes, Roger A. (1 Jul 2016). 11 essential data security tips for travelers. CSO.

Picheta, Rob. (23 August 2019). How hackable is your password? CNN Business.

Grauer, Yael. (30 October 2015). Should You Plug That USB Drive Into Your Computer? (Beware Of Malware). Forbes.