Post on 05-Aug-2015
I Agreed to What?
Online User Agreements, Social Media, and Your Data Privacy
Philip Alexander CISSP-ISSMP, CEH, CHFIFounder - Data Privacy Network
Agenda
I Agreed to What?!?!?! Social Networking End-user License Agreement (EULA) Secure Your Internet Site Outsourcing Site Access Gmail Protecting Sensitive Data Online Data Storage Hack Proof (Myth or Reality) Questions
I Agreed to What!
How Many People Actually Read End-User License Agreements (EULAs)
Game Station - April 2010 EULA contained ‘Immortal Soul Clause’
Social Networking
Social Networking Sites - An effective networking tool if used correctly
Don’t post sensitive data online
Companies need to classify their data by sensitivity Regulated data
HIPAA – health data SSN Name + DOB Financial information (credit/debit card #s, checking/saving account #s)
Sensitive Data: customer contact list strategic business plan secret sauce
End-user License Agreement (EULA)
Have a EULA (privacy policy) that protects your rights, but is also respectful of your customer.
Facebook Right to Use Your Content (Photos – Videos – Intellectual Property)
Without your knowledge or consent Royalty free
Instagram Right to Use photos that you post
Without your knowledge or consent Royalty free
LinkedIn Will not; sell, rent, or otherwise provide personally identifiable
information to third parties without your consent.
Secure Your Internet Site
Use HTTPS (SSL) for customer logins
Username/Password Account lock-out for failed login attempts Password complexity Clearing account name after failed login attempts
Send unlock code to customer email or cell # This protects customers from account take-over
ID Theft Financial Fraud, Cyber-stalking
Outsourcing Site Access
Gmail
Gmail Your email, and those of your customers are scanned for
marketing purposes
Have your own email domain @DataPrivacyNetwork.com
Use an Internet-based email domain that respects your privacy
Outlook.com
**Don’t Get
Online Document Storage
A cost effective way to store documents There are security implications
Use online storage for non-sensitive documents only Public marketing brochures FAQs Manual (some assembly required)
Hack Proof (Myth or Reality)
Balance between functionality and security
When the computer hard drive is spinning
One-time use passwords
Questions
Philip Alexander CISSP – ISSMP, CEH – CHFIFounder – Data Privacy Network
phil@dataprivacynetwork.comhttp://www.dataprivacynetwork.comhttps://twitter.com/DataPrivacyNtwk