Managing public location data

Mobile gps navigation, travel destination, location and positioning concept

 

Image source

I am an active user of geolocation data on my smartphone. I take public transport, both at home, and on my travels. My GPS must be active for my transit app, which I use heavily, to update me on my bus schedules and routes. I also like to tag my location on Facebook; I’ve found this to be very useful when I’m on holidays, as it allows me to accurately label the names and locations of museums, galleries, and so forth when I upload my digital images to my cloud server. I use Google Maps frequently to find walking routes to various locations, even if these routes are sometimes overly circuitous. I am aware of the privacy concerns that people have about this type of tracking data, but I must admit that convenience and functionality win the argument for me.

This article by Fareena Sultan and Syagnik Banerjee discusses how marketers can use and manage geolocation data. Proximity marketing is one of these uses: Stores deploy beacons that send Bluetooth alerts to subscribed customers to push products. Geo-fencing extends this further by creating a zone around a business to push alters to mobile devices of subscribers. I don’t subscribe to these types of services, as this is rather too much information that I am willing to share, and also because I practice minimalism and thus am careful to avoid impulse buying.

Vigilant Marketing Intelligence is another use of geolocation data: As an example, if I post a picture on Instagram of a meal I’ve eaten at a restaurant and include the restaurant’s name, I may receive a private response from that restaurant, or a public post, and my post may be shared by that restaurant. I may be invited by that restaurant to participate in a survey, post a review, and so forth. This is an area I need to monitor, given what I have said above about tagging my location in Facebook. I do like to support restaurants that have vegan options, which is why I tag food at times, but I must admit that I’m not always comfortable with the resharing of this content, so I’m being more vigilant about when I do this.

The authors discuss the privacy implications of collecting geolocation data: It’s important to understand that this type of increased monitoring warrants a corresponding increased attention to privacy needs. Once a customer chooses to participate in a social media sharing system, attention has to be dedicated to securing data storage and providing the user access to information that has been collected by brands and processed on their behalf. The article provides some useful advice on how companies can protect customer privacy, and how they should communicate with their customers.

Advertisements

Biometrics and digital security

109_Biometric-Verification_Ready-for-Prime-Time-

Image source

This article by Larry Alton discusses the benefits and potential weaknesses of biometrics to secure digital devices. I have been using biometrics on my smartphone, laptop, and tablet for a number of years now. I use a thumbprint on my laptop and tablet. I prefer the higher security offered by biometrics, but the thumbprint can be a bit of nuisance at times, as I often have to swipe my thumb more than once. If there is any moisture on your skin (e.g., hand lotion, water, etc.), the scan doesn’t work; similarly, if you swipe too slowly or quickly, the scan won’t work. I’ve recently switched to iris recognition on my smartphone and much prefer this method, as it is very quick; much faster than a thumb swipe, and it took two seconds for the smartphone to register the irises.  Registering a thumbprint takes much longer, as the scanning area on the smartphone is very small. Unlocking via iris scan is faster than entering a password. Alton’s list of benefits and weaknesses follow below:

Benefits

The uniqueness of the signature.  Instead of memorizing an exhaustive list of passwords or carrying around specific paperwork to prove your identity, you simply provide a smile, an eye, an ear, or a fingerprint, which you have with you at all times.

Accuracy.  The latest comprehensive study of fingerprint technology found that single-finger tests were correct 98.6 percent of the time, with two-finger tests getting 99.6 percent accuracy and 99.9 percent accuracy for four-finger (or more) tests.

Cost. Though the cost of setting up a biometric system may be expensive, the long-term costs of management are much lower than those of conventional systems.

We

Device limitations. Right now, the most convenient and portable device we have with biometric capabilities is the smartphone, but the smartphone has limitations. It has a small fingerprint scanning area, so it only takes a partial fingerprint. (NB. See my note above about why I’ve switched to iris recognition).

Modifications. Biometrics rely on the permanence of your features, but what if those features change? What if someone obtains a copy of your features? It may be hard to replicate your iris, or the shape of your ears, but if someone does, it’s virtually impossible to modify what you already have as a measure of security.

Resets.  If you want to verify your identity after a thief has stolen your biometric information, you’ll need to do it in person, and by that time, the damage may be done.

System limitations. Biometrics still rely on databases, and databases are vulnerable. If and when someone finds a way into the system, whether it’s through a brute-force hacking attempt or an employee’s weakly created password, they’ll have access to data that could be used to manipulate millions of accounts.

Information management is the key to cybersecurity

Joe Shepley discusses the key role that information management plays in cybersecurity. Organizations may have very robust cybersecurity software and systems, but data theft is something that can be managed only with proper information management processes. Data theft is what happens when a bad actor — either internal or external — enters the network and takes control of a device or devices in order to steal or compromise data (e.g., through encryption). 

An effective information management program helps organizations keep the data they need (i.e., data with legal or operational use) and purge the data they don’t (i.e., data that’s past its legal or operational life). Effective information management reduces the information footprint of an organization, which means less data for bad actors to steal. It also means that an organization’s limited resources can focus on protecting a smaller set of relevant data.

Shepley proposes the following steps to ensure proper data retention:

  1. Data map – Determine what data we have, where data is and who owns it.
  2. Policy infrastructure – Put policies in place to manage information throughout its lifecycle (including data that’s been orphaned or abandoned).
  3. Content assessment – Scan content to determine what is junk, stale and sensitive, as well as whether the security and access for this content is appropriate.
  4. Remediation and clean up – Based on policy and the results of the content assessment, purge junk/stale content and remediate inappropriate security and access.
  5. Monitoring and prevention – Scan the environment on an ongoing basis to identify both non-compliant activity (e.g., mishandled PHI) and growth of stale/junk data and take action to address.

I am glad to see that all these activities are covered in my records and information class.

 

Millennials and knowledge sharing

This post examines how the knowledge-sharing practices of millennials can affect the organizations for which they work.  The article discusses the importance of collaboration in the workplace, and notes that while older workers prefer face-to-face interactions, for millennials, this is anathema. They would rather communicate using online meetings, chat apps or online tools to get things done. A coffee and a face-to-face meeting is too outdated for them. I’m not a millennial, but I have to agree with them on this one, but this might be related more to my introversion than it does to my age. This is the danger of generalization, of course.

The author notes further that it is the millennials who want tools to help them work through a problem the fastest. When looked at by age groups, a large number of millennials (71%) said they face challenges with their collaboration tools, compared with Generation Xers (62%) and baby boomers (45%). The always-on generation need [sic] to fix their cravings for information instantly.

The author points to the importance of having collaborative tools that function efficiently, but that have robust features to maintain the integrity and security of information.

How 5 Digital Assistants Use Your Data

This article provides useful and sobering information about how the digital assistants Siri, Cortana, Amazon Alexa, Facebook M, and Goole Now use your data. The article highlights the privacy and security features of these digital assistants; for example: By using Siri, Apple adds, you agree to allow Apple and its subsidiaries and agents to transmit, collect, maintain, process, and use your voice input and user data. Amazon Alexa saves your voice recordings, but you can erase them via your personal settings. As we move increasingly in the direction of voice-activated applications such as search, and voice-to-text, we need to consider carefully the new  personal metadata footprints and trails that we generate.

Google, Apple, and Yahoo moving away from passwords

This article discusses efforts made my Google, Apple, and Yahoo to move away from password sign ins.  Passwords are often poorly structured and hard to remember; I know that many people use the same password for different sites for the sake of convenience. I could not keep track of my passwords without LastPass. Biometrics is certainly a growing area. I secure my smartphone, tablet, and laptop with my fingerprint. This system is more secure than a password, of course. I find it works well, although I often have to swipe my thumb more than once to unlock the device; if I have any body lotion or moisture on my skin, for example, the device cannot read my fingerprint. There is a backup password for your fingerprint if, say, you injured your finger and are wearing a bandage, plaster, and so forth. Retinal scanning would be more convenient, but we’re not there yet. I know that you can use voice or photo recognition via Windows Hello, but I still prefer to use my fingerprint, as I think it’s less amenable to distortion. I am prone to throat infections, for example, so I don’t think that Windows Hello could manage access when I have laryngitis.

 

2015 information security breaches survey

The 2015 information security breaches survey was commissioned by the UK government, and conducted by PwC.  The executive summary highlights the following points:

  • 90% of large organisations reported that they had suffered a security breach, up from 81% in 2014.
  • The majority of UK businesses surveyed, regardless of size, expect that breaches will continue to increase in the next year. The survey found 59% of respondents expected to see more security incidents. Businesses need to ensure their defences keep pace with the threat.
  • For companies employing over 500 people, the ‘starting point’ for breach costs – which includes elements such as business disruption, lost sales, recovery of assets, and fines & compensation – now commences at £1.46 million, up from £600,000 the previous year. The higher-end of the average range also more than doubles and is recorded as now costing £3.14 million (from £1.15 in 2014).
  • Large and small organisations appear to be subject to greater targeting by outsiders, with malicious software impacting nearly three-quarters of large organisations and three-fifths of small organisations. There was a marked increase in small organisations suffering from malicious software, up 36% over last years’ figures
  • Staff-related breaches feature notably in this years’ survey. Three-quarters of large organisations suffered a staff-related breach and nearly one-third of small organisations had a similar occurrence (up from 22% the previous year).
  • When questioned about the single worst breach suffered, half of all organisations attributed the cause to inadvertent human error.