A Win for Privacy

Google has announced a new policy that will compel Android app developers to allow users to delete their accounts directly from the app.  This decision is part of Google's commitment to enhancing user control over personal information and account management.

Starting November 2023, all Android apps available on the Google Play Store must include an easily accessible option for users to delete their accounts.  If an app fails to comply with this policy, it may face removal from the Play Store.  As a result, Google aims to give users more control over their data and improve the overall account management experience.

The new policy applies to all apps requiring users to create an account or sign in using an existing one.  However, apps that do not necessitate account creation or sign-in are exempt from this rule.

Google has provided detailed guidelines to help developers implement the account deletion feature effectively.  The guidelines include displaying a clear and concise explanation of the deletion process and its consequences, making the option easily discoverable, and ensuring a straightforward and secure method for account deletion.

By making it easier for users to delete their accounts, Google hopes to reduce the number of abandoned or inactive accounts, which can pose security risks.  Moreover, this change will empower users to exercise more control over their personal information, ultimately fostering a more transparent and secure online environment.

Beware of the Robot Imposters (AI - How to protect yourself against a voice scam)

I've been worried about this for years and knew it was just around the corner; here we are!  If we didn't have enough to worry about, now we need to be on the lookout for AI-generated voice scams.  From crafty con artists to high-tech trickery, no one's vocal cords are safe anymore.  So, grab your tin foil hats, and let's dive in to find an easy solution.

Once upon a time, scammers were limited to cheap phone tricks and grainy photocopies.  But now, AI has evolved to a point where it can mimic anyone's voice—your grandma, your boss, or even that guy who never stops talking about his dog.  My grandma was a victim of this - someone called her pretending to be me and asking for money to bail me out of jail.  So, of course, she answered, "Leave him in there."  That was an appropriate response... thanks, Grandma.

If you find yourself in this situation, there's an old-school fix.  Establish a secret code word or phrase with your friends, family, and colleagues.  Then, if someone calls claiming to be them but doesn't know the code, you'll know they're an imposter.  Stay vigilant, friends.

The Importance of Protecting Your Email from Spam and Phishing Attempts

In today's digital world, email has become a vital tool for communication, both in personal and professional settings. It enables us to share valuable information, stay connected with friends and colleagues, and manage various aspects of our lives. However, with the increasing reliance on email comes a higher risk of encountering spam and phishing attempts. These cyber-threats disrupt our daily lives and can lead to severe consequences such as identity theft, financial loss, and personal or corporate reputation damage. This blog post will discuss the importance of protecting your email from spam and phishing attempts and offer tips on keeping your inbox secure.

Understanding the Threats: Spam and Phishing

Spam refers to unwanted, unsolicited emails that are typically sent in bulk to a large number of recipients. While some spam emails may be relatively harmless, such as unsolicited advertisements, others may contain links or attachments that lead to malicious websites or spread malware.

Phishing, on the other hand, is a more targeted form of cyber-attack. Cybercriminals use phishing emails to deceive recipients into revealing sensitive information such as login credentials, financial data, or personal information. These emails often appear to come from a legitimate source, such as a bank, a well-known company, or even a friend or colleague.

The Importance of Protecting Your Email

1. Safeguarding Personal and Financial Information

Protecting your email from spam and phishing attempts can prevent cybercriminals from gaining access to sensitive personal and financial information. This reduces the risk of identity theft, unauthorized financial transactions, and other forms of cyber fraud.

2. Maintaining Privacy

Email protection also helps preserve your privacy. Spam emails can contain trackers that monitor your online behavior, while phishing emails may attempt to extract personal information by tricking you into providing it voluntarily.

3. Enhancing Productivity

Spam and phishing emails can be a significant source of distraction and wasted time. By effectively filtering out these messages, you can focus on important communications and improve your overall productivity.

4. Protecting Corporate Assets and Reputation

For businesses, email protection is crucial in safeguarding not only employees' information but also company data and intellectual property. A successful phishing attack can lead to unauthorized access to corporate systems, potentially resulting in data breaches, financial loss, or damage to the company's reputation.

Tips for Protecting Your Email

1. Use a strong, unique password for your email account, and enable two-factor authentication (2FA) whenever possible.

2. Be cautious when opening emails from unknown senders. Do not click on links or download attachments from unfamiliar sources.

3. Install and maintain updated antivirus and anti-malware software on your devices.

4. Enable spam filters on your email account to automatically filter out suspicious messages.

5. Educate yourself about the latest phishing tactics and learn how to identify potential phishing emails.

6. Verify the authenticity of any email that asks for personal information or requires you to take immediate action. Contact the sender through a separate, trusted communication channel to confirm the legitimacy of the request.

As our reliance on email grows, it is crucial to recognize the importance of protecting our inboxes from spam and phishing attempts. By implementing the abovementioned tips and staying vigilant, you can safeguard your personal information, maintain your privacy, and enhance your productivity.

It listens... and gossips (AI)

Once upon a time, a crafty little thing called the PC speaker lived in a land full of ones and zeros. You may remember it from the good ol' days when computers were as big as your living room, and it'd go "beep beep" to announce its presence. Well, guess what? These cute little buggers have now become the accomplices of hackers in their dastardly deeds!

A group of security researchers, who probably had too much time, discovered that the PC speaker is used to exfiltrate data from your computer. That's right, folks! Your trusty old friend, the PC speaker, is now the star of the show in the data leakage extravaganza.

Let's skip down memory lane to see how this all began. Back then, the PC speaker was the only way for computers to make a sound. It would beep and boop like R2-D2, giving users the 411 on what was happening in the digital realm. Fast forward to today, and we've got all sorts of fancy schmancy sound systems that have long replaced the humble PC speaker. But little did we know, the speaker has been sitting in the corner, plotting its revenge!

The researchers demonstrated that these speakers could emit sound at a frequency that's inaudible to humans but easy for the malware to pick up. The malware then translates this Morse code-like communication into your precious data, and voila! It's like a magical game of Chinese whispers that steals your secrets.

You might think, "But wait, my super-duper fancy computer doesn't even have a PC speaker!" Fear not, dear reader, for the researchers thought of that too! The researchers found a way to pull off the same shenanigans without a speaker with some clever coding tricks and some help from your graphics card. 

But before running for the hills or smashing your PC, take a deep breath and relax. The chances of this method being used to steal your data are about as high as finding a unicorn in your backyard. It's a slow and cumbersome process that would take ages to transfer anything significant. Plus, it requires the hacker to be physically close to your computer, which is so 2005.

While the idea of your PC speaker playing a game of digital espionage is hilariously intriguing, it's not something you should lose sleep over. Instead, keep your antivirus software up-to-date, don't click on sketchy links, and give your PC speaker a stern talking-to... in case it gets any ideas.

Source: 

https://www.kaspersky.com/blog/pc-speaker-data-exfiltration/47737/?utm_source=pocket_saves

OSINT in Executive Protection

OSINT is a powerful skill to learn for the EP agent.

In our increasingly interconnected world, executive protection (EP) agents must use all the available tools to protect their clients. One of these tools is open-source intelligence (OSINT). OSINT is the collection and analysis of publicly accessible information. For EP agents, OSINT is a threat assessment and monitoring tool.

OSINT offers an efficient way to gain insight into the activities of individuals or organizations without relying on expensive software and time-consuming investigations. OSINT comes in many forms, including internet research, social media monitoring, image analysis, and document analysis. OSINT is easy to learn and a crucial skill for any EP agent.

There are challenges associated with OSINT investigations, however.  

First, the sheer volume of data can become overwhelming without the proper tools, training, and strategies to effectively sift through the data. Additionally, the precision required when collecting information from sources that may not always be reliable can prove daunting. Furthermore, OSINT investigators must avoid potential legal pitfalls and laws when dealing with sensitive or confidential information online, i.e. protect yourself!

The need for OSINT is clear and has its benefits, but not without its challenges. Agents need to be aware of the legal issues surrounding improperly collected data and should be prepared to testify to all of their findings. OSINT is an invaluable tool in the EP industry and enhances a team’s ability to fulfill its mission to protect the client.

I frequently advise EP teams and organizations on best practices when collecting OSINT data, contact us for any assistance.

Enable Two-Factor Authentication!

Two-factor authentication (2FA) is an important security feature that can help protect your digital accounts from malicious actors. It requires users to prove their identity with two independent pieces of evidence: something you know, like a password, and something you have, like a physical token or a smartphone. Turning on 2FA for your online accounts makes it more difficult for hackers to gain access to your sensitive data.

2FA can be inconvenient, but I think the small distraction far outweighs the risk. Nearly every breach case I investigated could have been delayed or averted by implementing 2FA. Tech companies are researching even more secure methods than 2FA but for now, do yourself a favor and turn it on for every single website that allows you the option to do so.

Ransomware: The Digital Kidnap

Ransomware is digital kidnapping and leaves a devastating impact on its victims.

Ransomware is a dangerous cyber threat. Criminals use ransomware to extort money from victims by locking their data for payment. In this digital kidnapping, data is held hostage instead of a person. Executive protection agents (EP) should consider their client’s risk for a ransomware attack.

EP agents are the gatekeepers of their client’s well-being and security. In the digital age, it is essential that EP agents consider how to protect their clients from cyber threats such as a ransomware attack. A ransomware attack is financially and emotionally devastating, making the agent's role in preventing one all the more important. I think EP agents have to worry about extortion more than the actual loss of trivial data. High-profile clients have certainly made the rounds in the news cycle as their personal photos and other data were exploited.

Is an average EP agent prepared for a ransomware attack? Absolutely not, so now is the time to get ahead of the curve, get some skills, and stand out in the EP world. You'll need a full-blown incident response firm on your side, but learn the basics, and you will be the one to open those lines of communication in your client's weakest moment. It’s also worth considering cyber insurance for your client. The insurance firm should have retainers with incident response firms to help remediate the threat.

Like all things in executive protection, there needs to be a risk assessment to evaluate the client’s ability to recover from such an incident. Teams must have contingency plans to address any potential risks related to data security, including backups of important information stored remotely or on external hard drives. Get familiar with, and implement the [3-2-1 model](https://www.cisa.gov/uscert/sites/default/files/publications/data_backup_options.pdf).

Cybercriminals can launch a ransomware attack without leaving the comfort of their homes, making this malicious threat all the more insidious. Businesses and organizations make better targets for a ransomware attack compared to a single executive, but it’s certainly worth discussing in team meetings.