BYOD – using your personal device for work, signing non-disclosure and BYOD Policy, keep in mind you agree to monitoring.
Many companies adopt BYOD, Bring Your Own Device to work. It’s convenient for both the employer and the employee, but it also creates a two-fold problem. On the one end, the corporate sensitive data can get compromised through a personal device that’s poorly protected. A device can get lost or stolen, and if the business information on it is not encrypted and protected, it can end up in the wrong hands. The consequences can be dire from the reputation damage if the fact of a leak becomes known to the partners or clients. It can result in identity theft if the data was employee or client personally identifiable data or health records, which sell well on the black market, as it was with the Sony hack. Pending patents and corporate secrets leaks cost businesses a lot, not to mention if the data breach was a result of a targeted corporate espionage attack.
Employees often lack basic cybersecurity skills necessary to protect their own sensitive data, let alone ensure the integrity of corporate data. Hence, the employers need to take the human factor into account when creating the BYOD policy and the cybersecurity guidelines.
Employees, on the other hand, need to read the fine print of the BYOD policy before they sign anything. You need to fully understand the rules and guidelines you will have to adhere to, as well as the possible fines, legal liabilities or financial penalties if you should fail to comply.
In most cases, BYOD implies a certain degree of device monitoring on the part of employer’s IT department. You need to have a complete understanding of what the monitoring embraces. Will your traffic be logged and reviewed? Will your private information like contacts, messages, accounts, images, running apps be known to your employer? The BYOD policy needs to explain how your agreement affects the private information on your personal device, as well as the kind of technical support you can expect from the IT department.
Here are some basic guidelines to safeguard the corporate information on your personal device:
• The sensitive data should be encrypted and sandboxed. In most cases, a company provides its employees with a standalone application to handle company data.
• Likewise, your personal data needs to be encrypted – emails, chats, images.
• Steer clear of doing anything shady from the device you use under BYOD – visiting porn websites, online gambling, posting controversial updates to your social networks.
• Social networks pose a security threat to your employer, if you should be targeted by the proliferating social engineering techniques. These weed out important information about you from your Facebook/Twitter/LinkedIn accounts, like the names of your friends, coworkers, your position in the company, your duties. This information is then used to forge an email that looks legitimate, but either infects your device with malware/spyware/keylogger if you should download its attachment or open a link in it. Or, it tricks you into exposing sensitive company data, such as your company network login credentials, or even transfer sensitive files and funds.
• Thus, extra caution is advised when posting anything to social networks, especially work-related.
• Do not leave your device unattended; do not allow children to use it. If you choose to allow your kids to play mobile games on your device, create a second user account that’s limited in privileges and does not have access to your main user account.
• Do not install unlicensed apps on your BYOD device.
• Do not root or jailbreak it unless you are savvy enough to protect a device with most inbuilt security measures removed.
• Install an antivirus app.
• Install a firewall app and banish all apps and games from accessing the Internet unless they need it for normal functioning. Extensive app permissions in mobile are often poorly justified, and can lead to massive data leaks.
Windows 10 and 0 Privacy
Microsoft was never a privacy advocate. It’s on the other end of the spectrum. What Redmond did with Win 10 caused a major outrage among the cybersecurity experts and privacy advocates. Microsoft blatantly pushed Win 10 to nearly every computer running Windows 7, 8 and 8.1. At first, it asked the user for an agreement. Later on, when users started massively opting out of the free offer, Microsoft just forced Windows 10 update on older systems.
The very GWX (Get Windows X) module comes bundled with telemetry collection, and runs persistently on system boot. Many users were caught off guard, when they launched their computers just to find Win 10 installing itself without their prior consent.
Win 10 tags each user with a unique advertising ID, which is basically a person’s profile ID where Microsoft stores all mined data. It allows the company to serve users targeted ads from ad networks and third-party advertisers.
Microsoft’s personal assistant app Cortana is one of the worst offenders, collecting user purchase, searches, media content, keystrokes, and mic input at any time.
Telemetry Microsoft collects includes your real identity, age, gender, parental and marital status, your accounts and passwords, BitLocker encryption keys, your hobbies, searches, interests, the way you use your programs and how often, your contacts and calendar events, emails, chats, caller list, audio and video messages.
Microsoft reserves the right to share that data with its affiliates and partners with or without your consent – when you install Windows 10 you agree to these heinous terms.
Windows 10 scans your system for copyright-infringing files, like music, movies, modded games or programs, and disables any program it deems as unlicensed.
If the above is not enough to make you jump ship, I don’t know what is. The solution?
• Revert back to the previous version of your operating system if you’ve already installed Windows 10
How to Uninstall Windows 10 and Downgrade to Windows 7 or 8.1
• Or attempt at limiting its tracking using this guide –
How to fix data privacy in Win 10
• Alternatively, you can try this tool that aims to change the default settings in Win 10 to leak less data about you – Win10Privacy.
• If you’re still using a previous version of Win OS, remove GWX.exe and its bundled files:
How to uninstall KB3035583 – The Windows 10 Downloader for Windows 7 and 8.1
How to remove the Windows 10 GWX upgrade nonsense
• Finally, check out the alternative operating systems that boot from a CD, DVD or USB for private browsing and communication – see point 8.
Social networks and privacy
One of the worst consequences of mass surveillance is not only the deterioration of a civil society and democracy, which is a large-scale process, but self-censorship, which most law-abiding citizens are imposing on themselves on a daily basis. The refugee crisis, migration, national debt, Common Core, vaccination, feminism, racism, religion, ideology – the list of controversial topics is endless, and yet, if you find yourself with an opinion that is not encouraged by the moguls of the social media, you may face social obstruction, banning, and bashing, while your supporters will not be given voice. It is imperative to understand that companies as large and influential as Google and Facebook have their political agenda, and use the tools at their disposal to promote it –
Hence, you can not have an objective and free discussion on these platforms. So, why rely on them? Most importantly, why let them profile you?
Facebook has been under scrutiny for its privacy-invading practices for tracking users and non-users, for keeping user data forever even after a profile is deleted, for selling the user profiles to marketing agencies, for censoring dissidents, for analyzing user’s preferences and experimenting with the contents of the user feeds and how they influence users’ psychological state, and more. The accusations would have stopped it everyone understood Facebook and other social networks build their business on your privacy. You are the product. Your private data is the product they sell so successfully. It’s not about staying in touch with the people you barely know. It’s about getting you to document your life, so that marketers can sell you something. Also, to know your weak spots.
Besides audio beacons we covered earlier, Facebook tracks users and non-users by placing super-cookies in their computers. Super-cookies are persistent, and dwell in several uncommon directories. If you delete one of them, the others respawn it, so you can never tell if you’ve cleaned them out completely. How do you get the super-cookies? You don’t even need to be a Facebook user. Just visit any website that has a Share or Like it on Facebook button – and you get the super-cookie. Some European countries fined the company for tracking non-users, and Facebook had to refrain from the practice, but guess what – only for the users who are citizens of that country. Everyone else still gets tracked.
What does tracking imply? Facebook, or any other cookies in your browser, track every website you visit, the searches you type, the links you click. With a high level of probability, this information can reveal your gender, age, marital and parental status, sexual orientation, health or mental conditions, location, shopping preferences and much more, including your political views and financial situation.
Twitter keeps the log of your unpublished tweets. Hello, self-censorship. Even if you wanted to post an emotional reply to someone, but censored yourself out of considerations of not revealing the views deemed as unpopular, and deleted the unpublished tweet, Twitter still keeps it.
“I do not agree with what you have to say, but I’ll defend to the death your right to say it.”
-Evelyn Beatrice Hall
A phrase often attributed to Voltaire perhaps describes best everything that is wrong with the oppression of free speech as a result of self-censorship online. An open, inclusive discussion on privacy and surveillance is happening right now, but you won’t find it in the mainstream social networks. It does not mean, however, that you are left with no choices. We tried to give you a basic map to the tools that help you protect your privacy online. Using them might suggest a mild learning curve, but it’s worth it.
Useful reading: How to delete your Facebook account.
Alternative social networks focused on user privacy: