The Amazing Race: Back to Basics

The last episode of The Amazing Race brought us back to life as we used to know it and how much of the world still knows it.  The contestants walked, rode elephants, took the bus, hitch-hiked, and rode in taxi cabs.  They took notes on simple notepads to remember the placement of figures on temple replicas and they asked pedestrians and office workers for directions just by stopping them on the streets.  The twins, Liz and Marie, even convinced two separate cab drivers to give them a ride for free when they ran out of money.  In essence, they hitch-hiked in Bangkok, Thailand.

All of this ‘back to basics’ reminded me of a trip I took to India, Nepal, and Bangladesh with a U.S. delegation tasked by the White House to find ways to reduce the trafficking of women and children in that region.  As an envoy for the U.S. government, we traveled in Land Rovers driven by well-trained drivers.  Each time we stopped at a police controlled traffic signal, we would see the line of traffic that appears nothing like what we see in the U.S.  Instead of a line of cars waiting for the green, we saw a line of ‘vehicles’ consisting of horse drawn carriages, air-conditioned Mercedes, ox-drawn carts, passenger buses, bicycles, and rickshaws, all waiting for the policeman to blow the whistle.

It was a stark reminder of how in America we shed the old when we adopt the new.  We do it in all sorts of ways from new cars to new iPhones.  In fact, Steve Jobs’ creative genius put this ‘out with old, in with the new’ consumer buying habit on steroids.  With every new iPhone release, lines form around Apple stores with folks willing to spend hundreds of dollars just to get the latest gadget the minute it hits the market.

And yet, for some reason this phenomenon hasn’t traversed to the other side of the world.  In many other countries, we see the adoption of the new being intertwined with the retention of the old – the old of hundreds of years ago.  Placed in this setting, our Amazing Race contestants did just fine even though they were forced into using tools of a world they no longer live in – a world full of GPS devices, Google maps, cell phones, iPads, and iPhones.  And most importantly, they did it with a sense of patience.

Is it possible that our quick to consume society is starting to replace a time of thoughtful relaxation?

The Amazing Race: Text Me So I Can Hear You

Last week’s episode of The Amazing Race was the most uncomfortable ever and strangely last night’s episode was the most comfortable ever.  Last week brother and sister couple, Justin and Jennifer, fought, shouted, yelled, screamed, bickered, and argued during the entire episode.  They even argued when they were simply waiting for a train and not in the throes of a challenge.  It got to the point that it was not only visibly disturbing for the other contestants to watch, but it was even disturbing for us as viewers to watch.  Last night’s episode was quite the opposite.  While mention was made that everyone hoped Justin and Jennifer wouldn’t be at each other’s throats, most of the episode was dedicated to cordiality between team mates and cooperation amongst teams.  All of this set in the rice fields of Indonesia and a 9th-century Buddhist temple at Borobudur.

The contrasting episodes of painful bickering and peaceful living made me wonder whether life would be better lived in a world without smartphones and the Internet – a techno-less society to slow us down and take away our need for instant gratification that usually leads to instant frustration.  Justin and Jennifer are prime examples of folks who have been pushed to extreme emotions without the comforts of what they are used to – looking up things on Google, having a GPS to take them to their next destination, and having the luxury of air conditioning wherever they are.

Is there any way all this fancy technology can help them get along or do they need to slow down and plant rice for awhile?

Every word Justin spoke, Jennifer responded to.  And, vice versa.  But if you actually listened, you would notice that they were both talking so loud they couldn’t hear each other.  They weren’t communicating at all.  They weren’t listening, responding, listening, reacting.  And here is where technology can save them.  If they could just send a text to each other, even while standing next to each other, they would be forced to process their thoughts, think of the right words to articulate them, breath while they typed them into a texting device, and wait for the reply.  This texting back and forth would allow them to actually have a conversation without speaking a word.  It is the conversation that human relationships are built upon.  A little technology can allow couples to communicate without having to live on a rice farm on the other side of the world.

So next time someone is talking so loud that you can’t hear them, send a text.

The Amazing Race: Confucius Meets Twitter

The Amazing Race came back with yet another exciting season premier this weekend.  From the start we saw a lack of preparation by ‘the showgirls’ that almost landed them a trophy for the shortest lived contestants on The Amazing Race.  It all started when Kaylani didn’t secure her passport, dropping it at a gas station less than an hour after the race began.  Luckily, a passerby Tweeted that he had found a passport belonging to an Amazing Race contestant and got convinced by his followers to hand deliver it to LAX.  Strangely, this was a harbinger of the upcoming challenge in which contestants played a game of ‘telephone’ at the Taipei Confucius Temple where they had to listen to a recorded saying by Confucius and then repeat it precisely for their next clue.

Confucius said, “In all things success depends on previous preparation.  And without such previous preparation, there is sure to be failure.”

Even though Confucius spoke nearly 2,500 years ago, his words are as applicable in this digital century as they were when he first spoke them.

In this week’s episode, we saw firsthand what can happen if a team fails to prepare.  But for the kindness of strangers connected to Twitter, Kaylani and Lisa would have been sure to fail.  And therein lies the amazing facets we find in the season premier of The Amazing Race.  Every aspect of our life is interconnected through and into the digital world.  Every step we take online has some type of impact on our footprints in the real world.  With each step we must ask ourselves, “Are we preparing for future success when acting in the present moment?”

When you post a photo on Facebook, can it affect how a future employer might perceive you to be resulting in a lost job opportunity?  When you get a security update, do you hit Remind Me Later, leaving all your personal bank information at the mercy of a hacker?  When you sign into Facebook, Twitter, or Gmail, do you use the same password, setting yourself up for a major phishing attack?  When you register for a new site, do you skip the privacy set-up process, letting others you would never share with see all your personal thoughts.  When you store your private photos, do you put them in a folder clearly marked private, making them highly visible and desirable for others to open?

Every act we take online impacts our safety, security, and privacy.   Take a moment to consider how your actions today will impact your future success.  This was true when Confucius lived in a world without an Internet just as much as it is true today in a world than can’t survive without an Internet.

For more information about online safety, check back here every week or visit my website.

When Hackers Attack, Earthquakes Follow

Hackers of the world have gone wild, infiltrating a variety of sites such as those of the CIA, PBS, and just the other day, NBC.  Supposedly “secure” servers of companies as notable as JP Morgan Chase and Sony have been hacked to get credit card or customer information.

In fact, hacking has had such a substantial effect on the business world that Rupert Murdoch was recently forced to close an English tabloid as a result of the paper’s hacking of celebrity phones. Stories of massive and embarrassing hackings are popping up everywhere letting us know that these hackers mean business.

And if you’re a business, being ready means more than having an IT emergency response plan.  In today’s hacker environment, a company’s response plan must be holistic in nature, agile in execution, and grounded in reality.  The right response must include technical, legal, educational, and public affairs components.  Each area has a significant role to play and one that if executed incorrectly can make the difference between disaster and recovery.  And we’re talking just security.  The problems compound when you throw in safety and privacy as well since the three are interconnected and not mutually exclusive.

Having been at the forefront of safety, security, and privacy (SSP) crises many times over in my previous roles in corporate America, and now as the founder of an online security consulting company, I can tell you that many company executives often think of the public relations (PR) aspect of responding to a hacker crisis as ‘fluff’ or coming from the ‘group that spins’.

In fact, PR is at the epicenter of this type of crisis and how it is handled can make the difference between minor aftershocks or more devastating quakes.

The right PR team will have to navigate with agility, acumen, and diplomacy while still grounded in relevant experience with safety, security, and privacy.  The challenges presented are far ranging and come in multiple forms.  Questions abound such as:

-who should be the spokesperson

-what is better, a reactive or proactive media strategy

-when should the affected consumers be informed

-where is the place to release information

-how should employees be informed about what is happening

-when should a safety, security, and privacy crisis plan be implemented

-who makes the final call on what goes out

Given the sudden onslaught of hackers, traditional PR firms are facing quite the challenge in helping clients respond.  The problem – many of these firms aren’t yet equipped or experienced to handle the unique challenges SSP PR brings even if they have handled other types of crisis in the past.

If your company is at risk of falling victim to a SSP PR nightmare, begin internal discussions ASAP to see if you are equipped to handle such an event holistically.

The more you read about the pain and suffering other companies have gone through, the more daunting the problem may appear.  But, it is one that can be overcome with the right kind of planning, team, and program in place.  Having worked closely with several clients to put in place SSP PR strategic plans, we have seen the positives that come from doing it right the first time.

If there is one thing to keep in mind it is this – hackers don’t follow traditional fault lines.  At any time, you can be the flashing red dot marking the epicenter of a major SSP earthquake.

Nightmare Renters from Airbnb

Until recently, the name Airbnb was not something tossed around in the average news cycle or dinner party.  However, since a story recently broke about malicious use of rented property and Airbnb’s apparent woeful management of the crisis, the name is everywhere…and not in a good way.

Airbnb describes itself as a company engaged in “unlocking unique spaces worldwide.”  Through its web portal, the company allows people the world over to exchange housing, essentially turning private residences into mini-hotels, renting out their homes and finding residences to for short-term rental.  The service has proved useful for thousands of successful exchanges but truly atrocious stories are emerging about how this can go wrong.

Here’s the short version of what happened.  A host (EJ) rented her home to people who contacted her via Airbnb. When she returned, there seemed to be no end to the damage she encountered.  There were holes in doors and walls, items from shoes to an iPod were stolen, and her whole home was covered in powdered bleach.  They even, allegedly, stole her identity.  Soon after, another victim came forward and told his story of horror.  While these stories are truly awful, they should serve as a strong reminder for companies and users. (Note that the CEO of Airbnb provided this response to these stories.)

Online, we can get lulled in to a false sense of security.  We start to think that, because someone signed into a site or setup an account, they must be honest and reputable.  This is why it’s critical to always exercise extreme caution when engaging in person with someone you have only met online.  In the real world, we would never hand over the keys to our house without some serious ID and references and assurances.  The same should be true online.

Here are just a few other ways to help you keep yourself and your home safe and secure if you’re using rental sites like Airbnb:

  • Secure people:  Look for ways that security initiatives have been engaged on the site. Does the site offer background checks for renters, in the same way that SitterCity offers them for caregivers? Does the site separate out those who have been vetted from those who have not?
  • Assurances:  Look for ways the site plans to handle ‘security breaches.’    Does the site have a process for compensation in the event of damage?  Does the site offer or suggest short-term insurance options to cover loss?
  • Organization history:  Tech start- ups can have a brilliant idea, but don’t always build-in crisis response mechanisms to help a customer.    Does the site you’re considering have clearly delineated departments for helping users? Is there a helpdesk that responds to your inquiry? Does the site provide an emergency contact number that is available 24/7?
  • Check networks:  It is ideal if you know the person you are renting to and great if you have mutual contacts who can be references.   Since this may not always be possible, does the site provide other mechanisms to allow community vetting?

Like so many other online services, rental sites can offer us convenience and help.  As consumers, we must ask the right questions so that sites also proactively embrace safety and security.

Taking a Moment to Pause With Phone Hacking Scandal

For companies that can be broken if their security breaks (anything from email providers, to cell phone providers), headlines like “Phone Hacking Scandal” should garner special attention. The latest “phone hacking” scandal involving allegations that reporters at News of the World listened to or tampered with voicemails of, potentially, over 10,000 victims, has left many in shock and wonderment. But, as with any crisis, we can use this as an opportunity to take a moment to pause and consider what we can learn from it.

The word “hack” implies that a highly technical break-in into a security system occurred, as in the case of the recent CIA breach. What appears to have happened in the phone hacking scandal is really not a ‘hack’ at all carried out by highly technical criminals.

Reporters, allegedly, used some pretty simple tactics, exploiting voicemail procedures by using them in the way they were supposed to be used. When a customer purchases a new cell phone, a default password is set up for accessing voicemail. Often, it’s a simple 4-digit number such as “1111” or “0000” or the last 4 digits of the customer’s cell number. Unfortunately, most people don’t personalize these passwords once they have the phone. Hence, a stranger can call a cell phone and when the subject doesn’t answer, they can simply put in the standard password for the carrier and gain immediate access to voicemails. Here is some more info on just how all this can happen.

Unfortunately, this isn’t the only way people can get into voicemails. Social engineering, a term now used to denote unethical or illegal practices involving impersonation and manipulation, is a very effective means by which people can gain access to voicemails or information. So instead of hacking into a secure system, the bad guy can simply call the cell carrier’s support center, impersonate an actual cell phone customer, and obtain the password for the voicemail. The customer never knows this happened.

And here-in lies an opportunity for cell carriers to pause and consider what types of security mechanisms are in place to thwart the social engineer. For example, consider providing any customer who calls a temporary one-time use password that forces a password change once it is used. Then text and email the customer to let inform them of what just occurred in case it was a social engineer who got through all the mechanisms already in place. Also, consider whether two-part security, security that involves what a customer knows and what a customer has, can work for you. With two-part security, a customer would need to provide info to the customer service rep to recover/replace a forgotten password, and then would have to have the cell phone in hand where the reset info is sent. A social engineer who succeeds in one part ends up getting only half the info needed to succeed. Finally, consider whether the default passwords freeze if they are not changed within a certain period of time from purchase.

Each company will have to weigh everything from customer experience to ease of use to adoption rates when determining what type of security works best for their user base. Note that many carriers have been working towards these goals and should be commended for their work.

The ability to convert challenges to opportunities can be a major asset for a forward thinking, security conscious company. So, take head of the latest events in the news and pause to reflect on what more can be done to protect the most valuable asset any company has – the trust of its customers.

Congressman Weiner and Sexting Amongst Friends

We like to warn our children about many things and lately sexting has been on the top of the list.  We caution against it, put applications in place to prevent it, and even treat kids as criminals over it.  However, it is us adults who are getting far more press about it lately than kids ever have.

Congressman Anthony Weiner is just the latest in a string of scandals.  When this story broke, the media was tripping over itself asking: Did he do it? And now, with his admission of guilt, the new question is: Should he resign?

In the meantime, no one has offered the public a chance to look at what really matters:  When thinking of sexting, how does an adult answer the question – To do or not to do?

Adults have been “sexting” for ages – we just called it ‘dirty talk’ – dirty talk that used to land on a significant other’s ears and disintegrate…until now.  With the onslaught of real time apps and devices like iPhones and Twitter, messaging anywhere anytime has become the norm.  And yet, many adults fail to understand the permanent, far-reaching, and severe implications of these devices.  Simply put, many adults don’t understand that once you send/sext it, it’s never coming back or going away.   So, if you’re thinking about sexting, you might as well print it, sign it, and put your address, phone, and photo on it and then put it on a billboard in Times Square for the world to see.

Far too many adults are letting the heat of the moment control their actions –forgetting that once they send it, it lives forever on the Internet.  It is like the Library of Congress, a repository of history.  Your sext might never make it to Times Square, but you might want to think of it like it is.  Granted, you might want it there for the world to see you, but that’s a question only you can answer.

Congressman Weiner and Brett Favre are just the tip of the iceberg of what’s to come unless adults, famous or not, start practicing what they preach to kids – don’t do it – unless you want it to live forever on the Internet.

For more on the Internet’s memory, see also Charlie Sheen Reminds Us, The Internet Has a Memory and The Bachelorette and the Drunken Passed Out Bachelor.

Every Step You Take, I’ll Be Tracking You

Lately, it seems like we hear a story every week about a new security breach concerning our personal information.  Just a few weeks ago, Epsilon was hacked and millions of email addresses were stolen. A few weeks later, Sony announced that their worldwide gaming network too was hacked.  And now, companies like Apple and Google are being scrutinized for their questionable iPhone and Android tracking processes.

In a paper recently released on Radar O’Reilly, researchers revealed that they had uncovered a hidden file in iPhones and iPads that regularly records the location of the user. To make matters worse, the file in which all this is stored is unencrypted; that means that anyone with access to a user’s iPhone or iPad could unveil the user’s entire history of where they had been (or at least their device had been).  On top of that, the information collected is also transferred to your computer anytime you sync your device. Even if a customer buys a new device and syncs the new device with the original computer, all the location data will end up on the new device.

So the question is – what tracking is necessary for the device to function? For instance, in order for your phone to find reception it must be able to locate cell towers as you travel.  In order for an iPhone to locate a new wireless network, it also needs to use GPS in order to see where the networks are. Why though is Apple storing this information? The extent to which Apple has gone appears to be extreme.

If you’re thinking that this shouldn’t be acceptable, you’re not alone.  Some rather high profile voices have contributed to the debate.  Senator Franken of Minnesota published an open letter to Steve Jobs chastising Apple for tracking and storing this information.  The head of the Electronic Privacy Information Clearinghouse is also questioning whether Apple violated its own terms of service agreement which ensures that customer information will be guarded appropriately.  A group of people in Florida have even gone so far as to file class action lawsuits against the company.

The immediate and strong outpouring of global concern about this invasion of privacy prompted a few short responses from Apple at the outset, and then one big answer to the issue – a software update. This most recent update to the operating system will turn off tracking and disallow storage of information after one week.  Don’t worry, your iPhone and iPad will still transmit location information that is necessary for device functioning, but all the other information will be erased. This information will no longer be stored on your computer when you sync your device. As for the Android, a spokesperson from Google has said that “any location data that is sent back to Google location servers is anonymized and is not tied or traceable to a specific user.”

Since these announcements initial panic has decreased but we continue to be reminded that our privacy must always be guarded vigilantly. And best of all, companies like Apple and Google are listening to your voice by not tracking your whereabouts.

Epsilon and the Disappearance of Millions and Millions of Email Addresses

Until recently, most of the general public was totally unfamiliar with a company called Epsilon.  And even if some of us had heard of it, we never would have thought that it would soon become an international focal point.

Epsilon is a firm that manages email-marketing campaigns for large companies.  Managing these campaigns requires massive amounts of information and filtering.  Epsilon makes sure that men don’t get email campaigns about feminine hygiene products, that college students do get ads about pre-planning funerals, and that mothers do get ads about everything having to do with children.  Of course, compiling all that information takes a lot of time and manpower, two resources that large companies usually prefer not to allocate to their marketing departments.  So, they hire companies like Epsilon to do it for them.  Because of this, Epsilon has information about millions and millions and millions of customers, including names and email addresses.

Recently, a group hacked into Epsilon’s servers and pulled personal data on some of those millions of customers.  While Epsilon isn’t talking about how the breach occurred, they are saying that the hackers only got away with email addresses and names.  No banking, financial, or other sensitive information was taken.

If the hacker only got names and email addresses, is this breach even important? Unfortunately, the answer is: yes, it is very important.  One of today’s most common threats to your personal information is phishing attempts, or the process of sending out emails to people and asking them to send back specific information, like financial info or logins for sites causing unsuspecting users to willingly give out their info.

The most troublesome aspect of the breach is that the hackers can use those email addresses and names and mask the sender address so that people think they are getting a personalized email from a reputable company they already do business with.  For instance, a hacker could “mask” an address so it looks like Joey is getting an email from Citibank about his online account, asking for login verification, perhaps even referencing earlier emails that were actually sent by Citibank.  If Joey isn’t careful, he could give out all his banking information – and get phished.

It is difficult to pin down exactly what companies have been affected but here is a list of some of them: JP Morgan Chase, Citibank, 1-800-Flowers, Walgreens, Best Buy, Capital One, Ethan Allen, Target and others.  I think it is fair to say that you or someone you know has gotten a warning from at least one company letting you know about the Epsilon breach.  I got three different emails from three different companies that had used Epsilon informing me about the breach.

The important thing for you to remember is to be very careful about sharing information. For the next few weeks or months, take on a “trust no one” attitude and vigilantly check each email you receive that asks for personal information.  Simply don’t reply via email with any sensitive information.  Instead of clicking on any embedded links, type them into the browser.  If you are suspicious, call the company directly to verify the veracity of the email.

Epsilon may not know who did this, but you don’t need to wait to find out to be safe.

**UPDATE: Attorney General asked to look in to security breach.**

A Different Key for Everything that Matters

A colleague of mine recently learned a difficult lesson when her computer was stolen from her car. At first, she was mostly concerned about having lost all of the work (she’s a writer) that was stored on her machine. Sadly, there was a lot more than poetry at stake: her entire identity was at risk.

While using one password for all the secure sites she visited seemed smart at the time, it turned out to be a disaster. It was anything but smart. One little password gave the thief access to literally every aspect of her life: banking records, bills, medical records, emails, social networks and more.

To put this in perspective, think of what we already do in the real world. We have a different key for everything that matters – house, car, safe-deposit box, gym locker, work, file cabinet, desk drawers, etc. And yet, many of us do what my colleague did — use the same password across multiple websites from social media to online banking to shopping sites. Many of us learn the lesson of safeguarding personal security after it’s too late.

The good news is that this kind of privacy invasion can be avoided with some relatively easy steps. Exercise caution in choosing passwords by selecting passwords that can’ t easily be connected to you. Names of loved ones and important dates (births, anniversaries) are too easy to guess. Passwords that contain combinations of numbers, characters, and letters are great choices. If you have a laptop you frequently travel with, even if it’ s just to your local coffee shop, consider turning off your browsers’ password storage function. You’ll notice this function when a pop-up comes up asking you if you want to store this password.

Most importantly, use a different password for every site that matters, just like you do with your keys. Examples of sites that matter are sites for banking, mortgage payments, bill pay services, online shopping, and social media sites where you share your personal life with family and friends. If all your passwords are the same and someone fraudulently obtains your login info for one site, they will have obtained ALL your passwords in one small coup.

Different logins for everything might sound daunting but not only is this the single best way to protect your valuable information, it is also not as terrible as it sounds. Thankfully, there are many password storage sites and pieces of software that are fairly priced or totally free that will help you keep track of your passwords. For example, try using software like Password Locker to keep all of your passwords organized and secure.

Choosing hack-proof passwords and different log-ins for different sites have saved thousands of people money, time, and hassle by making their personal and financial information that much more secure.

And we can all appreciate a little more security and peace of mind online.