Tag Archive for: Privacy

Coronavirus Cyberscam Alert: Protect Your Digital Health and Safety During a Pandemic.

Hey, this is a bit of a solemn and serious video today. First of all, my heart goes out to all of those communities, families, people that are battling with Coronavirus. Just like our physical health, we have to also pay attention to our digital, or cyber health, and how we watch out for all of the disinformation that is out there. Listen, cybercriminals will always exploit the headlines. They will always take advantage of our fears and our ignorance, whether it’s for product sales, whether it’s just to make us panic or whatever the motivation. My daughter, the reason that prompted this, was a feeling of, as a dad, my daughter texted me and said, “Hey, there’s a student, I have just seen that a student is being pulled out of class, out of their dorm by people in hazmat suits.”

Well, of course, that was a social media post. It made its way all the way around the campus and was absolutely false. So I want to just let you know some of the schemes and scams that we have seen, make you aware of them so that you’re listening and that you act differently. First of all, there is just massive disinformation out there right now. There are hoaxes, there are rumors, and you need to be extra skeptical at the moment. One example, there are government advisories out there that aren’t actually being issued by governments. They are false, they are fake, they have nothing to do, for whatever reason, people are putting those out there. There are bogus home remedies of how you can solve the Coronavirus, which there’s no vaccine yet and probably won’t be for 12 to 18 months. Of course, there are home remedies like washing your hands that are legitimate.

There are products meant to defraud you, pills that you can buy, masks that don’t actually work. You have to be really careful that what you’re buying is actually legitimate. And on top of that, there’s price gouging. So masks that are going for hundreds of dollars on Amazon that you don’t probably actually need, hand sanitizer that has run out at your local store. Think before you spend all of the money on this because there are many other answers. There are a ton of fraudulent emails that scam you into clicking on Covid-19 type alerts, an alert in your hometown from your school system, a remote work policy from your work. It may not actually be your work. False test results we have seen. Covid test results. Of course, you probably haven’t been tested, but you’re tempted to click on those links. We’ve seen a bunch of videos, social media, blog posts, fake articles that spread disinformation, a lot of it about voting and the voting that we’re going through right now and polling places, politics, and so forth.

So watch all of that. This is essentially the weaponization of information. It happens all the time. It happens in the corporate world, it happens in the government, and now it’s happening around the health system because it’s in the news. So just like good hygiene, physical hygiene, washing your hands, there are cyber hygiene tips that will help you protect yourself. Number one, if you don’t recognize an email or a text, if you weren’t expecting it, don’t click on it. Don’t respond to it. It’s probably not legitimate. If you can’t verify that it’s from your work, from your kid’s school, from the government, do not believe it until you verify it. Same advice for social media. Articles, videos. Don’t believe it until you verify with a source that you trust, that you go to over and over again. Do that before you take the action that they’re talking about because most of these right now is not legitimate.

So sources like the CDC, the World Health Organization, your local news if you trust it, or the paper that you trust. Finally, if you have questions, ask an expert. Don’t count on what you see in the media necessarily, what you see on the internet, especially on the internet, as being totally legitimate until you verify. The point is, just like with cybercrime, those who think before they react with this Covid and vice versa, those who think about their digital settings and what they’re doing online and email and text and on those devices, those are the ones who prepare in advance for that, that avoid the worst outcomes. Listen, thanks so much. Sorry, it’s such a serious topic, but it’s really important that you protect both your physical health and your digital health. Thanks so much and stay safe.

Telemedicine: Are Virtual Doctor Visits a Cyber & Privacy Risk?

The Trump administration has relaxed privacy requirements for telemedicine, or virtual doctor visits: medical staff treating patients over the phone and using video apps such as FaceTime, Zoom, Skype and Google Hangouts. The move raises the chances that hackers will be able to access patient’s highly sensitive medical data, using it, for example, to blackmail the patient into paying a ransom to keep the personal health information (PHI) private.

This relaxation in privacy regulations about telemedicine is necessary, as treating coronavirus patients in quick, safe, virtual ways is a more critical short-term priority than protecting the data. That may sound contradictory coming out of the keyboard of a cybersecurity expert, and that exposes a misconception about how security works.

Security is not about eliminating all risk, because there is no such thing. Security is about prioritizing risk and controlling the most important operations first. Diagnosing and treating patients affected by Covid-19 is a higher priority than keeping every last transmission private.

Put simply, the life of a patient is more important than the patient’s data. With that in mind, protecting the data during transmission and when recordings are stored on the medical practice’s servers is still important.

  • Doctors should utilize audio/video services that provide full encryption between the patient and the medical office during all telemedicine visits
  • If the doctor’s office keeps a copy of the recording, it should be stored and backed up only on encrypted servers
  • Not all employees of the doctor’s office should have the same level of access to telemedicine recordings; all patient data should be protected with user-level access
  • Employees of the doctor’s office should be trained to repel social engineering attacks (mostly by phone and phishing email) to gain access to telemedicine recordings

Telemedicine and virtual doctor visits is just one way that the government is willing to accept increased risks during the pandemic. Many federal employees are also now working remotely, accessing sensitive data, often on personal computers that haven’t been properly protected by cybersecurity experts. This poses an even greater problem than putting patient data at risk, because nearly every government (and corporate) employee is working remotely for the foreseeable future. I will address those concerns in an upcoming post.

In the meantime, stay safe in all ways possible.


About Cybersecurity Keynote Speaker John Sileo

John Sileo is the founder and CEO of The Sileo Group, a privacy and cybersecurity think tank, in Lakewood, Colorado, and an award-winning author, keynote speaker, and expert on technology, surveillance economy, cybersecurity and tech/life balance.

FaceApp is Fun, But Putin Will Own Your Privacy

FaceApp quite literally owns your face forever (or atleast the image of your face).

It’s funny how we spend billions of dollars a year on health and beauty products and treatments designed to keep us looking, as Carrie Underwood sings, “young and beautiful”, but when a fun app comes along that gives us a goofy look or makes us look 30 years older, we jump at the chance to see it and share it with all of our friends on Social Media.  That’s exactly the case with FaceApp, an app that alters photos to make you look years older or alter facial expressions, looks, etc.  Thanks in part to use by celebrities such as Underwood, the Jonas Brothers and LeBron James, more than 150 million users have uploaded their photos to the app and it is now the top-ranked app on the iOS App Store in 121 countries. Free, fun and harmless, right?  Maybe, maybe not…

Every app is uploading your data and daily habits and locations, combining it with your social media profile and exploiting or selling it. That’s the profit model of the internet, not just FaceApp. That’s not what makes this particular app unique or noteworthy.  Wireless lab, creators of FaceApp is based in St. Petersburg, Russia, which means that by default, Vladimir Putin has a picture of you someplace on his hard driveLet’s be clear, Russia can get into any centralized database of facial recognition photos it wants to – this just makes it easier for them.

Not only that, but FaceApp retains a perpetual license to utilize your photo in any way it sees fit. In their words you are granting FaceApp “a perpetual, irrevocable, nonexclusive, royalty-free, worldwide, fully-paid, transferable sub-licensable license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, publicly perform and display your User Content and any name, username or likeness provided in connection with your User Content in all media formats and channels now known or later developed, without compensation to you”.

This makes it not just a privacy issue, but also a security issue, as there is no guarantee that your photos and device data are stored securely. In fact, there is almost no chance that they are stored securely. In addition to your photo, some other personal information is transmitted, and you are never alerted to the fact that either are being uploaded.

For now, it seems that they are only uploading the photo that you choose to upload, but I see no reason why they won’t slyly begin uploading every photo in your album as their terms of service don’t preclude that evolution. Facebook didn’t always collect and sell our information as they do now, but that didn’t stop them when profit is involved.  Information collection companies start by collecting very little until we stop paying attention, and then they transmit everything. They love the slippery slope of boiling the privacy frog!

So-what can you do about it?

  • The Democratic National Committee sent out a warning to campaigns recently telling people to delete the apps from their phone.  It’s a start, but deleting the app doesn’t get rid of your data in the cloud, and doing so is time-consuming and confusing.
  • For the fastest processing, try sending the requests from the FaceApp mobile app using ‘Settings->Support->Report a bug’ with the word ‘privacy’ in the subject line.
  • If it’s not too late, resist the urge to download the app!  Maybe look at a picture of your parents instead.

Most importantly, the next time you are giving away access to your photos or allowing any app to access data on your phone, read their privacy or data use policy first. You will be amazed at what you are giving away for free that makes them gobs of money.

John Sileo loves his role as an “energizer” for cyber security at conferences, corporate trainings, and industry events. He specializes in making security fun so that it sticks. His clients include the Pentagon, Schwab and many organizations so small (and security conscious) that you won’t have even heard of them. John has been featured on 60 Minutes, recently cooked meatballs with Rachel Ray and got started in cyber security when he lost everything, including his $2 million software business, to cybercrime. Call if you would like to bring John to speak to your members – 303.777.3221.

BREACHED! Customer Data from Quest Diagnostics & Lab Corp

Within just a few days of each other, both Quest Diagnostics and Lab Corp, two of the largest blood testing providers in the nation, warned that millions of their customers might have had information breached. In both cases, customers may have had personal, financial and medical information breached due to an issue with the American Medical Collection Agency (AMCA), a billing collections service provider used by both companies.

Between August 1, 2018, and March 30, 2019, someone had unauthorized access to the systems of AMCA. Quest reported that the affected system stored information on roughly 11.9 million of its patients. In addition, LabCorp numbers could be up to 7.7 million customers.

“(The) Information on AMCA’s affected system included financial information (e.g., credit card numbers and bank account information), medical information and other personal information (e.g., Social Security Numbers),” Quest said in a filing with securities regulators. AMCA did not have access to actual lab test results.

Change Your Behavior After the Breach

If you, like pretty much EVERYONE I know, have used either of these services, follow the steps below to protect yourself against future attacks.

  1. Assume that your identity has been compromised. If you have been a customer of either company, don’t take a chance that you are one of the very few customers that aren’t affected. It’s not time to panic; it’s time to act.
  2. Read the explanation of benefits statement from health insurers to confirm that your charges are correct.
  3. I recommend placing a verbal password on all of your bank accounts and credit cards so that criminals can’t use the information they have from the breach to socially engineer their way into your accounts. Call your banks and credit card companies and request to place a “call-in” password on your account.
  4. Begin monitoring your bank, credit card, and credit accounts regularly.
  5. Visit AnnualCreditReport.com to get your credit report from the three credit reporting bureaus to see if there are any newly established, fraudulent accounts set up. DON’T ONLY CHECK EQUIFAX, AS THE CRIMINALS HAVE ENOUGH OF YOUR DATA TO ABUSE YOUR CREDIT THROUGH ALL THREE BUREAUS.

Take Action on Your Accounts

  1. Change your passwords. We hear all the time about stupid things people do when it comes to creating passwords; the most commonly used passwords in the United States for the past several years include “123456”, “password” and some variation like “password1234”. The bottom line is it is nearly impossible to effectively create and remember all the passwords we need to function in our daily lives. It seems there are two ways people handle this. They continue to use the same (usually poor) passwords over and over, or they do what I highly recommend and use a password manager program.
  2. Enable two-step logins. Two-step logins are when two separate passcodes are required to log in to one of your online accounts. One of the most common and popular forms is called text verification, and I’m sure you’ve already experienced it. That’s where you log in to your online account with your regular username and password, and then a secondary passcode is sent to your phone by text or even better, through an App like Google Authenticator. Without that second passcode, no one gets into the account.
  3. Set up account alerts. To monitor accounts quickly and conveniently, sign up for automatic account alerts when any transaction occurs on your account. As a result, if you spend even a dollar at a store, you receive an email or text notifying you of the purchase. If you receive an email for an amount you didn’t spend – bingo – you’re probably a victim of fraud.
  4. MOST IMPORTANTLY, FREEZE YOUR CREDIT. Some websites and cybersecurity experts will tell you to place a fraud alert on your three credit profiles. I am telling you that this isn’t strong enough to protect your credit. Freezing your credit puts a password on your credit profile so that criminals can’t apply for credit in your name (unless they steal your password too). Here are the credit freeze websites and phone numbers for each bureau. Learn more about freezing your credit by watching the video here.

Contact Credit Companies

Equifax Credit Freeze
P.O. Box 105788 Atlanta, Georgia 30348
Toll-Free: 1.800.685.1111

TransUnion Credit Freeze
Fraud Victim Assistance Department P.O. Box 6790 Fullerton, CA 92834
Toll-Free: 1.888.909.8872

Experian Credit Freeze
P.O. Box 9554 Allen, TX 75013
Toll-Free: 1.888.397.3742


John Sileo loves his role as an “energizer” for cyber security at conferences, corporate trainings, and industry events. He specializes in making security fun so that it sticks. His clients include the Pentagon, Schwab and many organizations so small (and security conscious) that you won’t have even heard of them. John has been featured on 60 Minutes, recently cooked meatballs with Rachel Ray and got started in cyber security when he lost everything, including his $2 million software business, to cybercrime. Call if you would like to bring John to speak to your members – 303.777.3221.

12 Days to a Safe Christmas: Day 12 – Holiday Security Tips All Wrapped up Together

Would you like to give the people you care about some peace on earth during this holiday season? Take a few minutes to pass on our 12 privacy tips that will help them protect their identities, social media, shopping and celebrating over the coming weeks. The more people that take the steps we’ve outlined in the 12 Days of Christmas, the safer we all become, collectively.

Have a wonderful holiday season, regardless of which tradition you celebrate. Now sing (and click) along with us one more time.  

On the 12th Day of Christmas, the experts gave to me: 

12 Happy Holidays,

11 Private Emails,

10 Trusted Charities

9 Protected Packages

8 Scam Detectors

7 Fraud Alerts

6 Safe Celebrations

Fiiiiiiiiiiive Facebook Fixes

4 Pay Solutions

3 Stymied Hackers

2 Shopping Tips

And the Keys to Protect My Privacy

 


About Cybersecurity Keynote Speaker John Sileo

John Sileo is the founder and CEO of The Sileo Group, a cybersecurity think tank, in Lakewood, Colorado, and an award-winning author, keynote speaker and expert on technology, cybersecurity, and tech/life balance. He energizes conferences, corporate trainings and main-stage events by making security fun and engaging. His clients include the Pentagon, Schwab, and organizations of all sizes. John got started in cybersecurity when he lost everything, including his $2 million business, to cybercrime. Since then, he has shared his experiences on 60 Minutes, Anderson Cooper, and even while cooking meatballs with Rachel Ray. Contact John directly to see how he can customize his presentations to your audience.

Roomba Selling, I Mean Sharing our Home Data?

What a difference a word makes. On July 24, Reuters published a story about an interview with Colin Angle, the CEO of iRobot Corp. They are the makers of Roomba, the popular robotic vacuum. In the interview, Angle excitedly talked about all the benefits that could come from using the data Roomba collects (think the dimensions of a room as well as distances between sofas, tables, lamps and other home furnishings) to share with other Smart Technology such as home lighting, thermostats and security cameras. The rest of the article went on to talk about market competition, potential future developments, stock prices, and, oh yeah, a brief nod to security concerns.

When asked about those concerns, Angle said iRobot would not be sharing data without its customers’ permission, but he expressed confidence most would give their consent in order to access the smart home functions.

The problem though is that the writer did not use the word “share”. Instead, he used the word “sell”—as in iRobot would be selling our data to the likes of Amazon, Apple and Google. (You won’t find that in the article now as Reuters printed a retraction a few days later—after privacy advocates went crazy!)

When Angle was questioned by others about this policy, he made it as clear as could be:

“First things first, iRobot will never sell your data. Our mission is to help you keep a cleaner home and, in time, to help the smart home and the devices in it work better. There’s no doubt that a robot can help your home be smarter. It’s the data it collects to do its job, and the trusted relationship between you, your robot and iRobot, that is critical for that to happen. Information that is shared needs to be controlled by the customer and not as a data asset of a corporation to exploit. That is how data is handled by iRobot today. Customers have control over sharing it. I want to make very clear that this is how data will be handled in the future.”

While Reuters might have misinterpreted Angle’s comments when it came to the selling of the data – the supply of the data available to potentially provide to companies is not in question. The debate turns from outrage at a company invading our privacy to the very real need to take a good look at our own practices and what we are (knowingly or not) allowing companies to do with our data. We have to be willing to take control of our data:
– limit what we give away
– change our defaults so as to not “permit” companies to share what is collected
– speak up against and, if needed, boycott the products that don’t meet our privacy demands.

Likewise, this is a call to businesses to take responsibility for using data to their advantage but only if they have transparently let their customers know how it is being used and giving them the control (not just through changing default settings!) 

Some Simple Steps to Social Media Privacy

When was the last time you checked your privacy settings on your social media profiles? Being aware of the information you share is a critical step in securing your online identity. Below we’ve outlined some of the top social media sites and what you can do today to help keep your personal information safe.

FACEBOOK Social Media Privacy

Click the padlock icon in the upper right corner of Facebook, and run a Privacy
Checkup. This will walk you through three simple steps:

  • Who you share status updates with
  • A list of the apps that are connected to your Facebook page
  • How personal information from your profile is shared.

As a rule of thumb, we recommend your Facebook Privacy setting be set to “Friends Only” to avoid sharing your information with strangers. You can confirm that all of your future posts will be visible to “Friends Only” by reselecting the padlock and clicking “Who can see my stuff?” then select “What do other people see on my timeline” and review the differences between your public and friends only profile. Oh, and don’t post anything stupid!

TWITTER Social Media Privacy

Click on your profile picture. Select settings. From here you will see about 15 areas on the left-hand side. It’s worth it to take the time to go through each of them and select what works for you. We especially recommend spending time in the “Security and Privacy” section where you should:

  • Enable login verification. Yes, it’s an extra step to access your account, but it provides increased protection against unauthorized access of your account.
  • Require personal information whenever a password reset request is made. It’s not foolproof, but this setting will at least force a hacker to find out your associated email address or phone number if they attempt to reset your password.
  • Determine how private you want your tweets to be. You can limit who (if anybody) is allowed to tag you in photos and limit your posts to just those you follow.
  • Turn off the option called “Add a location to my Tweets”.
  • Uncheck the options that allow others to find you via email address or phone number.
  • Finally, go to the Apps section and check out which third-party apps you’ve allowed access to your Twitter account (and in some cases, post on your behalf) and revoke access to anything that seems unfamiliar or anything that you know you don’t use anymore.

Oh, and don’t post anything stupid!

INSTAGRAM Social Media Privacy

The default setting on Instagram is public, which means that anyone can see the pictures you post. If you don’t want to share your private photos with everyone, you can easily make your Instagram account private by following the steps below. NOTE: you must use your smartphone to change your profile settings; it does not work from the website.

  • Tap on your profile icon (picture of person), then the gear icon* to the right of your name.
  • Select Private Account. Now only people you approve can see your photos and videos.
  • Spend some time considering which linked accounts you want to keep and who can push notifications to you.

*Icons differ slightly depending on your smartphone. Visit the Instagram site for specifics and for more in depth controls.

Oh, and don’t post anything stupid!

SNAPCHAT Social Media Privacy

Snapchat’s settings are really basic, but there’s one setting that can help a lot: If you don’t want just anybody sending you photos or videos, make sure you’re using the default setting to only accept incoming pictures from “My Friends.”  By default, only users you add to your friends list can send you Snaps. If a Snapchatter you haven’t added as a friend tries to send you a Snap, you’ll receive a notification that they added you, but you will not receive the Snap they sent unless you add them to your friends list.  Here are some other easy tips for this site:

  • If you want to change who can send you snaps or view your story, click the snapchat icon and then the gear (settings) icon in the top right hand corner. Scroll down to the “Who can…” section and make your selections.
  • Like all services, make sure you have a strong and unique password.
  • Remember, there are ways to do a screen capture to save and recover images, so no one should develop a false sense of “security” about that.

In other words, (all together now) don’t post anything stupid!

A Final Tip: The privacy settings for social media sites change frequently. Check in at least once a month to ensure your privacy settings are still as secure as possible and no changes have been made.

John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

iCloud Hacked for Nude Jennifer Lawrence Photos? How to Keep from Being Next

Unless you’ve been living under a rock (or haven’t been on the internet in the past 24 hours), you most likely know that intimate photos of celebrities like Jennifer Lawrence and Kate Upton have been exposed (pardon the pun) to the public.

While it is not yet verified, Apple has said it is “actively investigating” the possibility that iCloud accounts have been hacked.  The photos surfaced immediately after an Apple “Find My iPhone” exploit was revealed, so Apple’s own security is being questioned. As of now, Apple is saying that iCloud has not been systematically hacked, but that the breach of celebrity photos was a limited, targeted attack. Whether or not iCloud was exploited in any way for these pointed attacks hasn’t been determined.

The sad truth is that this most likely boils down to user error (weak passwords by celebrities) rather than a sophisticated hacking attempt.  A brand new exploit, called “iBrute”, allows hackers to try one common password after another until they find one that works and then they can access the iCloud account if they know the email address for the Apple ID (which is probably your regular address).

This is but the tip of the iceberg of cloud-based security hacks.  So, to keep yourself safe on iCloud, change your password and turn on 2-step verification:

  • Login to My Apple ID.
  • Click “Manage your Apple ID” and sign in
  • Select “Password and Security” and answer your security questions (if requested)
  • For starters, reset your Apple ID password and make it a long, strong, alpha-numeric phrase like Th3 h!ll$ @r3 @l!v3 (The hills are alive)
  • Under “Two-Step Verification,” click “Get Started,” and follow the instructions. Two-step verification does take an extra step to login to your account, but it also gives you a layer of security that makes it exceptionally difficult to hack.

John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

Facebook Privacy Settings Get Needed Update

Facebook Privacy Settings… Some may say it’s too little, too late. I’m relieved that Facebook is finally responding to concerns about their confusing and weak privacy settings.  The social media giant (who has been losing customers of late) has recently made several changes to their settings.

Facebook Privacy Settings Update

  1. Additional photo settings.  Your current profile photo and cover photos have traditionally been public by default. Soon, Facebook will let you change the privacy setting of your old cover photos.
  1. More visible mobile sharing settings.  When you use your mobile phone to post, it is somewhat difficult to find who your audience is because the audience selector has been hidden behind an icon and this could lead to unintended sharing.  In this Facebook privacy settings update, they will move the audience selector to the top of the update status box in a new “To:” field similar to what you see when you compose an email so you’ll be able to see more easily with whom you are sharing.
  1. Default settings for new users.  Instead of automatically defaulting to “public”, new users will now have their default set to “friends”.  They will also be alerted to choose an audience when they post for the first time. This is a significant step in the right direction of a business best practice called Privacy by Default.
  1. Privacy checkup tool.   Users may encounter a “privacy dinosaur” (pictured above) that pops up to lead them through a privacy checkup.  (At this time, it is not a consistent feature: Facebook is “experimenting” with it.) The privacy checkup tool will cover a number of settings, including who they’re posting to, which apps they use, and the privacy of their profile information.
  1. Public posting reminder .  The privacy dinosaur will also remind you when you’re about to post publicly to prevent you from sharing an update with more people than you intended.
  1. Anonymous login.   This feature allows you to log into apps so you don’t have to remember usernames and passwords, but it doesn’t share personal information from Facebook. Traditionally, people using Facebook Login would need to allow the website or app to access certain information in their profiles. I’m also happy to see Facebook moving in this direction, as universal logins are one of the easiest backdoors for cyber criminals to exploit.

Facebook has been criticized for having unreasonably complicated privacy settings, had to pay a $20 million settlement for giving away users’ personal information, and frankly never seemed to care very much about personal privacy.

I’m guessing that Facebook has learned a valuable lesson: that by giving their customers the privacy controls they desire, they are creating happier, more loyal users, which is a long-term strategy for success. The need for change hasn’t disappeared, but these Facebook privacy settings are a step forward.

John Sileo is an an award-winning author and keynote speaker on identity theft, social media privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael RayAnderson Cooper & Fox Business. Contact him directly on 800.258.8076.

Jimmy Carter Exposes 1 of 2 Non-Secrets of World’s Most Powerful People

The answer is so simple that you probably won’t believe it.

How do the world’s most powerful, wealthy and well connected people keep their lives more private than the average American?

Former President Jimmy Carter recently revealed one of two truly non-secret tactics that get completely overlooked because of their simplicity: snail mail. When asked about NSA surveillance by NBC’s Andrea Mitchell, Carter responded:

“As a matter of fact, you know, I have felt that my own communications were probably monitored, and when I want to communicate with a foreign leader privately, I type or write the letter myself, put it in the post office and mail it,” Carter said.

Carter’s practice is a clear reminder in the information age: if your communication is digitized, it’s being tracked. We know that thanks to Edward Snowden. Maybe it’s not being tapped by the government, maybe not by a competitor or criminal, but by someone who has something to gain from it, commercially or otherwise. Computers can sort through billions of phone records, emails, Facebook posts, search terms and the likes in a matter of seconds. Intercepting a letter the old-fashioned way? Too time intensive.

So what is the second non-secret that is coming back into vogue? It’s a currency that never reveals behavioral shopping patterns to large marketing firms, can’t be tracked via geo-location software and doesn’t leave digital residue all over the internet. You’ve already guessed the answer: Cash.

If you don’t want your insurance company to purchase your credit card records of McDonald’s purchases (high risk for heart attack), use cash. If you don’t want your credit card number stored in Target’s database, use cash. Nervous about the fact that your bank account number appears on the bottom of every one of your checks (and can fairly easily be cased out with the right tools)? Cash, cash, cash.

I consult on privacy to some of the wealthiest, most powerful people on the planet. Last year, I met in Washington DC with a staff member of a future presidential candidate. What  tools would I immediately implement in their campaign when it came to sensitive communications, she asked? With a nod to Jimmy Carter, here were my suggestions: snail mail, face-to-face meetings, faxing, private chat/text software, data encryption, smash the iPhones/Androids and two-factor authentication for email, Dropbox and all other web accounts.

As for cash? Not feasible in a game where everything has to be tracked and cash has a reputation for bribery and evasion. But for you, cash is an old-fashioned gem with state-of-the-art privacy.

John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.