Security Matters

Apple recently disabled its group chat function in FaceTime following user complaints that a software bug was allowing callers to activate their microphone remotely. The glitch exists in any iPhone running iOS 12.1 or later.

University of Toronto Professor Emeritus and privacy expert Andrew Clement spoke with CBC’s The National on Jan. 29 about the issue. Apple announced that it will patch this bug in an update soon, but Professor Clement and other experts recommend users turn off FaceTime until a solution arrives.

To disable FaceTime, navigate to Settings, scroll to the bottom, and select FaceTime.

To submit information on bugs, and other feedback to Apple, visit: https://developer.apple.com/bug-reporting.

For more information on how to protect yourself online, view our “Managing Risk and Staying Safe Online” presentation. You can also visit the Security Matters website for more tips.

This Data Privacy Day, Patch reminds us to share with care when posting on social media.

To learn more about keeping your data private, attend our Data Privacy Day pop-up booth. The booth will be held at the Bahen Centre today from 10:30 a.m. to 4:30 p.m where you can:

• Join us for an exciting meet and greet with Chief Information Security Officer, Isaac Straley (Bahen Centre from 11 a.m. to 12:30 p.m.)
• Introduce yourself to Director, Information and Protection of Privacy Office, Rafael Eskenazi (Bahen Centre from 2:30 p.m. to 3:30 p.m.)
• Spin our anti-phishing wheel to win free swag
• Take on our U of T Data Privacy Day Challenge
• Meet members of the Information Security and Education and Awareness teams

Everyone has a different data privacy style. Where do you land on the information security scale? Are you an open book, somewhere in between or a locked vault? This Data Privacy Day take a look at your privacy, permission and location settings and make sure they reflect your expectations.

To learn more about keeping your data private, attend our Data Privacy Day pop-up booth on Monday Jan. 28. The booth will be held at the Bahen Centre from 10:30 a.m. to 4:30 p.m where you can:

• Join us for an exciting meet and greet with Chief Information Security Officer, Isaac Straley (Bahen Centre from 11 a.m. to 12:30 p.m.)
• Introduce yourself to Director, Information and Protection of Privacy Office, Rafael Eskenazi (Bahen Centre from 2:30 p.m. to 3:30 p.m.)
• Spin our anti-phishing wheel to win free swag
• Take on our U of T Data Privacy Day Challenge
• Meet members of the Information Security and Education and Awareness teams

We look forward to seeing you there!

Jan. 28, 2019 will mark 28 years since the signing of Convention 108, the first legally-binding treaty to address data privacy and protection for individuals. The last 30 years have been a whirlwind of information security development and so much has already changed in less than a decade.

The three largest data breaches in history each took place over the last six years. The Yahoo data breach impacted three billion accounts in 2013,  and Marriot’s leak of 500 million customers’ personal information was just exposed in late 2018. In the first half of 2018 alone, an estimated 4.5 billion data records were exposed. In September Chegg, a leading textbook rental company, confirmed a data breach had affected 40 million customers.

The rapid speed of change in information security events, challenges and innovations necessitates a look at shorter-term data privacy benchmarks. What can privacy benchmarks in recent history teach us? Here are five key facts about past trends, future opportunities and reasons for optimism in data privacy protection:

1. Humans still have a role to play in preventing data breaches, and we’re rising to the challenge! In 2014, 11 per cent of users targeted in a phishing campaign clicked the malicious link versus four per cent in 2017, according to the 2018 Verizon Data Breach Investigation Reports (DBIR).
2. In data breaches affecting the higher education sector, variety is the one true constant. Phishing remained common over the last five years, but the scams are always changing and the attack types are becoming more varied and sophisticated.
3. People are continuing to advocate for data privacy and seek to empower themselves as consumers. In a recent poll, 75 per cent of respondents said they are more concerned about cyber security than they were five years ago. A further 75 per cent said they would not purchase a product from a company that could not be trusted to protect their data. As public awareness is growing, so is action.
4. In 2018, the General Data Protection Regulation (GDPR) gave individuals in the European Union (EU) unprecedented control over how their personal data is used and stored by organizations. Data privacy experts believe that GDPR will set a new global standard for data privacy regulation – a huge win for personal data!
5. Education sector data privacy attacks are on the rise, but people and organizations are becoming more knowledgeable about information security practices. In 2014, Verizon noted 165 recorded security incidents in the education sector, while 2017 had 292. However, 39 per cent of the incidents resulted in confirmed data loss in 2014 compared to 34 per cent data loss in 2018 –that’s a decrease.

“By understanding the past in relation to the present we can better anticipate the future of data privacy,” says Chief Information Security Officer Isaac Straley at the University of Toronto. “While cyber security attacks are on the rise and growing in complexity, we’re also seeing a rise in informed individuals who are empowered to take control of their personal data as advocates and consumers. That’s a major step forward.”

Interested in learning more about how to take control of your personal data? Jan. 28 is Data Privacy Day — read related news and find out about special events taking place this month by visiting Security Matters.

Spreading awareness and education around cyber security best practices in your classroom, academic space and/or office setting just got easier.

The Security Matters educational resources have recently been revamped to offer the University of Toronto (U of T) community a more streamlined and accessible collection of digital materials. Staff, student, faculty and other interested parties can access the resource page to download quick facts, redesigned tip sheets, PowerPoint templates and other shareable, printable materials related to cyber security awareness and education.

The growing resource collection covers fundamental cyber security best practices such as:

• How to spot a phishing email
• Tips for browsing the web securely
• Practicing cyber safety at work and home
• How to protect digital information while travelling
• Safe password practices

For more information on how you can incorporate these resources into your personal and work life, find us at https://securitymatters.utoronto.ca/.