This guide highlights the most alarming cybersecurity statistics and trends unfolding right now.
Today, our computers, smartphones, and other internet-connected devices have become indispensable parts of personal lives, as well as our businesses. As a result, cybercriminals are everywhere, and cybersecurity has become super important.
Unfortunately, right now it seems that the bad guys are winning. To illustrate the problem, I’ve compiled this list of the scariest cybersecurity statistics of 2019. The list is current as of July 2019. But given current cybercrime trends, I’m afraid we will look back on this list with nostalgia by the time 2020 rolls in.
Here are the 2019 cybersecurity statistics that scare me right now:
1. Ransomware is everywhere
Hackers infesting our computers with viruses and spyware is bad enough.
Ransomware takes the annoyance factor to another level. In case you are not familiar with the term, ransomware is a type of malware that locks up (encrypts) files on your computer, or the entire system.
To regain access to your stuff, you have to pay a ransom to the hackers. That ransom is typically in the form of cryptocurrencies, although some of these sleazy crooks will accept Visa, Mastercard, or other credit cards!
Ransomware has become a huge business, with an estimated cost of over $11 billion in 2019 alone. And the targets aren’t just kids who downloaded some dubious files from a porn site. Major companies get hit with this stuff, and so have dozens of cities, including Atlanta, Georgia; Baltimore, Maryland; and Augusta, Maine.
Baltimore alone estimates the cost at over $18 million, between the costs of recovering from the attack and potential lost or delayed city income due to everything being shut down.
While I was researching this article news broke about another city that was hit. On June 19th, the Palm Beach Post published a story detailing how the city of Riviera Beach, Florida paid $600,000 in ransom in hopes of getting the city government’s computers back online.
2. Industrial control systems may be the next big ransomware targets
According to Morey Haber and Brian Chappell at BeyondTrust, the systems that control national infrastructures could be the next big target for ransomware.
If little cities like Riviera Beach, Florida (2017 population 34,674) will pay $600,000 to get their computer systems back online, imagine the kind of ransom you might demand after taking control of a portion of the US power grid, or the control systems of a nuclear power plant.
Even scarier is the thought that a hostile power might get control of your country’s critical infrastructure. This is all too possible. For example, there have been numerous reports on how the US power grid is vulnerable to cyber attacks.
The possibilities are truly terrifying.
3. Data breaches will affect virtually everyone
According to the IT Governance Blog, data breaches resulted in the theft of nearly 1.8 billion records in January alone (2019). And the hits just keep on coming.
A company called IdentityForce keeps a running list of major data breaches on it website. At the time of this article (July 2019) this list included 81 major breaches affecting who knows how many billions of records. These breaches affect all types of institutions:
- social media platforms (Facebook and Instagram)
- online games (Fortnite)
- government agencies (US Customs and Border Patrol, Oregon Department of Human Services, and many more)
- hospitals (UConn Health and many others)
- popular apps (WhatsApp and Evernote)
We have no way of knowing how many smaller breaches took place. Nor do we know how many major breaches are currently being covered up by the victims, or haven’t even been discovered yet.
Even more concerning is the fact that companies are ramping up their data collection efforts. From a marketing and advertising perspective, data collection is good for business (but not customer privacy). A recent Bloomberg article highlighted this trend in the hotel industry:
At some properties, hotel brands are already collecting data on what temperature you like your room and how you like your eggs, betting that knowing that stuff can translate into better service. Other kinds of customer data—the annual conferences you attend or the date of your wedding anniversary—are largely untapped marketing opportunities. Some companies are also experimenting with putting voice assistants in their rooms or using facial recognition to streamline check-in.
Private companies in all sectors are collecting more data from their customers. This trend, together with a growing number of data breaches, increases the probability that every one of us will be affected sooner or later.
4. The cost of a data breach keeps on growing
Not only is the quantity of data breaches increasing, so is the average cost. Each year the Ponemon Institute conducts a study titled, “Cost of a Data Breach.” IBM was the sponsor of the 13th annual study, which was conducted last year (2018).
According to that study,
…the global average cost of a data breach is up 6.4 percent over the previous year to $3.86 million. The average cost for each lost or stolen record containing sensitive and confidential information also increased by 4.8 percent year over year to $148.
Let those numbers sink in: $3.86 million for a data breach, along with more breaches, each costing significantly more than the year before.
This is bad news all around – and it’s not getting better.
5. More systems are coming pre-hacked
If you’re a real tech geek, you have probably read about the United States Government’s concerns about 5G telephone systems made by the Chinese company, Huawei.
In a nutshell, the concern is that Huawei equipment has back doors built into it that could allow the Chinese government to spy on anyone who uses the Huawei tech. This seems like a realistic fear since Huawei devices have been found to have spyware pre-installed on them in the past.
And Huawei isn’t the only concern. Last year, Bloomberg reported that Chinese spies managed to get tiny chips installed on servers that ended up in the US Department of Defense, the CIA, and in the onboard networks of US Navy ships. Who knows where else the little buggers ended up. Before that, there were problems with Chinese spy chips embedded in printers destined for US Government facilities.
According to BeyondTrust’s 2019 Security Predictions, it is only a matter of time before corporations become the targets of these kinds of attacks (if they aren’t happening already).
And let’s not forget that the Internet of Things (IoT) trend is just getting started. The billions of tiny, Internet-connected computer systems in, well, virtually everything are going to be prime targets for hacking before or after they are installed. More on this in the next section.
6. The Internet of Things (IoT) is an open door for hackers
One of the hottest trends in technology is the expansion of the Internet of Things (IoT). Advocates claim all sorts of benefits can be gained by connecting pretty much everything to the Internet. Whether that is true or not, one thing is certain: many IoT devices are incredibly vulnerable to hacking.
The internet-connected portion of IoT devices is usually low-powered and slow, with few resources available for “secondary” features like cybersecurity. As a result, there have already been numerous IoT cybersecurity disasters. Here are just a few examples:
- Back in 2015, two researchers demonstrated the ability to hack into Jeep Cherokee SUVs and take control of the steering wheel or parking brake, while the vehicle was driving on the highway.
- My Friend Cayla, a toy doll that was so vulnerable to hacking that in 2017 the German Government called it, “an illegal espionage apparatus” and advised parents to destroy it immediately.
- Also in 2017, the FDA discovered that certain heart pacemakers could be hacked to run down the battery or even deliver shocks to the person using the device.
While some progress has been made here, IoT devices are still relatively vulnerable to hack attacks. On June 18, 2019, Avast published a blog post detailing how self-described “white hat” hacker Martin Hron hacked a smart coffeemaker. Not only did he tell it to stop making coffee, but he turned it into a ransomware device and a gateway to spy on all the connected devices on that network.
This video from Avast shows just how easy it can be to hack a smart device and get access to the entire network.
The IoT trend is yet another example of business decisions that conflict with personal privacy. Your ability to “opt out” is also getting more difficult as companies release a growing lineup of “smart” devices.
With billions of the things we use every day being converted into IoT devices, this problem will only grow.
7. More Americans are afraid of hackers than burglars, muggers, or terrorists
According to an October 2018 Gallup poll, Americans spend more time worrying about hackers and identity theft than they do about traditional problems like burglaries, muggings, even terrorist attacks.
More specifically, the poll shows that 71% of Americans frequently or occasionally worry about having their personal or financial information stolen by hackers. The second most common worry for Americans was identity theft (67%) another crime that is primarily perpetrated online these days.
Next, after these cyber-crimes, came the fear of a home being burglarized (40%) while the occupant was not home, with 40% of Americans frequently or occasionally worried about this possibility. Getting mugged, and being a victim of terrorism were even further from people’s minds, with about ¼ of the people surveyed worrying about them.
It is clear that cybersecurity issues are major worries for Americans and probably the citizens of other technologically advanced countries.
8. Cybercriminals could cost the world 2 trillion dollars this year alone
Estimates are that the costs of cybercrime will exceed $2,000,000,000 worldwide in 2019, predicts Juniper Research. It seems that efforts to stop cybercriminals from getting access to our systems are not working well enough.
According to venture capitalist Betsy Atkins, writing for Forbes.com, businesses should expect to focus more on detection of breaches and creating response plans for when breaches occur. This approach makes sense to me, as the Ponemon study cited earlier states that a company typically takes 197 days (more than 6 months) to discover that its systems have been breached.
How much is being spent on cybersecurity this year?
Gartner Forecasts estimates that in 2019 alone, more than $124 Billion will be spent on cybersecurity worldwide. Growing concerns over data privacy are pushing this number higher every year:
Stopping hackers is getting alarmingly expensive.
The key to surviving it is to get better at detecting the breaches and faster at fixing the problems and vulnerabilities.
9. More hackers are seeking to destroy your business
While it seems that most hack attacks aim to steal data from their targets, there is something even nastier going on out there. According to Symantec’s 2019 Internet Security Threat Report, nearly 10% of attacks in 2018 aimed to destroy the data on the infected computers. This number is an increase of approximately 25% over 2017.
This uptrend is marked by the return of a new, more powerful version of Shamoon, malware which targets organizations in the Middle East and erases their data. On June 22, 2019, Christopher C. Krebs, the Director of the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) issued the following statement about Iranian hack attacks that wipe the data on affected computers:
Read my statement on Iranian cybersecurity threats below. pic.twitter.com/qh7Zp9DBMY
— Chris Krebs (@CISAKrebs) June 22, 2019
10. Few businesses are ready for a cyberattack
Despite the seemingly endless stream of news reports on Cyber Attacks against businesses, according to a 2018 survey by Minerva Labs, most IT professionals think their organization is not secure against attacks.
From the perspective of a business owner, this means that you need to plan your company’s response for the near-inevitable day that you get hacked. And it isn’t just the immediate detection and cleanup you have to worry about.
According to this report by Deloitte, there are 14 Cyber Attack Impact Factors that can plague a company long after the IT folks deal with the initial attack. Here are a few of those Impact Factors:
- Attorney fees and litigation
- Public relations problems
- Increased insurance premiums
- Lost contracts
- Loss of intellectual property
- Devaluation of trade name
The long-term costs to a business and its brand image from a cyber attack can truly be devastating. Plan accordingly.
11. Phishing attacks are less frequent but more targeted
The cybercriminals who use phishing attacks (where the attacker pretends to be a trusted entity) have apparently upped their game. According to Ganesh Umpathy at SonicWall, their Capture Labs threat researchers saw a 4.5% drop in attacks from 2017 to 2018. However, he also pointed out that,
As businesses get better at blocking email attacks and ensuring employees can spot and delete suspicious emails, attackers are shifting tactics. New data suggests they’re reducing overall attack volume and launching more highly targeted phishing attacks.
The bad guys appear to be focusing more tightly on high-value targets. The attackers may spend some time studying their target and applying various social engineering techniques to maximize the chance of success against that particular target.
Other techniques used in phishing attacks include:
- Buying compromised user credentials to take over the email accounts of trusted persons and use those accounts to launch their attacks
- Tailoring attacks to evade the built-in security of specific software products, such as Microsoft Office or popular SaaS products.
Remain vigilant against phishing snipers.
12. Microsoft Office documents are popular attack vectors
As we discussed in the last section, phishing attacks are often tailored specifically to defeat the defenses of popular software. This makes Microsoft Office one of the most targeted products of all. And the bad guys are having success here.
According to the Cisco 2018 Annual Cybersecurity Report, files with Microsoft Office file extensions are the most popular way to attack systems via email.
You can download the full 2018 report here.
13. Millennials are too lax about cybersecurity
As the baby boomers retire or pass on, the Millennial generation is becoming the majority. And if current trends continue, this transition means cybersecurity problems are about to get a lot worse.
Several studies including this one, and this one, and this one, indicate that the Millennials are far less interested in protecting their own privacy than preceding generations. They are also less likely to obey company policies related to data security. These characteristics will likely lead to nightmares for cybersecurity experts today and for decades to come.
According to a recent security report,
Millennials are almost twice as likely to go rogue compared to baby boomers, with 81% admitting they have used or accessed something on their work device without IT’s permission versus just 51% of older workers who have done the same.
Hopefully millennials will up their cybersecurity game in the years ahead.
14. Hackers are increasingly targeting public WiFi networks
Many people are aware of the threats associated with using public WiFi, such as in airports, coffee shops, and hotels. But the problem is actually worse than most of us would like to acknowledge.
Hackers are increasingly targeting hotels in pursuit of high-value targets. A recent Bloomberg report describes how hackers check in to hotels to hack other guests and break into hotel networks to steal valuable data:
They’ve even used Wi-Fi to hijack hotels’ internal networks in search of corporate data. Just about all of the industry’s major players have reported breaches, including Hilton Worldwide Holdings, InterContinental Hotels Group, and Hyatt Hotels.
Before they’d checked in to their room, the leader had used his phone’s hotspot to create a new Wi-Fi network, naming it after the hotel. Within minutes, six devices had joined his spoofed network, exposing their internet activity to the hackers.
Mark Orlando, chief technology officer for cybersecurity at Raytheon IIS, advises corporate clients to avoid using personal devices altogether while on the road. That could mean requesting a loaner laptop or buying a burner phone. Even ordinary travelers should use virtual private networks to connect to the internet when outside the U.S., he says.
Exploiting public WiFi to collect data is incredibly simple and cheap, which explains this growing attack vector.
Motherboard (Vice) wrote a good overview of the problem, where they describe the $99 “WiFi Pineapple” that allows virtually anyone to exploit public networks.
According to the report,
The Pineapple is an invaluable tool for pentesters, but its popularity is also due to the fact that it can be used for more nefarious purposes. Hackers can easily wield the device to collect sensitive personal information from unsuspecting users on public Wi-Fi networks.
The real danger of a Pineapple attack is on public networks—places like your local coffee shop or the airport are all prime places for an attack.
If you must get on public Wi-Fi, your best bet is to get a VPN. VPNs are a secure way of surfing the net by first connecting to a VPN server before venturing onto the World Wide Web. The VPN server encrypts your data before routing it to its destination, essentially creating a protective shell for your data that makes it unintelligible to prying eyes. So even though an attacker may be able to see that your device has connected to their Pineapple, if you’re using a VPN they won’t be able to see the data they are routing.
As I pointed out in the best VPN report, VPNs are becoming mainstream for basic privacy and security. Unfortunately, many people remain oblivious to the inherent dangers of public WiFi, but awareness is growing. If you are a frequent traveler and want to remain connected with your devices, a good VPN is a must-have privacy tool.
Key takeaways and solutions for staying safe in 2019
Short of ditching all electronics and moving to a remote wilderness cabin, cybersecurity risk is an element to be mitigated rather than entirely eliminated.
- Be smart and vigilant. Common sense plays a huge role in staying safe online, where many people fall victim to suspicious links, malicious email attachments, and targeted phishing schemes.
- Keep all your devices up to date with the latest software and security patches. Whether it’s your wireless router, phone, or work computer, security vulnerabilities are regularly being identified and patched.
- Limit vulnerabilities. It’s clear that smart devices are a security risk, which will only get worse as the devices age (and the manufacturer does not keep the firmware updated). Therefore it may be wise to limit the smart devices on your network. And if you don’t mind the hassle, going back to a wired (ethernet) connection will be more secure and also offer better performance.
- Having a good antivirus that respects your privacy may also be a wise choice depending on your OS. In terms of security, an antivirus is no silver bullet, but it can certainly help mitigate risk.
- Use a VPN for more security, which also has the added benefits of masking your IP address and location, in addition to encrypting and securing your traffic.
- Using strong passwords together with a reliable and secure password manager is also important. I like Bitwarden, a free and open source password manager, which also offers secure browser extensions.
- Limit the data you share. Given the growing trend of data breaches and the fact that companies are working hard to collect more of your data (for marketing and ads), the safest solution is to limit the data you share with third parties. Large corporate databases will continue to be hacked.
That’s all for now, stay safe and secure in 2019!
Last updated on July 15, 2019.
Making and keeping humans emotionally immature is part of the ongoing project by the satanic elite to prepare the populace for the New Order. That is why primitive emotions (low energetic frequency) such as fear, jealousy, revenge, rage, angst, etc. are heavily promoted through movies and other media, designed to create a specific worldview for the populace.
Furthermore: the ego is simply a fixed story about the presumed nature of that which we like to call “I”. There is no “I” and so it can not be damaged or affected in any way. You are not even your physical body, turning the phrase: “I fear … ” into a completely absurd abstraction.
Joseph,
All life’s experiences are for the goal and gain of wisdom and the years your productive with it.
To me, life starts having a meaning to what’s left to live, giving an importance and priority to those remaining years of yours.
The world you leave to your children’s – children.
.
These clay vessels that holds our souls are mere placeholders like effervescent bubbles in the cosmic fabrics framework of the cosmos in a sequential sprattle to the metamorphosis of ourselves presentment into his holy grace.
Hey Sven! More stumble-ons… hope I’m not being a pain in the a** with these, but they do sound intriguing and sequitur to this thread. When you have a moment; what’s your take?
1) https://www.nbcnews.com/tech/tech-news/these-technologists-think-internet-broken-so-they-re-building-another-n1030136
2) https://www.theguardian.com/technology/2018/sep/08/decentralisation-next-big-step-for-the-world-wide-web-dweb-data-internet-censorship-brewster-kahle
Pie in the sky… or is this something that makes sense? Cheers, George
P.S. There was also an honourable mention of Sir Tim and https://solid.mit.edu/
Just stay off the internet or limit your use and avoid social media instead of making your life complicated by overthinking things to death….geesh.
Hi Diana,
Are you saying for a person to just give up?
Innovation & Technology never go backwards nor stand still.
I’d say get educated and knowledgeable enough to personally look-out for yourselves, devices and the network(s) used.
Engage and promote dialog’s that don’t bury the head in the dirt, or advise to run away – give up.
.
Know and understand in sm. steps, and build on them into the future for your defense and protections…
A must:
Disconnect from linking all your accounts and devices together in anyway.
Use web aliases and never expose yourself online as a mirror’s reflection accurate.
VPN, Private Search Engine, Password Manager, Layered Malware Defense, Cookie Manager, Ad Blocker, Denial by Default Firewall, System/Browser cleaners, System Backup & Restore software.
Are all stand-a-alone applications and paid versions – never free or browser based I use, and that I’d get installed right off.
See: ‘Hard Sell DECEMBER 31, 2018 ‘
https://restoreprivacy.com/privacy-tools/#comments
.
Never run a risk opening, clicking on, downloading without scanning first (VirusTotal – installed anti-virus).
Higher risk takers should run their systems in a virtual environment with no risk of change to your real environment.
So much more is covered herein Sven’s topics.
Hard Sell! I’m with you on your comment 100%!!! Cheers, George
Thanks George from Canada ; )
We are but two small grains of sand on the beach, just think if it were like two cells of a brain or 2 hp of a motor. So the more people who realize that they themselves need to wake up and take control of their own security and privacy the better it turns out for all.
[Take this coming US election – for but one example]
.
Hope the promotion and engagement into these self-protective dialog’s takes place right here on Restore Privacy site.
.
I’m ok about paying for software that does the job in separate rolls – granted users can trust that software developer and it’s company, country’s policy.
Here we the people, can lay down what works for them and explain how it does so.
Enjoyed yours comments herein.
Hey Diana, 1) Staying off the InterNet would indeed ‘solve’ a lot of problems in one go, eh! But that’s a bit like saying ‘stop eating, and you’ll never have heartburn’! None viable solutions. 2) Limiting the social media craze I’m with you 100%. 3) Making ones life complicated by overthinking things to death? Over-thinking is a problem for sure… but under-thinking things (which you, apparently, are in favour of?) doesn’t solve squat, IMHO. 😉
Hello Sven! Stumbled across these sites and I thought you, and the folks that stay tuned to RestorePrivacy, may find this of interest:
1) https://www.vanityfair.com/news/2018/07/the-man-who-created-the-world-wide-web-has-some-regrets
2) https://www.cmswire.com/digital-experience/tim-berners-lee-has-a-plan-to-reinvent-the-web/
3) https://solid.mit.edu/
Hope I’m still around to see what Sir Tim comes up with!!! Cheers, George
Hey George, interesting, thanks.
Use Linux, avoid Windows, use a good vpn, use Firefox or Tor, for the IOT use guest networks, without access to the local network, a good firewall on Linux as iptables with restrictive rules, I use an Asus router with Merlin Firmware and various scripts, I do not use Chrome, Google etc. … besides the many tips of Sven, in short, my weapons of defense at the moment are these. I apologize for my bad English.
Translated with http://www.DeepL.com/Translator
Hi, thank you for taking the time to reply. I’m working on getting those general – fundamental – practices in place for my personal life/data/tech, and setting those as the absolute bottom for work. HIPAA requires MUCH more from us, and practitioners like me do not have the staff, expertise, resources, funding, professional firms, complete hardware setup, etcetera, to be fully-compliant, have staff that is fully-compliant, secure facilities and tech, and oversight, and all that. The fundamentals are fundamentals, and I’m setting those down now.
(HIPAA does have resources & guides to help – a bit.) Yet…
The TL; DR version of my queries:
I need help with a couple of things, just general stuff, general tips from anyone…
-Is there ANY way to email from an iPhone without identifiers leaked (network, telecom co, device & identifiers, browser, OS, location, IP address, etc.)? Can email, even with secure providers, ever come near a desktop level of (relative) privacy? If my device and telco data is so fair game, and cheap, even the most secure apps and providers and practices and settings are also wide-open, correct? Must it be remote tunneling to a secure computer that’s in a secured location, to send via Tutnota? (Which I am not at all even going to become able to figure out…)
~any ideas?
-Any ideas for lesser of evils for mobile companies, and/or a dual-SIM simple phone, prepaid plans, pay as you go, prepaid disposable SIMs, virtual numbers with routing/forwarding….? Verizon is what we are using, and I’m disgusted with their anti-privacy practices.
-Finally, as my diagnostic tech requires me to use Macs for most things in that area; and as ransomware & healthcare are what they are….I am totally at a loss for what to use for my AntiVirus/Malware/Ransomware software. I was planning to try Kaspersky Total Internet Security for Mac, with BitDefender a second choice, but now I’m afraid to. What do people use to protect their MacBooks? I am very concerned about this, and a total loss.
~~~
Without even going into the hacking of brain imaging machines, and malware installed (!!!): There are all kinds of other things I have to work out– like sound masking architecture and office design, acoustic white noise machines, acoustic sound-proofing foam; data sanitization & device decomissioning; telephony & mobile comms; email; copy machines….these are not normally considered.
But still, the requirements exist and the punishments for not following them– to say nothing of malpractice lawsuits and provider complaints.
And healthcare is among the top targets, if not the top target, for malicious actors. And sadly, a good majority of us are low-hanging fruit anyway.
So we get punished by HIPAA for non-compliance; sued and investigated and reputation damages in the malpractice realm; healthcare fraud task forces are on us; and we are such a big bullseye for hackers, and easy targets too….
which basically means—
….if there is a breach of patient records; say, due to an area of vulnerability that is included in HIPAA’s laws, but direct noncompliance – absence of that requirement to guard against that vulnerabilty – or failure of upkeep or staff policy, laxity, whatever, it allows for this….huge fines from HIPAA, potential civil suits from patients, med board compliants, healthcare fraud task force action, all this from one point of weakness.
Or say I get hit with ransomware. I get hit again for it having been made possible/easy, and again for patient damages, worse, for patient harm…all sides.
In all that, finding the right tools for the job…that, I need help with. That’s not provided guidance. We are told what we must do, and what the result is to be, but tools and services and means and such are totally on us to discover. (“Don’t allow for any patient’s information to be overheard by others.” Okay….no mention of sound masking tools, what phones, how to set them up, etc.. Like that).
~~~
I need help with a couple of things, just general stuff.
-Is there ANY way to email from an iPhone without identifiers leaked (network, telecom co, device & identifiers, browser, OS, location, IP address, etc.)? Can email, even with secure providers, ever come near a desktop level of (relative) privacy? If my device and telco data is so fair game, and cheap, even the most secure apps and providers and practices and settings are also wide-open, correct? Must it be remote tunneling to a secure computer that’s in a secured location, to send via Tutnota? (Which I am not at all even going to become able to figure out…)
~any ideas?
-Any ideas for lesser of evils for mobile companies, and/or a dual-SIM simple phone, prepaid plans, pay as you go, prepaid disposable SIMs, virtual numbers with routing/forwarding….? Verizon is what we are using, and I’m disgusted with their anti-privacy practices.
-Finally, as my diagnostic tech requires me to use Macs for most things in that area; and as ransomware & healthcare are what they are….I am totally at a loss for what to use for my AntiVirus/Malware/Ransomware software. I was planning to try Kaspersky Total Internet Security for Mac, with BitDefender a second choice, but now I’m afraid to. What do people use to protect their MacBooks? I am very concerned about this, and a total loss.
Thank you again.
Smart phones aren’t great for privacy, but if you need to use an iPhone for work, the Tutanota app on iOS might be your best bet because it strips IP addresses and metadata from your emails. I don’t really have many tips on phones and privacy from mobile companies, other than to just limit your use of a smart phone (which I understand for many people is not realistic).
Most malware and ransomware still targets Windows users, particularly Microsoft Office. With malware, the biggest way to stay safe is with common sense and being careful what you click, open, download, etc. There’s a lot of disagreement about running antivirus on Mac OS and whether it’s even necessary. But if you’re worried about malware, you can run Malwarebytes for Mac.
Hi Sven,
[Tutanota app on iOS might be your best bet because it strips IP addresses and metadata from your emails. ]
Matthias Pfau of Tutanota – stated
https://restoreprivacy.com/let-pgp-die/
“We have no ETA for hiding metadata as this is a very complex task. Right now, the email protocol needs the email addresses to deliver a message. There are ways to hide this information (e.g. send the message to multiple addresses, but only the correct one is able to decrypt it), but this project is not on our immediate to-do list.”
.
Hi NeuroDocMD,
You would think HIPAA knowing how to fine could certify a business being ready for the HIPAA healthcare industry.
Lest, some contracted regulated out-sourced businesses set to to so and enact that standards are met – followed…
Hi Hard Sell, correct, the metadata is a tricky issue, I was just referring to IP addresses.
Hi Hard Sell,
Thanks for taking the time to reply. And for clarifying even further — not just the matter of Tutanota and metadata– but also the very crux of all my difficulties.
I am right there with you- there is a wealth of incredibly simple, easy, common sense solutions that could and should be part of this whole system, whether it’s HIPAA certification, (which would be something to include in reports/certifications on practitioners/facilities, thus incentivizing compliance). All these agencies and associations and boards, and we’re left here. Some doctors can do abominable things to patients and receive no punishment, not have it reported/on his record/made public, patients never know- they can literally get away with murder. But being slammed with fines an instance of non-compliance, (which would shut me down, as it would most others here), and because I do not yet have all the services and tools and experts I need, and cannot afford them yet…Malpractice insurance so high – allows actual murderers to keep the white coat on – makes it very difficult financially – so the protocols/systems/tech/practices/etc. are not all within my reach at once – as I’m getting there, a breach, a fine, and I’m done. And with healthcare such a huge bullseye, and often the “lowest hanging fruit”, and where I am, almost all of us are sorta in that situation…
In a word, it’s as with everything else here (we all know the hugeness of the problems, and how critical it all is…).
Sorry for the length– I’ve been working nonstop on this project. And thank you again.
Hi Sven,
Unfortunately, we have to use smartphones to some extent, for certain things. I have to be on call, I need to be able to access files from the clinic sometimes, communicate with a colleague….
Even more unfortunate, Windows is at the core of everything for the practice. The hosting company and Office 365, OneNote, etc.. I have to use a PC also at times, but I use mostly Mac, as I said.
Thank you for the MWB suggestion- I’ve respected them for a long while. Oh- Would you mean running scans, or having it installed and running in the background (real-time)?
I’m also looking to be able to scan docs, pics, links, emails, etc., before opening– is that possible with MWB? And any way on the iPhone?
Sir: You’ve helped a whole lot…when I can, I’m going to repay the gifts you’ve selflessly given. Bless you.
NeuroDocMD,
Hi Sir, wow that last couple of passages sounded like a straight up vertical with an extra hundred pounds.
–
I’d like to help you but can only suggest some things.
To get more privacy most everybody pics Androids because some makers of devices allow owners to unlock the phones Bootloader or OS giving them ROOT access to the device.
On smart phones your best bet is to find a forum covering the brands and then your model specific threads.
For Androids:
https://www.xda-developers.com/
.
[Taken from Ella Moss ‘Quora’ answer Aug 13 2017]
XDA has many purposes. First and foremost, it’s a place for people to share modifications they’ve done on their (Android) devices (including phones, tablets, TVs, even e-readers). It’s also a repository that people can download tools for these modifications. Google knows people do that, but they don’t really care (and even encourage it, with the Nexus line).
. .
– Apple, on the other hand, really doesn’t like people messing with their phones. They do basically anything they can to stop it from happening.
People do find exploits, but I think those are becoming more and more rare. There’s not much you can really do to them. In addition, people who want to modify their phone don’t choose Apple anymore – there’s really no point. Quick search for “iOS jailbreak” and a subreddit came up.
https://www.reddit.com/r/jailbreak/
I’d say this is probably the closest to XDA forums – people asking for help, reporting bugs, and developing stuff.[end]
*Hint-I’ve often found something on XDA by my browsers search engine better than XDA search results gave.
–
The other thing is like you’ve done here, but if you can fine tune it somehow. Consider less private mediums to find like field HIPAA professionals as yourself and tap their knowledge.
Cough’ social media sites, sites for professionals.
Search or post questions on sites like Quora, Reddit.
There an HIPAA association in the US ? That’s 50 states, if not what about the ruling health care professionals in your town or your state wide to guide you?
–
One last thing I’d do is pin-point your delivery.
Start a draft or outline highlighting the key starting points where your weak to understand.
State where you need help with each and only throw 2 or 3 out together at a time.
Anyone knowing one or more of your answers isn’t going to tie up any time answering everything at once. (Work into a conversation with people that give their logic to your understanding.)
Request knowledge of any HIPAA group or association – anywhere you post.
Sorry Sir my troubleshooting and experience is not with red-tape. HS
Thank you for your work, first of all. With the state of affairs being such that any attempt to reclaim even a modicum of privacy, or even seek to learn anything about such a Sisyphean endeavor, anything at all to do with privacy, requiring not only tech literacy, research, time, but above all, MONEY— You are truly on a noble mission. [I will be donating to your valiant cause]. And I thank you, and commend you for this treasure trove of resources. That said: While I have a million questions and really just need a personal tech privacy guide; I’ll just keep it to the topic of this post. So my question is whether you might have any information or resources about this harrowing reality-check, the true – growing – costs of CyberCrime— with a specific focus on Healthcare, HIPAA, medical records, etc.. Statistics, assistance, resources, ANYTHING, really, for a doctor with a small solo private practice (in an “underserved area”)– one who has very little time and even less tech expertise…but EVERYTHING to lose. Many thanks, and bless you for the service you provide.
Hello, I’m afraid I don’t have any specific advice when it comes to security with medical records, other than general tips, such as:
– limiting who has access to what
– utilizing some kind of two factor authentication method
– using very secure passwords (and storing/managing passwords in a secure location)
– keeping all systems up to date
– backing up files in a secure location
– using a good antivirus solution