Is Your Online Shopping App Invading Your Privacy?

Online shopping has become a common activity for many people. It’s convenient, easy, and allows us to buy items from the comfort of our homes. But with the rise of online shopping, there are concerns about privacy and security.

Not all shopping apps are created equally. Often people get excited and install an app without checking privacy practices. Apps can collect more data from your smartphone than you realize. Whether you use your phone for personal use, business use, or both, your data can be at risk. So can your privacy.

Shady Data Collection Practices from Popular Shopping App SHEIN

Recently, security experts found a popular shopping app spying on users’ copy-and-paste activity. This app was tracking users’ keystrokes, screenshots, and even their GPS location. This raises the question: Is your online shopping app invading your privacy?

SHEIN is the app in question, and it’s a popular shopping app with millions of users. According to reports, researchers found the app collecting data from users’ clipboards. This included any text that users copied and pasted. This means that if the user copied and pasted sensitive information, the app would have access to it including things like passwords or credit card numbers.

Not only that but the app was also found to be tracking users’ GPS location. SHEIN was also collecting data from device sensors, including the accelerometer and gyroscope. This means that the app was able to track users’ movements. As well as collecting information about how they were using their device.

The app’s developers claimed that the data collection was for “optimizing user experience.” A very vague explanation that’s used by other app developers as well. The developers stated that the collected data was only used for internal purposes. But this explanation wasn’t enough to please privacy experts. Those experts raised concerns about the app’s data collection practices.

Temu Data Collection Practices Questioned

This isn’t the first time people caught an app grabbing data without users’ knowledge. Many popular apps collect data from their users, often for targeted advertising purposes.

The popularity of the shopping app Temu has been exploding recently. Since the app appeared in a Superbowl Ad in 2023, people have been flocking to it.

But Temu is another shopping app with questionable data collection practices. Some of the data that Temu collects includes:

  • Your name, address, phone number
  • Details you enter, like birthday, photo, and social profiles
  • Your phone’s operating system and version
  • Your IPS address and GPS location (if enabled)
  • Your browsing data

So, what can you do to protect your privacy when using online shopping apps? Read on for a few tips.

Tips to Protect Your Privacy When Using Shopping Apps

 

Know What You’re Getting Into (Read the Privacy Policy)

Yes, it’s hard to stop and read a long privacy policy when you just want to use an app. But, if you don’t, you could end up sharing a lot more than you realize.

Before downloading an app, make sure to read its privacy policy. This will give you an idea of what data the app takes and how it’s used. You can try searching keywords like “collect” and “your data” to save time. This can help you jump to data collection details.

If you do this before you download, you may change your mind. After learning how much data the app collects from you, you may decide it just isn’t worth it.

Turn Off Sharing Features

Turn off any data-sharing features you don’t need in your phone’s settings. Such as location services. Most smartphones allow you to choose which apps you want to use it with.

Explore both your phone settings and the app’s settings to restrict data sharing as much as possible.

Remove Apps You Don’t Use

If you’re not using the app regularly, remove it from your phone. Having unused apps on your phone is a big risk. Even if they’re not actively in use, those apps can still collect data. For example, browsing activity or your activity in other mobile apps.

Research Apps Before You Download

It’s easy to get caught up in a fad. You hear your friend talk about an app, and you want to check it out. But it pays to research before you download. Look up the app and check security and data collection keywords. Inform yourself first before downloading an app that might be compromising your device data and activity.

Shop on a Website Instead

You can limit the dangerous data collection of shopping apps by using a website instead. Most legitimate companies have an official website. One where you can buy the same things as you can buy using the app.

Improve Your Mobile Device Security

Mobile devices are regularly used more than computers. But they often lack the a desktop computer’s level of security. Give us a call today to schedule a chat about protecting your mobile device data.

 


Featured Image Credit

This Article, adapted, has been Republished with Permission from The Technology Press.

Best Ways to Use ChatGPT at Your Business (Without Things Getting Out of Hand)

It’s hard to turn around online these days without running into ChatGPT. Both Bing and Google are levering this advanced artificial intelligence language model. And you can expect it to show up in more business and personal tools that you use every day.

ChatGPT has revolutionized the way businesses interact with their customers. It has also affected how they get things done. Teams are using it for everything from emails to generating ideas for product names. We here at Firewell Technology Solutions are already using ChatGPT to help write Powershell scripts and automate other workflows! But we’re also aware that the tool’s personalized and informative responses in real-time definitely draw you in. Integrating ChatGPT into your business operations requires careful consideration. You want to ensure that things don’t get out of hand with employees using the tool irresponsibly.

In this article, we explore the best practices for using ChatGPT at your business.

Best Practices for Responsible Use of ChatGPT & Other AI

 

Understand ChatGPT’s Weaknesses

This is still very new technology, and it makes mistakes. When you first use ChatGPT, you’ll see a warning about this. You shouldn’t use the responses it provides you without human review and editing.

Yes, it can write you an employee device use policy if you ask. But, there may be things in that auto-generated policy that aren’t quite correct. Use it as a prompt, but not as a replacement for human-generated content.

Another weakness is potential bias. As the engine trains on vast amounts of content, it can pick up some bad habits. Thus, you could get biased or shocking responses from ChatGPT. Understand that in human terms, the tool is still a toddler that needs supervision.

Define ChatGPT’s Role

Before integrating ChatGPT into your business, it’s essential to define its role. The role can range from answering customers to generating ideas for new products.

Defining ChatGPT’s role helps you leverage its power. But also ensures you put in guard rails. The technology still is very new, so you don’t want your employees using it for everything.

Determine exactly which tasks the company approves for ChatGPT use and which it does not. This empowers your team to use it where you deem best and avoids improper use.

Consider Customer Privacy

Privacy is a crucial aspect of any business, and the use of AI technologies should not be an exception. As you integrate the tool into your work, it’s important to consider customer privacy. In fact, in March, Italy banned ChatGPT due to data privacy concerns.

Be aware of any exposure of employee or customer data to ChatGPT. Limit the potential for data leakage.

For example, you can configure ChatGPT to stop collecting customer data. Such as, after data collection reaches a particular threshold.

Ensure Human Oversight

ChatGPT is a powerful tool, but it’s not a substitute for human interaction. It’s crucial to have human oversight to ensure the output it gives is relevant and accurate. Human oversight can help stop inappropriate responses that may negatively impact your business.

Integrate ChatGPT Into Your Existing Customer Service

Integrating ChatGPT into your customer service channels can benefit customers. It can improve customer experience while also reducing workload. You can integrate it into your website, social media, and other support channels. It can provide real-time responses to customer queries. But, again, human beings need to watch ChatGPT and its responses.

Leveraging it intelligently reduces the waiting time for customers. It can also improve their experience with your business.

Measure Performance and Optimize

Measuring ChatGPT’s performance is crucial to ensure that it’s providing value. Measure its performance by analyzing customer satisfaction, response time, and responses handled.

You can also look at productivity statistics. Is using ChatGPT to write the framework for customer emails saving time? Or does it take just as much time for your team to edit responses?

Based on the analysis, you can optimize ChatGPT to improve its performance. This helps it to be a better support for your business.

Be Transparent About Using It

Be transparent if you’re using ChatGPT for email responses or other things. Your customers will appreciate your honesty. For example, you could simply state in your policies the following.

“We leverage AI for certain content, and always edit and fact-check its outputs.”

The use of AI-generated content is a murky area right now. Responsible companies tell their customers exactly where and how they are using it.

Get Help Navigating the Changing World of Business Technology

ChatGPT is an excellent tool for businesses looking to leverage its AI power. But this tool is still in its infancy. Integrating ChatGPT into your business requires careful consideration. You need to ensure that it’s effective and secure.

Are you a Fresno or Visalia area business interested in ChatGPT? Give Firewell Technology Solutions a call today to schedule a chat about AI and how you can mindfully leverage it.

 


Featured Image Credit

This Article, adapted, has been Republished with Permission from The Technology Press.

6 Things You Should Do to Handle Data Privacy Updates

Once data began going digital, authorities realized a need to protect it. Thus, the creation of data privacy rules and regulations to address cyber threats. Many organizations have one or more data privacy policies they need to meet.

Those in the U.S. healthcare industry and their service partners need to comply with HIPAA. Anyone collecting payment card data must worry about PCI-DSS. GDPR is a wide-reaching data protection regulation. It impacts anyone selling to EU citizens.

Industry and international data privacy regulations are just the tip of the iceberg. Many state and local jurisdictions also have their own data privacy laws. Organizations must be aware of these compliance requirements. But they also need to know about updates to these rules.

By the end of 2024, about 75% of the population will have its data protected by one or more privacy regulations.

Authorities enact new data privacy regulations all the time. For example, in 2023, four states will have new rules. Colorado, Utah, Connecticut, and Virginia will begin enforcing new data privacy statutes.

Businesses must stay on top of their data privacy compliance requirements. Otherwise, they can suffer. Many standards carry stiff penalties for a data breach. And if security was lacking, fines can be even higher.

The Health Insurance Portability and Accountability Act (HIPAA) uses a sliding scale. Violators can be fined between $100 to $50,000 per breached record. The more negligent the company is, the higher the fine.

Does all that sound scary?

Don’t worry! Firewell Technology Solutions has some tips for Central Valley and California businesses that can help you keep up with data privacy updates coming your way.

Steps for Staying On Top of Data Privacy Compliance

 

1. Identify the Regulations You Need to Follow

Does your organization have a list of the different data privacy rules it falls under? There could be regulations for:

  • Industry
  • Where you sell (e.g., if you sell to the EU)
  • Statewide
  • City or county
  • Federal (e.g., for government contractors)

Identify all the various data privacy regulations that you may be subject to. This helps ensure you’re not caught off guard by one you didn’t know about.

2. Stay Aware of Data Privacy Regulation Updates

Don’t get blindsided by a data privacy rule change. You can stay on top of any changes by signing up for updates on the appropriate website. Look for the official website for the compliance authority.

For example, if you are in the healthcare field you can sign up for HIPAA updates at HIPAA.gov. You should do this for each of the regulations your business falls under.

You should have updates sent to more than one person. Typically, your Security Officer or equal, and another responsible party. This ensures they don’t get missed if someone is on vacation.

3. Do an Annual Review of Your Data Security Standards

Companies are always evolving their technology. This doesn’t always mean a big enterprise transition. Sometimes you may add a new server or a new computer to the mix.

Any changes to your IT environment can mean falling out of compliance. A new employee mobile device added, but not properly protected is a problem. One new cloud tool an employee decides to use can also cause a compliance issue.

It’s important to do at least an annual review of your data security. Match that with your data privacy compliance requirements to make sure you’re still good.

4. Audit Your Security Policies and Procedures

Something else you should audit at least annually is your policies and procedures. These written documents that tell employees what’s expected from them. They also give direction when it comes to data privacy and how to handle a breach.

Audit your security policies annually. Additionally, audit them whenever there is a data privacy regulation update. You want to ensure that you’re encompassing any new changes to your requirements.

5. Update Your Technical, Physical & Administrative Safeguards As Needed

When you receive a notification that a data privacy update is coming, plan ahead. It’s best to comply before the rule kicks in, if possible.

Look at three areas of your IT security:

  • Technical safeguards – Systems, devices, software, etc.
  • Administrative safeguards – Policies, manuals, training, etc.
  • Physical safeguards – Doors, keypads, building security, etc.

6. Keep Employees Trained on Compliance and Data Privacy Policies

Employees should be aware of any changes to data privacy policies that impact them. When you receive news about an upcoming update, add this to your ongoing training.

Good cybersecurity practice is to conduct ongoing cybersecurity training for staff. This keeps their anti-breach skills sharp and reminds them of what’s expected.
Include updates they need to know about so they can be properly prepared.

Remember to always log your training activities. It’s a good idea to log the date, the employees educated, and the topic. This way, you have this documentation if you do suffer a breach at some point.

Get Help Ensuring Your Systems Meet Compliance Needs

Data privacy compliance can be complex, but you don’t have to figure it all out yourself. Firewell Technology Solutions is well-versed in data privacy compliance needs. Give us a call today to schedule a chat.

 


Featured Image Credit

 

This Article, adapted, has been Republished with Permission from The Technology Press.

Why You Need to Think Twice Before Using Lensa AI & Other Self-Portrait Apps

It’s a common theme. You begin seeing these amazing CGI images of your friends on Facebook or Instagram. You think, “How can I make one?” and “what self-portrait apps are they using?”

Filters and self-portrait apps have come a long way. You can now make yourself look like Hollywood’s version of a character in the next hit animated film. It still kind of looks like you, only a dream version with “perfect” hair, skin, and facial features.

The latest of these modern vanity marvels to make the rounds is Lensa AI. You upload about 10 photos so the app can feed that data into its AI algorithm. Then, once it maps your facial features, it generates several fantasy selfies of you.

These magical avatars don’t come for free though. While you can download the app for free and use it in a limited fashion, you need to pay to do more. To get unlimited access for one week, it’s $2.99. There are several pricing tiers for its avatar packs and membership access. These range from $3.99 for Avatars Pack 1 to $35.99 for full membership.

It sounds like a little harmless digital fun, right? That’s what many companies making apps like this like you to think. Vanity is an easy sell, and who doesn’t want to have a fabulous profile pic?

But for Lensa AI and several similar self-portrait apps, you’re paying more than you know. The cost comes from the data privacy rights you’re giving up. And these can go far beyond the app itself.

Why Worry About Data Privacy with Lensa AI & Other Self-Portrait Apps?

Thanks to laws like GDPR, software and app developers need to tell you what they do with your data. Looking at the app at the Mac App Store, a few alarming things jump out.

Data Used to Track You

Once you download the Lensa AI app, it can track your phone activity. The app store states that the app may use purchases and unique identifiers to track you. And this doesn’t mean only tracking you while in Lensa AI. It can track you across websites and apps owned by other companies.

Data Collected

Lensa AI scours your device for a lot of different data points. By downloading it, you permit it to do this. Some of the tracking links to you personally (such as linked to your name, IP address, or phone number). It collects a lot of other data, but not with your name or another identifier on it.

Data collected and linked to you:

  • User content (such as the images you upload)

Data collected, but not linked to you:

  • Purchases you make on websites or apps
  • Usage data for apps, etc.
  • Identifiers (this isn’t specified, but could mean things like city or gender)
  • Diagnostics from your device

Loss of Rights to Your Uploaded Images

What apps like Lensa AI do with your data is a grey area. Many tech companies, such as Facebook, have been known to act irresponsibly with user data. Many are purposely vague in their terms and conditions, leaving the door open.

One section from the Lensa AI Terms that users agree to states the following:

“…solely for the purposes of operating or improving Lensa, you grant us a time-limited, revocable, non-exclusive, royalty-free, worldwide, fully-paid, transferable, sub-licensable license to use, reproduce, modify, distribute, create derivative works of your User Content, without any additional compensation to you…”

For the sole purpose of “operating” Lensa, could mean anything. It could mean that to make more money to operate the business, the company needs to use your images. Note that it also states it can modify, distribute, etc. YOUR user content.

Things You Can Do to Protect Your Data Privacy

 

Don’t Immediately Jump on Every Fad

This one may be hard when you see all your friends using a new app. It’s natural to want to be a part of that. But try waiting a week. Most likely those avatar images from the latest selfie app won’t be blowing up your feed anymore.

Read App Terms & Conditions

Take the time to read an app’s terms. You are often giving up more data privacy rights than you realize. This includes giving an app the ability to track just about everything you do on your device. Be aware of what’s at risk before you download a new app.

Restrict Data Collection

If you can’t resist an app’s charms, at least make it as secure as possible. This includes taking the time to restrict its data collection features, where possible.

Use your phone’s privacy and security settings to turn off data sharing. For the Lensa AI app, you can also contact the company to request that it delete your data from its servers. Its privacy policy states to email [email protected] for questions and concerns.

Get a Device Privacy Checkup

The more apps you use, the more complicated data privacy can get. Don’t leave it to chance. We’ll be happy to help. Give us a call today to schedule a device privacy checkup.

 


Featured Image Credit

This Article, adapted, has been Republished with Permission from The Technology Press.

Data Breaches and Protecting Your Private and Personal Info

There’s a reason that browsers like Edge have added breached password notifications. Data breaches are an unfortunate part of life. And can have costly consequences for individuals. Hackers can steal identities and compromise bank accounts, just to name a couple.

Cybercriminals breach about 4,800 websites every month with form jacking code. It has become all too common to hear of a large hotel chain or social media company exposing customer data.

Hackers can breach your personal information and passwords without you knowing it. And the time from breach to notification of the breach can be lengthy. One example is the data breach of CafePress. This is a popular online retailer that prints personalized items.

CafePress suffered a data breach in February 2019. That breach exposed millions of names and addresses, security questions, and more. Hackers also breached social security numbers that weren’t encrypted.

As mentioned, the breach happened in February. But many consumers weren’t notified until late summer. The FTC recently took action against the company. This was due to its careless security practices.

The point is that months or years can go by without you knowing about compromised data. Unless you happen to look at the right website, you may not even realize it. Those breached password features in browsers are helpful. But what if you have other information beyond a password compromised?

We here at Firewell Technology Solutions believe that It’s best to protect yourself with some knowledge. We’ll help by listing several recent breaches. If you’ve interacted with any of these companies, you’ll want to take steps to protect yourself from the fallout.

Recent Breaches of Personal Information That May Impact You

Microsoft Customer Data Breach

On October 19, 2022, Microsoft announced a breach that exposed customer data. A misconfigured server was to blame. The breach exposed certain business transaction data. It’s thought that this breach could have affected more than 65,000 entities worldwide.

2.5 Million Records Exposed in a Student Loan Breach

Did you get a student loan from EdFinancial and the Oklahoma Student Loan Authority (OSLA)? If so, you could be in trouble. The organizations notified impacted individuals by letter in July 2022.

The personal information at risk included:

  • Social security numbers
  • Email addresses
  • Home addresses
  • Phone numbers.

The breach compromised the data of over 2.5 million loan recipients.

U-Haul Data Breach of 2.2 Million Individuals’ Data

Large rental firm U-Haul is a household name. It also just had a major data breach. It notified clients in August of 2022 of a compromise of some rental contracts. The contacts in question were between November 5, 2021, and April 5, 2022.

The breach exposed names, driver’s license numbers, and state identification numbers. It affected over 2.2 million individuals that rented vehicles from the company.

Neopets Breach May Have Compromised 69 Million Accounts

You wouldn’t suspect a cute site like Neopets to be a cybersecurity risk. But users of the platform got a rude awakening due to a breach of the service. An estimated 69 million accounts may have had emails and passwords leaked.

The full stolen Neopet database and copy of the source code were being offered for sale for about $94,500.

One Employee Computer Causes a Marriott Breach

Hotel giant Marriott suffered another breach in July 2022. It blamed a single unsecured employee computer. About 300-400 individuals had data leaked. This data included credit card numbers and other confidential information.

Unfortunately, the company shows a pattern of poor cybersecurity. Within the last four years, it has suffered three separate breaches. That’s enough to want to pay in cash or use a pre-paid card if you stay there.

Shield Health Care Group Exposes Up to 2 Million Records

In March of 2022, Shield Health Care Group detected a breach. This Massachusetts-based company found that hackers breached up to 2 million customer records. This includes medical records, social security numbers, and other sensitive personal data.

 

Flagstar Bank Takes 6 Months to Identify Individuals Affected in a Breach

In December of 2021, Flagstar Bank suffered a breach. It wasn’t until 6 months later that it identified the individuals affected. And the impact was large. It included exposed social security numbers. The hack impacted about 1.5 million customers.

8.2 million Current and Former Customers of Block Compromised

Block was formerly known as Square, a popular payment processing platform. It announced in April of 2022 that it was breached the previous December. A former employee accessed customer names and brokerage account numbers. Some accounts also had other stock trading information accessed.

About 8.2 million current and former customers had their data exposed.

Crypto.com Breach Nets Hackers Over $30 Million

Cryptocurrency may be hot at the moment, but it’s very susceptible to cyberattacks. In January 2022, over 483 users had their Crypto.com wallets breached.

The criminals made it past two-factor authentication, which is usually quite effective. They stole about $18 million in bitcoin and $15 million in Ethereum and other cryptocurrencies.

How Secure Are Your Passwords?

There are many solutions that can help you better manage and secure your passwords. Give Firewell Technology Solutions a call to learn more about protecting your personal data from a breach.

 


Featured Image Credit

 

This Article, adapted, has been Republished with Permission from The Technology Press.

Data Privacy Trends in 2023 That Could Impact Your Compliance

Data privacy has been a growing requirement ever since the internet age began. So much personal information is flying around through computer networks. Protecting it has become a mandate.

Most companies must follow HIPAA, GDPR, or another industry or locality-based privacy rule. By the end of 2024, 75% of the world’s population will have their personal data protected. It will fall under one or more privacy regulations.

We here at Firewell Technology Solutions believe that you don’t need to be a large enterprise organization to have data privacy compliance at the top of your mind. It goes hand in hand with cybersecurity. Additionally, privacy requirements hit all sized companies. Even the smallest financial service providers are required by law to have a Written Information Security Plan (WISP) in place, for example. Did you know that Firewell Technology Solutions can help you draft and implement a Written Information Security Plan (WISP)? It’s true!

Between July 2020 and July 2021, GDPR violations rose by 113.5%. The number of associated fines also jumped, by 124.92%. When it comes to HIPAA violations, each incident can carry a penalty between $100 to $25,000.

It’s important to make data privacy a priority and factor it into all your data collection processes. When companies collect, send, or store personally identifiable information (PII) it needs protection. This means putting adequate safeguards in place.

To stay on top of your privacy compliance obligations, you should also keep up with trends in this area. Next up, we’ve documented the biggest data privacy trends happening in 2023 that you should be aware of.

What’s Happening in Data Privacy Compliance?

AI Governance

Approximately 40% of privacy compliance technology needs artificial intelligence (AI) to operate. AI has certainly made its way into many of the applications we use on a daily basis.

When you’re typing in MS Word and text just springs up as a suggestion, that’s AI predicting what you’ll type next. When working on a photograph in Photoshop, you can now click a button to give a frowning face a smile. This is also the work of AI.

So, it’s no surprise that AI is running many of the algorithms responsible for keeping data protected. But what happens when there is a problem with the AI?

This is the question that AI governance is working to address. This is a new trend in data privacy because AI has never been so prevalent throughout the data journey as it is now.

Whenever AI is used in the data protection area, organizations need to govern it properly. This helps ensure that automated processes aren’t accidentally exposing sensitive data.

Consumer Privacy UX

A trend that we’ve seen over the last several months is putting more privacy power into the consumer’s hands. Many privacy regulations require that apps and websites provide data transparency. They need to tell people what data they’re collecting, how they’re collecting it, and what they do with it. People also need an “out” to get their data back.

These needs have led to consumer privacy UX becoming a “thing.” You can think of this as a centralized privacy portal. A place people can access privacy-related settings in various apps. This gives better visibility into how their data is being used.

Increased Scrutiny of Remote Employee Monitoring

The pandemic has forever changed the global workforce. Many organizations are now running completely remote offices. Or may be using a mix of remote and in-office staff. The dramatic increase in people working from home has led to data collection changes. Companies are ramping up their monitoring of those employees working off-site.

But this type of monitoring opens a can of worms when it comes to data privacy. Organizations need to ensure that they aren’t encroaching on the rights of their staff. This is most pertinent when putting monitoring in place on employee devices.

For example, approximately 49% of remote employees use their personal computers for work. Companies often put endpoint device monitoring in place for security reasons. They need to ensure they are not gathering or backing up any personal data. That would be data owned by the employee and not the company.

Data Localization

One of the concerns when the social app TikTok became popular relates to location. With the firm being a China-based company, people worried about the privacy of their data. The data was originally stored on servers governed by the Chinese government. A country with very different data privacy rules than the US and other countries.

Data localization is going to become more prevalent. Increasingly organizations look at where their cloud data is being stored. Where a server resides governs the privacy rules and regulations that it may fall under. Thus, companies and governments are now asking a question of cloud providers. This is, “Where is my data stored?” Many want their data to be as close to home as possible.

Privacy-Enhancing Computation (PEC)

Data privacy by design is a fairly new term. Using privacy-enhancing computation is a way that AI is helping cybersecurity. By using PEC as a built-in component of software and apps, developers provide value to clients. They address privacy concerns by making data protection more automated.

Look for PEC components in data analytics when shopping for business tools.

When Is the Last Time You Had a Compliance Check?

How are your data privacy protections? Are you risking a penalty due to lax controls? Give Firewell Technology Solutions a call! We can help with a compliance checkup and help you draft a Written Information Security Plan (WISP) to help implement and maintain compliance standards for your team!

 


Featured Image Credit

This Article, adapted, has been Republished with Permission from The Technology Press.