Photo: Ekaterina_Minaeva (Shutterstock)

Apple’s Notes app might not be the first option to come to mind when you want to keep a conversation hidden from others. But by using its collaboration features to invite others into a “conversation”—and then deleting the messages when you’re done—you can erase all evidence of your chat. Sure, it’s nowhere near as safe as using an encrypted messaging app with disappearing messages (and it’s pretty easy to take screenshots of your shared notes or copy your chats to another app), but the Notes app is a quick and easy option for secret messaging in a pinch.

How to use Notes as a secret messaging app

To get started, open Notes and create a new note. Type something in the note, then tap the three-dots icon in the top-right corner of the page, and tap Share note. You can now tap Share options and disable Anyone can add people. Under Permission, make sure you’ve selected Can make changes.

Go back one page and select how you’d like to share the note with someone else. As long as they have an Apple ID, they will be able to access your note. We went with iMessage to share the note. Once the other person has joined, you can start typing a message and they’ll be able to see it pretty much in realtime.

G/O Media may get a commission

To make it easy to differentiate between your messages and those by your contact, tap the three-dots icon in the top-right corner and select Manage Shared Note. Select Highlight All Changes and go back to your note. When they’ve replied to your message, Notes will highlight it in a different color.

When you’re done with the conversation, delete everything you’ve typed first. Then tap the three-dots icon in the top-right corner, go to Share Options, and change the document permission to View only.

Return the previous page, swipe left on the name of your contact, and select Remove. This will stop them from accessing the note further. You can now delete the note from Apple Notes, and with it, all traces of your conversation will be gone.

More private ways to chat

While Apple Notes (or for that matter, Google Docs) allows you to have collaborative chats, these aren’t really the apps you want to turn to for true privacy. Ideally, you’d want to use encrypted messaging apps like Signal for these conversations.

In Signal, every chat is encrypted by default and the app doesn’t save information it doesn’t need. Once you’ve started a chat in Signal, tap the contact’s name at the top of the page and select Disappearing Messages. You can set a custom time for these messages and each message in the conversation will automatically disappear after that.

You don’t need to manually delete anything or use an unencrypted platform for secret messages. When you upload images to Signal, it has a handy option to automatically blur all faces. Features like these make it far more suitable for private conversations. And if you don’t want to use Signal, we’ve got a list of alternatives for you.

  

from Lifehacker https://ift.tt/jDi2Nrs

Photo: Alan Budman (Shutterstock)

Buying or selling a house is a stressful marathon of endless complications—but when you’re finally done borrowing wheelbarrows of cash and signing approximately one thousand sheets of paper, you can finally relax and enjoy your new home, right? Ha ha, no of course you can’t, because the worst is yet to come: You have to move.

The logistics of moving are bad enough. The cost is something else—moving house costs an average of $1,250 for what’s considered a “local” move, while a long-distance move (1,000 miles) can run you about $5,000. And if you think hiring “full-service” movers will ease your burden at least a bit, a million horror stories will dissuade you of that notion: Mover whose price quote suddenly changes when they’re sitting in your driveway and your whole life is in boxes, movers who never show up, broken or lost possessions—even movers who hold your stuff hostage.

That’s why it’s worth considering an alternative to traditional full-service movers next time you have to uproot yourself. You might not only save money, but you’ll also spare yourself a good deal of stress. Here are some alternatives to the full-service moving company.

Just do it yourself

It seems obvious: If you don’t want to hire movers, why not do it yourself? The traditional beer-and-pizza gathering of friends and family to move you to a new home might work for a very local move when you’re relatively young—but trust me when I say that your friends will be much less willing to help out the older you get and the further you have to go.

G/O Media may get a commission

Otherwise, you need to kick your DIY moving game up a notch. Rent a truck yourself—you might have even done that with previous moves that relied on the free labor of your exploited friends. But this time, you can hire the labor, too.

Moving labor companies let you hire the people who will pack and unpack your truck. You pack your stuff yourself, then rent a truck and a team to pack everything into it. Then you drive your stuff to your new home, where another local team helps you unload everything. Your costs will be much lower, and you’ll remain in complete control of the experience—and your stuff—the entire time, without exploiting your friends and family.

Use portable storage containers

Another option for moving without the movers is to use portable storage containers. You’ve seen commercials for these—a truck drops off a big metal container, you fill it with stuff, and the truck returns and takes all your crap to a storage facility. What a lot of folks don’t realize is that most of these storage companies also act as alternative movers, because they’ll happily take your storage container anywhere.

The costs can be a little less than moving companies—about $3 per mile, or roughly $3,000 for a 1,000-mile move—but the big advantage here is time: You don’t need to coordinate your move like it’s a precise military operation. The storage container arrives and sits there at your old house as long as you need it to. You can pack it up slowly. When you’re done, you make a call and the container goes away—but if you’re not ready to unpack it all, you can opt to leave it in storage for a while (and the storage fees will likely be less than what a moving company charges for a similar service). Then, when you’re ready, you have the container delivered to your new address where, again, you can take you time to unload it. (You can also still hire moving labor at either end of the process to unpack the container for you at your leisure.)

Freight trailers

Storage containers are a terrific idea for moving, but they tend to be on the small side. If you have a large home or a bunch of enormous furniture, you might need something more substantial. In that case you can consider a freight trailer. That’s the sort of trailer you see trucks hauling on the highways.

Similar to a storage container, the freight trailer is brought to your property and left there. Unlike a storage container, you typically have a tight schedule to get the trailer loaded up before the company comes back to pick it up. And you’re charged by volume, not weight—which means if you only fill half the trailer, you only pay for that portion. The downside? The trailer company will take that trailer somewhere else and sell the rest of the space.

Another downside is that freight companies aren’t moving companies, and provide zero services or equipment. For example, you’ll need to acquire your own furniture blankets and ensure that your furniture is secured and protected. The freight company will literally only be responsible for getting your stuff from point A to point B. The good news? Freight trailer moves cost an average of about $2,000, so you’ll be saving a lot of money, although you’ll need to crunch the numbers to take into account the costs of buying stuff like furniture blankets and hiring labor (unless you’re doing it all DIY).

from Lifehacker https://ift.tt/Ax5KaX0

Photo: Vladeep (Shutterstock)

We all have our bad days at work. When you do, it can be all too easy for our emotions to get out of control, whether that means crying at your desk over bad news or lashing out at a colleague in anger. If you find yourself melting down at work, there are coping strategies that can help temper your emotions, mitigate any damage your outburst may have caused, and help prevent the next one.

“Emotional regulation is the primary strategy that you want to move toward,” said Melody Wilding, an executive coach who specializes in working with highly sensitive people. “Emotional regulation means that you have more control and influence over how you experience your emotions.”

Process—don’t bottle up—your emotions 

If you find yourself melting down, the most important thing to do is to find a productive outlet to process your emotions—not just to push them down or pretend they aren’t there. As Wilding says, suppressing our emotions is a little bit like trying to hold a beach ball under water. Although you can manage for a little while, the minute you stop, the beach ball will come flying up out of the water, often hitting you (or someone around you) in the process.

“Emotions are the same way,” Wilding said. “To get through a meltdown, you have to actually process your emotions.” Helpful strategies for processing your emotions can include stepping away from work to go for a walk, listen to some music, or spend a few minutes journaling.

Create some distance 

If you find your emotions getting out of control, it’s best to create a little distance and to give yourself the time and space to process. That distance can be literal: Go for a walk, reschedule any meetings to a later time, or log off Zoom/Slack for a few hours. “Take a time out,” Wilding advised.

G/O Media may get a commission

When it comes to emotional distance, Wilding suggests practicing what she calls psychological self-distancing, where you try and see the situation from an outside perspective. One way to do this is to name your inner critic, and to try and imagine what you might say if it was a friend going through this situation. “That little bit of distance can be helpful for pulling you out,” Wilding said.

You need a strategy for damage control

If you’ve already had a meltdown at work, there are ways to recover from the fallout. As research shows, if workers frame their distress as being about their passion and commitment for work, they are viewed more favorably.

As Wilding suggests, it’s good to follow up after the fact, saying something along the lines of, “I realize I got a little emotional, that’s because I really care about the quality of the work we do.”

If you can contextualize the meltdown as being about your passion for the work, and your desire for yourself and your team or company to succeed, it can help minimize the damage.

Identify your triggers 

To prevent future workplace meltdowns, it’s important to identify the situations are especially stressful for you, and to actively work to both minimize and to better handle them when they do pop up. This could be a fear of public presentations, an inability to handle criticism, or a co-worker who has a knack for getting under your skin. “Knowing your triggers is so crucial,” Wilding said.

Once you’ve identified these triggers, then it’s important to actively work on managing your reactions to them. This includes developing coping techniques, whether that’s going for a short walk before a stressful situation, recruiting a friend to talk it through with, or setting firmer boundaries with your coworkers.

One framework that Wilding finds useful to be aware of is “HALT,” which stands for Hungry, Angry, Lonely, Tired. These four stressors can make it much harder to regulate your emotions, so on tough days, it’s good to do periodic self-evaluations. If you are feeling hungry, angry, lonely or tired, that’s a signal that you need to work on your physical and emotional wellbeing before you can expect yourself to handle a stressful situation. Take a break, grab a bite, talk to a friend. You’ll get through this.

from Lifehacker https://ift.tt/UayOLxd

Photo: iPics (Shutterstock)

Back in 2020, many car rental companies got rid of large parts of their rental fleets. Now, with surging demand and less supply, car rental prices are often astronomical (not to mention what you’ll spend on gas to fill up the tank). When you travel to Europe, though, you have another option: auto rental buy-back programs.

A buy-back lease, which you’re doing through these programs, is a customs and tax provision that allows non-EU residents to “buy” a new car during a European stay without paying customs duties and value-added tax (VAT). The car can then be later sold as a lightly used car to an EU resident and they won’t have to pay VAT either (which is around 20% in France, for example).

Exact details of your lease will vary, but as a general rule you can expect the following:

• Minimum day requirement (typically around three weeks)
• Brand new
• Lease price guaranteed in U.S. dollars or Euros
• Unlimited mileage
• Insurance with no deductible and fewer limitations on additional drivers
• Roadside assistance

Depending on where in Europe you are picking up and dropping off your car, there may be additional fees. Renault, Pugeot, and Citroen are two of the leading manufacturers offering this option. In addition to getting a brand new car and not having to pay extra for insurance, extra driver fees, or under age 25 fees, these buy-back programs can be even less expensive than renting from traditional car rental companies.

For example, an economy car (Renault Clio or similar) rental from Hertz from Sept. 15 to Oct. 15 with pickup and return at Paris CDG airport would cost around 900 EUR (not including insurance or extra driver fees). Instead, if you book a buy-back lease for a Renault DACIA Duster, you’ll pay 1,470 EUR for the same dates, including insurance and the ability for other people to drive your car. In this case, renting with Hertz is likely to be less expensive even with the additional fees, if you’re fine with an economy car; however, if you’re already paying some additional fees for insurance or an extra diver, the cost difference to rent a brand new mid-size SUV may not be much.

Keep in mind that like with traditional car rental companies, availability for cars though buy-back programs is limited, so if you are interested in this option for your European trip, you should consider your options right away. Finding a car at the last minute will be nearly impossible, and even unlikely within the few weeks leading up to your trip.

G/O Media may get a commission

from Lifehacker https://ift.tt/xaWfUM9

In this Help Net Security interview, Dawn Cappelly, Director of OT-CERT at the industrial cybersecurity company Dragos, talks about the OT security risks critical infrastructure organizations are facing, offers advice on how they can overcome obstacles that prevent them improving their cybersecurity posture, and explains how the recently set up OT-CERT she’s heading can help asset owners and operators of industrial infrastructure.

[The answers have been lightly edited for clarity]

Supply chain risks are compounded for organizations that must protect both their IT and the OT from cyber-attacks. What technologies and approaches should they consider implementing? What specific pitfalls should they avoid, and how?

Most third party risk programs are IT-focused – including suppliers that have access to the organization’s intellectual property or network. But some OT suppliers have access – physical and remote – to the OT environment, for troubleshooting, maintenance, etc., and it’s important that the risk posed by those suppliers is included in the enterprise third party risk program, since remote access to OT poses obvious security risks, and on-site access often involves USB drives and other direct electronic access which also can introduce malware into the OT environment. The good news is that these vendors can simply be included in existing third party risk programs.

On the other hand, more and more suppliers are being impacted by ransomware hitting their OT environment. This impacts their ability to provide their products and services to their customers, which can in turn impact their customers’ operations. Therefore, the scope of third party risk programs needs to be broadened once again to include critical suppliers in OT – those whose products or services are critical to the organization’s own OT operations. Now the bad news: existing third party risk programs typically do not assess security risk in OT environments. In fact, although frameworks and best practices are emerging in OT security, organizations usually need to rely on OT security experts to assist in these assessments and remediation recommendations.

Finally, we have seen increasing cyber attacks against the software supply chain, as well as attacks targeting vulnerabilities in critical OT products. When choosing suppliers of critical OT products, it is important to determine whether the vendor is certified to ISA/IEC 62443 – the leading security certification in OT. Those certifications should be an important factor in choosing products for the OT environment.

How can IT and OT Sec teams improve their cooperation towards their common goal (of keeping all systems working to support the company in achieving its business objectives)?

The biggest problem in OT security is the cultural divide between IT and OT. IT security is a mature field, with standards, frameworks, and an abundance of mature and emerging technologies. The OT security field is much less mature, lacking people with OT security experience, established best practices and frameworks, and with a much smaller selection of security technologies.

Historically, IT and OT have worked independently on security, with OT engineers overseeing security in the OT environment where it was not as critical due to lack of or limited connectivity to the internet and to the enterprise. Today, however, most OT environments are connected to the enterprise IT environment and to the internet. The benefits of Industry 4.0 and digital transformation in OT has accelerated connectivity in OT, including to cloud environments. The prevalence of converged IT/OT environments makes it imperative that IT and OT teams work together to secure them.

The problem is that cultural divide. The good news is that it can be conquered, by bringing the two teams together to create an OT security strategy that is owned jointly by both teams. Conduct a workshop with representatives from IT, IT security, OT managers, OT engineers, and IT/security personnel from OT. Use the NIST Cybersecurity Framework as the basis of the workshop.

You might find the atmosphere to be a bit contentious at first, but as the teams walk through the framework, they will begin to understand and respect the “other side”, and will begin to discover synergies and develop ideas for how they could work together toward a common goal. Since the plan was developed together, joint ownership of the plan boosts its chances for success as the team works on the strategic roadmap they created together.

The theory of keeping IT and OT networks secure is there, but there are many obstacles to putting it in practice – especially when the organizations aren’t large and well heeled. Which are the most common ones and how can they be overcome?

An OT security program should focus on the following 5 critical controls:

1. ICS-specific incident response plan: Create a dedicated incident response plan for specific cyberthreat scenarios at specific OT locations, and consider table top exercises to test and improve response plans.
2. A defensible architecture: Hardening the OT environment – remove extraneous OT network access points, maintain strong policy control at IT/OT interface points, and mitigate high risk vulnerabilities. Include the people and processes to maintain it.
3. Visibility and monitoring: You can’t protect what you can’t see. Maintain an inventory of assets, map vulnerabilities against those assets (and mitigation plans), and actively monitor traffic for potential threats.
4. Multi-factor authentication: Multi-factor authentication (MFA) is a rare case of a classic IT control that can be appropriately applied to OT. Implement MFA across your systems of systems to add an extra layer of security for a relatively small investment.
5. Key vulnerability management: Over 1200 OT-specific vulnerabilities were released last year. While patching an IT system like a worker’s laptop is relatively easy, shutting down a plant has huge costs. An effective OT vulnerability management program requires timely awareness of key vulnerabilities that apply to the environment, as well as alternative mitigation strategies to minimize exposure while continuing to operate.

Now let’s examine the approach for an under-resourced organization. They need a straightforward method for assessing and addressing their OT security gaps that is practical to them considering lack of expertise and resources. That is where the Dragos OT-CERT (Operational Technology – Cyber Emergency Readiness Team) comes in.

We will provide them with a simple self-assessment instrument to provide a baseline of their current security posture. Next we will provide an asset management toolkit, which will consist of training, an asset management template that they can use to capture and maintain the inventory of their assets in OT, and a guide. This is the foundation for critical control #3. Following that will be a self-service ransomware toolkit to assist them in preparing for cyberattacks in OT (critical control #1). Each month we will release additional resources to assist them in addressing the critical controls listed above in a way that is practical for them.

You are the first director of Dragos’ OT CERT center. Tell us a bit about this new project and your plans for it.

When I was CISO at Rockwell Automation, we continuously expanded our third party risk program to address the increased supply chain cybersecurity risks that I discussed above. Unfortunately our risk analysis sometimes prevented us from accepting the risks posed by small or medium suppliers with a cyber posture that did not meet our requirements.

While there are some free resources available for IT security in small businesses, I could not find any free resources for them to create a minimum level of security in their OT environments. Supply chain cybersecurity risk, and the urgent need for someone to step up and help small organizations to raise their security posture became my “hot button” issues as I retired as CISO.

Our CEO, Rob Lee, recently stated, “When you think of our mission of Safeguarding Civilization…it’s not ‘safeguard the companies that can drive revenue fastest’…we should provide answers for all organizations within our community, including the smallest and most underserved companies.” That is why Dragos created the OT-CERT.

Designed to support asset owners and operators of industrial infrastructure, Dragos OT-CERT provides free cybersecurity resources for the Industrial Control System (ICS) /OT community. Resources are available exclusively from the OT-CERT portal, providing members with information and materials to help build an OT cybersecurity program, improve their security posture, and reduce OT risks.

Membership is open to organizations globally, and firms of any size are welcome to join. OT-CERT membership is especially beneficial for resource-constrained organizations. Small to medium-sized businesses often do not have a dedicated OT security team or access to the same level of resources as large enterprises, and Dragos OT-CERT was created with these organizations specifically in mind.

In addition, OT-CERT will coordinate with OEMs regarding disclosures for vulnerabilities discovered by Dragos threat intelligence researchers, as well as cyber threats detected by Dragos targeted at the OEMs’ products. OEM partnerships, like the ones we have with Emerson and Rockwell Automation, are critical to coordinated vulnerability disclosures and effective threat response to protect and support industrial infrastructure in the escalating cyber threat environment.

I am honored to be the first director. My security career started in CERT at Carnegie Mellon University – the first cybersecurity organization in the world. CERT is dedicated to providing resources to help the community to defend against cyber threats, so that passion is part of my DNA.

What “fights” do you expect to be involved in while bringing your vision of the project to life, and why do you believe you’ll win them? How has your career to date prepared you for such an undertaking?

The biggest challenge I anticipate is getting under-resourced organizations to join OT-CERT. Many believe incorrectly that it will never happen to them – who would be interested in attacking them? Or they are convinced that they do not have the resources or expertise to build a security program and therefore will not give it a try. I firmly believe that what we plan to provide is practical for small and medium sized organizations with OT environments, and it is imperative to industrial infrastructure that we get them to participate.

My strategy for overcoming this challenge is our OT-CERT partnership program. We have partnered with the National Association of Manufacturers (NAM) and four Information Sharing and Analysis Centers: E-ISAC (electricity), ONG-ISAC (oil and natural gas), DNG-ISAC (downstream natural gas), and WaterISAC. Our partners will promote the OT-CERT to their members, and work with us to ensure that our resources are useful to them.

We will conduct joint workshops with some partners – workshops focused on organizations of similar size, sector, and potentially geographic location. In the workshops participants will learn from each other, collaborate on new strategies, and build relationships for ongoing information sharing. In addition, best practices and other learnings from the workshops will be reflected in OT-CERT resources for the benefit of all OT-CERT members.

I’ve been faced with “new frontiers” twice in my career, and I love conquering a challenge by building something new. I was the founder and director of the CERT Insider Threat Center, which I grew from one seminal insider threat study with the Secret Service into the global center of expertise on insider threat. After 13 years I left CERT to build an insider risk program for Rockwell Automation. At that time I knew of 4 other people that were building comprehensive, global insider risk programs, and we created an information sharing group which grew to more than 200 companies with 300 members in a few years. The group is still very active, and is now being run by the National Insider Threat Center at CERT at Carnegie Mellon.

As CISO at Rockwell Automation I was faced with another new frontier: OT security. There were no best practices or frameworks, and few technologies available, so once again I formed an information sharing group of CISOs with OT environments so we could all learn from each other and develop and share our own best practices.

I am excited about the opportunity to build a new information sharing community in OT-CERT!

The security of the IT and OT at industrial and organizations in the energy industry has always been important, but with the explosion of ransomware and the fact that these orgs are likely to be pawns in global (cyber) conflicts, the danger of crippling cyber-attacks is seemingly higher than ever. Can you offer some advice to those in charge of cybersecurity defenses at these types of companies – advice that will stop them simply treading water and start them moving towards a better cybersecurity posture?

I believe most large organizations in industrial infrastructure are working to raise their security posture to mitigate the elevated cyber threat environment. I believe the weak link in cybersecurity is the supply chain, and it is imperative that we all work together to address it. Both nation states and cybercrime groups have targeted suppliers to get to their customers’ IT environments and / or information – SolarWinds, Accellion, and Kaseya are just a few. It would be foolish to think that they will not try that same tactic in OT environments. For that reason it is imperative that CISOs make sure they are including their OT suppliers in their third party risk programs as soon as possible.

I am grateful that Dragos has committed to OT-CERT so we can impact the security ecosystem of the industrial infrastructure community, but we need the awareness and support of larger organizations. Security teams can point their vendors that do not meet their OT security requirements to OT-CERT and other free resources for IT security in small businesses. Only by working together can we protect global industrial infrastructure from the impacts of ransomware and sophisticated cyber attacks targeted at OT environments.

from Help Net Security https://ift.tt/9Rgd58N

The latest APWG’s Phishing Activity Trends Report reveals that in the first quarter of 2022 there were 1,025,968 total phishing attacks—the worst quarter for phishing observed to date. This quarter was the first time the three-month total has exceeded one million. There were 384,291 attacks in March 2022, which was a record monthly total. In this video for Help Net Security, Joshua Crumbaugh, CEO, PhishFirewall, talks about how cybercriminals are taking their phishing attacks to … More →

The post How phishing attacks are becoming more sophisticated appeared first on Help Net Security.

from Help Net Security https://ift.tt/BiVNe7t

The UK’s Information Commissioner’s Office (ICO) has issued its third largest ever fine of £7.5m. It was imposed on Clearview AI, the controversial facial recognition company that has already been on the wrong end of similar decisions from regulators in Italy, France and Australia. Clearview collected more than 20 billion images of people’s faces from Facebook and other social media platforms. It then sold access to those to private companies and institutions such as police forces around the world.

The ICO found Clearview broke UK data protection law in several ways, including failing to have a lawful reason for collecting information on UK residents, failing to use it in a fair and transparent way, and failing to have a process in place to stop data being stored indefinitely. The ICO ordered the company to delete any UK residents’ images and refrain from collecting more in the future.

John Edwards, the UK information commissioner, said about his ruling: “The company not only enables identification of these people but effectively monitors their behaviour and offers it as a commercial service. That is unacceptable.” The ICO also revealed Clearview’s technology had been offered on a “free trial basis” to UK law enforcement agencies, although that has since stopped.

Smile for the camera

Facial recognition software is becoming a fact of life in the UK. The proliferation of Ring and other video doorbells, for example, has provided police with a new way to fight crime by asking residents for their footage and audio (many have microphones capable of picking up conversations from passers-by). In 2019, the UK’s Police National Database held images of around 20 million faces, many of which were people who had never been charged or convicted of an offence.

There are issues with authorities using this technology to fight crime. For one, the risk of a false positive is high. When South Wales Police tested their facial recognition system for 55 hours, for example, 2,900 potential matches were flagged — 95% of those were false positives. There are stories, particularly in the US, of wrongful arrests and even convictions based on facial recognition software. Perhaps due to the technology sector’s lack of diversity, these systems aren’t good at recognizing women or those from an ethnic minority background, which serves to compound existing discrimination and bias.

The European Commission has expressed its intent to ban aspects of facial recognition technology in the future. But it’s not just your face: Surveillance technology is expanding at such a pace that it’s now possible to analyze the way you walk, your heartbeat, breathing pattern, and, controversially, emotions.

Surveillance technology has been normalized by the pandemic

Covid-19 propelled the growth of surveillance technology. In France, facial recognition technology was used on public transport to monitor whether passengers were wearing masks, and Australia trialed similar software to check people were at home during quarantine. Billions of people around the world had their movements logged by various Covid-19 test and trace apps.

There has been some public support for these sorts of measures. Almost two thirds (61%) of Brits say they’ve been happy to share their health status data during the pandemic, and 54% were happy to sacrifice some of their data privacy to shorten the length of lockdown.

But surveillance has slipped into other areas of our lives too. Workplace surveillance technology – from monitoring of emails and web browsing to video tracking and key logging – has become commonplace with the rise of remote working. Almost a third of workers are now being monitored in their jobs, up from 24% earlier in the year. Microsoft has even patented emotion detection software to monitor employee wellbeing after weighing up biometric factors such as voice and heart rate. Unions and MPs are calling for a new set of data rights to protect workers in these situations.

In some instances, regulators are taking action where practices breach existing GDPR legislation. H&M in Germany, for example, was handed a €35.2 million fine in 2020 for excessive surveillance of employees, and in the UK, Barclays is under investigation for its use of software to track staff computer activity.

Privacy is a fundamental human right

We all have a right to privacy; at home, at work and when we’re out in public. Organizations such as Clearview AI that take and store our images without our knowledge or consent must be fined and prevented from doing so again. But it’s only the tip of the iceberg.

Facial recognition technology, and biometric identification more broadly, is a slippery slope that threatens our fundamental human right to privacy. Technology will always hold its temptations. But organizations need to play their part in developing a culture of continuous privacy compliance to ensure that privacy is considered every step of the way. The way we operate now will have real consequences for the future we build – for ourselves, our children, and their children.

from Help Net Security https://ift.tt/Utpbrc0