At a glance.
- Human factors design and susceptibility to social engineering.
- Missouri healthcare provider experiences data breach.
- Privacy implications of COVID-19 contact tracing.
- Work life after the pandemic: expect social distancing and surveillance to continue.
Human factors design and susceptibility to social engineering.
A University of Pennsylvania study concludes that people are far more ready to overshare over their smartphones than they are when using other devices, like desktops or laptops. Two features of smartphones, the researchers argue, make users less guarded and more forthcoming. First, users tend to feel comfortable with their phones, and that comfort leads them to be less wary. Second, it's relatively more difficult to generate content on a small device, and that difficulty tends "to narrowly focus attention on the disclosure task at hand." This is not a deterministic feature of smartphones, of course, but users might do well to remain aware of how these devices can lead them into temptation with respect to compromising their own privacy.
Missouri healthcare provider experiences data breach.
BJC HealthCare has disclosed that its records were breached in March. The compromise occurred when three employees' email accounts were hacked, and the attackers used those accounts to pivot into other parts of the system. Not all of BJC HealthCare's facilities were affected, but patients who visited eighteen of the group's hospitals are believed to have their data at risk. BJC is notifying patients who may have been affected, KMOV4 reports. The information at risk includes "names, dates of birth, medical record or patient account numbers, and limited treatment and/or clinical information, such as provider names, visit dates, medications, diagnoses, and testing information."
Privacy implications of COVID-19 contact tracing.
In the UK, the National Health Service is working to address privacy concerns about its app. NHS intends to form an ethics board to oversee use of the data it collects, and, the Guardian adds, NHS is mulling the establishment of a sunset clause that would lead to deletion of the data once they're no longer needed. But concerns remain about the security of the information that will be held in the central data repository however long NHS needs to retain it.
India's government has denied that its own contact tracing system, the Aarogya Setu App, has a vulnerability that exposes the data it collects to compromise. Outlook India reports that the government evaluated the claims of a French white hat hacker to having found that Aarogya Setu would expose sensitive personal information. The government's answer to the research points out that much of the information the researcher complained about, including certain forms of geolocation, were already public, and that in other respects the data were properly secured.
Work life after the pandemic: expect social distancing and surveillance to continue.
Most of the discussion of the effects of the pandemic on cybersecurity have focused on the vulnerabilities widespread adoption of telework have exposed to attackers. But those who expect a swift return to the pre-pandemic workplace may be disappointed. In an interview with the CyberWire, Unisys CISO Mathew Newfield said that resumption of ways of doing business that prevailed as recently as January may be unlikely. "A lot of organizations are seeing not only success with that but improved performance, improved efficiencies and improved morale where there are areas that may have heavy commute times," he said, adding that "one of the interesting things that's also happening is that, a lot of financial executives are looking at the cost per employee to keep them in an office as compared to keeping them at home. So I think you're going to see not the number stay where it is now, which is that 90 to 100% work from home, but I don't think we're going to get back to that 13 to 17%" that prevailed before the COVID-19 emergency.
The expectation that social distancing practices may prove surprisingly enduring are not confined to the US. The Financial Express says that social distancing is expected to linger in India, and similar persistence may be found elsewhere as well.
In the workplace or in the home office, the Wall Street Journal predicts that enhanced surveillance adopted to enable businesses to reopen are unlikely to go away once they've accomplished that mission. These security measures are for the most part designed to track employee health and infection transmission, and they may well be retained to deal with future epidemics.