In a world where smartphones and tablets dominate, mobile devices are essential for most of us. They provide instant access to information, connect us to friends and family, and support numerous daily tasks. However, a significant issue remains: while these devices are designed to be secure, how private are they really? This post explores the delicate balance between security and privacy on mobile devices, offering practical advice for navigating this complex landscape. Understanding Mobile Device Security Mobile device security focuses on protecting user data from threats lurking outside. Features like fingerprint recognition, face ID, and strong encryption stand out as advancements that enhance security. In fact, a report by Cybersecurity & Infrastructure Security Agency (CISA) noted that over 90% of new smartphones now offer biometric features, providing a strong shield against unauthorized access. Yet, this strong defense doesn't address one key element: users often give up a lot of personal information by using various apps. For example, a recent study found that 82% of mobile apps request access to location data. When users agree to these permissions, their privacy can be undermined, even when security measures are in place. The Privacy Dilemma The main issue with privacy arises from the widespread data collection by mobile applications. Many smartphone apps track user activity, preferences, and even personal messages without clear consent. Think about social media apps that not only gather location but also analyze your online interactions. According to a 2022 report by the Electronic Frontier Foundation, 56% of popular apps leak private user data to third parties, primarily for targeted marketing efforts. This trend of data monetization raises alarm bells. People are left uncertain about how their personal information might be used. This lack of transparency can lead to feelings of vulnerability, knowing that what they share may be used in ways they never intended, often leading to unwanted ads or even data breaches. Balancing Security and Privacy With the overlap of security and privacy issues, you might wonder how to protect your data without losing the convenience of your mobile device. Here are some effective strategies to help you find that balance: Review Permissions Regularly: Check app permissions on your device often. Remove access from apps that ask for more than necessary, like a weather app that requests your location all the time when it only needs it to provide forecasts. Choose Encrypted Services: Use apps for messaging and file storage that prioritize encryption. For instance, encrypted platforms like Signal and Telegram keep your conversations private, even if data is collected. Adjust Privacy Settings: Go through the privacy settings on your mobile device. Many systems, like iOS and Android, offer options to limit ad tracking and control location sharing—customize these to suit your comfort level. Stay Informed: Follow news on mobile security and best practices. Understanding newer threats allows you to make smarter decisions regarding app downloads and online activities. Navigating the Digital Landscape As our mobile devices advance, the struggle between security and privacy will remain. While improvements in security are evident, the continuous stream of data that users generate can invade privacy. It's crucial for users to be proactive. By staying educated and employing simple strategies, individuals can protect their personal information while still enjoying the conveniences offered by their devices. Finding this balance is key to addressing the ongoing Paradox of Mobile Device Security and Privacy. Detailing mobile device security features

As we move further into the 21st century, technological innovation is transforming our lives in ways we never thought possible. These developments are not just small changes; they fundamentally alter how we understand and interact with the world. This article explores 25 emerging technologies that are poised to shape our future, showcasing their potential implications and applications across various sectors. Generative AI Generative AI is changing the way we create content. This technology employs deep learning algorithms to generate text, images, music, and video. For instance, businesses are using AI to draft scripts for movies, reducing the time it takes to produce creative content. A study found that companies incorporating AI tools in their writing processes could increase productivity by up to 40%. With limitless creative possibilities, generative AI is paving the way for innovation across industries. Quantum Computing Quantum computing offers a leap forward in computational power by harnessing the principles of quantum mechanics. Unlike classical computers, which handle information in binary, quantum computers use qubits, allowing them to solve problems exponentially faster. For example, in drug discovery, quantum algorithms can simulate molecular interactions in minutes, a task that might take traditional computers years. This capability could potentially expedite the development of life-saving medications and therapies. 5G Expansion The rollout of 5G technology is set to enhance global connectivity like never before. With speeds up to 100 times faster than 4G and significantly lower latency, 5G will enable groundbreaking applications. For example, autonomous vehicles rely on real-time data sharing to navigate safely. In smart cities, 5G connectivity can optimize traffic management and improve public safety systems. Experts predict a 25% decrease in traffic accidents in urban areas with widespread 5G adoption. Virtual Reality (VR) 2.0 Virtual reality is evolving beyond gaming to change education and healthcare. VR 2.0 employs improved sensory experiences to fully immerse users in digital environments. In education, VR allows students to explore ancient civilizations or conduct virtual science experiments, which studies have shown improves knowledge retention by 30%. In healthcare, VR simulations train medical professionals, leading to enhanced skills and reduced errors in real-world applications. Augmented Reality (AR) Augmented reality superimposes digital information onto the real world, creating interactive experiences. In retail, AR apps allow customers to visualize how clothing fits without trying it on, potentially reducing return rates by as much as 30%. In education, AR tools help students learn anatomy by visualizing 3D models, making complex subjects more accessible and engaging. By bridging the digital and physical worlds, AR enhances user experience and engagement. Autonomous Vehicles Autonomous vehicles represent the future of transportation and aim to reduce accidents caused by human error. With advanced AI and machine learning, these vehicles can navigate complex environments. A study projects that widespread use of self-driving cars could reduce road accidents by up to 90% and decrease urban traffic congestion, resulting in faster commute times for many individuals. As communities adopt these vehicles, urban transportation systems will become more efficient and sustainable. Blockchain Blockchain technology provides a secure, transparent method for recording transactions. Its decentralized nature is valuable across various sectors, especially in finance. Beyond cryptocurrencies, blockchain can streamline supply chains by tracking products from manufacturer to consumer, reducing fraud by as much as 50%. Organizations leveraging blockchain technology can improve data security, making it a powerful asset for enhancing trust in digital transactions. Edge Computing With the increasing demand for real-time data processing, edge computing brings computation closer to data sources. This reduces latency and conserves bandwidth, essential for IoT applications. Industries such as healthcare can benefit immensely; for instance, real-time analysis of patient data can lead to quicker responses and improved care. Businesses that implement edge computing can see up to a 40% boost in operational efficiency, allowing for more timely and informed decision-making. Personalized Medicine Personalized medicine tailors treatments based on an individual's genetic makeup, enhancing treatment effectiveness while minimizing side effects. Advanced genomics and data analysis enable healthcare providers to create therapies aligned with patients' unique profiles. This approach could increase the success rate of cancer treatments from 25% to over 60%, significantly improving patient outcomes and satisfaction. Green Energy Technologies The shift to renewable energy sources is crucial in addressing climate change. Innovations in solar, wind, and bioenergy are making sustainable power more efficient and affordable. For example, the cost of solar panels has dropped by 89% since 2000, making them accessible to more households. By investing in green technologies, we can drastically cut carbon emissions and promote environmental sustainability, paving the way for a cleaner future. Solar panels harnessing renewable energy in a natural setting. Final Thoughts Emerging technologies are just the beginning of a broader transformation that will influence every aspect of our lives. Staying informed about these developments is essential as they redefine how we work, learn, and connect. By understanding and leveraging these technologies, we can navigate the rapidly changing landscape and prepare for a more interconnected, sustainable, and prosperous future. As we progress, the opportunities and challenges presented by these innovations remind us of the importance of adaptability and continuous learning in our fast-evolving digital world.

April saw historic market losses, with the Dow Jones plummeting due to the Trump administration's sweeping tariff announcements, which initially wiped out $5 trillion in market capitalization and hit tech giants hard. However, a 90-day tariff pause (excluding China, where tariffs increased) led to a market rebound, raising questions about a potential crash after the July 8 deadline. Tariffs on China remain complex. While China is a major tech manufacturing hub, crucial clarity arrived on April 11: smartphones and computers are exempt from these tariffs. This eased fears for much of the tech sector, though constant policy changes cause confusion. Despite exemptions, some consumer tech like the Nintendo Switch 2, if manufactured in countries where tariffs resume (e.g., Vietnam), could see significant price hikes. The situation highlights policy volatility, China's continued importance, and the need for supply chain diversification.

Shadow AI, the use of AI tools without IT department oversight, is causing concern among IT directors and executives, as revealed in a recent report. The survey of 200 IT leaders from large U.S. enterprises found that 46% are "extremely worried" about shadow AI, with 90% concerned about privacy and security issues. According to Krishna Subramanian of Komprise, shadow AI has led to negative incidents such as data leaks, false results, and legal risks, with 13% of respondents reporting financial or reputational harm. Shadow AI poses more significant challenges than shadow IT, as employees use tools like ChatGPT without realizing the risks of exposing company secrets. The rapid development of AI increases data risks, with AI becoming more autonomous. James McQuiggan of KnowBe4 highlights that shadow AI creates security blind spots due to lack of proper checks. Melissa Ruzzi of AppOmni warns that some AI applications may not secure data adequately or comply with regulations. Nicole Carignan from Darktrace predicts a surge in AI tools, raising concerns about data loss and compliance. This necessitates AI asset discovery for tracking AI use. Shadow AI's ease of access via free tools heightens the risk of data leakage. The rapid adoption of Gen AI services, driven by their low learning curve, adds to the challenge, as noted by Satyam Sinha of Acuvity. https://www.technewsworld.com/story/it-pros-extremely-worried-about-shadow-ai-report-179766.html - John P. Mello Jr.

The ransomware attack on Change Healthcare  in February that exposed more than 100 million records and caused widespread disruption of the U.S. healthcare system was the most significant data breach in the first half of the year, according to a recent a recent report by Kiteworks . The attack, in which an affiliate of the ransomware group BlackCat/ALPHV stole 4TB of data, highlighted once again that healthcare systems in the United States and elsewhere continue to be a top target of ransomware and other threat groups, according to the company, which specializes in secure email communication and last month raised $456 million to raise its valuation to $1 billion. In fact, five of the top 11 data breaches “Top 11 Data Breaches in 1H 2024 Report” were in the healthcare industry, ranging from companies like Change, which is a subsidiary of UnitedHealth Group, to healthcare consortium Kaiser Permanente, UK blood test management company Synnovis , and Australian prescription delivery service MediSecure. The rankings are based on Kiteworks’ new Risk Exposure Index, which not only calculates the number of records exposed and financial impacts when assessing the severity of an attack, but also such factors as the sensitivity of the data exposed, the number of regulations impacted, and the use of ransomware by the attackers. “Our findings reveal several alarming trends, from the rising prevalence of ransomware attacks to the vulnerabilities associated with third-party interactions and internal errors,” Patrick E. Spencer, vice president of corporate marketing and research at Kiteworks, wrote in the report, adding that it “highlights the critical importance of managing sensitive content communications across all sectors, especially as organizations increasingly rely on multiple communication tools and third-party services, which can create numerous entry points for cyber threats.” It’s not surprising that many on Kiteworks’ list were in healthcare. The industry for the past several years has ranked high among those targeted by bad actors. Cybersecurity firm Sophos in a report late last month noted the rate of ransomware attacks on such facilities has reached a four-year high , with 67% of organizations surveyed saying they were impacted by ransomware this year, up from 60% in 2023. The Change attack tied with the data breach on National Public Data at the most severe incident, with both garnering a rating of 9.46 on a scale of 10, according to Kiteworks. The list of healthcare breaches includes: 1. Change (9.46 ) :  The company processes payments, medical and insurance claims, and prescription orders for hospitals and clinics, so when systems were shut down following the ransomware attack, it rippled throughout much of the U.S. healthcare industry, from patients unable to get prescriptions to health facilities not getting paid. Federal agencies and Congress also got involved, with lawmakers pushing minimum cybersecurity standards  for healthcare providers and connected entities. 2. Synnovis (9.11 rating): The ransomware attack by the Qilin ransomware group in June on the UK pathology lab led to medical procedures getting postponed and patients being diverted to other facilities. Kiteworks said about 300 million records were exposed with the financial impact hitting $53.7 billion. 3. Kaiser  (7.6): Kaiser Permanente in April started alerting members of a data breach that exposed 13.4 million records that included such sensitive information as names and IP addresses of customers. The company said that the information was transmitted to third-party vendors like Microsoft Bing, Google, and X (formerly known as Twitter). Kiteworks placed the financial impact at almost $2.4 billion. 4. MediSecure  (7.56): The data of 12.9 million Australians who used the prescription delivery service was stolen by hackers in July in a ransomware attack. The sensitive data included users’ names, contact information, medical history, and prescriptions. The financial impact, which included ransom payments and legal fees, were more than $2.3 million according to Kiteworks, which last month introduced a refreshed MSP/MSSP program . 5. Cencora  (6.23): The pharmaceutical company in February was hit by a cyberattack that leaked more than 1 million records the Fortune 50 firm got via partnership with such drug makers as Bayer and Pfizer. The records included personally identifiable information (PII) and protected health information, the bulk of which was managed by a patient support services subsidiary. The financial impact of the breach – which included regulatory fines, legal fees, and the costs of improving security and notifying individuals – was $179 million, Kiteworks found. Other high-ranking data breaches involved telecoms and companies handling sensitive data: 6. National Public Data  (9.46): The company collects PII data from a broad array of publicly available sources and sells it to companies for such use cases as background checks and mobile apps. A data breach in April  exposed 2.9 billion records belonging to 1.3 million people. The information ranged from names and email addresses to Social Security numbers and phone numbers. The financial impact, according to Kiteworks, was more than $501 billion. 7. AT&T  (9.37): The giant wireless carrier sustained two breaches that exposed more than 110 million records. One, for which AT&T agreed to pay a $13 million fine, involved breach of a third-party vendor. The second one did as well , resulting from the high-profile breach of data cloud giant Snowflake. The Snowflake breach also led to one at Ticketmaster, which with an exposure rating of 8.79 also landed on Kiteworks’ top 11 list. 8. U.S. Postal Service  (7.31): The government agency reportedly shared the postal addresses of online customers with such vendors as Meta, LinkedIn, and Snap. Kiteworks said 62 million records were exposed and that the incident “points to vulnerabilities within governmental agencies managing public data.” 9. Evolve Bank  (6.83): The banking-as-a-service firm said it was hit with a ransomware attack in May that exposed the sensitive information of 7.6 million customers. The high-profile LockBit group  was behind the attack, which will have a financial impact of more than $1.3 billion, according to Kiteworks. 10. InfoSys McCamish Systems  (6.23): The IT services management company also was a victim of LockBit. The company earlier this year divulged the ransomware attack, which occurred in late 2023 and divulged almost 6.1 million records. Contributed by Jeffrey Burt / MSSP Alert

When it comes to cybersecurity, knowledge alone won't cut it against real threats. For big companies, Cyber range training stimulations offer an immersive, hand-on way to build skills and boost incident response. These advanced exercises mimic real-world cyber attacks, giving tams a safe space to test, learn, and sharpen their strategies. The Value of Cyber Range Training Simulations Cyber range training simulations are like flight simulators for pilots — they offer a realistic, risk-free setting where cybersecurity pros can practice and fine-tune their skills. These simulations come with several key benefits: Rapid Skill Development - With realistic scenarios, team members can quickly build and enhance their technical and strategic skills. Enhanced Incident Response - Teams can practice handling different cyber threats, cutting down reaction times and boosting coordination during real incidents. Identification of Weaknesses - Simulations reveal gaps in knowledge, processes, and technology, allowing for proactive fixes. Compliance and Readiness - Regular training helps organizations meet regulatory requirements and stay prepared for audits and assessments. Key Components of Cyber Range Training Simulations To get the most out of cyber range training, make sure to include these core components: 1. Realistic Scenarios - Create scenarios that mimic the real threats your organization might encounter, like phishing attacks, ransomware outbreaks, insider threats, or advanced persistent threats (APTs). Tailor these scenarios to your specific industry and context to keep them relevant and engaging. 2. Comprehensive Tools and Technologies - Utilize advanced tools and technologies to create a realistic and challenging environment. This includes: Advanced threat emulation: S imulate sophisticated attacks using cutting-edge tools and techniques. Network segmentation and isolation: Create isolated environments that mimic your organization's network infrastructure. Threat intelligence integration: Incorporate real-time threat intelligence to ensure scenarios are current and realistic. 3. Multi-Disciplinary Teams - Involve participants from different departments, like IT, security, legal, communications, and executive leadership. This ensures a well-rounded approach to incident response, mirroring the teamwork needed in real-world situations.

Small and medium businesses are at a higher risk of phishing attacks due to their limited cybersecurity resources compared to larger businesses.  The positive aspect is that by educating people to recognize and evade phishing emails, most security breaches can be prevented. Have you provided training to your employees? The majority of successful cyber attacks start with a person clicking on and downloading a harmful attachment from an email, direct message, or social media post. These phishing schemes can lead to the theft of passwords, which criminals can exploit to access confidential accounts and steal information or funds. Additionally, falling for phishing attempts can lead to the inadvertent downloading of malware that harms computer systems or the installation of ransomware that locks users out of their systems. 1. Discover existing training resources and educate staff on recognizing phishing attempts. You can utilize pre-made anti-phishing training materials provided by your IT provider, professional/industry organization, or a nonprofit organization free of charge. CISA provides numerous free resources tailored for small and medium-sized enterprises. Refer below for further details. Mandate employees to undergo training sessions and schedule regular refreshers to keep them informed on identifying the most recent fraudulent schemes. 2. Make sure employees are aware of the risks. Request your IT provider, or assign an employee as a security manager, to stay informed about cybersecurity developments. Have that individual provide you with updates on recent scams so that you can keep your staff informed in between training sessions. 3. Foster a culture of vigilance. Do not rely solely on annual training sessions. As a leader, taking the lead in promoting online safety practices is essential! Dedicate yourself to enhancing the security of your business by consistently emphasizing "cyber hygiene" just like you do with other workplace guidelines. Ensure that employees are aware of how and to whom they should report any suspicious emails or phishing attacks. Other Ways to Protect Your Business Online criminals are constantly seeking out vulnerable targets. Businesses that neglect basic security measures are putting themselves at risk. To enhance your defenses against malicious actors attempting to breach your systems or deceive your employees, consider taking the following steps:   Strengthen Your Business Security Safeguard your business, employees, and customers by adopting simple yet effective security practices and protocols.   Enforce the Use of Strong Passwords Implementing robust password requirements is a straightforward method to shield your business from cybercriminals who could otherwise infiltrate your accounts through guesswork or automated hacking tools.   Implement Multifactor Authentication Utilizing additional layers of security beyond passwords—such as SMS codes, authenticator apps, biometrics, or access cards—significantly enhances the security of an account compared to relying solely on passwords!   Keep Business Software Updated Vulnerabilities create opportunities for cybercriminals. While software developers release patches to address these weaknesses, it's crucial that you install these updates to fortify your defenses. Many small businesses operate with outdated software due to the absence of dedicated IT personnel to manage updates. Contact us today for help at 954-491-9779

Today’s MSSP Alert Market News: 1. Malicious Activity Rises After CrowdStrike Outage:  Bolster , a phishing protection company, announced that CheckPhish, its free phishing and scam detection site, has detected a spike in malicious activities , with more than 40 phishing and phony lookalike domains created in the first 24 hours following the CrowdStrike software incident. Bolster has identified multiple types of phishing scams already, from malicious domains offering technical or legal support, to CrowdStrike crypto tokens, and sites still under construction. The CheckPhish community has created a growing list of CrowdStrike typosquats , the company said.

Cyberattacks are big news. Reports of attacks at large, well-known companies or local government offices make headlines on a seemingly constant basis. For those following cybersecurity a bit more closely, the view isn’t too different, with cybersecurity news outlets’ coverage of top breaches dominated by household names like Mailchimp, MGM, Activision and 23andMe. Based on what gets reported, it wouldn’t be unreasonable to assume that cybercrime is a far bigger problem for Wall Street than for Main Street. Unfortunately, nothing could be further from the truth. In a 2023 blog, CISA reported that small businesses are three times more likely to be targeted by threat actors than larger organizations. And these SMB attacks represent billions of dollars in losses each year. That’s a key reason why SonicWall is so committed to researching and publishing the latest threat intelligence. With SMBs making up 80% of our end users, our data presents a view of the threat landscape unlike what you’ll find anywhere else — one centered less around large multinational conglomerates, and more on businesses just like yours. 2023’s Top Trends Perhaps the biggest trend we observed in the 2023 landscape was acceleration. SonicWall Capture Labs threat researchers noted increased attack volumes nearly across the board. Malware jumped 11% year-over-year, with encrypted threats up 117% and cryptojacking up 659%. This trend bore out on a regional basis as well, with attack volume increases outpacing decreases nearly 3 to 1. Rather than the relentless push and pull of outside forces we’ve seen at work over the past several years, we saw threat actors in 2023 sticking with tried-and-true methods. While one would expect increasing malware attack volumes and persistently high phishing levels to be accompanied by high rates of new malware, we found the opposite to be true: Never-before-seen malware detections actually fell 38% year over year. But this doesn’t mean threat actors weren’t refining their craft. SonicWall researchers observed the emergence of Microsoft OneNote files as an initial threat vector, as well as massive campaigns targeting vulnerabilities in WinRAR and MOVEit. Our data continued to reflect vulnerabilities as the most common ransomware vector — and this will likely remain the case as the number of vulnerabilities continues to climb. A record 28,834 CVEs were published in 2023, a 15% increase over 2022’s numbers. In December, SonicWall’s threat researchers discovered and responsibly disclosed CVE-2023-51467, a vulnerability affecting ApacheOFBiz. Large numbers of exploitation attempts have since been observed. Other campaigns displayed a similar level of innovation. Novel phishing campaigns driving targets to highly convincing Microsoft Outlook and American Express login pages were observed, along with phishing campaigns utilizing QR codes to bypass file scanning technology. Cybercriminals took advantage of inflation and uncertain economic conditions to launch fraudulent loan apps packed with spyware functionalities and credential-theft capabilities. And Google scripts embedded in PDFs were weaponized to commit cryptocurrency theft, demonstrating the need for heightened vigilance even in seemingly trusted environments.

In today's digital age, cybersecurity has become a crucial aspect of running a successful business, regardless of its size. Small businesses, in particular, are often targeted by cyber threats due to their perceived vulnerabilities. As a professional aiming for success, safeguarding your business against cyberattacks should be a top priority. Let's delve into the world of cybersecurity for small businesses and explore essential practices to ensure your business stays protected. Understanding the Cyber Threat Landscape Cyberattacks come in various forms, ranging from phishing emails to ransomware attacks, with the potential to disrupt operations and compromise sensitive data. Small businesses are increasingly becoming prime targets for cybercriminals, emphasizing the need for robust cybersecurity measures. Recognizing the prevalent threats is the first step towards implementing effective cybersecurity strategies. Key Cybersecurity Practices for Small Businesses 1. Employee Training and Awareness Educating your employees on cybersecurity best practices is fundamental in fortifying your business's defenses. Conduct regular training sessions to raise awareness about phishing scams, password security, and the importance of reporting suspicious activities promptly. 2. Implementing Secure Network Infrastructure Securing your network infrastructure is paramount to prevent unauthorized access to critical data. Utilize firewalls, encryption protocols, and secure VPNs to safeguard sensitive information from external threats. 3. Regular Software Updates and Patch Management Keeping your software and systems up to date is crucial in mitigating security vulnerabilities. Regularly install software updates and patches to address known security flaws and enhance the overall resilience of your IT infrastructure. 4. Data Backup and Recovery Establishing a robust data backup and recovery plan is essential to mitigate the impact of potential data breaches. Regularly back up your business data to secure offsite locations and implement a comprehensive recovery strategy to minimize downtime in the event of an attack. 5. Access Control and Password Management Enforce strict access control policies within your organization to limit employee access to sensitive data based on job roles. Implement multi-factor authentication and strong password requirements to enhance security across all user accounts. Cybersecurity is a Continuous Journey Cybersecurity is not a one-time effort but a continuous journey that requires vigilance and adaptation to evolving threats. By prioritizing cybersecurity within your small business, you not only protect sensitive data and maintain business continuity but also build trust with your customers and stakeholders. Conclusion In conclusion, cybersecurity plays a pivotal role in the success and sustainability of small businesses in an increasingly digital world. By proactively implementing cybersecurity best practices, you equip your business with the necessary tools to mitigate risks and thrive in a secure environment. Remember, investing in cybersecurity today is an investment in the future of your business. Stay informed, stay protected, and stay ahead in the realm of cybersecurity! Blog Keywords: Cybersecurity for Small Businesses Small Business Cybersecurity Best Practices Data Security Measures for Professionals Cyber Threats in Business Environment Importance of Employee Cybersecurity Training

 Jun 07, 2023  Ravie Lakshmanan Privacy / Technology Microsoft has agreed to pay a penalty of $20 million to settle U.S. Federal Trade Commission (FTC) charges that the company illegally collected and retained the data of children who signed up to use its Xbox video game console without their parents' knowledge or consent. "Our proposed order makes it easier for parents to protect their children's privacy on Xbox, and limits what information Microsoft can collect and retain about kids," FTC's Samuel Levine said . "This action should also make it abundantly clear that kids' avatars, biometric data, and health information are not exempt from COPPA ." As part of the proposed settlement, which is pending court approval, Redmond has been ordered to update its account creation process for children to prevent the collection and storage of data, including obtaining parental consent and deleting said information within two weeks if approval is not obtained. The privacy protections also extend to third-party gaming publishers with whom Microsoft shares children's data, in addition to subjecting biometric information and avatars created from a children's faces to the privacy laws. Microsoft, per the FTC, violated COPPA's consent and data retention requirements by requiring those under 13 to provide their first and last names, email addresses, dates of birth, and phone numbers until late 2021. Furthermore, the Windows maker is said to have shared the user data with advertisers by default until 2019 when consenting to Microsoft's service agreement and advertising policy. "It wasn't until after users provided this personal information that Microsoft required anyone who indicated they were under 13 to involve their parent," the FTC said. "The child's parent then had to complete the account creation process before the child could get their own account." Microsoft, however, chose to retain data collected from children during the account creation step for years even in scenarios where a parent did not complete the signup process, thereby contravening child privacy laws in the U.S. The company has further been accused of creating a unique persistent identifier for underage accounts and sharing that information with third-party game and app developers and explicitly requiring parents to opt out in order to prevent their children from accessing third-party games and apps in Xbox Live. Xbox, in response , said it's taking additional steps to improve its age verification systems and to ensure that parents are involved in the creation of child accounts for the service. It did not disclose the exact specifics of what such a system may be. UPCOMING WEBINAR 🔐 Mastering API Security: Understanding Your True Attack Surface Discover the untapped vulnerabilities in your API ecosystem and take proactive steps towards ironclad security. Join our insightful webinar! Join the Session It also blamed some of the issues to a technical glitch that failed to "delete account creation data for child accounts where the account creation process was started but not completed," emphasizing that the data was promptly deleted and never "used, shared, or monetized." This is not the first time a video game maker has been fined by the FTC over COPPA violations. In December 2022, Fortnite developer Epic Games reached a $520 million settlement with the agency in part for flouting online privacy laws for children. The fines come as Microsoft disclosed it anticipates fines to the tune of "approximately $425 million" from the Irish Data Protection Commission (DPC) in the fourth quarter of 2023 for potentially violating the European Union General Data Protection Regulation (GDPR) to serve targeted ads to LinkedIn users. The development also comes close on the heels of the FTC levying Amazon a cumulative $30.8 million fine over a series of privacy lapses regarding its Alexa assistant and Ring security cameras. Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.

By Kurt Mackie 06/05/2023 Microsoft 365 services, including Exchange Online and the Outlook on the Web App, were disrupted on Monday, June 5 due to a problematic Microsoft service update, per a "Microsoft 365 Status" Twitter post series . The problems also were noted in this Reddit thread . The issues, extent of the problems, and whether or not they have been resolved, all were not clear at press time. Beyond the publicly available Microsoft Twitter posts, which offered little information, Microsoft only described the incident as "MO572252" in the Microsoft 365 Admin Center portal, which only gets seen by the IT pros managing the account. The MO572252 Message Center announcement combines two previously issued incident notices, which were labeled "MO571683" and "EX571516." Microsoft had reverted the supposedly problematic update and reported seeing a "service improvement." However, the problems apparently happened again on June 5. Here's how the team expressed that notion: We've determined that impact associated with MO571683 and EX571516 has reoccurred and are investigating the cause. We'll be providing updates related to this event under MO572252 in the admin center. The downtime interval was not too clear per the Downdetector.com site , which uses a crowd-sourcing approach to detect service issues. It showed a spike in complaints at about 7:00 a.m. (likely Eastern Time), with 85 percent attributing the problems to Outlook. Microsoft's reports, though, suggested that Teams, SharePoint Online and OneDrive for Business services were affected, too. Exoprise, a services-monitoring company that uses sensors to detect outages, described the Outlook service issues as occurring at around 10:00 a.m. or 10:22 a.m. on Monday "in various locations." Its sensors detected the disruption two hours before Microsoft's first report. Exoprise's data indicated that "the outage was affecting everyone" and it affected "most Microsoft Office 365 services." An Exoprise crowd-sourcing service also suggested that the outages were "felt across a lot of infrastructure." Microsoft's last Twitter report was time stamped at 1:15 p.m. on June 5, which is when it reported a reoccurrence of the problems. No resolution was described. The Outlook service problems seem to have lasted about three hours, at least.