Anatomy of a Data Breach: And What to Do if it Happens to You

Google failing to scrub abortion access in location history, study claims

Nearly 16 months after Google announced a policy change to remove location data that could reveal users’ physical trips to abortion clinics and other potentially sensitive medical centers, a nonprofit has alleged in a new report that the company is failing to do just that.

The findings, which were immediately disputed by Google, could impact whether Americans feel they can privately search for and access abortion care in several states across the US, should their digital activity be requested by law enforcement as evidence of a crime. In June 2022, the US Supreme Court overruled its 1973 decision of Roe v. Wade, which had, for decades, conferred the public’s constitutional right to choose to have an abortion; many states have now banned the procedure.

In a press release issued by Accountable Tech, which conducted the study, executive director and cofounder Nicole Gill lambasted Google for its alleged failure to keep users safe from the weaponization of their location data.

“Knowing they are complicit in the criminalization of essential care, Google has made promises to improve their privacy policies,” Gill said in a press release. “But proof that they continue to fall short makes it clear that they cannot be trusted to protect the millions of users who rely on their products everyday.”

But in responding to a report from The Guardian, which claimed to have exclusively reviewed Accountable Tech’s research, Google pushed back.

“We are upholding our promise to delete particularly personal places from Location History if these places are identified by our systems—any claims that we’re not doing so are patently false or misguided,” said Marlo McGriff, director of product for Google Maps.

At heart is whether Google is doing as it said it would in July 2022—auto-deleting location history entries for users who visit “medical facilities like counseling centers, domestic violence shelters, abortion clinics, fertility centers, addiction treatment facilities, weight loss clinics, cosmetic surgery clinics, and others,” so long as Google’s internal systems detect such a visit.

According to Accountable Tech’s study, which ran eight experiments in seven different states, “Google retained Location History data about 50% of the time.” For its research, the nonprofit purchased new Android phones and set up default privacy settings before physically traveling to Planned Parenthood locations. In four of the eight visits to Planned Parenthood clinics, Google deleted the name of the clinic in the user’s location history, but the route that was traveled remained.

The study also claimed that location searches were not deleted, sharing a screenshot from a user’s “Web & App activity timeline” that showed the text:

“Directions to Planned Parenthood – Locust Street Surgical Center, 1144 Locust St, Philadelphia, PA 19107.”

In responding to examples from Accountable Tech’s study that The Guardian shared, Google Maps director of product McGriff explained that Google’s systems did not detect that a user had visited a Planned Parenthood, and so the route to and from that Planned Parenthood was not deleted.

Google’s 2022 policy change was a direct response to the US Supreme Court’s decision in Dobbs v. Jackson Women’s Health Organization, which placed the legality of abortion access in the control of individual states.

As of early this year, 14 states, including Louisiana, Alabama, Idaho, and Indiana, have banned abortion in nearly all circumstances, according to The New York Times. An additional seven states have placed additional restrictions. The changes have pushed countless residents to leave their homes or violate state laws to seek healthcare.

When the Lock and Code podcast spoke with two experts in digital privacy and law from Electronic Frontier Foundation, both agreed on how the public could more safely navigate a post-Roe America: Say less.

Less than one month after recording that podcast, Facebook reportedly delivered messages to law enforcement that were between a mother and daughter who were under investigation for allegedly aborting a pregnancy.

Accountable Tech’s CEO Gill said this is the new landscape that Americans face.

“In post-Roe America, prosecutors are looking to Big Tech to help them build cases against abortion seekers by providing the data to track their every movement,” Gill said. “We deserve to have power over our own data, and we must fight to prevent a handful of powerful Big Tech companies from weaponizing our private information against us.”

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

   Read More 

Malwarebytes 

Why All-in-One Platforms Are the Future of Cybersecurity

Once upon a time, I.T. security teams depended on hodgepodges of different cybersecurity solutions from various vendors. However, these multivendor tech stacks became prohibitively costly and complex to integrate and manage, creating gaps for threat actors to exploit.

In an upcoming webinar for MSP and SME leaders, Cynet experts will explain how these challenges are driving unprecedented demand for “All-in-One” cybersecurity solutions.

An All-in-One Cybersecurity Platform consolidates virtually all the capabilities that IT security teams need, on a single platform. The advantages enabled by this unified approach are especially impactful for:

MSPs aiming to tap into lucrative demand for cybersecurity services.

SMEs guarding against the same threats as Fortune 500 companies, but with a fraction of the resources and personnel.

1. Simplicity

It’s a complicated and time-intensive task to integrate an array of standalone cybersecurity products. Cynet’s All-in-One Cybersecurity Platform, on the other hand, a purpose-built unified full suite of security capabilities on a single, simple platform.

This allows MSPs and SMEs to replace multiple cybersecurity tools, maximizing ROI while facilitating more effective breach protection.

As a result of this simplicity, Cynet’s partners are able to evolve from an MSP into an MSSP in just 24 hours. For SME IT leaders, who often head teams of IT generalists, Cynet’s single-platform approach eases the burden of training and maintenance, freeing up valuable time and resources.

2. Speed

In practice, the simplicity of an All-in-One solution translates to speed. Effortless integration empowers MSPs to efficiently onboard new customers without significantly increasing their security operations headcount. SME IT teams, too, can reclaim time spent on manual integration for revenue-generating activities.

Once deployed, end-to-end automation minimizes the risk of human error while reclaiming time for analysts to focus on revenue-generating priorities.

For Cynet’s MSP partners, faster response times and better protection boost client satisfaction, reducing churn and increasing recurring revenue.

SMEs are able to automatically contain incidents, minimizing downtime and operational issues due to an outage.

This combination of seamless integration and end-to-end automation, All-in-One Platforms accelerate time to value.

3. Scalability

With Cynet, MSPs can scale their security offering as quickly as their client base expands without wasting time and effort on infrastructure upgrades. But that’s not all. The upcoming webinar will unpack how the All-in-One Platform even empowers Cynet partners and customers to scale their teams’ skills. 

That’s because it’s backed by built-in 24/7 MDR support from CyOps, Cynet’s in-house team of world-class security analysts. By tapping CyOps to scale their own team’s skill—without adding costly headcount—MSPs can bolster their clients’ security posture while facilitating on-demand support. If an incident occurs, CyOps acts as an extension of the Cynet partner or customer’s security team to expedite resolution.

Unparalleled performance & protection

From a capability standpoint, don’t be fooled into thinking consolidation compromises performance. Cynet’s All-in-One Cybersecurity Platform made history in the most recent MITRE ATT&CK Evaluations.

For the first time ever, a vendor achieved 100% Visibility and 100% Analytic Coverage — with no configuration changes. Partners and customers get record-breaking performance right out of the box.

Activating All-in-One advantages

By consolidating tools, automating tasks, and enhancing efficiency, the All-in-One approach to cybersecurity empowers MSPs to maximize their margins. Similarly, SME users get enterprise-grade protection with one cost-effective solution.

Sign up for a demo to unlock these advantages for your organization — with the simplicity, speed and scalability only Cynet’s All-in-One Cybersecurity Platform can enable.

The post Why All-in-One Platforms Are the Future of Cybersecurity appeared first on Cyber Security News.

 Read More