Friday 30 December 2016

Weekly News Roundup



Too busy working all week to keep up with the most interesting stories coming out of the technology and security industries? Below are our recommendations for a round-up of the top stories happening now that you need to know.
  1. New cybersecurity guidelines for medical devices tackle evolving threats
This week the FDA released recommendations for how medical device manufacturers should maintain the security of internet-connected devices. Read more…
In response to the Russian cyber attacks on the US, President Obama expelled 35 Russian intelligence operatives and sanctioned five Russian entities and four individuals for an alleged cyber assault during the 2016 presidential campaign. Read more…
As we round out 2016, there was another massive DDoS attack a few days before Christmas, and this one is one of the largest DDoS attacks on record.  What’s new with this attack is that it introduces a new malicious network called Leet Botnet. Read more…
This week it came out that researchers find flaws in many major travel booking systems that are lacking a proper way to authenticate air travelers, which makes it easy for hackers to alter flight details or steal sensitive personal data. Read more…

Posted by at No comments:
Labels: , , , , ,

Thursday 29 December 2016

Do You Know Who Actually Owns Your Data in the Cloud?



As stories of breaches continue hitting the headlines, especially targeting cloud stores and user’s data, passwords, credit cards, and email addresses have become the prized target for cyber criminals all over the world.
In a lot of these cases the information was encrypted, as industry standards recommend. This doesn’t mean hashed, but truly encrypted, with keys that means unless a would-be thief also manages to access the key store then your information is safe. Or at least it should be!
However, when we take closer look in to the statement, “then your information is safe,” there are two parts we need to understand. The first is a relatively simple one. Safe from whom? If a thief, then yes. If your keys themselves are secured, then your information should be safe. However, a lot of hacks seem to come from an internal source to where the information is being held, such as from an unhappy employee, an ex employee who was recently let go, or even an employee who has an axe to grind. The disgruntled employee can use inside knowledge to share a virus, share documents with rivals or misuse company and personnel data. If this organization is a cloud store or service provider that also holds and owns your encryption keys, then in any one of these cases your information is far from safe.
For example, there have been many stories about the sharing of celebrity nude photos in the past couple of years that have made individuals and companies wonder about the security of data stored in the cloud and ask such questions as: Is the data encrypted at the server, while in transport? What level of encryption is used and how much authentication is performed? Because another employee could also have access to the keys to the cloud store your information is in, then your data is no longer encrypted. This is not as far-fetched as it may seem. This has been the case for many breaches over the past few years.
The above scenario is about data theft, when an individual or individuals go out to steal data for their own gain. But what about those scenarios when a government or legal authority decides that they need access to your corporate information? This is not necessarily theft, but it can be unwanted access despite being in the public interest. According to the US’s Communications Assistance for Law Enforcement Act (CALEA), a “communications provider” of any size must allow government agencies access to data. The service providers are not told why the data is needed, only that they must comply.
Government should have the right to do this, as this often has secured us all from many security threats. The question here though is one of accountability. If your supplier owns your security, then they are obliged to pass over not just the documents, but also the keys that allow this information to be decrypted. All of this is happening without your corporate knowledge! The issue is not that the government has access; the bigger threat is lack of knowledge about where corporate data is headed. That is why many tech companies are taking a strong stance on what user data they share with the government and it will continue to be heavily debated moving in to 2017. One possible solution would be if you, as an individual, had ownership of your security. Then the government department could come to you directly, giving you the opportunity to directly pass this information across with full knowledge and the accountability that goes with that.
In summary, if you pass your security to a third party, and they own and store your encryption keys, then you have lost control of your information. It is imperative that you own and store these separately from your cloud suppliers. If you do not, then your information can be stolen or subpoenaed without your knowledge.
Posted by at No comments:
Labels: , , ,

Tuesday 27 December 2016

Breaches Are Booming: Are Industry Cybersecurity Standards Enough?


As we round out 2016, looking back on the year, there was a record-breaking number of cyber-attacks. From attacks on huge companies to global banks and U.S. government breaches, no institution is immune whether public or privately run.
With new hacks happening on an almost daily basis, it is clear we are in a security revolution – one where hacking has evolved from being carried out by novices to organized and professional criminals. The sheer number of different tools to carry out an attack, their complex nature and evolving character have made them difficult for institutions to stay protected. There are some regulations in place like HIPAA, PCI DSS and ISO that offer standards for how to conduct security, and there are also industry best practices that have become accepted as proper procedures; however, these serve more as a guideline and there are still many ways for institutions to respond to their security approach. For example, many have adopted firewalls, encryption, multi-factor authentication, data access controls, and security patches as tools to protect against security attacks, but are these standards enough?
Let’s use some of 2016’s top breaches to take a deeper look.
In the wake of two major breaches, Yahoo has maintained that they have invested in security. “Over the course of our more than 20-year history, Yahoo has focused on and invested in security programs and talent to protect our users,” Yahoo said in a statement to Reuters. “We have invested more than $250 million in security initiatives across the company since 2012.” However, despite the fact they invested in security to protect their users, passwords and user information was still stolen.
Banking systems were hit hard this year. Hackers in 2016 stole equivalent to $31 million from accounts that banks keep at Russia’s central bank and hackers stole $101 million from Bangladesh’s central bank. They gained access to SWIFT and the bank robbers made five transfers out of Bangladesh Bank’s account at the Federal Reserve Bank of New York. Though they tried to steal $951 million, the Feds cut them off before completing their hack.
The banking industry has proposed rules regarding cyber risk management standards that go beyond existing requirements and best practices. They have protocols like firewalls and encryption standards in place as regulations required, yet it is clear hackers are still finding ways to penetrate their networks.
Also take the U.S. presidential election. Governments house a lot of sensitive information and we have all heard recently about the email systems, what can and can’t be sent from different servers and industry standard tools that keep them protected. Nevertheless, the U.S. elections and the DNC systems were hacked this year (and we are still figuing out the details around it months later).
All these breaches have one thing in common – they were all using security best practices that are industry accepted.
Cybersecurity protection efforts have largely fallen on private sector institutions, but many government officials and security experts believe not enough is being done and more standard regulations are needed. The current federal regulations in place don’t specify what cybersecurity measures must be implemented and require only a “reasonable” level of security, which leaves room for interpretation. However, as the number of security breaches and threats continue to rise, it is time we start to take a closer look at the standards we are using and re-evaluate what tools are needed to keep information protected from. Cyber hacks have become more complex and it is time we figure out how to flip the switch on them as well.
Posted by at No comments:
Labels: , , , , ,

Friday 23 December 2016



Too busy working all week to keep up with the most interesting stories coming out of the technology and security industries? Below are our recommendations for a round-up of the top stories happening now that you need to know.
  1. New York Rewriting Cybersecurity Rules After Banker Pushback
    New York’s Department of Financial Services is rethinking its controversial cybersecurity regulation just a weeks before it was to take effect. The department will be publishing revised rules on December 28. Read more….
  2. Trump Threaten Electronic Rights, EFF Warns
    Moving into 2017 with a new leader in charge, the Electronic Frontier Foundation is worried that means more surveillance on activities and laws to curtail our electronic rights. As preparation, they are advising the tech sector to use end-to-end encryption for every transaction by default and to scrub logs. Read more…
  3. This Android Malware Ties Russian Intelligence To The DNC Hacks
    New updates in the news surrounding belief of Russian influence in the U.S. presidential elections with mounting evidence. It came out this week that security researchers found a link in the Russian military and the DNC hack though a malware used in an Android app used on Ukraine’s military. Read more…
  4. ‘Alice’ Malware Loots ATMs
    There is malware out that is designed to empty out cash from ATMs named Alice. It appears Alice has been around since October 2014. Researchers are still trying to figure out more about the malware and the extent of its reach. Stay tuned and read more…
  5. Wells Fargo’s Failure to Authenticate Led to Sham Accounts
    More questions are coming up after the fraud scandal at Wells Fargo as points to a bigger problem going on. How were thousands of employees able to open bogus accounts, and in some cases transfer money out of real consumer accounts, all without the consumer being involved? Read more…
Posted by at No comments:
Labels: , , , ,

Thursday 22 December 2016

Practicing Safe Banking: How to Keep Your Money Better Protected



There’s no denying that today people interact with money in a much different way than even just 10 years ago. Credit cards, mobile phones and the Internet have become the primary tools people use to manage and monitor their finances. Customers have tasted what it’s like to have anywhere, anytime access and the simplicity of checking their account balances, depositing money, paying bills and so on with the click of a button. While this new era of mobile banking brings convenience for customers, it also opens up their accounts to security risks, fraud and personal information.
With customers embracing mobile banking, they may be unknowingly revealing — via the Internet — all their account information, personal information and easy access to all of their financial assets in an unprotected and insecure way when they use their own devices or Internet to handle their money.
Below are several tips people should think about when they are using the Internet or mobile devices to manage their finances.
  1. Don’t save personal information, bank account numbers and passwords on your phone or computers. Never click “remember me” when logging into your accounts, regardless of if you’re on a computer website, your phone’s web browser or even your banking app on your phone. By doing so, gives the site or application a cookie that is easily open to misappropriation.
  2. Think about where you are banking from. For example, by using public Wi-Fi, it’s rather simple for someone to intercept your data in a man-in-the-middle attack. When accessing your bank account online, it is advisable to use your own Wi-Fi network that is setup with password protection. If you can’t do your banking at home, you can still check your account on the go, just make sure your device is using cellular data instead of Wi-Fi.
  3. Be conscious of mobile apps you download. It is important to read the privacy policies and understand what type of personal information an app can access before you click download.
  4. Check for encryption on bank websites. Look for a small lock icon somewhere on your browser, and URLs that begin with “https:” This means the site is secured and your data is encrypted.
  5. Don’t respond to emails that claim to be from your bank (or any other company) requesting your account details. No bank is ever likely to approach you this way to ask for personal information
  6. Make sure your security software is up-to-date, regardless of what if you are using a computer or mobile device. These updates come our for a reason, so they can help reduce the number of security holes in your systems.
  7. Use strong passwords for all your accounts. Create passwords that can’t be easily guessed by a human or computer. This typically means a password with 8 or more characters, including letters, numbers and symbols. It is also advisable to use different user IDs and passwords for your financial accounts and for any other sites you use online.
  8. Never use any of your Social Security number (or any other sensitive info, like a credit card number) as a password, user ID or personal identification number. This is one of the first things a hacker will try to use to get into your account if they somehow get access to this information.
  9. Change your passwords and PIN number frequently. Though this may seem like overkill, changing your login details every couple of months helps you ensure your information stays better protected from hacks and makes you more of a moving target to get.
  10. Be careful of what you post on social media. This may sound silly, but by posting personal information about yourself on your social tools can give criminals easy access to find more information about you and use it to their advantage.
  11. Be aware when using ATM’s (yes, these still are a thing!) Scammers often target an ATM and place a card reader over the card slot so they can copy your card details. This isn’t as easy with chip cards, but they also can have a camera on the machine to access the details required to skim your card. Always check the slot to make sure it has not been tampered with.
  12. Monitor your accounts. Regularly check in on your accounts to ensure all transactions are your own. If you find fraudulent or suspicious activity, immediately report it to your bank and they will put a hold on your card/take measures to secure your account and typically will cover your loss.
  13. To take it one step further, set up notification alerts. Many banks offer text or email notifications to alert customers to certain activities on their account.
  14. Sign out when you finish with online banking. This may sound easy, but you should always log out of your online banking session rather than let it expire. This will help reduce the chances of your session being hacked. Most banks will log you out automatically after you are idle for a couple of minutes, but logging out is still a good habit to get in to.
Posted by at No comments:
Labels: , ,

Monday 19 December 2016

2017 Predictions – What’s Ahead?



Every year experts turn to their magic crystal ball and share their thoughts on predictions they have for the upcoming year. Will we see the same trends from 2016 repeat themselves or we will see new ones develop in 2017? Below our experts from BOHH Labs weigh in on the discussion and offer their predictions for what’s ahead next year.
  1. People will start to take their own security seriously
Currently, we are seeing companies continuing to ignore security threats and taking a lazy, lip service approach to them. Moving in to 2017, we will see individuals starting to take their security online more seriously and demand that their organizations do so too when housing their data. People will start to realize their data is important and worth a lot of money for them, and they will start to demand that companies take better measures when housing their data and want it to be secure exactly in the way they look after their purses, wallets and tangible possession in the real world. However, only time will tell how companies will respond to this demand from their users.
  1. More legislation calls for banks to tighten in-house procedures
In 2017 we will see an increase in government security regulations for banks. Up until now, cybersecurity protection efforts have largely fallen on private sector institutions, but many government officials and security experts believe not enough is being done and more standard regulations are needed, especially for banks. The current federal regulations in place don’t specify what cybersecurity measures must be implemented and require only a “reasonable” level of security, which leaves room for interpretation. However, as the number of security breaches and threats continue to rise, government will start making more concrete standards of regulations banks should have in place to keep their customers’ data safe.
  1. We will find out the true state of security flaws in banks
Hacking of banks is booming. As the bank industry continues to be a target to hackers, we will start learning more about the true state of banks’ security flaws. Many banks have failed to adopt many of the industry accepted security standards that are not specifically enforced. Additionally, as banks are moving more operations to the cloud to meet customers’ mobile demands, we will start seeing what security standards they are lacking. For example, are they using two-factor authentication, encryption standards, etc.? As more breaches come out, we will find out just how much prevention measures banks have in place to keep their customers information safe.
  1. More security startups will come out of the woodwork
It is quite obvious that cybersecurity has been the most talked about issue for the last couple of years and there is no end sight. As people are looking to ramp up their security strategies, this market is hot to make a lot of money. As such, we will see more and more startups continuing to enter the market to capitalize on these profits and selling “new” and “innovative” solutions. According to the Cybersecurity Market Report from Cybersecurity Ventures, projections show $1 trillion will be spent globally on cybersecurity from 2017-2021. With lots of money still flowing in this market, 2017 will bring even more security startups out of the woodwork trying to outcompete one another for the game-changing solution.
  1. Yahoo will be sold in Q3 missing many zeros they were hoping for following the data breaches
Doubts of Verizon purchasing Yahoo have been circulating ever since news of Yahoo’s 2014 hack of 500 million users’ accounts. With a new hack revealed last week on Yahoo compromising 1 billion of its users, we predict Verizon will officially take its offer off the table. And that won’t be the only thing leaving Yahoo – we predict much of their advertising revenues will too. Due to the hacks, we predict Yahoo will move forward with getting bought by someone, but it will include a lot less zeros than Yahoo was looking for.
There you have it, our predictions on the trends for 2017. Let’s see how it all plays out.
Posted by at No comments:

Friday 16 December 2016

Weekly News Roundup


Too busy working all week to keep up with the most interesting stories coming out of the technology and security industries? Below are our recommendations for a round-up of the top stories happening now that you need to know.
Security breach déjà vu for Yahoo. It came out this week that there was another hack on Yahoo in 2013 different from the 2014 hacking of 500 million user accounts. The newly revealed hacking compromised more than 1 billion user accounts. Read more…
A new vulnerability was found in eight of Netgear’s most popular routers that has gone unpatched for months. On Tuesday, the company released beta patches for some of the models but is this enough? Read more…
For the second time this year, regulators didn’t pass Wells Fargo for a key regulatory test that was created after the 2008 financial crisis. Last April, regulators rejected the “living will” plans proposed by five major banks (including Wells Fargo). Wells Fargo is the only one of the five to fail its re-submission for their disaster-preparedness plan. Read more…
The insight on Russia’s involvement in the U.S. elections and its hacking efforts to influence the decision continue to be a hot topic this week. However, what do these events say about the future of government cybercrimes? Read more…
Great overview article on 2016 technology. It was a rough year for consumer technology, but on the bright side, there were some great improvements in several areas including Wi-Fi, encryption and virtual reality. Read more…

Posted by at No comments:

Tuesday 13 December 2016

5 Ways to Better Control Your Data in an Online World


According to a new report from the United Nation’s International Telecommunications Union (ITU), 47% of the world’s population is online. However, as the number of internet users increases, so does the number of cyber criminals. It is safe to say that the number one concern of individual users and organizations alike on the online world is cyber safety. Most everything we do daily connects to the Internet. This convenience of being online has become so ingrained in our lives that we have become a bit contradictory in the way we think about the security of our information.
In our physical world, we keep a close eye on our purses, wallets and tangible possessions in the real world, so why don’t we do the same in our digital one? While we password-protect our PCs and apply codes to unlock our mobile phones, we prominently leave sticky notes with the computer passwords above our desks and rush to click “remember me” when logging on to our various accounts. What we forget with living in an online world is that our data, everything from personal to financial, lives online as well and is easily accessible to fall into the wrong hands. The time has come for us to take some responsibility for our data and better behaviors to keep it more secure. Below are some tips on help you get started.
  1. Set data permissions:  Learn how to set up permissions on your data to keep others out of it.You ultimately have responsibility for your data. If your bank account is hacked, you may need to prove your password was protected and you did what was necessary to guard against a breach.  You must also be careful of the apps you download and if these apps do require a password, where else have you used the same one? Cognizant of this, we decide to pick a new password and check “Remember Me.”  This makes it easier for us, but doing so gives the site or application a cookie that is open to misappropriation.
  2. Less is more: Keep your most sensitive information on the fewest number of different computers or cloud-based tools as possible. Having fewer copies of your most sensitive documents helps keep it more protected. While the cloud provides convenience and ability to access information from multiple devices, are you really going to need to access all your bills, bank accounts, investment statements from anywhere? Disable Remote Desktop (RDP) unless you require these features. Additionally, it is best not to enable remote connections to your PC unless needed at the time. Instead, enable the remote connections when needed, and disable them when you’re finished
  3. Be conscious of where you access your data: Online tools and mobile device give us anywhere, anytime accessibility, but far too often, we don’t think too much about where we are accessing our data from. For example, by using public Wi-Fi, it’s rather simple for someone to intercept your data in a man-in-the-middle attack by first setting up a network and naming it “Free Wi-Fi;” Instead of simply connecting on, ask the restaurant or airport staff what the name of their network is. Better yet, learn how to tether your phone and turn it in to your personal hotspot to keep other prying people out.  Also keep in mind when traveling —if you sync your phone to rental car system, did you remember to wipe it before returning the car rather than trusting that the rental company will do it?
  4. Do you know your network?: Think about who you share your data with.  Be conscious of who is on your same network and what you share. An email sent to your HR person with personal information can easily be shared whether intentionally or accidentally—we’ve all done reply all when we only meant to reply to the sender.
  5. Encrypt your data: Add an extra level of security to your sensitive data. In our mobile world, this will especially help as your data goes back and forth in the cloud. While encrypting files can be a little difficult, it’s like anything else —practice makes perfect, and once it becomes a habit, it is easy.  Better yet, automatic authentication frees us from even thinking about it. Full data encryption solutions encrypt the entire hard drive from the operating system to all applications and data stored on it.  As information is read from the disk, it is decrypted and then any information written to the disk is encrypted in turn.  Without the encryption key, the data stored on the disk remains inaccessible.
While the Internet opens up endless possibilities to make our lives more convenient, it also can bring unwanted attention from others. Hopefully the above tips will help you fight off some of the tricks many cyber criminals use and enable you to take measures to keep your personal data protected.
Posted by at No comments:
Labels: , , , ,

Friday 9 December 2016

Weekly News Roundup


Too busy working all week to keep up with the most interesting stories coming out of the technology and security industries? Below are our recommendations for a round-up of the top stories happening now that you need to know.
Posted by at No comments:
Labels: , , , , ,

Thursday 8 December 2016

5 Ways to Stay Cyber Safe this Holiday Season



We have all heard the stories: People losing money in a cyber scam, a bankcard that has had to be replaced because it has been compromised, and many other ways that simply swiping our cards this holiday season put our finances at risk.
So, with the holidays right around the corner, what does it mean to be cyber safe and how can we all be more careful during this holiday shopping season? Being cyber safe means making sure that you are in control of your bankcards, not just online but also in the bricks and mortar worlds. Debit cards are not just stolen from a cloud!
Here are a few steps to protect yourself while you are out shopping for your near and dear:
  1. Make sure that when you purchase online you know the seller. If it is your first purchase from them, check other users feedback. It’s not necessary to get 100%, but two or three bad reviews over poor customer service or non-delivery should raise an alarm.
  2. Whenever you use your card online, do so on a secure network. This means that you should never input your card details if you are on a public Wi-Fi connection. These are NOT secure.
  3. When withdrawing cash at ATM’s (remember the days when it was used for everything?), security is not just about looking over your shoulder. Scammers often target an ATM and place a card reader over the card slot so that they can copy your card details. This is not as easy with a chip card, but they also can have a camera on the machine to access the details required to skim your card. Always check the slot to make sure it has not been tampered with.
  4. Passwords (yawn). Boring maybe. A necessity? Definitely. Also, the biggest hole in your security? Probably. Use different passwords for every site so that when one is hacked and your details are stolen, only that site is compromised, not all of them.
  5. Finally, and probably most importantly, remember security first. We use this every day in the real world even without thinking. We do not leave a credit card on a counter (well not often). We also do not go up to a stranger and give them our cards so that they can steal or copy them. We take responsibility for their care and the care of our money. Add this level of care to your Cloud life also. That way you stay in control and can minimize the risk to your information.
Doing these simple tasks can never guarantee your cyber safeness, but they can certainly mitigate the risks and enable you to have a more worry-free and enjoyable holiday season. Happy Shopping!
Posted by at No comments:
Labels: , ,

Monday 17 October 2016

How the Banks are Underwriting the Cloud


OK, so let’s start out by saying that I am neither a bank apologist nor someone who believes that banks do not have a lot to answer for.
Now that is said, let me move on.
When was the last time you had to have a replacement Credit or Debit card because your current one was compromised? Maybe the new one just appeared in the post? Or maybe you had noticed a few dollars that you could not account for on your statement? Whichever it was, any loss sustained was not paid for by you! No, your financial institution took that charge.
Chances are, they were also not at fault for the loss; It could have been the online store that you had been using or maybe your card details were stolen during a shopping trip on High Street. Or maybe you were using a free Wi-Fi service and went on to your favorite shopping site. During that visit, your computer could very easily have been compromised by that very helpful guy or gal sitting behind you…
Whatever the reason, it is unlikely that the banks were actually to blame. It is more likely that they are the true victims. We as the customer are inconvenienced, but that is all. The banks are out of pocket by 2 or 3 dollars, as well as the costs of the replacement card. Not a lot really, until you multiply that by the number of cards they replace each year. You then get to a very large number. So why are they doing it? My answer is going to have to be a guess as I have asked the question on a number of occasions but I have never received a real answer. This is understandable as the banks do not want to publicize how much online fraud really costs, especially as we all jump to the conclusion that it is they, not us, at fault. So here is my guess; Cloud banking and online purchasing is a growing business with billions of dollars of transactions taking place each year. The banks need this business as at the end of the day it streamlines how they work and cuts costs. But this is currently coming at an even larger expense, the reimbursement of fraudulent transactions. I believe the banks are betting on these being reduced over time and the cost savings then coming in to play.
If we really want a Cloud banking infrastructure and to be able to purchase on-line securely with little or no worries about having our transactions interrupted, then we need to help the bank! Yes, I know it is not a natural thing to want to do. But think about the consequences. The figures I have been speaking of are huge. At some point the banks will have to start to recharge them, so I am actually asking us all to help ourselves. Here are a few things we can do to make life a little safer:
Public Wi-Fi: If you do use the Wi-Fi in your local coffee shop, DO NOT use it to make purchases, input passwords or do anything private, unless you have installed and turned on a Virtual Private Network (VPN) which encrypts all data.
Connecting: When you connect to a public Wi-Fi, make sure that you know it is a real one. For example, if you see an Open Connection named “Freds Open Wi-Fi” or “My Favorite Coffee House Free Wi-Fi” or Even “Connect to Me Now!” Do not connect to it. It is more than likely not a safe one to use.
Only ever connect to your bank from your own home, office or mobile network connection. This does not guarantee security but makes it far more likely.
Passwords: Finally, be very careful with your passwords. They are important to you. In a lot of cases, they are your life. Do not give them out, keep them secure and make sure that every web site that you use understands the importance of security and is not just paying lip service to the word. If you do hear that a web site has had your (Remember it is your) password stolen, make sure that you change it straight away and go to all of your other accounts with the same password and change that too. Then go back to the site and demand an apology and recompense. That maybe the only way that some of these site will actually learn that our data is not just important, it is OURS!
Posted by at No comments:
Labels: , ,

Friday 14 October 2016

Privacy Policy



BOHH Labs respects your privacy

BOHH Labs Inc. and its affiliates, respect your privacy. This Privacy Statement informs you of our privacy practices and of the choices you can make about the way information about you, including from your online activity is collected and how that information is used by BOHH Labs. This statement is readily available on our website at https://bohh.io/blog.html and go to the October section.

In the development of BOHH Labs’ privacy policies and standards, we respect and take into account the major principles and frameworks around the world, including the OECD Guidelines on the Protection of Privacy and Trans-border Flows, EU Directive 95/46/EC, APEC Privacy Framework, and the Madrid Resolution on International Privacy Standards and the Australian Privacy Principles under the Privacy Act 1988 (Cth), as may be amended from time to time.

  1. Scope of this Privacy Statement

    BOHH Labs is a global organization, with legal entities, business processes, management structures, and technical systems that cross borders. This Privacy Statement applies to all BOHH Labs-owned websites, domains, services, applications, and products, and those of our wholly owned subsidiaries (“BOHH Labs sites or services”), except that a privacy policy or statement specific to a particular BOHH Labs program, product, or service may supersede or supplement this Privacy Statement.

    Links to non- BOHH Labs websites

    BOHH Labs sites or services may provide links to third-party applications, products, services, or websites for your convenience and information. If you access those links, you will leave the BOHH Labs site. BOHH Labs does not control those third-party sites or their privacy practices, which may differ from BOHH Labs’ practices. We do not endorse or make any representations about third-party sites. The personal data you choose to provide to or that is collected by these third parties is not covered by the BOHH Labs Privacy Statement. We encourage you to review the privacy policy of any site you interact with before allowing the collection and use of your personal information.

    We may also provide social media features that enable you to share information with your social networks and to interact with BOHH Labs on various social media sites. Your use of these features may result in the collection or sharing of information about you, depending on the feature. We encourage you to review the privacy policies and settings on the social media sites with which you interact to make sure you understand the information that may be collected, used, and shared by those sites.
  2. Collection of personal information

    BOHH Labs collects, exports, and uses personal information to manage your relationship with BOHH Labs and better serve you by personalizing your experience and interaction with BOHH Labs. Such collection is done with appropriate notice and consent, along with required filings with data protection authorities, where required.

    BOHH Labs may collect your personal information through your access and use of website, web-based applications, or mobile applications, during conversations or correspondence with BOHH Labs representatives, or when you purchase goods or services or complete an online application form.

    BOHH Labs may collect personal information from you in connection with

    - product or service orders, activations, and registrations
    - profile creation and user verification for online services
    - information requests or complaints
    - marketing, newsletter, or support subscriptions
    - contest entries or survey participation
    - instant credit applications
    - job applications
    - event registration
    - visits or browsing on BOHH Labs websites

    The types of personal information BOHH Labs may collect from you includes:

    - personal and business contact information, such as name, address, telephone number and email address
    - in some cases, your business contact data may be provided to BOHH Labs by a designated entity within your business or enterprise (such as a member of your IT department)
    - financial information, such as your credit/debit card number or other billing information
    - other unique information such as user IDs and passwords, product functionality, product and service preferences, contact preferences, educational and employment background and job interest data
    - geo-location data such as your IP address or physical location when you request location based services
    - details of the products and services you have purchased from us or which you have enquired about, together with any additional information necessary to deliver those products and services and to respond to your enqueries
    - any additional information relating to you that you provide to us directly through our websites or indirectly through use of our websites or online presence, through our representatives or otherwise
    - information you provide to us through our service center, customer surveys or visits by our representatives from time to time

    If you choose to use a “tell-a-friend” or a similar referral program on our site, we will ask you for your friend’s e-mail address, social media handle, phone number, or other contact information to send your friend an invitation to participate in the program.

    If you post, comment, indicate interest or complaint, or share personal information, including photographs, to any public forum on an BOHH Labs site, social network, blog, or other such forum, please be aware that any information you submit can be read, viewed, collected, or used by other users of these forums, and could be used to contact you, send you unsolicited messages, or for purposes that neither you nor BOHH Labs have control over. BOHH Labs is not responsible for the personal information you choose to provide in these forums.

    In addition to the information you provide, BOHH Labs may also collect information during your visit to an BOHH Labs website, web-based application, or a website “powered by” another company on behalf of BOHH Labs, through our Automatic Data Collection Tools, which include Web beacons, cookies, and embedded Web links. These tools collect certain traffic information that your browser sends to a website, such as your browser type and language, access times, and the address of the website from which you arrived. They may also collect information about your Internet Protocol (IP) address, unique device identifier, clickstream behavior (i.e., the pages you view, the links you click, and other actions you take in connection with BOHH Labs websites or “powered by” websites) and product information. BOHH Labs may also use some of these Automatic Data Collection Tools in connection with certain emails and communications sent from BOHH Labs and therefore may collect information using these tools when you open the email or click on a link contained in the email.

    BOHH Labs also collects information from publicly or commercially available sources that it deems credible. Such information may include your name, address, email address, preferences, interests, and demographic/profile data. The information BOHH Labs collects from its public or commercial sources may be used along with the information BOHH Labs collects when you visit BOHH Labs’ sites. For example, BOHH Labs may compare the geographic information acquired from commercial sources with the IP address collected by Automatic Data Collection Tools to derive your general geographic area.

    Where necessary, BOHH Labs may also use information provided by you or your employer, together with information from publicly available and other online and offline sources, to conduct due diligence checks on business contacts as part of BOHH Labs’ anti-corruption program.

    BOHH Labs may also collect some information that is not personal information because it does not identify you or anyone else. For example, we may collect anonymous answers to surveys or aggregated information about how users use our websites, products or services.
  3. How we use your information

    BOHH Labs may use your information to

    - manage our relationship with you
    - assist you in completing a transaction or order
    - prevent and detect security threats, fraud or other malicious activity
    - communicate with you about BOHH Labs products, services, or support and send marketing communications
    - provide products, services, and support to you
    - improve and develop products, services, and support including through quality control, research and data analysis activities
    - update you on new services and benefits
    - provide personalized promotional offers
    - measure performance of marketing initiatives, ads, and websites "powered by" another company on BOHH Labs' behalf
    - allow you to participate in contests and surveys
    - answer enqueries, provide information, support, or advice about existing and new products or services
    - personalize some BOHH Labs website
    - provide you with access to protected areas of our website
    - access and improve the performance and operation of BOHH Labs websites
    - to keep your contact details up to date and provide updated details to BOHH Labs service providers and suppliers where necessary to process and respond to any complaint made by you
    - we will give you the opportunity to choose your privacy preferences regarding the marketing communication we send.

    Credit card information is used only for payment processing and fraud prevention. Salary information, government issued identification number and other sensitive personal information is not used for any other purpose by our financial services providers or BOHH Labs and will not be kept longer than necessary for providing the services, unless you ask us to retain your credit card information for future purchases.
  4.  How we share your information

    BOHH Labs will not sell, rent or lease your personal information to others except as described in this Statement.

    BOHH Labs shares personal information in the following ways:

    BOHH Labs retains service providers and suppliers to manage or support its business operations, provide professional services, deliver complete products, services and customer solutions and to assist BOHH Labs with marketing and communication initiatives. These providers and suppliers may be located in the US or other overseas locations and include, for example, credit card processors, debt collectors, providers of customer support and live-help, marketing and communications, hosting and IT service providers, email service providers, automated data processors, shipping agents, management and support of BOHH Labs websites, order fulfillment and delivery. Suppliers and service providers are required by contract to keep confidential and secure the information received on behalf of BOHH Labs and may not use it for any purpose other than to carry out the services they are performing for BOHH Labs.

    From time to time, BOHH Labs participates in marketing initiatives with other companies, including websites “powered by” another company on behalf of BOHH Labs. As part of these initiatives, certain BOHH Labs services and marketing communications may be delivered at the same time as those from other companies. Some of these services and communications offer you the option to share personal information with both BOHH Labs and the other companies participating in these initiatives. For example, you may receive marketing communications from BOHH Labs and other companies or have the opportunity to register online for software products from multiple companies. If you choose to provide personal information only to BOHH Labs, BOHH Labs will not share this information with the other companies participating in that marketing initiative. If you choose to provide personal information to the other companies, that personal information will be handled according to the privacy policy of those companies, which may differ from BOHH Labs’ policies and practices.

    BOHH Labs may also transfer your personal information to other BOHH Labs-owned business entities in the US and Worldwide. By accessing BOHH Labs websites, registering for an account or service, or otherwise providing BOHH Labs with your personal information, you consent to this transfer of your personal information throughout the global BOHH Labs network of entities.

    Except as described in this Statement, BOHH Labs will not share the personal information you provide to BOHH Labs with non-BOHH Labs third-parties without your permission, unless to: (i) respond to duly authorized information requests of police and governmental authorities; (ii) comply with any law, regulation, subpoena, or court order; (iii) investigate and help prevent security threats, fraud or other malicious activity; (iv) enforce/protect the rights and properties of BOHH Labs or its subsidiaries; or (v) protect the rights or personal safety of BOHH Labs, our employees, and third parties on or using BOHH Labs property when allowed and in line with the requirements of applicable law.

    Circumstances may arise where, whether for strategic or other business reasons, BOHH Labs decides to sell, buy, merge or otherwise reorganize businesses in some countries. Such a transaction may involve the disclosure of personal information to prospective or actual purchasers, or the receipt of it from sellers. It is BOHH Labs’ practice to seek appropriate protection for information in these types of transactions.
  5. Children’s privacy

    BOHH Labs does not knowingly collect information from children as defined by local law, and does not target its websites or mobile applications to children under these ages. We encourage parents and guardians to take an active role in their children’s online and mobile activities and interests.
  6. Your choices and selecting your privacy preferences

    BOHH Labs gives you the choice of receiving a variety of information that complements our products and services. You can subscribe to receive certain product- and service-specific information and also choose to receive BOHH Labs general communications. We give you a choice regarding delivery of BOHH Labs general communications by postal mail, email, telephone, or mobile device.

    You can make or change your choices about receiving either subscription or general communications at the data collection point or by using other methods, which are listed in the following sections. This option does not apply to communications primarily for the purpose of administering order completion, contracts, support, product safety warnings, driver updates, or other administrative and transactional notices where the primary purpose of these communications is not promotional in nature.

    Subscription communications

    Subscription communications include email newsletters, software updates, etc. that may be expressly requested by you or which you consented to receive. After you request such communications, you may opt out of receiving them by using one of the following methods:

    - Select the email "opt out" or "unsubscribe" link, or follow the opt-out instructions included in each email subscription communication
    - Return to the Web page(s) where you originally registered your preferences and follow the opt-out instructions
    - Write to the BOHH Labs Privacy Office (contact details below). Be sure to provide your name, relevant contact informationm, and specific relevant information about the BOHH Labs subscriptions that you no longer wish to receive

    BOHH Labs general communications

    BOHH Labs general communications provide information about products, services, and/or support. This may include new product or services information, special offers, or invitations to participate in market research or compliance reviews.

    You may opt out of receiving these general communications by using one of the following methods:

    - Select the email "opt out" or "unsubscribe" link, or follow the opt-out instructions included in each email subscription communication
    - Write to the BOHH Labs Privacy Office (contact details below). Be sure to provide your name, relevant contact informationm, and specific relevant information about your privacy preferences
  7. Access to and accuracy of your information

    BOHH Labs strives to keep your personal information accurately recorded. We have implemented technology, management processes and policies to help maintain data accuracy. BOHH Labs provides individuals with reasonable access to personal information that they provided to BOHH Labs and the reasonable ability to review and correct it or ask for anonymization, blockage, or deletion, as applicable. To protect your privacy and security, we will also take reasonable steps to verify your identity, such as requiring a password and user ID, before granting access to your data. To view and change the personal information that you directly provided to BOHH Labs you can return to the web page where you originally submitted your data and follow the instructions on that web page, or contact the BOHH Labs Privacy Office. BOHH Labs will respond to access requests within 30 days.
  8. Keeping your personal information secure

    BOHH Labs takes seriously the trust you place in us. To prevent unauthorized access or disclosure, to maintain data accuracy, and to ensure the appropriate use of the information, BOHH Labs utilizes reasonable and appropriate physical, technical, and administrative procedures to safeguard the information we collect and process. BOHH Labs retains data only as required or permitted by local law and while it has a legitimate business purpose.

    When collecting or transferring sensitive information such as credit card information we use a variety of additional security technologies and procedures to help protect your personal information from unauthorized access, use, or disclosure. The personal information you provide us is stored on computer systems located in controlled facilities which have limited access. When we transmit highly confidential information (such as credit card number or password) over the internet, we protect it through the use of encryption, such as the Secure Socket Layer (SSL) protocol.

    Credit card numbers are used only for processing payments and are not used for other purposes. As part of real-time payment processing, BOHH Labs subscribes to fraud management services. This service provides BOHH Labs with an extra level of security to guard against credit card fraud and to protect your financial data.
  9. Changes to this Statement

    If we modify our Privacy Statement, we will post the revised statement on our website, with an updated revision date. If we make significant changes to our Statement that materially alter our privacy practices, we may also notify you by other means, such as sending an email or posting a notice on our corporate website and/or social media pages prior to the changes taking effect. This privacy policy was last updated on November 1, 2015.
  10. Contacting us & how to make a complaint

    We value your opinions. If you have comments or questions about our Privacy Statement, any concerns or a complaint regarding our collection and use of your data or a possible breach of your privacy, please send them to the BOHH Labs Privacy Officer or write to us at the appropriate address below. We will treat your requests or complaints confidentially. Our representative will contact you within a reasonable time after receipt of your complaint to address your concerns and outline options regarding how they may be resolved. We will aim to ensure that your complaint is resolved in timely and appropriate manner.

    BOHH Labs commits to resolve complaints about your privacy and our collection or use of your personal information. European Union citizens with inquiries or complaints regarding this privacy policy should first contact BOHH Labs at:

    Canada, Most of Latin America, and US:
    BOHH Labs Privacy
    1901 Harrison Street, Ste. 1100
    Oakland, CA 94612

    How BOHH Labs uses automatic data collection tools

    The following sections provide additional information about commonly-used web technology tools.

    Cookies

    A “cookie” is a small data file transferred by a website to your computer’s hard drive. BOHH Labs or its service providers send cookies when you surf our site or sites where our ads appear, make purchases, request or personalize information, or register yourself for certain services. Accepting the cookies used on our site, sites that are “powered by” another company on BOHH Labs’ behalf, or sites where our ads appear may give us access to information about your browsing behavior, which we may use to personalize your experience. Cookies are typically classified as either “session” cookies or “persistent” cookies.

    - Session cookies do not stay on your computer after you close your browser
    - Persistent cookies remain on your computer until you delete them or they expire
    - Most browsers automatically accept cookies by default, but you can usually refuse cookies or selectively accept cookies by adjusting the preferences in your browser. If you turn off cookies, there may be some features of our site that will not be available to you and some Web pages may not display properly.

    In certain countries, you may also adjust your https://bohh.io/ and associated cookie preferences by using a preference manager tool in this Statement which is available from the site you are visiting.

    You can find information on popular browsers and how to adjust your cookie preferences in the help and support section of your browser.

    From time to time, BOHH Labs will use Flash local shared objects (LSOs) to store Flash content information and preferences. LSOs perform similar functions to HTML browser cookies and deposit small files on your computer, which are commonly called Flash cookies. Flash cookies are different from browser cookies and cookie management tools provided by your browser may not remove Flash cookies. To learn more about Flash Cookies and how to manage the related privacy and storage settings, please visit the Adobe Systems website.

    Web beacons

    Some https://bohh.io/ and third-party web pages, applications, and HTML-formatted email use Web beacons alone or in conjunction with cookies to compile information about your website usage and your interaction with email, as well as to measure performance on https://bohh.io/, applications, and websites “powered by” another company on BOHH Labs’ behalf. A web beacon is an electronic image, called a single-pixel (1×1) or clear GIF. Web beacons can recognize certain types of information on your computer such as cookies, the time and date of a page viewed, and a description of the page where the web beacon is placed. Depending on the context, web beacons may also refer to content on a third-party server, and may be used by service providers to deliver relevant advertising to you.

    In emails, such web links may also allow BOHH Labs to determine whether you have clicked a link in an email, and this information about the interaction may be connected to your personal identity. If you do not want BOHH Labs to collect information about the links that you click, you can:

    You may be able to disable web beacons in email messages by not downloading images contained in the message you receive (this feature varies depending on the email software used on your personal computer). However, doing this may not always disable a web beacon or other automatic data collection tools in the email message due to specific email software capabilities. For more information about this, please refer to the information provided by your email software or service provider.

    If you choose to receive marketing emails or newsletters from BOHH Labs, BOHH Labs may automatically collect personal information about you. For example, through web beacons and personalized URLs embedded in these emails or newsletters, BOHH Labs can track whether you’ve opened those messages and whether you’ve clicked on links contained within those messages. For more information on embedded web links, see below.

    Embedded Web links

    Emails from BOHH Labs, promotional icons preinstalled on your PC desktop often use links designed to lead you to a relevant area on the Web, after redirection through BOHH Labs’ servers. The redirection system allows BOHH Labs to change the destination URL of these links, if necessary, and to determine the effectiveness of our marketing initiatives.

    - Change your choice about how you receive communications from BOHH Labs (i.e choose a text-based version of the message where available) or choose not to click links in an email that BOHH Labs sends
    - Delete the promotional icons preinstalled by BOHH Labs on your PC desktop or choose not to click on those
    - Reconfigure the Interent keyboard keys on certain PC models to launch a destination URL of your choice by using the instructions provided with your PC

Posted by at No comments:

Terms of Use


BOHH LABS WEBSITE TERMS AND CONDITIONS

  1. Introduction

    The following rules and regulations apply to all visitors to or users of this Website. By accessing this Website, user acknowledges acceptance of these terms and conditions. BOHH Labs reserves the right to change these rules and regulations from time to time at its sole discretion. In the case of any violation of these rules and regulations, BOHH Labs reserves the right to seek all remedies available by law and in equity for such violations. These rules and regulations apply to all visits to the BOHH Labs Website, both now and in the future.

  2. Limited License

    BOHH Labs hereby authorizes you to copy materials published by BOHH Labs on this Website solely for non-commercial use within your organization (or if you are a BOHH Labs Partner, your customer’s organization) in support of BOHH Labs’ products. No other use of the information is authorized. In consideration of this authorization, you agree that any copy of these materials which you make shall retain all copyright and other proprietary notices in the same form and manner as on the original. Except as specified above, nothing contained herein shall be construed as conferring by implication, estoppel or otherwise any license or right under any patent, trademark or copyright of BOHH Labs or any third-party.

    All content on this Website is protected by copyright. Except as specifically permitted herein, no portion of the information on this Website may be reproduced in any form, or by any means, without prior written permission from BOHH Labs. Visitors or users are not permitted to modify, distribute, publish, transmit or create derivative works of any material found on this Website for any public or commercial purposes.

  3. Trademarks

    The trademarks, logos and service marks (“Marks”) displayed on this Website are the property of BOHH Labs or other third-parties. Users are not permitted to use these Marks without the prior written consent of BOHH Labs or such third-party which may own the Mark.

  4. General Disclaimer

    Although BOHH Labs has attempted to provide accurate information on the Website, BOHH Labs assumes no responsibility for the accuracy of the information. BOHH Labs may change the programs or products mentioned at any time without notice. Mention of non-BOHH Labs products or services is for information purposes only and constitutes neither an endorsement nor a recommendation.

    All information provided on this Website is provided “as is” with all faults without warranty of any kind, either expressed or implied. BOHH Labs and its suppliers disclaim all warranties, expressed or implied including, without limitation, those of merchantability, fitness for a particular purpose and non-infringement or arising from a course of dealing, usage, or trade practice.

    BOHH Labs and its suppliers shall not be liable for any indirect, special, consequential, or incidental damages including, without limitation, lost profits or revenues, costs of replacement goods, loss or damage to data arising out of the use or inability to use this Website or any BOHH Labs product, damages resulting from use of or reliance on the information present, even if BOHH Labs or its suppliers have been advised of the possibility of such damages.

  5. Cookies

    A cookie is a small data file that certain websites write to your hard drive when you visit them. A cookie file can contain information such as a user ID that the site uses to track the pages you’ve visited, but the only personal information a cookie can contain is information you supply yourself. This Website uses cookies. By using this Website and agreeing to these terms and conditions, you consent to the use of cookies in accordance with the terms of the BOHH Labs Privacy Policy located on our Website.

  6. Links to Third Party Sites

    This Website may contain links to third party sites. Access to any other Internet site linked to this Website is at the user’s own risk and BOHH Labs is not responsible for the accuracy or reliability of any information, data, opinions, advice or statements made on these sites. BOHH Labs provides these links merely as a convenience and the inclusion of such links does not imply an endorsement.

  7. Acceptable Use

    You must not use this Website in any way that causes, or may cause, damage to the website or impairment of the availability or accessibility of the Website; or in any way which is unlawful, illegal, fraudulent or harmful, or in connection with any unlawful, illegal, fraudulent or harmful purpose or activity.

    Access to and use of password protected and/or secure areas of the Website are restricted to authorized users only. You agree that you will not use the Website (a) in furtherance of or with intent to commit any fraudulent or other illegal activities, or otherwise in violation of any applicable law, regulation, legal agreement or BOHH Labs’ published policies; or (b) in a manner that is abusive of BOHH Labs, its programs, content or other information on the Website.

    You must not conduct any systematic or automated data collection activities (including without limitation scraping, data mining, data extraction and data harvesting) on or in relation to this Website without the express written consent of BOHH Labs Inc.

  8. Law and jurisdiction

    These terms and conditions will be governed by and construed in accordance with the laws of Delaware and any disputes relating to these terms and conditions will be subject to the exclusive jurisdiction of the courts of Delaware.

Posted by at No comments:
Subscribe to: Posts (Atom)