Blog

September 20, 2017

Apps That Wreak Havoc On HIPAA

This is the era of multiple devices and millions of apps. Phones, tablets, and smartwatches are filled with apps intended to make our lives easier. And it seems almost daily we read about how some – or all – of those apps are spying on our lives.

Many people don’t care. To some extent, I am one of those. “I don’t do anything so special in life that anyone will want to hack me” is how I feel about most of my internet presence. I happily share photos of my family, my dogs, and my travels.

But, I do worry about money and health issues; the things that I feel need to be secure. So when my iPhone asked for access to my health information I was hesitant to share.

The iPhone comes standard with the “Health” app (Fitbit and other devices also take, store, and share health information). In the app, you can enter your health record data and share it with other health related apps on your device. It can also pull such data from your other apps too.

You can enter vitals, lab test results, and even track your reproductive health – where it asks for everything from your menstruation history, to sexual activity.

Wow. To say I was surprised to see this information on an app is an understatement.

Maybe I am old fashioned, but I cannot imagine grabbing my iPhone after sex and entering the event in; it’s akin to grabbing a cigarette in the old movies. And if you did enter it, if you ask Siri about the last time you had sex… would she answer? I will leave that alone for now.

Is your phone secure?

Naturally, I thought that if my phone wanted to hold my very private health information, it must be secure. So to play off the old movie reference, it’s For Your Eyes Only. But the app is not secured by any authentication. Well, once your phone is unlocked that is.

So, if anyone gains access to your phone, guess what…they would quickly be able to learn your sexual activity, recent blood alcohol content, and anything else you happened to trust your handy-dandy iPhone with.

Of course, if that information is on your phone…. guess who else has it? Apple, Google, Amazon, or whomever you have your back-up account with.

As I look at my phone, I realize that I have access to all my information but so does Apple. Certainly the type of information Apple Health is seeking from me is my private health information; HIPAA calls it Protected Health Information (PHI).

Thus, it could be subject to HIPAA regulations. If so it’s safe and secure under federal law. But, is Apple is an entity that would be subject to the privacy and security rules of HIPAA? Are they a Covered Entity (CE)? The answer is no.

HIPAA applies to doctors, hospitals, medical insurers, and other health care providers. They are what’s classified as CEs under HIPAA. So the people that normally treat you and deal with your medical records and billings have to comply with HIPAA. But, just having medical records does not create a HIPAA obligation.

Further, other companies which support CE’s can be subject to HIPAA as well – they are the Business Associates (BAs). An example might be a medical device manufacturer; a hospital’s cleaning service or vendor that supports medical care in some way.

Tech companies aren’t restricted by HIPAA

Apple is none of these things. So Apple has no requirement of privacy or security over my medical data. Likewise Fitbit, Sprint, or whoever is similarly NOT restricted by HIPAA. But they will have all my PHI… which is a scary thought.

As I read more and more about the medical profession and IT, it occurs to me that doctors and patients are using their smartphones to communicate. And we should ALL encourage more communication. But what if I use an app to share with my physician?

In that case the data gathered by the physician would likely come under the purview of HIPAA. But what if the app we are using, itself, is not secure (e.g. the Health App, or simply iMessage)?

Does the doctor need to comply with HIPAA privacy and security standards, even though we all know the data is already compromised by the patient’s method of delivery? I don’t know the answer to this one.

It would appear similar to a waiver of the attorney-client privilege when the information is shared in the presence of a third party. But, HIPAA has express provisions for when HIPAA can be waived; not a single word exists about an unintentional waiver.

Thus it would seem that a doctor would have to abide by HIPAA, even knowing that the patient has exposed the very records to others. Certainly you don’t want your doctor to send your records to anyone willy-nilly and have the defense be that you texted them to him/her. Once the doctor has the PHI, it’s protected.

But I have not seen anyone litigate this question.

HIPAA and the emerging tech world

Do we have HIPAA issues with our new-fangled “wearables”? The answer is… maybe. HIPAA does not apply to everyone. You can give your health records to whomever you want; after all HIPAA was created to protect “you” from unauthorized acts of “others”.

But HIPAA also has clear limiting applications to what they call Covered Entities and Business Associates of those entities.

So you may want to think twice about entering any personal heath data into your new device; it’s not secure as it sits on your device and your cloud provider has no obligations to make it secure.

But if you provide any of that information to your health care provider, they will have an obligation to meet HIPAA’s requirements for privacy and security for the data they receive.

September 14, 2017

Your Unlocked Phone In A Stranger’s Hand? It Might Happen When You Fly Internationally

Belts off, shoes off, keys, and pocket change in the bin.

Most of us know the routine by heart. Before we even get to the front of the line we have a security bin in our hands. It’s all become so routine it’s second nature.

On the one hand, we know it’s a complete pain but on the other hand most of us have adopted an “it’s better to be safe than sorry” stance on this matter.

When does it go too far?

When does security cross the line from vigilance to invasion of privacy?

Is it when the TSA agents are giving you the kind of pat-down that your doctor wouldn’t do? Is it when they’re grilling you about every minute detail of your trip? Is it when an agent is rifling through the unmentionables in your luggage?…

…Or, maybe, it’s when they’re asking you to unlock your smartphone?

You read that correctly. There is a staggering increase in the amount of searches where a traveler’s phone is being accessed by agents. Does that make you feel secure or violated?

Your smartphone is an extension of your life

Do you go around handing photos of your kids to complete strangers? How about confidential company documents? What about your personal medical documents?

Now think about what you keep on your phone. There is so much personal data on our phones. Data that we want to keep private. After all, that’s why we put passcodes and use thumbprint IDs to unlock our phones.

Our phones are more than just a device to make calls. It’s the one thing most of us use every day and carry with us wherever we go.

Think about your pictures, your emails, your documents, and even your message chats.

To say that our phones hold all the information about our lives wouldn’t be an exaggeration. Spend 30 minutes looking at someone’s unlocked phone and you will gain a lot of insight into that person.

So ask yourself, how comfortable would you feel with a stranger taking your unlocked phone into a private room for 30 minutes or more?

That’s the question many travelers are asking themselves lately.

The rules that you think are protecting you aren’t

Some of you may be tempted to dismiss this as a serious concern. After all it seems like it’s an illegal action being taken by overzealous border agents. And that’s what the constitution is for.

If there’s one thing most Americans are familiar with, it’s the constitution.

The Fourth Amendment prevents illegal search and seizure.

The Fifth Amendment prevents self-incrimination.

These are some of the bedrocks of the constitution and it protects the privacy rights for Americans. It also doesn’t protect you in this case.

Yes, that’s correct. The constitution doesn’t protect you when it comes to your phone being searched when you’re flying.

How is this possible? Well, the same way most questionable actions are legitimized…by a loophole.

Decades ago the Supreme Court created an exception for border agents with regards to the Fourth Amendment. So technically they can search whatever they want and there’s nothing to stop them.

So while it would be illegal for a police officer to stop you and ask you to unlock your phone, it’s perfectly legal for a border agent to do so.

What, me worry?

As you read about this issue another temptation might be to come up with reasons why you don’t think you should worry about this.

You might say to yourself “I’m a US citizen, this only applies to non-Americans”. But unfortunately you’d be wrong about that. American-born citizens have had to turn in their phones at the border already.

As a matter of fact, according to a recent lawsuit, NASA engineers, journalists, and even military veterans (all of whom are American citizens) have recently had to unlock their phones when entering the country.

Even phones that were government-issued and might contain confidential data were subject to being searched at the border.

So no one is immune from this scrutiny.

Another thing many people might say (wrongly) to themselves is the belief that “I’ve done nothing wrong so I’ve got nothing to hide”. But it’s never that simple.

Again, think about all the information that you have on your phone. Is it possible that a friend of a friend on Facebook is a criminal? What about the people you follow on Twitter? Guilty by association, perhaps?

Have you ever made a comment, seriously or in jest, about the government or the President? What if you’re reading a fictional book about a government revolution or terrorist attack?

It might seem extreme but it doesn’t take much for something innocent to lead to further scrutiny. Suddenly your phone isn’t just taken for 30 minutes but for 10 hours.

Different story now isn’t it?

And for those of you that aren’t American and are shaking their heads and thinking “this would never happen in my country”, you might want to rethink that position. Similar scenarios have already happened in Canada and there are reports of it occurring in the UK and Australia as well.

They have the power, you have the control

This situation sucks. The bad (and obvious) news is that you’re left without a choice. Border agents have all the power in this situation and if you want to get back into the country you need to comply.

The good news is that you do have a choice in how much information they get. As we’ve been known to say around here, awareness about an issue is the first step. So now that you’re aware, you can prepare yourself.

Here are some options that you can take before your next flight:

Don’t take your devices with you: This might be easier said than done. But for many people going on vacation, is it really necessary to bring your phone with you?If you need to take pictures you can bring a digital camera, if you want to connect to the Internet then you can take something like an iPod that has Wi-Fi capabilities. There are alternatives to having to take your smartphone with you.
Restore your phone to factory settings: Just backup all the data on your phone so it’s saved securely, and once it is you can restore your phone to its factory setting for your trip. All your files and apps will be off your phone and anyone who looks at it will be looking at essentially a blank device. When you return you can restore your backup so your phone is back to the way it was before your trip.
Buy/rent a temporary phone: If you really need a phone on your trip you can leave your main phone back at home and grab a rental or prepaid phone in your new destination.You’ll get a number for people who need to contact you and many of them come with a data plan as well. You just use it for the duration of the trip and then return it once you’re done, or simply save it for your next trip.

Doors locked, oven turned off, private phone data secured

These solutions might seem a bit extreme but keeping your data private is not a joke. It’s just a fact of life that this is something you may encounter when it comes to flying.

It’s always important to be prepared and aware whenever there’s a situation where your private data might get accessed by someone you wouldn’t want. Unfortunately this is where we’re at in society.

For better or worse security has taken us here, so it’s up to us to determine how much information we want to give up.

Ultimately it’ll be up to each individual to decide if they’re comfortable handing an unlocked phone to a complete stranger or not.

If this is something you aren’t comfortable with then at least you know what you’re up against and you can take whatever steps you need.

Traveling comes with enough stress and anxiety, and the last thing you need to worry about is an invasion of privacy. By taking these steps you’ll be ensured that your vacation is smooth sailing all the way.

August 10, 2017

You Don’t Own Your Data… Here’s Who Does

Do you own your photos?

How many photos will you upload to an online service this year? How many have you uploaded in the past?

Because of smartphones, a camera is always handy when we need it. All of the photos and videos that we take have to be stored somewhere, and increasingly the cloud is where we look for a solution to this problem.

But, when you upload your photos to the cloud, did you consider the fact that you may be giving your photos to someone else to store on their computer? Who will have access to them? More importantly, who owns those pictures?

Data ownership is a complex subject with few clear answers. You created the photo, but once you put it on someone else’s computer, is it still yours?

What rights do we have?

The rights that we retain to our data all boils down to what is in the terms and conditions of the service that we are using. Every service provider has an End User License Agreement, or EULA, of some sort. It could be called Terms of Use, or Terms of Service, or Terms and Conditions, or a Privacy Policy, or they may all be lumped together, or the documents may be separate but incorporated by reference.

There are a ton of service providers out there. Reviewing all of them is impossible. So let’s take a look at some of the biggest data storage providers out there. Chances are that you have something personal stored on one of their servers anyway.

The terms.

One company outlines the rights that you have to your content in their Terms of Service.

The terms start out by stating: You keep ownership of intellectual property rights held in that material. What is yours is yours.

Awesome, right? My stuff is still my stuff. Thank you very much!

Okay, let’s keep reading…

When you upload, store, or do other stuff with files using our Services,

Yup, my pictures are uploaded and stored through their services, so I guess my pictures qualify.

You grant us a worldwide license to use your material at our discretion.

Wait, what? First of all, what is a worldwide license? A license is a right that you grant in your property to do something. A license can be limited in time and geographic scope, among other things. So, I’m giving them a license to do stuff to my stuff anywhere in the world. I’m sure they will modify those terms when space travel becomes a reality.

So, what can they do with my stuff? Sounds like they can do a lot. The license is to use your material at our discretion. That’s pretty broad. I guess the easier question to answer is what can’t they do? I think they pretty much covered it.

The rights granted are intended to be used in the management, operation, and promotion of our Services.

Thanks for limiting your rights in the license that I gave you for my uploaded stuff.

This license continues in perpetuity.

So they can do what they want to my stuff forever? That’s a long time!

Some of our Services may provide methods to access and remove material that you have uploaded.

Some, not all? Looks like additional research might be necessary. How many services does this provider have anyway? It is a lot, but don’t worry, they are always developing new ones.

What does all this mean for you?

So, what does all this mean for the average consumer? I mean, you don’t have a way to negotiate with the big guys, right? They provide a free service, after all, and they are a big corporation trying to make a buck.

What it means is that your stuff really isn’t yours anymore when you store it using some services. With some freely provided services, a consumer essentially has no rights. A company can say “take it or leave it”. You are free to use the service, but you must agree to their terms and conditions. It would be nice if you could keep all of the rights to your data, but that just isn’t possible.

What can you do? If you want to keep all of the rights to your data and still use a freely available service, you’re going to have to choose your service provider more carefully. There are services out there that don’t make you upload a file to someone else’s server. You can use one of those. You can also transfer your photos via USB connection. Or just don’t take any photos. If you don’t take any photos, you don’t have to worry about losing them or giving them away.

July 27, 2017

Too Many Cloud Companies…Too Few Good Ones

So. . .just how many cloud companies are there?

Since the advent of the smartphone (thanks Apple) cloud companies are popping up on every virtual corner, much like Starbucks did early on.

In my quest to see just how many cloud companies there are, I figured I’d start with a simple Google search. Right? I mean Google is the best for this type of thing!

So, I proceeded to type “cloud companies” in a google search bar. 133,000,000 results in just 0.47 seconds. Yep…I’m that guy. I broke Google (sorry Google!).

Ok, so that didn’t really work.

So I moved on to the Google Play store and navigated to apps. There, I typed in “cloud” and immediately got over 200 apps flooding my screen. I’m not entirely sure how many apps over 200 because I simply stopped counting.

Ok. . .clearly this approach isn’t working. So how do we determine just how many cloud companies there are? And moreover, does anyone really care?

Definitely more than 3

At this point, I’ve decided to take the “Owl and the Tootsie Pop” approach (if you’re my age, you’ve seen that commercial) and just saying who cares?

Because in the end, we don’t really care about the number of companies, what we care about is what they can do for us!

As consumers, we all have our “lists” of things we seek in pretty much every aspect of our digital shopping. My cloud list is relatively short and focuses on (1) ease of use (2) availability of my stuff (3) keeping my stuff safe and (4) being able to share and stream my stuff.

While most of these things seem relatively simple, this is where the list of cloud companies starts to get smaller. Let’s take a brief look at these four aspects.

The cloud SHOULD be easy…so why isn’t it?

Ease of use is a key for all of us.

How many times have you gone to your app store and downloaded an app that seemed to suit your needs, only to find that you simply have neither the time nor the energy to figure out exactly how to use it?

Or, how many times have you wanted to share some photos with your grandmother and you wind up being her tech-support guru because she’s literally lost as to how to access the files you shared.

You’re not alone. This happens to all of us.

I’m pretty much a classic tech-nerd (sans the tape on my glasses) and even I get frustrated with some of the choices out there.

Where is that file again?

And what about the availability of our files and images?

This one gets a bit tricky too because it isn’t always as simple as creating a cloud account or installing an app.

Does your app require you to upload all of your files to a single point of storage in the cloud? Do you need to put everything on an external NAS device connected to your router at home?

Availability is mandatory for all of us, yet, achieving it can sometimes be laborious.

I mean sure, at first you tell yourself “it’ll be great to put all my files in one place, so I may as well just break down and do it”. But soon you’re back to your old ways and you’ve got files all over the place, spread across every device you own.

Once again, you’re not alone. I’m notoriously bad at organizing my digital life.

I have some “special” pictures…if you catch my drift

So what about keeping our stuff safe?

I’m not a snapchat or Facebook sort of guy (cause I’m in the witness protection program) but If I was, I’d want to know that I can maintain ownership and control over my images.

Let’s say you’re out taking pictures and you capture some amazing photo of a sunrise or stars reflecting off a lake. All your friends and followers are suddenly enamored with your photographic prowess and you suddenly become a bit concerned about your ownership of your content.

Again, you’re not alone.

That’s why you see companies watermark their images all the time. So protection of our digital content is an important aspect of our personal cloud.

If sharing is caring, then I’m a very caring person

And finally, what about the ability to share and stream?

These are hallmarks of social media. Without the ability to share your files, the very aspect of social goes right out the window.

The ability to get those pictures to grandma safely and simply is just as important as sharing your favorite song with your best friend.

And let’s not forget the frustration of being the tech-support guru for the friends and family you share with.

Quality over quantity

Ok. . .so what’s the point of all this?

It’s simple really. We’ll never ever know how many cloud companies are out there because as soon as we count them all, more will pop up.

But what we do know is what we need.

Make your own list of priorities for your digital lives as I did above. Pick and choose the aspects that are important to you and you’ll find that you can quickly eliminate a great deal of companies with just a few simple searches.

And don’t forget to read the user comments in the app stores. These folks are just like you and me. They’re seeking something that can help them solve a need, so there’s a good chance that they’ll share something you’re also interested in.

And above all, stay safe.

Make sure you take a little time to vet the companies you choose to share your precious digital lives with. This is your stuff, not theirs. Make certain you get to maintain your rights to it!

July 19, 2017

A HIPAA Breach

A HIPAA breach can cripple your medical practice

Over the last few months we have discussed HIPAA in very general terms. I have tried to impart some of the basics of its security and privacy obligations upon each of you, while ignoring the rest of the Act.

Certainly, it is a massive undertaking to fully grasp all of HIPAAs ins-and-outs, and I will not ever try to bore you with the entire 5 sections of HIPAA. So if you need to know about Insurance Portability, Tax Matters, Group Plans, or Revenue Offsets, please feel free to read the other four Titles.

Now that we have discussed what information is subject to HIPAA and who is responsible to keep and control electronic protected health information (ePHI), it’s a good time to learn what I like to call the “so what?” of HIPAA. As I travel, meet, speak with, and interact with doctors, I am often presented with the “so what?” response.

Many doctors have told me: “Steve I understand that HIPAA exists, but we have always done it this way. I think we are compliant. Or we don’t know how to fully comply.” And almost all those conversations end with “so what if we are not compliant, no one will even look at my little office to audit us.”

So, I realized that I needed to do a little more in this blog. Let’s discuss what a breach is, what you have to do if you are in breach and finally the “so what?”, namely what are the fines?

Let’s first learn what a “breach” is and is not. A breach can be defined as the acquisition, access, use, or disclosure of protected health information in a manner not permitted, which compromises the security or privacy of the protected health information.

This means that if protected health information is in the possession of the wrong person and they can read it, a breach exists. If you give Jan Smith’s records to Jane Smith, there is a breach. Or if you fax medical records to (702) 555-1234, but the patient’s number was (712) 555-1234, you have a breach.

It’s these little mistakes that plague offices at times. Most certainly, if your patient charts are on your laptop and it’s stolen, that’s a breach. Should your server be accessed due to a hacking incident, or if you email a patient’s records to Kinkos as opposed to Dr. Kinko (the physician you intended to refer your patient to), you have a breach event.

Simply put, records must be seen only by those authorized to see them, and Covered Entities (CE) and Business Associates (BA) in possession of the records hold the responsibility to ensure no breaches take place.

“But what if my PHI is encrypted?” you ask. If the PHI is encrypted when the breach took place, you are probably covered. The unauthorized use or disclosure of PHI is presumed to be a breach, unless there is a low probability that the information was compromised.

So when the PHI ends up in the wrong hands, but all they see is 0s and 1s due to your encryption, you may be protected. If you realize an email went to joesmith@mail.org as opposed to josmith@mail.org, but the email was sent with encryption, you are probably ok not reporting a breach.

However, a breach notification is necessary in all situations except those in which the CE demonstrates through a risk assessment that there is a low probability that the PHI has been compromised. We will discuss what a “risk assessment” is in the next blog.

But today’s blog is addressing a breach. So, assuming a reportable breach took place, now what? Once a CE or BA is made aware of a possible breach, they must report the breach to the Department of Health & Human Services.

The report must be made without “unreasonable delay”. While it is not 100% certain what constitutes an “unreasonable delay”, 60 days appears to be the outer limit for reporting, and waiting until the 60^th day could be unreasonable as well.

Some state laws provide stricter reporting rules such as California’s mandate that you have 5 days to report a breach. We will discuss the notice details in a later blog

And now the “So what?” Here are the federal breach penalties. But please take note that some states allow separate penalties. Additionally, some states allow private causes of action against the CE by the harmed patients. So these charts present only the tip of the iceberg in some cases.

Looking through the charts it is easy to see the risks you’re taking by not making sure your office is HIPAA compliant. In 2016, the Office for Civil Rights (OCR) collected over $20 million in fines, and in 2017 they have already disclosed over $17 million in fines collected.

Finally, don’t think that just because you are only an employee for a company, that you are immune from these fines and prison sentences. If an executive is aware of a violation, delegating the responsibility to someone else (the company’s “Security Officer”, perhaps) DOES NOT protect the executive from a personal penalty.

So now that you know what the ramifications are for a HIPAA breach, it is crucial that you take the necessary steps to ensure you don’t end up as one of OCR’s statistics.

Take the painful (but important) measures to be compliant now to save yourself a lot of stress, heartache, and money in the future. Otherwise the question you’ll be asking isn’t “so what?” but rather “does anyone know a good attorney?”

July 17, 2017

Why Free Will Cost You a Fortune

Everyone loves a good deal. Whether it’s an amazing discount or a sale, we experience an endorphin rush when we get a good deal. Things only get better when we hear those magic words we love…“free.”

Nothing gets people more excited than when something is offered for free. If you’ve ever seen a store offering something for free then you know what to expect… a lineup around the corner.

This philosophy gets amplified when we talk about anything offered on the Internet. It is commonly accepted that any services offered through the Internet should be free.

And many websites are happy to oblige. Facebook is free, YouTube is free, Twitter is free…you get the idea.

The thing that no one seems to be asking anymore is “what’s the catch?”

In the real world we usually have an idea about why something is being offered for “free”; maybe they want to get you into the store to buy something else or they want to get you hooked onto the product, but there is always a reason.

Unfortunately we aren’t so inclined to look for a catch when it comes to “free” services online. It’s understandable that people expect online services to be free but it’s important to know why it’s being offered for free.

There is always an ulterior motive for something to be offered for “free” and there is always something that is being compromised in exchange for the “free” service. The level of compromise involved will depend on the service being offered.

Some compromises will be harmless, such as when a service is offered with limited features. However, often, the compromises made are more than the user bargained for when they signed up in the first place.

Ultimately the more we understand about why a service is being offered for “free” online, and the compromises that come with it, the better we can make a decision on whether to proceed with becoming a user.

Awareness is the best defense to ensure that we don’t end up in a situation where something we thought was going to cost nothing (“free”) ends up costing us an arm and a leg (and some other important body parts).

Let’s cover some of the reasons a product or service is being offered online for “free”, along with their level of harm:

Trial Versions/Upgrade Incentives: No different than when a product is offered for “free” in a real life setting, the company wants you to continue using the service (at a cost, naturally) once the trial period is over or upgrade to a paid tier. This is relatively harmless unless the company asks for your credit card to start the “free” trial and will charge you automatically. Then you need to have a good memory or set your calendars to not get charged.
Advertising: Similar to watching TV, a website may offer you a “free” service in order to ratchet up the hits and collect ad revenue. Unlike TV, ads on the internet are ridiculously annoying (TV ads are just mildly annoying). Between popups and flashing banners, some websites are just not worth visiting. This category falls into the “harmless but frustrating” section.
Micropayments: Typically with a service that relies on micropayments, the base tier is “free” but has very limited features and in order to expand the features you have to make some sort of minimal payment (think .99¢) that seems insignificant…at first. However there are many features that need to be unlocked and each one of them will require its own micropayment. In a way micropayments are like a faucet that has a drip. At first you might not think it’s so bad since you only see a drop of water falling at a time, but then you get your monthly water bill and see that it’s triple the usual amount. This is definitely one of those categories that can get out of hand very quickly and cost more than you expect if you aren’t too careful.
Data Mining: Now we’re getting into some bad territory. Data mining is when the service you’re using is harvesting information about you to use for other purposes. Have you ever booked a flight to a city and then seen a bunch of ads for hotels in that same city?…it’s not a coincidence. Sometimes data mining is used only for advertising (relatively harmless) but other times the company wants to collect a profile on you based on the websites you’ve visited, who you interact with, and even your spending habits. Needless to say, depending on the level of privacy you crave, this can be pretty harmful.
Malice: I did say the motives may not be sinister in nature, but sometimes they are. As a wise man once said “some people just want to watch the world burn”. I would be doing you a disservice if I didn’t mention that some “free” online products/services come with lovely add-ons such as viruses, worms, spyware, and malware or they might be used to extract personal information from you, such as your online banking login information. Needless to say, this is the most harmful form of “free” you get online and a good reason of why you need to be very careful about who you trust.

As you can see, not everything that is being offered for “free” is actually without any cost to you. It’s important to take a step back and ask yourself why the provider is offering it for “free”. What’s in it for them?

Do appropriate research and make sure that you aren’t putting yourself in a situation that can be harmful to you or cause you to expose more about yourself than you want.

So, yes, we all love to get something for free…just make sure it doesn’t end up costing you a ton in the end!