Category Archives: STC Rochester

  • 0

Making Information Security Fun

Category:Facebook,Higher Education,Information Security,Infosec Communicator,Internet Safety,Presentations,Social Networking,STC,STC Rochester,techcomm Tags : 

I shared this presentation at the October program meeting of the Rochester Chapter of the Society for Technical Communication. The presentation demonstrates how the Information Security Office at the Rochester Institute of Technology used marketing techniques to reinforce key messages to raise awareness around information security concerns such as phishing.

To see more about how we’re using blogging to raise awareness in a specific academic course, visit the RIT Cyber Self Defense blog.

Enhanced by Zemanta

  • 11

Unpacking My Takeaways from #STC11

Category:Infosec Communicator,STC,STC Rochester,Summit,techcomm,Uncategorized Tags : 

Open SuitcaseIt’s been a little less than two weeks since the Society for Technical Communication Summit in Sacramento ended. Summit was an intensive four day immersion in the multifaceted profession of technical communications. I wanted to share what I found really important about the event, before the memories fade. I’ll start unpacking my takeaways here and in future posts.

I hope you’ll take the opportunity to discuss what I’m unpacking and share what you unpacked when you got home by commenting on this post!

Here’s my Top Ten list of takeways:

  1. The strength (and pride) of STC lies in its communities. Over the last few years there have been questions about the value that geographic chapters provide in an era when people are increasingly connected online. The Pacesetter Awards show that innovation comes from the grassroots level, whether from a geographic chapter or SIG. Some of the communities have done outstanding work in building and documenting solutions that can be applied across STC. For example, the Carolina chapter broke new ground in providing webinars for their geographically diverse membership and in partnering with Southeastern Michigan and Rochester to co-deliver online content.
  2. Relationships between communities bear fruit. STC recognized several chapters and SIGs with Community Achievement Awards and Pacesetter Awards. What I found interesting about the communities receiving the awards was that key leaders of these communities consulted with, counseled, mentored, and exchanged ideas with each  other. These awards aren’t a competition. The recipients found ways to build each other up during the year. My conversations with community leaders during the year sparked much of what the Rochester chapter accomplished and helped us move forward in unanticipated ways.
  3. STC will continue to move forward as it provides value, although with an increasingly new base. Although I believe membership is down slightly from last year, STC is operating in the black and is continuing to add new members. (Personally, I believe the tide has turned.) The launch of key initiatives such as certification and MySTC should have a continuing impact as we move forward.
  4. Twitter played (and will continue to play) a key role at Summit. Twitter was used in two chief ways at Summit: to tweet and retweet session content and to facilitate face-to-face networking opportunities. The Twitter stream using the #stc11 hashtag provided an easy way to find out what was happening. There were more than 5000 tweets associated with the #stc11 hashtag in less than a week. That’s a lot of communication.
  5. There are some really committed and capable people in and moving into community leadership. I’m very impressed with the earnestness and ability of the people I had the pleasure of meeting and talking with during Leadership Day and afterwards. I’ve only gotten to know the leadership of Toronto, Philadelphia, Carolina, and Southeastern Michigan at all well. What I’m seeing in those chapters is encouraging and demonstrates a desire to serve their members and to  strengthen STC as a whole. They’re not in it for their own glory. They’re in it to make us better.
  6. Leadership Day provides a foundation of knowledge and, more importantly, connections for new community leaders. I can’t overstress the importance of Leadership Day for the new and current leaders. Last year, I found the sessions explaining the intricacies of community leadership for new leaders absolutely critical to moving our chapter forward. This year I was able to participate in the progressions where community leaders shared their insights for success (and their struggles), providing sparks for new ideas and solutions for overcoming common, but vexing issues we face. Although I didn’t know it at the time, the connections I made at Leadership Day last year became my chief contacts in discussing issues and opportunities at the community level.
  7. MySTC can play a key role in strengthening community. MySTC provides a social networking platform on which members (and invitees) can share ideas, “friend” each other, create discussion and task groups, share photos and videos, and CONNECT with other members. We’re still figuring out how to use it. It’s not perfect, but it’s really great to have an easy way to connect with members outside and inside our current communities. The innovators among us will jump in and determine ways for us to work collaboratively.
  8. The vote on student membership rights at the business meeting was profound. Student members of STC were never enfranchised to vote in international elections, although their rights varied at the community level. The business meeting saw discussion and a vote on a proposed amendment to give them the vote. The proponents for student voting rights spoke passionately when presenting their arguments for passage of the student voting amendment. Opponents, although fewer, were articulate in their defense of the status quo. The amendment required a two-thirds vote of the members present. The amendment passed handily and the atmosphere in the room was charged. I did not expect the feeling of accomplishment we had when the amendment was approved.
  9. Certification may help the profession, especially by providing credentials for technical communicators who do not have degrees that relate clearly to the profession. I have degrees in anthropology, church history, and am ABD on my PhD in early modern European history. This is not obvious preparation for a career in technical communications. I was concerned about credentials so that I could get past initial screenings. Certification can provide credentials for those of us who have “non-standard” educational backgrounds.
  10. The content of the sessions at Summit was great. Isn’t it interesting that the content at Summit was the last thing I listed in my top ten? I enjoyed (and learned something in) almost all of the sessions I attended. However, for me the chief benefit of the conference was establishing and strengthening connections. These people are my techcomm tribe. They get it.
Enhanced by Zemanta

[twitter-follow screen_name=’benwoelk’ show_count=’yes’]


  • 0

Communications Liftoff! Rocketing Your Community to the Stars

Category:Infosec Communicator,Presentations,Social Networking,STC,STC Rochester,Summit,Uncategorized Tags : 

Society for Technical Communication Summit Conference Leadership Day Presentation, May 15, 2011

Join the discussion on MySTC at https://ow.ly/51WfG

Communications liftoff! rocketing your community v3[gigya width=”425″ height=”355″ src=”https://static.slidesharecdn.com/swf/ssplayer2.swf?doc=communicationsliftoffrocketingyourcommunityv3-110516012143-phpapp02&stripped_title=communications-liftoff-rocketing-your-community-v3-7976829&userName=bwoelk” quality=”high” flashvars=”gig_lt=1305529009890&gig_pt=1305529176796&gig_g=1&gig_n=wordpress” wmode=”tranparent” allowfullscreen=”true” ]

View more presentations from Ben Woelk

  • 0

Digital Self Defense for Technical Communicators, Part Three

Category:Cyberstalking,Facebook,Higher Education,Information Security,Infosec Communicator,Internet Safety,Privacy,Risk,Social Networking,STC,STC Rochester Tags : 

Digital Self Defense for Technical Communicators was first published in the Society for Technical Communication‘s Intercom magazine in November 2010.

How We’ve Communicated These Concepts at RIT

Higher education is a mix of cutting-edge and legacy computing systems. Unlike many large companies, most universities and colleges continue to use computing equipment well past its retirement age. At the other end of the spectrum, faculty and students always want the newest technology available. Securing such a heterogeneous environment is a challenge. With limited resources, RIT needed to find a way to reach a large user population that may be indifferent to security issues. Even worse, these users might consider themselves to be “experts,” especially because this is a technology university that attracts some of the brightest students.

To communicate digital security issues to RIT students, faculty, and administrators, we used standard communications vehicles such as a series of brochures on Internet safety topics and computer security requirements, email alerts and advisories for specific threats, and an RIT Information Security website containing electronic copies of the materials. We also used some more innovative methods, such as classes, social media, and community discussion and messaging.

Digital Self Defense

We developed a series of Digital Self Defense classes that we offered to faculty and staff. We advertised these classes through email, using every cliché about safe Internet use that we could think of. The initial class, “Introduction to Digital Self Defense,” was instructor led and primarily a presentation with discussion. In that class, we focused on communicating desktop, portable computer, and password standards. We also discussed safe Internet use.

New Student Orientation

Although the Digital Self Defense classes developed a strong following among faculty and especially staff, it was not an appropriate vehicle for reaching students. Recognizing that security awareness is a multi-year project, we developed an “up tempo” presentation to focus on three areas of concern to students: Safe Computing, Illegal File Sharing, and Safe Social Networking.

We discussed the various technical requirements for using computers at RIT after setting the stage by talking about the various threats students might face and the role of organized crime in creating malware. We incorporated video resources that illustrated key concepts or provided a “friendly” way to introduce concepts that we knew would be hotly debated by the students, such as illegal file sharing. To help students understand the need for safe social networking, we discussed examples of risky student Internet behavior at RIT and other universities. We also used videos to reinforce the importance of being selective about what information you place online.

Social Media

We established Facebook and Twitter accounts for the RIT Information Security Office designed to reach students. To build our fan base, we advertised the site through posters and emails, and we kick off each fall by entering students who become fans of the RIT Information Security Facebook page in a drawing for a $100 gift card. Over a three-year period, we gained almost 4,000 fans. We used the Facebook page to post articles about safe social networking and to engage fans in discussions about information security issues.

Phishy

RIT's Information Security Office mascot, Phishy, with Ritchie the Tiger

Phishing

Over the past couple of years, higher education has seen an increase in phishing attempts, known in the industry as “spear phishing.” Spear phishing targets a specific group of individuals by crafting emails or other “bait” that appear to come from a known and trusted source, such as a school’s information technology department. In 2009, RIT saw a string of phishing attempts that had, from our view, a success rate that was unacceptable. (As much as we’d like to block all phishing attempts and train our community to recognize and ignore such password requests, someone always falls for a well-crafted phish.)

Unsure of how best to combat the threat, we formed a team of our best information technology thinkers to address the issue. We chose a multipronged approach with both technology and people initiatives. We increased our email alerts and advisories to inform the community of the problem. Our Information Technology Services organization began prepending a warning message to all incoming emails that contained the word “password” in the text. However, we knew that this wouldn’t be enough to solve the problem. In conjunction with a poster campaign adapted from Yale University, our student employees wore a fish costume around campus; “Phishy” was an instant hit. Phishy reminded students to never respond to requests for their passwords. Although we haven’t been able to stop everyone from responding to phishing attempts, we usually see only a few people respond now.

Lessons Learned

Different messages require different vehicles. Faculty and staff may still use email as a primary means of communication. Students, however, get much of their information from social networking, so that’s where we need to be to reach them.

REFERENCES

“Facebook, Twitter Revolutionizing How Parents Stalk Their College-Aged Kids.” (www.theonion.com/video/facebook-twitter-revolutionizing-how-parents-stalk,14364/).

Moscaritolo, Angela. “InfoSec: 23 percent of users fall for spear phishing.” SC Magazine. 9 March 2009. (www.scmagazineus.com/infosec-23-percent-of-users-fall-for-spear-phishing/article/128480/).

Nation, Joe. “Facebook Mini Feeds with Steve.” (www.youtube.com/watch?v=w35cFqG4qLk).

RIT Information Security website (https://security.rit.edu).

RIT Information Security Facebook page (www.facebook.com/RITInfosec).

“Sophos Facebook ID probe shows 41% of users happy to reveal all to potential identity thieves.” 14 August 2007 (https://www.sophos.com/pressoffice/news/articles/2007/08/facebook.html).


Enhanced by Zemanta

  • 0

Digital Self Defense for Technical Communicators, Part Two

Category:Cyberstalking,Facebook,Higher Education,Information Security,Infosec Communicator,Internet Safety,Privacy,Risk,Social Networking,STC,STC Rochester Tags : 

Digital Self Defense for Technical Communicators was first published in the Society for Technical Communication‘s Intercom magazine in November 2010

Best Practices for Safer Social Networking

Organized crime is increasingly targeting users of social networking sites. Many computer criminals uses these sites to distribute viruses and malware, to find private information people have posted publicly, and to find targets for phishing/social engineering schemes.

Recognize and avoid phishing attempts. Phishing is a common technique in identity theft. We’ve all received phishing emails or instant messages that appear to link to a legitimate site. These emails and websites are designed to capture personal information, such as bank account passwords, social security numbers, and credit card numbers. They usually try to impart a sense of urgency, so that users will respond quickly. A 2009 study by The Intrepidus Group, a security consultancy, found that 23% of users worldwide will fall for a phishing attempt.

Detecting phishing attempts is not as straightforward as it used to be. Phishing emails once were easy to recognize because of poor spelling and grammar—something that most technical communicators would spot at a glance. Now phishing emails are often indistinguishable from official correspondence.

Use privacy settings. Many social networking sites such as Facebook allow the user to configure privacy settings to limit access to the information they post on the sites. However, default privacy settings are typically set to a level of access that is more open than you might prefer. Privacy controls may change, so it’s important to check your privacy settings periodically to ensure that the settings still protect information in the way that you intended.

Don’t post personal information online. It should be common sense, but the easiest way to keep your information private is to not post it online. Don’t post your full birth date, address, phone numbers, etc. Don’t hesitate to ask friends to remove embarrassing or sensitive information about you from their posts, either.

Be wary of others. Research by Sophos in 2007 found that 87 of 200 Facebook users receiving a friend request were willing to befriend a plastic green frog named Freddi Staur (an anagram of ID Fraudster). Freddi Staur gained access to their Facebook profiles and found that 41% of those approached revealed some type of personal information. Depending on the type of information you post on Facebook, it may not be the best idea to accept friend requests from strangers.

Search for your name. Use an Internet search engine to find out what personal information is easily accessible. Set up a Google Alert to see what new information about you appears online.

Keeping your information out of the wrong hands can be fairly easy if you think about what information you’re sharing before you post it.


Enhanced by Zemanta

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 2,235 other subscribers

Categories

Support Introverted Leadership on Patreon

Blubrry affiliate banner