Tag Archives: Privacy

  • 1

  • 3

Top Ten Tips for Safe(r) Social Networking

Category:Information Security,Infosec Communicator,Internet Safety,Privacy,Social Networking,Uncategorized Tags : 

No lifeguard on dutyDid you know you’re a target every time you go online? Did you know that cyber criminals are targeting social networking sites? Do you know how to recognize a phishing attempt? Following these tips will help make your use of social networking sites safer. (Unfortunately, there’s no way to guarantee that you can use them safely.)

Tip #1: Use strong passwords/passphrases.

It’s important to use strong passwords because automated “cracking” programs can break weak passwords in minutes. At a minimum, you should use 8 characters (preferably 15 or more), mixing upper and lower case letters and numbers. Many websites also allow the use of longer passwords and special characters. Incorporating special characters into your password will make them more difficult to crack. You’ll also want to use different passwords on different accounts. Using a password safe such as LastPass will help you manage these passwords by generating strong passwords and then supplying them when needed.

Tip #2: Keep up to date.

Attackers take advantage of vulnerabilities in software to place malware on your computers. Keeping up to date with patches/updates helps thwart attackers from using “exploits” to attack known vulnerabilities. It’s important to keep both your Operating System (Windows, Mac OS, linux, etc.) and your applications (Microsoft Office, Adobe, QuickTime) patched.

Tip #3: Use security software.

It’s a good practice to follow the requirements of the RIT Desktop and Portable Computer Security Standard on personally-owned computers. Among other elements, the standard requires use of a firewall, antivirus, and anti-spyware programs. Many security suites contain all of the elements needed to protect your computer. (Your Internet Service Provider may also provide security software.)

Tip #4: Learn to recognize phishing attacks.

You’ve all seen phishing attacks. They’re typically emails that appear to come from a financial institution that ask you to verify information by providing your username and password. Never respond to these requests. Your financial institution should not need your password.

Tip #5: Think before you post.

Don’t post personal information (contact info, class schedule, residence, etc.) A talented hacker can see this, even if you’ve restricted your privacy settings! Don’t post potentially embarrassing or compromising photos. Be aware of what photos you’re being “tagged” in—don’t hesitate to ask others to remove photographs of you from their pages.

Tip #6: Remember who else is online.

Did you know that most employers “Google” prospective employees? Have you seen the stories of people’s homes being burglarized because they’ve posted their vacation plans online? Many people other than your friends use these sites.

Tip #7: Be wary of others.

You can’t really tell who’s using a social network account. If you use Facebook, you’ve certainly seen posts by your “friends” whose accounts have been compromised. Don’t feel like you have to accept every friend request, especially if you don’t know the person.

Tip #8: Search for your name.

Have you ever done a “vanity search?” Put your name in a search engine and see what it finds. Did you know that Google allows you to set up an Alert that will monitor when your name appears online? Setting this up with daily notifications will help you see where your name appears.

Tip #9: Guard your personal information.

Identity thieves can put together information you share to develop a profile to help them impersonate you. Be especially careful of Facebook applications. They may collect information that they sell to marketing companies or their databases could be compromised. Do they really need the information they’re requesting?

Tip #10: Use privacy settings.

Default settings in most social networks are set to sharing all information. Adjust the social network’s privacy settings to help protect your identity. Show “limited friends” a cut-down version of your profile. Choose the strongest privacy settings and then “open” them only if needed.

Enhanced by ZemantaAdd me to your circle on Google+

  • 2

How Much Does Facebook Know About You? The Two Facebook Dogs Revisited

Category:Facebook,Information Security,Infosec Communicator,Internet Safety,Privacy,techcomm,Uncategorized Tags : 
I attended RIT’s Faculty Institute for Teaching and Learning this week. Mark Greenfield, SUNY Buffalo, delivered a keynote on “Born to be Wired: Technology, Communication, and the Millennial Generation.” There was a lot of useful content, and I encourage you to follow Mark Greenfield on Twitter (@markgr) and check out his resources posted on Delicious.
Among the many things Mark discussed was the ongoing issue of Facebook privacy settings and how difficulty they are to administer properly. He shared Rob Cottingham’s recent Noise to Signal Cartoon with us.


Noise to Signal Cartoon

Rob Cottingham had done an earlier cartoon on the subject as well:

Rob Cottingham was inspired by the famous Peter Steiner cartoon.

Does any of this matter to you?

How much do you worry about how Facebook handles your information? When you post on Facebook, do you think about who might have access to your information? Have you given up on protecting your privacy online?

I can only wonder what the next cartoon will be.

Related Links



  • 9

Ten Ways to Shockproof Your Use of Social Networking Lightning Talk

Category:Cyberstalking,Facebook,Information Security,Infosec Communicator,Internet Safety,Presentations,Privacy,Risk,Social Networking,STC,Summit,Uncategorized Tags : 

I had the privilege of presenting my 25-minute presentation on Shockproofing Your Use of Social Media as a five-minute Lightning Talk at the STC Summit in Sacramento on May 18th.

Lightning talks introduce an additional element of stress for the presenters: the slides advance every 15 seconds whether they’re ready or not. Our audience was ~150 Summit attendees, so we were presenting to our peers as well.

It’s quite the experience sharing the stage with eight other presenters with totally different styles. Would I do it again? In a heartbeat!

Other STC Summit 2011 Lightning Talks

Enhanced by Zemanta

  • 0

Secure Mobile-an Oxymoron? (Redux)

Category:EDUCAUSE,Higher Education,Information Security,Infosec Communicator,mobile device,Privacy,Risk,Uncategorized Tags : 

Responses to the #1 topic on IdeaScale, “Consumers dictate device usage, not IT,” indicate that MANY of you believe consumers will drive smartphone adoption in Higher Education, while the sentiment around the topic, “Get rid of the walls around your enterprise data,” indicates that quite a few of you believe that core university data should be accessible to smartphone users.

However, yesterday’s polls have shown that not even all of the attendees of yesterday’s webinar use PINS or swipe patterns on their smartphones. The inherent difficulties in entering a complex password on a smartphone increase the likelihood that users will rely on simple passwords, if any, to access their devices. At the same time, users are expecting access to more and more university resources through their smartphones, increasing the risk of a data breach.

Where does security fit into this picture?

In Thursday’s webinar, “Smartphone Privacy & Security, What Should We Teach Our Users?“, the speaker, Norman Sadeh, indicated that mobile users are three times more likely to fall for phishing attempts. That statistic implies that spear phishing against university communities, which already demonstrates more success than we’re comfortable with, will be even more effective against smartphone users. As we find ourselves more and more hurried, making quick decisions just to handle the ever-increasing stream of information flowing at us, we’re more prone to fall for these attacks.

I would guess that many of us who own smartphones are using them to access our university e-mail, if not other university resources. Most of us don’t have any control over whether someone may e-mail us private or confidential information. If our smartphones become the weakest link in protecting data, they will be targeted.

How many of us have misplaced our smartphones or left them sitting on our desk in an unsecured office? Have you left your smartphone in a taxi or on a shuttle bus?

Increased access to university data is a desirable convenience. Will we be able to get the right combination of security controls, user training, and policies in place to allow smartphone access without it leading to a security breach resulting in a notification event or embarrassment to the university? What kinds of security controls are you using to prevent this? What security apps do you recommend to your users?

Lots of troublesome questions. Where are the answers?

Ben Woelk
Co-chair, Awareness and Training Working Group
EDUCAUSE/Internet2 Higher Education Information Security Council

Policy and Awareness Analyst
Rochester Institute of Technology

ben.woelk@rit.edu
https://security.rit.edu/dsd.html
Become a fan of RIT Information Security at https://rit.facebook.com/profile.php?id=6017464645
Follow me on Twitter: https://twitter.com/bwoelk
Follow my Infosec Communicator blog at https://benwoelk.wordpress.com

This blog entry is part of the EDUCAUSE Mobile Computing Sprint and is cross-posted at https://www.educause.edu/blog/bwoelk/SecureMobileanOxymoron/227983


Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 2,235 other subscribers

Categories

Support Introverted Leadership on Patreon

Blubrry affiliate banner