Category Archives: Cyberstalking

  • 0

Digital Self Defense for Technical Communicators, Part Three

Category:Cyberstalking,Facebook,Higher Education,Information Security,Infosec Communicator,Internet Safety,Privacy,Risk,Social Networking,STC,STC Rochester Tags : 

Digital Self Defense for Technical Communicators was first published in the Society for Technical Communication‘s Intercom magazine in November 2010.

How We’ve Communicated These Concepts at RIT

Higher education is a mix of cutting-edge and legacy computing systems. Unlike many large companies, most universities and colleges continue to use computing equipment well past its retirement age. At the other end of the spectrum, faculty and students always want the newest technology available. Securing such a heterogeneous environment is a challenge. With limited resources, RIT needed to find a way to reach a large user population that may be indifferent to security issues. Even worse, these users might consider themselves to be “experts,” especially because this is a technology university that attracts some of the brightest students.

To communicate digital security issues to RIT students, faculty, and administrators, we used standard communications vehicles such as a series of brochures on Internet safety topics and computer security requirements, email alerts and advisories for specific threats, and an RIT Information Security website containing electronic copies of the materials. We also used some more innovative methods, such as classes, social media, and community discussion and messaging.

Digital Self Defense

We developed a series of Digital Self Defense classes that we offered to faculty and staff. We advertised these classes through email, using every cliché about safe Internet use that we could think of. The initial class, “Introduction to Digital Self Defense,” was instructor led and primarily a presentation with discussion. In that class, we focused on communicating desktop, portable computer, and password standards. We also discussed safe Internet use.

New Student Orientation

Although the Digital Self Defense classes developed a strong following among faculty and especially staff, it was not an appropriate vehicle for reaching students. Recognizing that security awareness is a multi-year project, we developed an “up tempo” presentation to focus on three areas of concern to students: Safe Computing, Illegal File Sharing, and Safe Social Networking.

We discussed the various technical requirements for using computers at RIT after setting the stage by talking about the various threats students might face and the role of organized crime in creating malware. We incorporated video resources that illustrated key concepts or provided a “friendly” way to introduce concepts that we knew would be hotly debated by the students, such as illegal file sharing. To help students understand the need for safe social networking, we discussed examples of risky student Internet behavior at RIT and other universities. We also used videos to reinforce the importance of being selective about what information you place online.

Social Media

We established Facebook and Twitter accounts for the RIT Information Security Office designed to reach students. To build our fan base, we advertised the site through posters and emails, and we kick off each fall by entering students who become fans of the RIT Information Security Facebook page in a drawing for a $100 gift card. Over a three-year period, we gained almost 4,000 fans. We used the Facebook page to post articles about safe social networking and to engage fans in discussions about information security issues.

Phishy

RIT's Information Security Office mascot, Phishy, with Ritchie the Tiger

Phishing

Over the past couple of years, higher education has seen an increase in phishing attempts, known in the industry as “spear phishing.” Spear phishing targets a specific group of individuals by crafting emails or other “bait” that appear to come from a known and trusted source, such as a school’s information technology department. In 2009, RIT saw a string of phishing attempts that had, from our view, a success rate that was unacceptable. (As much as we’d like to block all phishing attempts and train our community to recognize and ignore such password requests, someone always falls for a well-crafted phish.)

Unsure of how best to combat the threat, we formed a team of our best information technology thinkers to address the issue. We chose a multipronged approach with both technology and people initiatives. We increased our email alerts and advisories to inform the community of the problem. Our Information Technology Services organization began prepending a warning message to all incoming emails that contained the word “password” in the text. However, we knew that this wouldn’t be enough to solve the problem. In conjunction with a poster campaign adapted from Yale University, our student employees wore a fish costume around campus; “Phishy” was an instant hit. Phishy reminded students to never respond to requests for their passwords. Although we haven’t been able to stop everyone from responding to phishing attempts, we usually see only a few people respond now.

Lessons Learned

Different messages require different vehicles. Faculty and staff may still use email as a primary means of communication. Students, however, get much of their information from social networking, so that’s where we need to be to reach them.

REFERENCES

“Facebook, Twitter Revolutionizing How Parents Stalk Their College-Aged Kids.” (www.theonion.com/video/facebook-twitter-revolutionizing-how-parents-stalk,14364/).

Moscaritolo, Angela. “InfoSec: 23 percent of users fall for spear phishing.” SC Magazine. 9 March 2009. (www.scmagazineus.com/infosec-23-percent-of-users-fall-for-spear-phishing/article/128480/).

Nation, Joe. “Facebook Mini Feeds with Steve.” (www.youtube.com/watch?v=w35cFqG4qLk).

RIT Information Security website (https://security.rit.edu).

RIT Information Security Facebook page (www.facebook.com/RITInfosec).

“Sophos Facebook ID probe shows 41% of users happy to reveal all to potential identity thieves.” 14 August 2007 (https://www.sophos.com/pressoffice/news/articles/2007/08/facebook.html).


Enhanced by Zemanta

  • 0

Digital Self Defense for Technical Communicators, Part Two

Category:Cyberstalking,Facebook,Higher Education,Information Security,Infosec Communicator,Internet Safety,Privacy,Risk,Social Networking,STC,STC Rochester Tags : 

Digital Self Defense for Technical Communicators was first published in the Society for Technical Communication‘s Intercom magazine in November 2010

Best Practices for Safer Social Networking

Organized crime is increasingly targeting users of social networking sites. Many computer criminals uses these sites to distribute viruses and malware, to find private information people have posted publicly, and to find targets for phishing/social engineering schemes.

Recognize and avoid phishing attempts. Phishing is a common technique in identity theft. We’ve all received phishing emails or instant messages that appear to link to a legitimate site. These emails and websites are designed to capture personal information, such as bank account passwords, social security numbers, and credit card numbers. They usually try to impart a sense of urgency, so that users will respond quickly. A 2009 study by The Intrepidus Group, a security consultancy, found that 23% of users worldwide will fall for a phishing attempt.

Detecting phishing attempts is not as straightforward as it used to be. Phishing emails once were easy to recognize because of poor spelling and grammar—something that most technical communicators would spot at a glance. Now phishing emails are often indistinguishable from official correspondence.

Use privacy settings. Many social networking sites such as Facebook allow the user to configure privacy settings to limit access to the information they post on the sites. However, default privacy settings are typically set to a level of access that is more open than you might prefer. Privacy controls may change, so it’s important to check your privacy settings periodically to ensure that the settings still protect information in the way that you intended.

Don’t post personal information online. It should be common sense, but the easiest way to keep your information private is to not post it online. Don’t post your full birth date, address, phone numbers, etc. Don’t hesitate to ask friends to remove embarrassing or sensitive information about you from their posts, either.

Be wary of others. Research by Sophos in 2007 found that 87 of 200 Facebook users receiving a friend request were willing to befriend a plastic green frog named Freddi Staur (an anagram of ID Fraudster). Freddi Staur gained access to their Facebook profiles and found that 41% of those approached revealed some type of personal information. Depending on the type of information you post on Facebook, it may not be the best idea to accept friend requests from strangers.

Search for your name. Use an Internet search engine to find out what personal information is easily accessible. Set up a Google Alert to see what new information about you appears online.

Keeping your information out of the wrong hands can be fairly easy if you think about what information you’re sharing before you post it.


Enhanced by Zemanta

  • 0

Apps for Integrating Mobile Devices into Classroom Use and Campus Communications

Category:Cyberstalking,EDUCAUSE,Higher Education,Information Security,Infosec Communicator,mobile device,Privacy,Social Networking Tags : 

How many of you are integrating mobile devices into classroom work? In addition to my role as Policy and Awareness Analyst, I teach a couple of classes, Cyber Self Defense and Effective Technical Communication.

We discuss secure use of mobile devices in the Cyber Self Defense class. We’ve also talked about potential attacks on mobile device users, especially as the devices are used more for bank account access and making payments. We discuss the potential pitfalls of location services. (As an infosec guy, I’m always focusing on the should not’s rather than the should’s.)

I haven’t really thought too much about integration into the Effective Technical Communication class.

I’m struggling with how to integrate mobile use into either classroom or distance learning. Our students can access some content from our LMS, but so far the functionality is limited. Any successful (or not successful) experiences? Any ideas?

Wearing my Policy and Awareness Analyst hat, one of our strategies in increasing security awareness is to take our message to where the students are. We created a Facebook page for RIT Information Security and have driven up the number of fans by having a drawing each fall for a $100 Barnes & Noble gift card and believe the effort has had some success. As more students use mobile devices, we’re going to want to be where they are as well. One of our HEISC Awareness and Training Working Group members suggested creating an app for security awareness. I know of a Google App for this, but I’d like to have something personalized for our institution.

Have any of you created mobile apps to integrate coursework or for other communications? Are you pushing information to the devices or are you relying on the students pulling the information? Have you found existing apps that you’ve found useful?

Lots of questions. Can anyone suggest some answers?

Ben Woelk

Co-chair, Awareness and Training Working Group
EDUCAUSE/Internet2 Higher Education Information Security Council

Policy and Awareness Analyst
Rochester Institute of Technology

ben.woelk@rit.edu

https://security.rit.edu/dsd.html

Become a fan of RIT Information Security at https://rit.facebook.com/profile.php?id=6017464645

Follow me on Twitter: https://twitter.com/bwoelk

Follow my Infosec Communicator blog at https://benwoelk.wordpress.com

Please note that this blog entry is also posted as part of the EDUCAUSE Mobile Sprint #EDUSprint at https://ow.ly/4GFzf


  • 0

Top Ten Ways to Shockproof Your Use of Social Media

Category:Cyberstalking,Facebook,Information Security,Infosec Communicator,Internet Safety,Presentations,Social Networking,STC,Uncategorized Tags : 

How do you stay safe online? Here are ten ways to shockproof your use of social media:

Tip #1: Use strong passwords

Tip #2: Keep your computer patched and updated

Tip #3: Use appropriate security software

Tip #4: Learn to recognize phishing and other scams

Tip #5: Use social networks safely

Tip #6: Remember who else is using social networking sites

Tip #7: Be wary of others

Tip #8: Search for your name

Tip #9: Guard your personal information

Tip #10: Use privacy settings

Top Ten Ways to Shockproof Your Use of Social Media Presentation


  • 0

Digital Self Defense Workshop 101 (RRLC)

Category:Cyberstalking,Facebook,Higher Education,Information Security,Infosec Communicator,Internet Safety,Presentations,Privacy,Social Networking,Uncategorized Tags : 

I had the pleasure of presenting the following presentation to the Rochester Regional Library Council on Oct. 25th. It contains general Internet and computer safety tips and is slightly modified from a session we provide to faculty and staff at RIT.

Enhanced by Zemanta

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 2,234 other subscribers

Categories

Support Introverted Leadership on Patreon

Blubrry affiliate banner