Category Archives: Risk

  • 5

Parenting in the Cyber Age: A Parents’ Guide to Safer Social Networking

Category:Cyberstalking,Facebook,Infosec Communicator,Internet Safety,Privacy,Risk,Social Networking,Uncategorized Tags : 

At the computer
Are you as a parent worried about what your kids may encounter online? Are you unsure of how they or you can stay safe online when using social networking sites?  Although our kids are now college grads, we had the same concerns about the dangers our kids faced online as most of you do.

In my professional life, I’m a technical communicator at a large private technology university. I am responsible for making staff and students aware of information security issues—a role which has probably made me even more paranoid about the dangers out there on the Internet!

I’ve also had the opportunity to take part in a few K-12 Cyber Security Awareness initiative that gave me an opportunity to talk to teachers and parents about online issues and listen to their questions and concerns. I’ll address some of these concerns in this post. I am also interested in what you would like to know about security issues, so please comment on this post.

Oh…one other thing…my goal is to make this topic understandable for the average layperson. You do not need to be a technology expert to learn how to stay safe online and to keep your kids safe!

Social Networking Concerns

In the last several years, teens and young adults have flocked to social networking sites or blogging sites, such as MySpace and Facebook. This has given them opportunities to meet and communicate with people of similar interests, share information, gather numerous “friends,” share pictures and videos, and even discuss important issues. (Most of these social networking sites are inappropriate for preteens. Although most social networking sites require members to be at least 13, enforcement is next to impossible.)

Risks and Preventive Measures

Sharing Private information—It is extremely easy for unscrupulous people to gain access to you and your children’s private information. When your kids use social networking sites, read the site’s privacy policy. It tells you what information the owners of the web site collect, and how they intend to use it. Make sure that you and your kids understand how that information may be shared.

Profiles—Encourage your kids to guard their information. Keep private information private. Ask them to restrict access to their profiles, when possible, to “friends only.”

You may find that it’s hard for teenagers to take this seriously and understand the risks. Help them choose screen names carefully. Help them choose a reasonably “complex” password—at least 8 characters using a combination of upper and lower case letters, numbers, and symbols (when allowed).

Blogs—Encourage your kids to not share personal information, including their ages, schools, addresses, phone numbers, and parent and sibling names. Make sure they’re not posting information about their social plans. (Don’t give someone who is cyber stalking them information about where they’ll be at a given time.)

Moderating Comments—Ask your kids to approve comments by their friends before they allow them to be posted. Their friends may be less than careful with both their own and your kids’ information.

Inappropriate language and pictures—College admissions offices and potential employers search online to see what kind of information prospective students and employees post online, especially in social networking sites. If they see what appear to be “character issues” portrayed, your teens may not be accepted for their college or job of choice.

Making themselves a target—People can pose as anybody online. That 15-year-old friend might be a 45-year-old male looking for “company.” Sexual predators use social networking sites to identify and engage potential victims. Identity thieves look for private information to use to gain access to victim’s bank accounts or credit.

It’s forever—There is another big problem most of us do not think about. Information we post online NEVER really goes away. Even when you delete a blog entry or a picture, it is “cached” somewhere on the Internet. There are sites on the Internet that specialize in archiving other Web sites.

What you can do

  1. Talk to your kids.
  2. Ask them to help you set up your own profile and page on the same sites they use.
  3. Subscribe to their blogs and read what they are posting.
  4. Respond to their posts.
  5. Look at the pictures they have chosen to share.
  6. Find out who their friends are and see what kind of information they share.
  7. If you have a family computer, try to put it in an open area where you can see your kids’ online activities.
  8. If your family has multiple computers sharing an internet connection through a router, you may want to consider restricting the times their computers can connect to the Internet. Restricting access to reasonable hours helps ensure that they (or you) are not spending all night online.

My philosophy as a parent has been to teach my children how to interact with the world while maintaining their spiritual values. Despite your best efforts, your children are going to encounter these dangers at some time. In my experience, you cannot prevent them from doing something they are intent on doing.

Let’s make sure they know how to protect themselves now, before they’re in an environment where we aren’t there to supervise or teach these lessons.

An earlier version of this article was published previously in Christian Computing Magazine.
Enhanced by Zemanta

  • 9

Ten Ways to Shockproof Your Use of Social Networking Lightning Talk

Category:Cyberstalking,Facebook,Information Security,Infosec Communicator,Internet Safety,Presentations,Privacy,Risk,Social Networking,STC,Summit,Uncategorized Tags : 

I had the privilege of presenting my 25-minute presentation on Shockproofing Your Use of Social Media as a five-minute Lightning Talk at the STC Summit in Sacramento on May 18th.

Lightning talks introduce an additional element of stress for the presenters: the slides advance every 15 seconds whether they’re ready or not. Our audience was ~150 Summit attendees, so we were presenting to our peers as well.

It’s quite the experience sharing the stage with eight other presenters with totally different styles. Would I do it again? In a heartbeat!

Other STC Summit 2011 Lightning Talks

Enhanced by Zemanta

  • 0

Digital Self Defense for Technical Communicators, Part Three

Category:Cyberstalking,Facebook,Higher Education,Information Security,Infosec Communicator,Internet Safety,Privacy,Risk,Social Networking,STC,STC Rochester Tags : 

Digital Self Defense for Technical Communicators was first published in the Society for Technical Communication‘s Intercom magazine in November 2010.

How We’ve Communicated These Concepts at RIT

Higher education is a mix of cutting-edge and legacy computing systems. Unlike many large companies, most universities and colleges continue to use computing equipment well past its retirement age. At the other end of the spectrum, faculty and students always want the newest technology available. Securing such a heterogeneous environment is a challenge. With limited resources, RIT needed to find a way to reach a large user population that may be indifferent to security issues. Even worse, these users might consider themselves to be “experts,” especially because this is a technology university that attracts some of the brightest students.

To communicate digital security issues to RIT students, faculty, and administrators, we used standard communications vehicles such as a series of brochures on Internet safety topics and computer security requirements, email alerts and advisories for specific threats, and an RIT Information Security website containing electronic copies of the materials. We also used some more innovative methods, such as classes, social media, and community discussion and messaging.

Digital Self Defense

We developed a series of Digital Self Defense classes that we offered to faculty and staff. We advertised these classes through email, using every cliché about safe Internet use that we could think of. The initial class, “Introduction to Digital Self Defense,” was instructor led and primarily a presentation with discussion. In that class, we focused on communicating desktop, portable computer, and password standards. We also discussed safe Internet use.

New Student Orientation

Although the Digital Self Defense classes developed a strong following among faculty and especially staff, it was not an appropriate vehicle for reaching students. Recognizing that security awareness is a multi-year project, we developed an “up tempo” presentation to focus on three areas of concern to students: Safe Computing, Illegal File Sharing, and Safe Social Networking.

We discussed the various technical requirements for using computers at RIT after setting the stage by talking about the various threats students might face and the role of organized crime in creating malware. We incorporated video resources that illustrated key concepts or provided a “friendly” way to introduce concepts that we knew would be hotly debated by the students, such as illegal file sharing. To help students understand the need for safe social networking, we discussed examples of risky student Internet behavior at RIT and other universities. We also used videos to reinforce the importance of being selective about what information you place online.

Social Media

We established Facebook and Twitter accounts for the RIT Information Security Office designed to reach students. To build our fan base, we advertised the site through posters and emails, and we kick off each fall by entering students who become fans of the RIT Information Security Facebook page in a drawing for a $100 gift card. Over a three-year period, we gained almost 4,000 fans. We used the Facebook page to post articles about safe social networking and to engage fans in discussions about information security issues.

Phishy

RIT's Information Security Office mascot, Phishy, with Ritchie the Tiger

Phishing

Over the past couple of years, higher education has seen an increase in phishing attempts, known in the industry as “spear phishing.” Spear phishing targets a specific group of individuals by crafting emails or other “bait” that appear to come from a known and trusted source, such as a school’s information technology department. In 2009, RIT saw a string of phishing attempts that had, from our view, a success rate that was unacceptable. (As much as we’d like to block all phishing attempts and train our community to recognize and ignore such password requests, someone always falls for a well-crafted phish.)

Unsure of how best to combat the threat, we formed a team of our best information technology thinkers to address the issue. We chose a multipronged approach with both technology and people initiatives. We increased our email alerts and advisories to inform the community of the problem. Our Information Technology Services organization began prepending a warning message to all incoming emails that contained the word “password” in the text. However, we knew that this wouldn’t be enough to solve the problem. In conjunction with a poster campaign adapted from Yale University, our student employees wore a fish costume around campus; “Phishy” was an instant hit. Phishy reminded students to never respond to requests for their passwords. Although we haven’t been able to stop everyone from responding to phishing attempts, we usually see only a few people respond now.

Lessons Learned

Different messages require different vehicles. Faculty and staff may still use email as a primary means of communication. Students, however, get much of their information from social networking, so that’s where we need to be to reach them.

REFERENCES

“Facebook, Twitter Revolutionizing How Parents Stalk Their College-Aged Kids.” (www.theonion.com/video/facebook-twitter-revolutionizing-how-parents-stalk,14364/).

Moscaritolo, Angela. “InfoSec: 23 percent of users fall for spear phishing.” SC Magazine. 9 March 2009. (www.scmagazineus.com/infosec-23-percent-of-users-fall-for-spear-phishing/article/128480/).

Nation, Joe. “Facebook Mini Feeds with Steve.” (www.youtube.com/watch?v=w35cFqG4qLk).

RIT Information Security website (https://security.rit.edu).

RIT Information Security Facebook page (www.facebook.com/RITInfosec).

“Sophos Facebook ID probe shows 41% of users happy to reveal all to potential identity thieves.” 14 August 2007 (https://www.sophos.com/pressoffice/news/articles/2007/08/facebook.html).


Enhanced by Zemanta

  • 0

Digital Self Defense for Technical Communicators, Part Two

Category:Cyberstalking,Facebook,Higher Education,Information Security,Infosec Communicator,Internet Safety,Privacy,Risk,Social Networking,STC,STC Rochester Tags : 

Digital Self Defense for Technical Communicators was first published in the Society for Technical Communication‘s Intercom magazine in November 2010

Best Practices for Safer Social Networking

Organized crime is increasingly targeting users of social networking sites. Many computer criminals uses these sites to distribute viruses and malware, to find private information people have posted publicly, and to find targets for phishing/social engineering schemes.

Recognize and avoid phishing attempts. Phishing is a common technique in identity theft. We’ve all received phishing emails or instant messages that appear to link to a legitimate site. These emails and websites are designed to capture personal information, such as bank account passwords, social security numbers, and credit card numbers. They usually try to impart a sense of urgency, so that users will respond quickly. A 2009 study by The Intrepidus Group, a security consultancy, found that 23% of users worldwide will fall for a phishing attempt.

Detecting phishing attempts is not as straightforward as it used to be. Phishing emails once were easy to recognize because of poor spelling and grammar—something that most technical communicators would spot at a glance. Now phishing emails are often indistinguishable from official correspondence.

Use privacy settings. Many social networking sites such as Facebook allow the user to configure privacy settings to limit access to the information they post on the sites. However, default privacy settings are typically set to a level of access that is more open than you might prefer. Privacy controls may change, so it’s important to check your privacy settings periodically to ensure that the settings still protect information in the way that you intended.

Don’t post personal information online. It should be common sense, but the easiest way to keep your information private is to not post it online. Don’t post your full birth date, address, phone numbers, etc. Don’t hesitate to ask friends to remove embarrassing or sensitive information about you from their posts, either.

Be wary of others. Research by Sophos in 2007 found that 87 of 200 Facebook users receiving a friend request were willing to befriend a plastic green frog named Freddi Staur (an anagram of ID Fraudster). Freddi Staur gained access to their Facebook profiles and found that 41% of those approached revealed some type of personal information. Depending on the type of information you post on Facebook, it may not be the best idea to accept friend requests from strangers.

Search for your name. Use an Internet search engine to find out what personal information is easily accessible. Set up a Google Alert to see what new information about you appears online.

Keeping your information out of the wrong hands can be fairly easy if you think about what information you’re sharing before you post it.


Enhanced by Zemanta

  • 1

Digital Self Defense for Technical Communicators, Part One

Category:Higher Education,Information Security,Infosec Communicator,Internet Safety,Risk,STC,STC Rochester,Uncategorized Tags : 

Digital Self Defense for Technical Communicators was first published in the Society for Technical Communication‘s Intercom magazine in November 2010. I’ll be reproducing the article in several parts over the next few days.

What do technical communicators need to know about information security? How do they protect both their private information and professional assets, including work they may be doing for a client? How can they leverage and use social media safely and effectively? This article discusses key security measures you as a technical communicator and computer user can take to protect yourself and others, and it offers best practices for safe use of social media. I’ll also provide examples of how we’ve addressed similar user security awareness issues at the Rochester Institute of Technology (RIT).

I’ve been creating end-user communications and developing change management materials for 16 years. I’m currently responsible for policy development and security awareness in the Information Security Office at the Rochester Institute of Technology, one of the largest private universities in the country and home to more than 18,000 faculty, staff, and students. We communicate a number of different techniques for computer users to protect themselves and others. We’ve branded our awareness initiatives as Digital Self Defense. Many of these digital self-defense techniques are useful for technical communicators, too.

Five Ways to Secure Your Computer “Technically”

Keep your computer’s operating system and applications up to date. When was the last time you updated your software? Although Microsoft Windows and Macintosh OS X can be configured to check for and install updates (also known as patches) automatically, you should check to make sure this feature is enabled. Applications are another story. Many of them have auto-update features, but again, they may not be enabled by default. In addition, some applications (Adobe and Firefox, for example) require that you are logged in as an administrator in order to install the updates. (This is less of an issue with Windows 7 because it prompts you to accept updates.) For older operating systems, such as Windows XP, some updates won’t install because you’re using an account with limited privileges (a security best practice).

Install antivirus software and enable automatic updates. Many computers are shipped with free trial versions of antivirus software, such as Norton or McAfee. These trial versions often expire after three months. Many home users choose not to subscribe when the free version expires and use their computer with no antivirus software. Several years ago, an AOL study found that almost 85% of home computers were either not up to date or not running antivirus software.

Macintosh users often do not know that they should be running antivirus software. In my opinion, the Macintosh advertising campaigns have led many Macintosh users into a false sense of security. We see this every fall at RIT when new users arrive. The RIT Information Security Office has investigated incidents involving compromised Macintosh computers several times during the past year. Not only is malware (malicious software) being developed to target Macs, users may also receive Windows malware in their mail and pass it on unknowingly to Windows users.

Several companies offer free versions of their antivirus software for Windows and Macintosh computers. AVG and Avast are two well-known programs. Do not use more than one antivirus program on your computer because they will probably interfere with each other.

Install anti-spyware. Spyware tracks your browsing habits and reports the information to an external party. It’s possible for a computer user to host hundreds or even thousands of spyware programs. Antivirus software may not detect spyware, so it’s necessary to use an anti-spyware program.

There are several free anti-spyware programs available for Windows computers. Spybot Search & Destroy, Microsoft Defender, and Ad-Aware are good examples, but note that recent versions of Ad-Aware include an antivirus component. This will probably conflict with another antivirus program you’re running.

Spyware targeting Macintosh computers is just starting to become a threat; there are few anti-spyware programs designed for Macintosh.

Use a firewall. A firewall prevents unauthorized communication with your computer. It will also help protect you against worms, a type of malware that does not need user interaction to spread. Connecting an unpatched (not up-to-date) computer to the Internet or to a network without a firewall will result in the computer being infected within minutes. The Windows and Macintosh operating systems currently include a firewall. However, they may not be enabled by default. Ensure that a firewall is enabled.

Use an account with limited privileges. If you’re using a computer that has the Windows XP operating system, your day-to-day work should be done using an account with limited privileges. A limited account allows you to run most software programs, use your email, browse the Internet, etc. However, a limited account does not allow you to install software. (To install software, you need an administrative account.) Using a limited account may prevent some malware from installing itself on your computer. Newer Macintosh and Windows 7 computers (and the much maligned Windows Vista) force you to authorize program installations, limiting the ability of malware to install itself on your computer.

Enhanced by Zemanta

Site Search

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 2,112 other subscribers

Categories

Support Introverted Leadership on Patreon

Blubrry affiliate banner