Category Archives: Social Networking

  • 3

Top Ten Tips for Safe(r) Social Networking

Category:Information Security,Infosec Communicator,Internet Safety,Privacy,Social Networking,Uncategorized Tags : 

No lifeguard on dutyDid you know you’re a target every time you go online? Did you know that cyber criminals are targeting social networking sites? Do you know how to recognize a phishing attempt? Following these tips will help make your use of social networking sites safer. (Unfortunately, there’s no way to guarantee that you can use them safely.)

Tip #1: Use strong passwords/passphrases.

It’s important to use strong passwords because automated “cracking” programs can break weak passwords in minutes. At a minimum, you should use 8 characters (preferably 15 or more), mixing upper and lower case letters and numbers. Many websites also allow the use of longer passwords and special characters. Incorporating special characters into your password will make them more difficult to crack. You’ll also want to use different passwords on different accounts. Using a password safe such as LastPass will help you manage these passwords by generating strong passwords and then supplying them when needed.

Tip #2: Keep up to date.

Attackers take advantage of vulnerabilities in software to place malware on your computers. Keeping up to date with patches/updates helps thwart attackers from using “exploits” to attack known vulnerabilities. It’s important to keep both your Operating System (Windows, Mac OS, linux, etc.) and your applications (Microsoft Office, Adobe, QuickTime) patched.

Tip #3: Use security software.

It’s a good practice to follow the requirements of the RIT Desktop and Portable Computer Security Standard on personally-owned computers. Among other elements, the standard requires use of a firewall, antivirus, and anti-spyware programs. Many security suites contain all of the elements needed to protect your computer. (Your Internet Service Provider may also provide security software.)

Tip #4: Learn to recognize phishing attacks.

You’ve all seen phishing attacks. They’re typically emails that appear to come from a financial institution that ask you to verify information by providing your username and password. Never respond to these requests. Your financial institution should not need your password.

Tip #5: Think before you post.

Don’t post personal information (contact info, class schedule, residence, etc.) A talented hacker can see this, even if you’ve restricted your privacy settings! Don’t post potentially embarrassing or compromising photos. Be aware of what photos you’re being “tagged” in—don’t hesitate to ask others to remove photographs of you from their pages.

Tip #6: Remember who else is online.

Did you know that most employers “Google” prospective employees? Have you seen the stories of people’s homes being burglarized because they’ve posted their vacation plans online? Many people other than your friends use these sites.

Tip #7: Be wary of others.

You can’t really tell who’s using a social network account. If you use Facebook, you’ve certainly seen posts by your “friends” whose accounts have been compromised. Don’t feel like you have to accept every friend request, especially if you don’t know the person.

Tip #8: Search for your name.

Have you ever done a “vanity search?” Put your name in a search engine and see what it finds. Did you know that Google allows you to set up an Alert that will monitor when your name appears online? Setting this up with daily notifications will help you see where your name appears.

Tip #9: Guard your personal information.

Identity thieves can put together information you share to develop a profile to help them impersonate you. Be especially careful of Facebook applications. They may collect information that they sell to marketing companies or their databases could be compromised. Do they really need the information they’re requesting?

Tip #10: Use privacy settings.

Default settings in most social networks are set to sharing all information. Adjust the social network’s privacy settings to help protect your identity. Show “limited friends” a cut-down version of your profile. Choose the strongest privacy settings and then “open” them only if needed.

Enhanced by ZemantaAdd me to your circle on Google+

  • 3

Avoiding Phishing

Category:Information Security,Infosec Communicator,Social Networking,Uncategorized Tags : 

phishing

What’s the easiest way to break into a computer account?

Cracking the password? Putting a trojan on the computer? Hacking? Unfortunately, it’s simply tricking you into giving up your password through a technique known as phishing.

Computers have vulnerabilities that can be exploited by attackers using different types of malware. However, your attacker is as likely to come after you through “social engineering” as they are through malware. Just as our computers have vulnerabilities, we too are susceptible to attack!

Social Engineering Attacks

Social engineering attacks are attempts to trick you into revealing private information. Successful attacks may result in identity theft and loss of funds. Social engineering attacks take a number of different forms, including phishing attempts, work at home scams, and Nigerian 419 schemes. Attackers often take advantage of current events, such as the tsunami that hit Japan.

Phishing

This article deals with one type of online scam—phishing attempts. Phishing is a common technique in identity theft. We’ve all received phishing emails or instant messages that appear to link to a legitimate site. These emails and web sites are designed to capture personal information, such as bank account passwords, social security numbers and credit card numbers. Losses to phishing attempts are estimated to be as high as $500M every year.

How Phishing Works

  1. Phishers send out millions of emails disguised as official correspondence from a financial institution, e-tailer, ISP, etc.
  2. You receive the phishing attempt in your email.
  3. After opening the email, you click on the link to access your financial account.
  4. Clicking on the link takes you to a web site that looks just like a legitimate site.
  5. At this point, you enter your account and password information, which is captured by the person who sent out the phishing attempt.

Phishing emails used to be easy to recognize because of their poor spelling and grammar. Now, phishing emails are often indistinguishable from official correspondence. Anyone can put together a phishing attack using resources (or kits) purchased on the Internet.

Practice Safe Computing

Safe computing practices are the best defense against phishing. Here are a few safety tips:

  • Never click on links directly from an email. Type the address into the address bar or go to the institution’s web site and navigate to the correct location.
  • Use File/Properties to find out which website you’re really on. You can check the properties from the file menu or by right-clicking on the web page and selecting Properties.
  • Look for the proper symbol to indicate you’re on a secure web site. Secure web sites use a technique called SSL (Secure Socket Layer) that ensures the connection between you and the web site is private. This is indicated by “https://” instead of “https://” at the beginning of the address AND by a padlock icon which must be found either at the right end of the address bar or in the bottom right-hand corner of your browser window. A padlock appearing anywhere else on the page does not represent a secure site.

Browser Helpers and other Software Solutions

Although avoiding phishing attempts is typically a matter of following safe practices, there are a number of browser helpers available to help warn you of suspicious web sites. Browser helpers normally work as another toolbar in your browser. Use one or more for your protection:

  • The Netcraft Toolbar displays information about a web site including whether it is a new site (typical of phishing) and which country hosts it. If you’re visiting a United States banking site and the Netcraft Toolbar displays a Russian flag, you’re probably at a phishing site. The Netcraft Toolbar also works like a neighborhood watch community, blocking access to member-reported phishing sites.
  • McAfee Site Advisor adds icons to your search results indicating the relative safety of sites you’re visiting.
  • Internet Explorer and Firefox also provide limited protection by denying access to many known phishing sites. Firefox and Chrome integrate Google Safe Browsing technology.
Enhanced by Zemanta

  • 5

Parenting in the Cyber Age: A Parents’ Guide to Safer Social Networking

Category:Cyberstalking,Facebook,Infosec Communicator,Internet Safety,Privacy,Risk,Social Networking,Uncategorized Tags : 

At the computer
Are you as a parent worried about what your kids may encounter online? Are you unsure of how they or you can stay safe online when using social networking sites?  Although our kids are now college grads, we had the same concerns about the dangers our kids faced online as most of you do.

In my professional life, I’m a technical communicator at a large private technology university. I am responsible for making staff and students aware of information security issues—a role which has probably made me even more paranoid about the dangers out there on the Internet!

I’ve also had the opportunity to take part in a few K-12 Cyber Security Awareness initiative that gave me an opportunity to talk to teachers and parents about online issues and listen to their questions and concerns. I’ll address some of these concerns in this post. I am also interested in what you would like to know about security issues, so please comment on this post.

Oh…one other thing…my goal is to make this topic understandable for the average layperson. You do not need to be a technology expert to learn how to stay safe online and to keep your kids safe!

Social Networking Concerns

In the last several years, teens and young adults have flocked to social networking sites or blogging sites, such as MySpace and Facebook. This has given them opportunities to meet and communicate with people of similar interests, share information, gather numerous “friends,” share pictures and videos, and even discuss important issues. (Most of these social networking sites are inappropriate for preteens. Although most social networking sites require members to be at least 13, enforcement is next to impossible.)

Risks and Preventive Measures

Sharing Private information—It is extremely easy for unscrupulous people to gain access to you and your children’s private information. When your kids use social networking sites, read the site’s privacy policy. It tells you what information the owners of the web site collect, and how they intend to use it. Make sure that you and your kids understand how that information may be shared.

Profiles—Encourage your kids to guard their information. Keep private information private. Ask them to restrict access to their profiles, when possible, to “friends only.”

You may find that it’s hard for teenagers to take this seriously and understand the risks. Help them choose screen names carefully. Help them choose a reasonably “complex” password—at least 8 characters using a combination of upper and lower case letters, numbers, and symbols (when allowed).

Blogs—Encourage your kids to not share personal information, including their ages, schools, addresses, phone numbers, and parent and sibling names. Make sure they’re not posting information about their social plans. (Don’t give someone who is cyber stalking them information about where they’ll be at a given time.)

Moderating Comments—Ask your kids to approve comments by their friends before they allow them to be posted. Their friends may be less than careful with both their own and your kids’ information.

Inappropriate language and pictures—College admissions offices and potential employers search online to see what kind of information prospective students and employees post online, especially in social networking sites. If they see what appear to be “character issues” portrayed, your teens may not be accepted for their college or job of choice.

Making themselves a target—People can pose as anybody online. That 15-year-old friend might be a 45-year-old male looking for “company.” Sexual predators use social networking sites to identify and engage potential victims. Identity thieves look for private information to use to gain access to victim’s bank accounts or credit.

It’s forever—There is another big problem most of us do not think about. Information we post online NEVER really goes away. Even when you delete a blog entry or a picture, it is “cached” somewhere on the Internet. There are sites on the Internet that specialize in archiving other Web sites.

What you can do

  1. Talk to your kids.
  2. Ask them to help you set up your own profile and page on the same sites they use.
  3. Subscribe to their blogs and read what they are posting.
  4. Respond to their posts.
  5. Look at the pictures they have chosen to share.
  6. Find out who their friends are and see what kind of information they share.
  7. If you have a family computer, try to put it in an open area where you can see your kids’ online activities.
  8. If your family has multiple computers sharing an internet connection through a router, you may want to consider restricting the times their computers can connect to the Internet. Restricting access to reasonable hours helps ensure that they (or you) are not spending all night online.

My philosophy as a parent has been to teach my children how to interact with the world while maintaining their spiritual values. Despite your best efforts, your children are going to encounter these dangers at some time. In my experience, you cannot prevent them from doing something they are intent on doing.

Let’s make sure they know how to protect themselves now, before they’re in an environment where we aren’t there to supervise or teach these lessons.

An earlier version of this article was published previously in Christian Computing Magazine.
Enhanced by Zemanta

  • 9

Ten Ways to Shockproof Your Use of Social Networking Lightning Talk

Category:Cyberstalking,Facebook,Information Security,Infosec Communicator,Internet Safety,Presentations,Privacy,Risk,Social Networking,STC,Summit,Uncategorized Tags : 

I had the privilege of presenting my 25-minute presentation on Shockproofing Your Use of Social Media as a five-minute Lightning Talk at the STC Summit in Sacramento on May 18th.

Lightning talks introduce an additional element of stress for the presenters: the slides advance every 15 seconds whether they’re ready or not. Our audience was ~150 Summit attendees, so we were presenting to our peers as well.

It’s quite the experience sharing the stage with eight other presenters with totally different styles. Would I do it again? In a heartbeat!

Other STC Summit 2011 Lightning Talks

Enhanced by Zemanta

  • 20

Twitter Use at #STC11 Summit

Category:Infosec Communicator,Social Networking,STC,Summit,Uncategorized Tags : 

Last year, I kicked off this blog by posting about Twitter Use at the #STC10 Summit in Dallas. I thought it would be interesting to look at Twitter use at #STC11 as well.

Methodology

I’ve only analyzed results from May 13-21, 2011. However, use of the #STC11 hashtag occurred for months preceding this year’s Summit conference. (This is a departure from last year, when the use of tweets with the #STC10 hashtag started much later.) Because my Google RSS feed for #stc11 was unable to handle the volume of tweets this year, I relied on three sources for this post:

Graphical Portrayals of #STC11 Information

Wordle: #STC11 Summitb

Here’s a Wordle of the tweets containing the hashtag #stc11 from 5/13 through 5/21/11. If you’re unfamiliar with Wordle, it produces a wordcloud where the frequency of word usage determines the size of the words in the graphic.

Karen Mardahl*(@kmdk) began curating the #STC11 tweets in late April. The two graphics and lists below are taken from her archive.

#STC11 Tweets by User

#STC11 Tweets by User (from Karen Mardahl)

Top Twelve Twitter Handles (% Total Tweets)

  1. 9.55 % by torridence (Roger R.)
  2. 8.23% by techcom (Tony Chung)
  3. 7.88% by sushiblu (Jamie Gillenwater)
  4. 7.77% by bwoelk (Ben Woelk)
  5. 5.28% bytechcommdood (Bill Swallow)
  6. 4.89% by mojoguzzi (Joe Sokohl)
  7. 4.5% by rjhoughton (Rachel Houghton)
  8. 4.47% by stc_rochester (STC Rochester)
  9. 4.43% by RayGallon (Ray Gallon)
  10. 4.31% by willsansbury (Will Sansbury)
  11. 4.31% by afox98 (Alyssa Fox)
  12. 3.42% by ninjawritermama (Sarah Baca)

Selected Keywords (Occurrences)

Most-Commonly-Used-Words

Most Commonly Used Words (from Karen Mardahl)

  1. STCorg
  2. Techcomm
  3. STC11LD
  4. STC
  5. Summit
  6. &
  7. Session
  8. Content
  9. I’m
  10. Thanks

Observations

Again, contrary to some expectations, “beer” was not the most commonly used word in the tweets appearing only 13 times. (This was the same number of occurences as #stc10, but a much lower frequency.)

I’m not sure if there’s any correlation, but “karaoke” also appeared 14 times. The last two years have seen almost equal occurrences of beer and karaoke. Coincidence? I don’t think so!

Conclusions

Just like last year, Twitter provided a sense of community and a “conference within a conference.” Most tweets were positive, implying that many of the Twitter users enjoyed the conference.

I spent much of the conference meeting F2F with Tweeps gained from #stc10. If you’re not using Twitter at conference, I urge you to do so. You’ll find that it will create a new sense of comraderie with other Tweeters, and besides, that’s where all of the really cool STC people hang out!

I’ve curated the tweets into a 341-page MSWord document. This “raw” data is available upon request.

What are your thoughts and observations?

Ben

Postscript (5/28/11)

Vanessa Wilburn put together a more detailed analysis of the Twitter usage at #STC10. Her work focuses on the subject matter of the tweets. She found that after removing the “chitchat,” the twitter streams paralleled the key topics of the conference and that many of the tweets relayed content from or observations about specific sessions.


Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 2,235 other subscribers

Categories

Support Introverted Leadership on Patreon

Blubrry affiliate banner