Category Archives: Social Networking

  • 0

Communications Liftoff! Rocketing Your Community to the Stars

Category:Infosec Communicator,Presentations,Social Networking,STC,STC Rochester,Summit,Uncategorized Tags : 

Society for Technical Communication Summit Conference Leadership Day Presentation, May 15, 2011

Join the discussion on MySTC at https://ow.ly/51WfG

Communications liftoff! rocketing your community v3[gigya width=”425″ height=”355″ src=”https://static.slidesharecdn.com/swf/ssplayer2.swf?doc=communicationsliftoffrocketingyourcommunityv3-110516012143-phpapp02&stripped_title=communications-liftoff-rocketing-your-community-v3-7976829&userName=bwoelk” quality=”high” flashvars=”gig_lt=1305529009890&gig_pt=1305529176796&gig_g=1&gig_n=wordpress” wmode=”tranparent” allowfullscreen=”true” ]

View more presentations from Ben Woelk

  • 0

Digital Self Defense for Technical Communicators, Part Three

Category:Cyberstalking,Facebook,Higher Education,Information Security,Infosec Communicator,Internet Safety,Privacy,Risk,Social Networking,STC,STC Rochester Tags : 

Digital Self Defense for Technical Communicators was first published in the Society for Technical Communication‘s Intercom magazine in November 2010.

How We’ve Communicated These Concepts at RIT

Higher education is a mix of cutting-edge and legacy computing systems. Unlike many large companies, most universities and colleges continue to use computing equipment well past its retirement age. At the other end of the spectrum, faculty and students always want the newest technology available. Securing such a heterogeneous environment is a challenge. With limited resources, RIT needed to find a way to reach a large user population that may be indifferent to security issues. Even worse, these users might consider themselves to be “experts,” especially because this is a technology university that attracts some of the brightest students.

To communicate digital security issues to RIT students, faculty, and administrators, we used standard communications vehicles such as a series of brochures on Internet safety topics and computer security requirements, email alerts and advisories for specific threats, and an RIT Information Security website containing electronic copies of the materials. We also used some more innovative methods, such as classes, social media, and community discussion and messaging.

Digital Self Defense

We developed a series of Digital Self Defense classes that we offered to faculty and staff. We advertised these classes through email, using every cliché about safe Internet use that we could think of. The initial class, “Introduction to Digital Self Defense,” was instructor led and primarily a presentation with discussion. In that class, we focused on communicating desktop, portable computer, and password standards. We also discussed safe Internet use.

New Student Orientation

Although the Digital Self Defense classes developed a strong following among faculty and especially staff, it was not an appropriate vehicle for reaching students. Recognizing that security awareness is a multi-year project, we developed an “up tempo” presentation to focus on three areas of concern to students: Safe Computing, Illegal File Sharing, and Safe Social Networking.

We discussed the various technical requirements for using computers at RIT after setting the stage by talking about the various threats students might face and the role of organized crime in creating malware. We incorporated video resources that illustrated key concepts or provided a “friendly” way to introduce concepts that we knew would be hotly debated by the students, such as illegal file sharing. To help students understand the need for safe social networking, we discussed examples of risky student Internet behavior at RIT and other universities. We also used videos to reinforce the importance of being selective about what information you place online.

Social Media

We established Facebook and Twitter accounts for the RIT Information Security Office designed to reach students. To build our fan base, we advertised the site through posters and emails, and we kick off each fall by entering students who become fans of the RIT Information Security Facebook page in a drawing for a $100 gift card. Over a three-year period, we gained almost 4,000 fans. We used the Facebook page to post articles about safe social networking and to engage fans in discussions about information security issues.

Phishy

RIT's Information Security Office mascot, Phishy, with Ritchie the Tiger

Phishing

Over the past couple of years, higher education has seen an increase in phishing attempts, known in the industry as “spear phishing.” Spear phishing targets a specific group of individuals by crafting emails or other “bait” that appear to come from a known and trusted source, such as a school’s information technology department. In 2009, RIT saw a string of phishing attempts that had, from our view, a success rate that was unacceptable. (As much as we’d like to block all phishing attempts and train our community to recognize and ignore such password requests, someone always falls for a well-crafted phish.)

Unsure of how best to combat the threat, we formed a team of our best information technology thinkers to address the issue. We chose a multipronged approach with both technology and people initiatives. We increased our email alerts and advisories to inform the community of the problem. Our Information Technology Services organization began prepending a warning message to all incoming emails that contained the word “password” in the text. However, we knew that this wouldn’t be enough to solve the problem. In conjunction with a poster campaign adapted from Yale University, our student employees wore a fish costume around campus; “Phishy” was an instant hit. Phishy reminded students to never respond to requests for their passwords. Although we haven’t been able to stop everyone from responding to phishing attempts, we usually see only a few people respond now.

Lessons Learned

Different messages require different vehicles. Faculty and staff may still use email as a primary means of communication. Students, however, get much of their information from social networking, so that’s where we need to be to reach them.

REFERENCES

“Facebook, Twitter Revolutionizing How Parents Stalk Their College-Aged Kids.” (www.theonion.com/video/facebook-twitter-revolutionizing-how-parents-stalk,14364/).

Moscaritolo, Angela. “InfoSec: 23 percent of users fall for spear phishing.” SC Magazine. 9 March 2009. (www.scmagazineus.com/infosec-23-percent-of-users-fall-for-spear-phishing/article/128480/).

Nation, Joe. “Facebook Mini Feeds with Steve.” (www.youtube.com/watch?v=w35cFqG4qLk).

RIT Information Security website (https://security.rit.edu).

RIT Information Security Facebook page (www.facebook.com/RITInfosec).

“Sophos Facebook ID probe shows 41% of users happy to reveal all to potential identity thieves.” 14 August 2007 (https://www.sophos.com/pressoffice/news/articles/2007/08/facebook.html).


Enhanced by Zemanta

  • 0

Digital Self Defense for Technical Communicators, Part Two

Category:Cyberstalking,Facebook,Higher Education,Information Security,Infosec Communicator,Internet Safety,Privacy,Risk,Social Networking,STC,STC Rochester Tags : 

Digital Self Defense for Technical Communicators was first published in the Society for Technical Communication‘s Intercom magazine in November 2010

Best Practices for Safer Social Networking

Organized crime is increasingly targeting users of social networking sites. Many computer criminals uses these sites to distribute viruses and malware, to find private information people have posted publicly, and to find targets for phishing/social engineering schemes.

Recognize and avoid phishing attempts. Phishing is a common technique in identity theft. We’ve all received phishing emails or instant messages that appear to link to a legitimate site. These emails and websites are designed to capture personal information, such as bank account passwords, social security numbers, and credit card numbers. They usually try to impart a sense of urgency, so that users will respond quickly. A 2009 study by The Intrepidus Group, a security consultancy, found that 23% of users worldwide will fall for a phishing attempt.

Detecting phishing attempts is not as straightforward as it used to be. Phishing emails once were easy to recognize because of poor spelling and grammar—something that most technical communicators would spot at a glance. Now phishing emails are often indistinguishable from official correspondence.

Use privacy settings. Many social networking sites such as Facebook allow the user to configure privacy settings to limit access to the information they post on the sites. However, default privacy settings are typically set to a level of access that is more open than you might prefer. Privacy controls may change, so it’s important to check your privacy settings periodically to ensure that the settings still protect information in the way that you intended.

Don’t post personal information online. It should be common sense, but the easiest way to keep your information private is to not post it online. Don’t post your full birth date, address, phone numbers, etc. Don’t hesitate to ask friends to remove embarrassing or sensitive information about you from their posts, either.

Be wary of others. Research by Sophos in 2007 found that 87 of 200 Facebook users receiving a friend request were willing to befriend a plastic green frog named Freddi Staur (an anagram of ID Fraudster). Freddi Staur gained access to their Facebook profiles and found that 41% of those approached revealed some type of personal information. Depending on the type of information you post on Facebook, it may not be the best idea to accept friend requests from strangers.

Search for your name. Use an Internet search engine to find out what personal information is easily accessible. Set up a Google Alert to see what new information about you appears online.

Keeping your information out of the wrong hands can be fairly easy if you think about what information you’re sharing before you post it.


Enhanced by Zemanta

  • 4

Mobile Devices: Paradigm Shift or Just Another Content Delivery Mechanism?

Category:EDUCAUSE,Higher Education,Information Security,Infosec Communicator,Internet Safety,mobile device,Privacy,Social Networking Tags : 

I’m curious about whether you think the integration of mobile devices into curricula is a “game changer/paradigm shift” or whether you regard it as just another content delivery mechanism. As a technical communicator, I’ve looked at the mobile device primarily as an additional delivery vehicle; a channel that can be used to reach others. As an educator, I’m thinking of the possibilities of a course structured around mobile devices as the main education platform. As an information security practitioner, I’m wary of the privacy risks and potential cyberstalking.

Will mobile devices be a boon or a bane? Will they cause a profound change in learning? Are they just a stepping stone to the next big thing?

I’m not sure. Let’s look at a few recent game changers:

  • Personal computing has been and will continue to become ubiquitous. We have access to immense amounts of information. That has changed how we research practical information. Do any of you use printed maps? What about calling 411 for someone’s phone number?
  • The growth of E-readers may eventually sound the death knell of traditional print. Newspapers are scrambling to adapt to a digital audience as they find print circulation shrinking.
  • The transatlantic cable has been described as the Victorian Internet in the way it revolutionized communication.
  • The telephone and the elevator made modern skyscrapers possible.

What about the smartphone?

  • Access to banking is now available through smartphone apps and you either can or will be able to make payments directly from your mobile device. You can also store shopping card info and coupons.
  • Mobile devices have greatly increased the access to social networking.
  • QR codes connect mobile devices to Internet-based information

Do you agree that these are game changers? Are there mobile apps that you do consider to be game changers?

Addressing the educators in my audience, how do you see integrating mobile devices into your courses? Will you redesign your course to take advantage of their capabilities? Are they just “one more thing” to consider in your content delivery? Will you incorporate social networking with both a mobile and traditional computer interface?

I’m interested in your thoughts. I’m not an expert in this area, but I’m trying to adapt to the possibilities.

Please leave a comment so we can have a discussion! Some of you have contacted me individually. Please post here so we can learn from each other.

By the way, If we’re really lucky, maybe mobile learning will be the death of PowerPoint!

Ben Woelk
Co-chair, Awareness and Training Working Group
EDUCAUSE/Internet2 Higher Education Information Security Council

Policy and Awareness Analyst
Rochester Institute of Technology

ben.woelk@rit.edu
https://security.rit.edu/dsd.html
Become a fan of RIT Information Security at https://rit.facebook.com/profile.php?id=6017464645
Follow me on Twitter: https://twitter.com/bwoelk
Follow my Infosec Communicator blog at https://benwoelk.wordpress.com

This blog entry is cross-posted at https://www.educause.edu/blog/bwoelk/MobileDevicesParadigmShiftorJu/227783


  • 0

Apps for Integrating Mobile Devices into Classroom Use and Campus Communications

Category:Cyberstalking,EDUCAUSE,Higher Education,Information Security,Infosec Communicator,mobile device,Privacy,Social Networking Tags : 

How many of you are integrating mobile devices into classroom work? In addition to my role as Policy and Awareness Analyst, I teach a couple of classes, Cyber Self Defense and Effective Technical Communication.

We discuss secure use of mobile devices in the Cyber Self Defense class. We’ve also talked about potential attacks on mobile device users, especially as the devices are used more for bank account access and making payments. We discuss the potential pitfalls of location services. (As an infosec guy, I’m always focusing on the should not’s rather than the should’s.)

I haven’t really thought too much about integration into the Effective Technical Communication class.

I’m struggling with how to integrate mobile use into either classroom or distance learning. Our students can access some content from our LMS, but so far the functionality is limited. Any successful (or not successful) experiences? Any ideas?

Wearing my Policy and Awareness Analyst hat, one of our strategies in increasing security awareness is to take our message to where the students are. We created a Facebook page for RIT Information Security and have driven up the number of fans by having a drawing each fall for a $100 Barnes & Noble gift card and believe the effort has had some success. As more students use mobile devices, we’re going to want to be where they are as well. One of our HEISC Awareness and Training Working Group members suggested creating an app for security awareness. I know of a Google App for this, but I’d like to have something personalized for our institution.

Have any of you created mobile apps to integrate coursework or for other communications? Are you pushing information to the devices or are you relying on the students pulling the information? Have you found existing apps that you’ve found useful?

Lots of questions. Can anyone suggest some answers?

Ben Woelk

Co-chair, Awareness and Training Working Group
EDUCAUSE/Internet2 Higher Education Information Security Council

Policy and Awareness Analyst
Rochester Institute of Technology

ben.woelk@rit.edu

https://security.rit.edu/dsd.html

Become a fan of RIT Information Security at https://rit.facebook.com/profile.php?id=6017464645

Follow me on Twitter: https://twitter.com/bwoelk

Follow my Infosec Communicator blog at https://benwoelk.wordpress.com

Please note that this blog entry is also posted as part of the EDUCAUSE Mobile Sprint #EDUSprint at https://ow.ly/4GFzf


Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 2,235 other subscribers

Categories

Support Introverted Leadership on Patreon

Blubrry affiliate banner