Tag Archives: Best practice

  • 9

Ten Ways to Shockproof Your Use of Social Networking Lightning Talk

Category:Cyberstalking,Facebook,Information Security,Infosec Communicator,Internet Safety,Presentations,Privacy,Risk,Social Networking,STC,Summit,Uncategorized Tags : 

I had the privilege of presenting my 25-minute presentation on Shockproofing Your Use of Social Media as a five-minute Lightning Talk at the STC Summit in Sacramento on May 18th.

Lightning talks introduce an additional element of stress for the presenters: the slides advance every 15 seconds whether they’re ready or not. Our audience was ~150 Summit attendees, so we were presenting to our peers as well.

It’s quite the experience sharing the stage with eight other presenters with totally different styles. Would I do it again? In a heartbeat!

Other STC Summit 2011 Lightning Talks

Enhanced by Zemanta

  • 0

Communications Liftoff! Rocketing Your Community to the Stars

Category:Infosec Communicator,Presentations,Social Networking,STC,STC Rochester,Summit,Uncategorized Tags : 

Society for Technical Communication Summit Conference Leadership Day Presentation, May 15, 2011

Join the discussion on MySTC at https://ow.ly/51WfG

Communications liftoff! rocketing your community v3[gigya width=”425″ height=”355″ src=”https://static.slidesharecdn.com/swf/ssplayer2.swf?doc=communicationsliftoffrocketingyourcommunityv3-110516012143-phpapp02&stripped_title=communications-liftoff-rocketing-your-community-v3-7976829&userName=bwoelk” quality=”high” flashvars=”gig_lt=1305529009890&gig_pt=1305529176796&gig_g=1&gig_n=wordpress” wmode=”tranparent” allowfullscreen=”true” ]

View more presentations from Ben Woelk

  • 0

Digital Self Defense for Technical Communicators, Part Two

Category:Cyberstalking,Facebook,Higher Education,Information Security,Infosec Communicator,Internet Safety,Privacy,Risk,Social Networking,STC,STC Rochester Tags : 

Digital Self Defense for Technical Communicators was first published in the Society for Technical Communication‘s Intercom magazine in November 2010

Best Practices for Safer Social Networking

Organized crime is increasingly targeting users of social networking sites. Many computer criminals uses these sites to distribute viruses and malware, to find private information people have posted publicly, and to find targets for phishing/social engineering schemes.

Recognize and avoid phishing attempts. Phishing is a common technique in identity theft. We’ve all received phishing emails or instant messages that appear to link to a legitimate site. These emails and websites are designed to capture personal information, such as bank account passwords, social security numbers, and credit card numbers. They usually try to impart a sense of urgency, so that users will respond quickly. A 2009 study by The Intrepidus Group, a security consultancy, found that 23% of users worldwide will fall for a phishing attempt.

Detecting phishing attempts is not as straightforward as it used to be. Phishing emails once were easy to recognize because of poor spelling and grammar—something that most technical communicators would spot at a glance. Now phishing emails are often indistinguishable from official correspondence.

Use privacy settings. Many social networking sites such as Facebook allow the user to configure privacy settings to limit access to the information they post on the sites. However, default privacy settings are typically set to a level of access that is more open than you might prefer. Privacy controls may change, so it’s important to check your privacy settings periodically to ensure that the settings still protect information in the way that you intended.

Don’t post personal information online. It should be common sense, but the easiest way to keep your information private is to not post it online. Don’t post your full birth date, address, phone numbers, etc. Don’t hesitate to ask friends to remove embarrassing or sensitive information about you from their posts, either.

Be wary of others. Research by Sophos in 2007 found that 87 of 200 Facebook users receiving a friend request were willing to befriend a plastic green frog named Freddi Staur (an anagram of ID Fraudster). Freddi Staur gained access to their Facebook profiles and found that 41% of those approached revealed some type of personal information. Depending on the type of information you post on Facebook, it may not be the best idea to accept friend requests from strangers.

Search for your name. Use an Internet search engine to find out what personal information is easily accessible. Set up a Google Alert to see what new information about you appears online.

Keeping your information out of the wrong hands can be fairly easy if you think about what information you’re sharing before you post it.


Enhanced by Zemanta

  • 1

Digital Self Defense for Technical Communicators, Part One

Category:Higher Education,Information Security,Infosec Communicator,Internet Safety,Risk,STC,STC Rochester,Uncategorized Tags : 

Digital Self Defense for Technical Communicators was first published in the Society for Technical Communication‘s Intercom magazine in November 2010. I’ll be reproducing the article in several parts over the next few days.

What do technical communicators need to know about information security? How do they protect both their private information and professional assets, including work they may be doing for a client? How can they leverage and use social media safely and effectively? This article discusses key security measures you as a technical communicator and computer user can take to protect yourself and others, and it offers best practices for safe use of social media. I’ll also provide examples of how we’ve addressed similar user security awareness issues at the Rochester Institute of Technology (RIT).

I’ve been creating end-user communications and developing change management materials for 16 years. I’m currently responsible for policy development and security awareness in the Information Security Office at the Rochester Institute of Technology, one of the largest private universities in the country and home to more than 18,000 faculty, staff, and students. We communicate a number of different techniques for computer users to protect themselves and others. We’ve branded our awareness initiatives as Digital Self Defense. Many of these digital self-defense techniques are useful for technical communicators, too.

Five Ways to Secure Your Computer “Technically”

Keep your computer’s operating system and applications up to date. When was the last time you updated your software? Although Microsoft Windows and Macintosh OS X can be configured to check for and install updates (also known as patches) automatically, you should check to make sure this feature is enabled. Applications are another story. Many of them have auto-update features, but again, they may not be enabled by default. In addition, some applications (Adobe and Firefox, for example) require that you are logged in as an administrator in order to install the updates. (This is less of an issue with Windows 7 because it prompts you to accept updates.) For older operating systems, such as Windows XP, some updates won’t install because you’re using an account with limited privileges (a security best practice).

Install antivirus software and enable automatic updates. Many computers are shipped with free trial versions of antivirus software, such as Norton or McAfee. These trial versions often expire after three months. Many home users choose not to subscribe when the free version expires and use their computer with no antivirus software. Several years ago, an AOL study found that almost 85% of home computers were either not up to date or not running antivirus software.

Macintosh users often do not know that they should be running antivirus software. In my opinion, the Macintosh advertising campaigns have led many Macintosh users into a false sense of security. We see this every fall at RIT when new users arrive. The RIT Information Security Office has investigated incidents involving compromised Macintosh computers several times during the past year. Not only is malware (malicious software) being developed to target Macs, users may also receive Windows malware in their mail and pass it on unknowingly to Windows users.

Several companies offer free versions of their antivirus software for Windows and Macintosh computers. AVG and Avast are two well-known programs. Do not use more than one antivirus program on your computer because they will probably interfere with each other.

Install anti-spyware. Spyware tracks your browsing habits and reports the information to an external party. It’s possible for a computer user to host hundreds or even thousands of spyware programs. Antivirus software may not detect spyware, so it’s necessary to use an anti-spyware program.

There are several free anti-spyware programs available for Windows computers. Spybot Search & Destroy, Microsoft Defender, and Ad-Aware are good examples, but note that recent versions of Ad-Aware include an antivirus component. This will probably conflict with another antivirus program you’re running.

Spyware targeting Macintosh computers is just starting to become a threat; there are few anti-spyware programs designed for Macintosh.

Use a firewall. A firewall prevents unauthorized communication with your computer. It will also help protect you against worms, a type of malware that does not need user interaction to spread. Connecting an unpatched (not up-to-date) computer to the Internet or to a network without a firewall will result in the computer being infected within minutes. The Windows and Macintosh operating systems currently include a firewall. However, they may not be enabled by default. Ensure that a firewall is enabled.

Use an account with limited privileges. If you’re using a computer that has the Windows XP operating system, your day-to-day work should be done using an account with limited privileges. A limited account allows you to run most software programs, use your email, browse the Internet, etc. However, a limited account does not allow you to install software. (To install software, you need an administrative account.) Using a limited account may prevent some malware from installing itself on your computer. Newer Macintosh and Windows 7 computers (and the much maligned Windows Vista) force you to authorize program installations, limiting the ability of malware to install itself on your computer.

Enhanced by Zemanta

  • 0

Secure Mobile-an Oxymoron? (Redux)

Category:EDUCAUSE,Higher Education,Information Security,Infosec Communicator,mobile device,Privacy,Risk,Uncategorized Tags : 

Responses to the #1 topic on IdeaScale, “Consumers dictate device usage, not IT,” indicate that MANY of you believe consumers will drive smartphone adoption in Higher Education, while the sentiment around the topic, “Get rid of the walls around your enterprise data,” indicates that quite a few of you believe that core university data should be accessible to smartphone users.

However, yesterday’s polls have shown that not even all of the attendees of yesterday’s webinar use PINS or swipe patterns on their smartphones. The inherent difficulties in entering a complex password on a smartphone increase the likelihood that users will rely on simple passwords, if any, to access their devices. At the same time, users are expecting access to more and more university resources through their smartphones, increasing the risk of a data breach.

Where does security fit into this picture?

In Thursday’s webinar, “Smartphone Privacy & Security, What Should We Teach Our Users?“, the speaker, Norman Sadeh, indicated that mobile users are three times more likely to fall for phishing attempts. That statistic implies that spear phishing against university communities, which already demonstrates more success than we’re comfortable with, will be even more effective against smartphone users. As we find ourselves more and more hurried, making quick decisions just to handle the ever-increasing stream of information flowing at us, we’re more prone to fall for these attacks.

I would guess that many of us who own smartphones are using them to access our university e-mail, if not other university resources. Most of us don’t have any control over whether someone may e-mail us private or confidential information. If our smartphones become the weakest link in protecting data, they will be targeted.

How many of us have misplaced our smartphones or left them sitting on our desk in an unsecured office? Have you left your smartphone in a taxi or on a shuttle bus?

Increased access to university data is a desirable convenience. Will we be able to get the right combination of security controls, user training, and policies in place to allow smartphone access without it leading to a security breach resulting in a notification event or embarrassment to the university? What kinds of security controls are you using to prevent this? What security apps do you recommend to your users?

Lots of troublesome questions. Where are the answers?

Ben Woelk
Co-chair, Awareness and Training Working Group
EDUCAUSE/Internet2 Higher Education Information Security Council

Policy and Awareness Analyst
Rochester Institute of Technology

ben.woelk@rit.edu
https://security.rit.edu/dsd.html
Become a fan of RIT Information Security at https://rit.facebook.com/profile.php?id=6017464645
Follow me on Twitter: https://twitter.com/bwoelk
Follow my Infosec Communicator blog at https://benwoelk.wordpress.com

This blog entry is part of the EDUCAUSE Mobile Computing Sprint and is cross-posted at https://www.educause.edu/blog/bwoelk/SecureMobileanOxymoron/227983


Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 2,235 other subscribers

Categories

Support Introverted Leadership on Patreon

Blubrry affiliate banner