270 likes | 493 Views
Spring Conference May 10 th 2012. Managing the Security and Privacy Risks of Social Media. Don Knox, CPP, CITRMS Global Security and Risk Analysis Manager Caterpillar (309) 494 1523 knox_don@cat.com. Why Social Media. Why Social Media. Share Status Tag Photos Upload Videos
E N D
Spring Conference May 10th 2012 Managing the Security and Privacy Risks of Social Media Don Knox, CPP, CITRMS Global Security and Risk Analysis Manager Caterpillar (309) 494 1523 knox_don@cat.com
Why Social Media • Share Status • Tag Photos • Upload Videos • Broadcast Location • Like Companies • Recommend Products and Services • Endorse Colleague • Search Jobs
Social Media Statistics • Facebook: 1.11 Billion plus users • Twitter: 200 Million plus users • LinkedIn: 225 Million plus users • Google: 4 Billion searches per day • YouTube: 2 Billion searches per day • Yahoo: 280 Million searches per day • Bing: 280 Million searches per day
Social Media Sites https://www.eff.org/who-has-your-back-2013
Security Uses For Social Media • Investigations and Background Screening • Information Gathering and Intelligence Monitoring • Crisis / Emergency Management Notification and Tracking
Terms To Know • Search engine optimization (SEO): Process of improving the visibility of a website in search engine search results. In general, the earlier (or higher ranked on the search results page), and more frequently a site appears in the search results list, the more visitors it will receive from the search engine's users.
Terms To Know • Malware (Malicious Software): Software designed to disrupt computer operation, gather sensitive information, or gain unauthorized access to computer systems. It can also appear in the form of script or code. General term used to describe any software or code specifically designed to exploit a computer, or the data it contains. Malware includes computer viruses, worms, trojan horses, spyware, adaware, ransomeware, rootkits and keyloggers.
Terms To Know • Firewall: Software or hardware based network security system that controls incoming and outgoing network traffic by analyzing data packets and determining whether they should be allowed through or not, based on a rule set.
Terms To Know • Personally Identifiable Information: Information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. Can be used to distinguish or trace an individual‘s identity, such as name, social security number, date and place of birth, mother‘s maiden name or biometric records. Can link medical, educational, financial, and employment information.
Terms To Know • Metadata: Data about data. Structural Metadata data about the containers of data. Descriptive Metadata is about data content. • Examples • Means of creation of the data • Purpose of the data • Time and date of creation • Creator or author of the data • Location on network where the data was created
7 Deadly Sins of Social Networking • Over-sharing company activities • Mixing personal with professional • Engaging in Tweet (or Facebook / LinkedIn / Myspace) rage • Believing he/she who dies with the most connections wins • Password sloth • Trigger finger (clicking everything, especially on Facebook) • Endangering yourself and others
Scams To Avoid • Phishing: Attempting to acquire information such as usernames, passwords or credit card details by masquerading as a trustworthy entity in an electronic communication. Typically carried out by email spoofing or instant messaging and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.
Scams To Avoid • Clickjacking: Certain malicious websites contain code that can make your browser take action without your knowledge or consent. Clicking on a link on one of these websites might cause the website to be posted to your profile. Never click strange links, even if they are from friends. Also be sure to notify the person sending the link if you see something suspicious.
Scams To Avoid • Malicious Script: When you are asked to copy and paste text into your browser’s address bar in order to see something interesting or surprising. This "code" is actually a malicious script. Instead of showing you what was advertised, it uses your account to send your friends spam.
Scams To Avoid • Malicious Script:
Scams To Avoid • Koobface: Worm that targets Facebook by posting spam messages on behalf of people. The message contain a link, which prompts to download and install a newer version of Adobe Flash player. However, this download actually contains a malicious file that, once opened, uses your Facebook account to continue posting this malicious link on your behalf, thus spreading the virus.
Scams To Avoid • Koobface:
Scams To Avoid • Koobface:
Use Advanced Security Settings • Enable Secure Browsing • SSL Protocol Encryption • Enable One-Time Passwords • Use when signing onto a computer that is not yours • Enable Single Sign-On • Eliminates multiple passwords • Enable Login Notification and Approvals • Monitor account activity
Using Good Passwords • Don’t use same passwords on all accounts • Don’t share and change regularly • At least 8 characters, 1 number and 1 special character • Use non-words that associate with something you know: “4the$cash”, “2crackedribs!” • Don’t save in the browser • Logout don’t just close the browser
Tips To Stay Secure • Think before you click • If you don’t know what it is, don’t paste it into your internet address bar • Maintain strong passwords • Never give out your username or password • Update your browser • Run and update anti-virus software
Resources • Computer Crime Info • http://www.computercrimeinfo.com • CSO Online: Social Medial Security • http://www.csoonline.com/topic/587704/social-networking-security • Facebook: Security, Safety, Privacy • http://www.facebook.com/security • http://www.facebook.com/safety • http://www.facebook.com/privacy
Questions Don Knox, CPP, CITRMS Global Security and Risk Analysis Manager Caterpillar (309) 494 1523 knox_don@cat.com