Spring Conference May 10th 2012 Managing the Security and Privacy Risks of Social Media Don Knox, CPP, CITRMS Global Security and Risk Analysis Manager Caterpillar (309) 494 1523 knox_don@cat.com Why Social Media Why Social Media Share Status Tag Photos Upload Videos Broadcast Location Like Companies Recommend Products and Services Endorse Colleague Search Jobs Social Media Statistics Facebook: 1.11 Billion plus users Twitter: 200 Million plus users LinkedIn: 225 Million plus users Google: 4 Billion searches per day YouTube: 2 Billion searches per day Yahoo: 280 Million searches per day Bing: 280 Million searches per day Social Media Sites Social Media Sites https://www.eff.org/ who-has-your-back2013 Social Media Revolution Security Uses For Social Media Investigations and Background Screening Information Gathering and Intelligence Monitoring Crisis / Emergency Management Notification and Tracking Terms To Know Search engine optimization (SEO): Process of improving the visibility of a website in search engine search results. In general, the earlier (or higher ranked on the search results page), and more frequently a site appears in the search results list, the more visitors it will receive from the search engine's users. Terms To Know Malware (Malicious Software): Software designed to disrupt computer operation, gather sensitive information, or gain unauthorized access to computer systems. It can also appear in the form of script or code. General term used to describe any software or code specifically designed to exploit a computer, or the data it contains. Malware includes computer viruses, worms, trojan horses, spyware, adaware, ransomeware, rootkits and keyloggers. Terms To Know Firewall: Software or hardware based network security system that controls incoming and outgoing network traffic by analyzing data packets and determining whether they should be allowed through or not, based on a rule set. Terms To Know Personally Identifiable Information: Information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. Can be used to distinguish or trace an individual‘s identity, such as name, social security number, date and place of birth, mother‘s maiden name or biometric records. Can link medical, educational, financial, and employment information. Terms To Know Metadata: Data about data. Structural Metadata data about the containers of data. Descriptive Metadata is about data content. Examples Means of creation of the data Purpose of the data Time and date of creation Creator or author of the data Location on network where the data was created 7 Deadly Sins of Social Networking Over-sharing company activities Mixing personal with professional Engaging in Tweet (or Facebook / LinkedIn / Myspace) rage Believing he/she who dies with the most connections wins Password sloth Trigger finger (clicking everything, especially on Facebook) Endangering yourself and others Social Media Security Awareness Scams To Avoid Phishing: Attempting to acquire information such as usernames, passwords or credit card details by masquerading as a trustworthy entity in an electronic communication. Typically carried out by email spoofing or instant messaging and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Scams To Avoid Clickjacking: Certain malicious websites contain code that can make your browser take action without your knowledge or consent. Clicking on a link on one of these websites might cause the website to be posted to your profile. Never click strange links, even if they are from friends. Also be sure to notify the person sending the link if you see something suspicious. Scams To Avoid Malicious Script: When you are asked to copy and paste text into your browser’s address bar in order to see something interesting or surprising. This "code" is actually a malicious script. Instead of showing you what was advertised, it uses your account to send your friends spam. Scams To Avoid Malicious Script: Scams To Avoid Koobface: Worm that targets Facebook by posting spam messages on behalf of people. The message contain a link, which prompts to download and install a newer version of Adobe Flash player. However, this download actually contains a malicious file that, once opened, uses your Facebook account to continue posting this malicious link on your behalf, thus spreading the virus. Scams To Avoid Koobface: Scams To Avoid Koobface: Use Advanced Security Settings Enable Secure Browsing SSL Protocol Encryption Enable One-Time Passwords Use when signing onto a computer that is not yours Enable Single Sign-On Eliminates multiple passwords Enable Login Notification and Approvals Monitor account activity Using Good Passwords Don’t use same passwords on all accounts Don’t share and change regularly At least 8 characters, 1 number and 1 special character Use non-words that associate with something you know: “4the$cash”, “2crackedribs!” Don’t save in the browser Logout don’t just close the browser Tips To Stay Secure Think before you click If you don’t know what it is, don’t paste it into your internet address bar Maintain strong passwords Never give out your username or password Update your browser Run and update anti-virus software Resources Computer Crime Info http://www.computercrimeinfo.com CSO Online: Social Medial Security http://www.csoonline.com/topic/587704/socialnetworking-security Facebook: Security, Safety, Privacy http://www.facebook.com/security http://www.facebook.com/safety http://www.facebook.com/privacy Questions Don Knox, CPP, CITRMS Global Security and Risk Analysis Manager Caterpillar (309) 494 1523 knox_don@cat.com