Managing the Security and Privacy Risks of Social Media

advertisement
Spring Conference
May 10th 2012
Managing the Security and
Privacy Risks of Social Media
Don Knox, CPP, CITRMS
Global Security and Risk Analysis Manager
Caterpillar
(309) 494 1523
knox_don@cat.com
Why Social Media
Why Social Media








Share Status
Tag Photos
Upload Videos
Broadcast Location
Like Companies
Recommend Products and Services
Endorse Colleague
Search Jobs
Social Media Statistics







Facebook: 1.11 Billion plus users
Twitter: 200 Million plus users
LinkedIn: 225 Million plus users
Google: 4 Billion searches per day
YouTube: 2 Billion searches per day
Yahoo: 280 Million searches per day
Bing: 280 Million searches per day
Social Media Sites
Social Media Sites
https://www.eff.org/
who-has-your-back2013
Social Media Revolution
Security Uses For Social Media
 Investigations and Background
Screening
 Information Gathering and Intelligence
Monitoring
 Crisis / Emergency Management
Notification and Tracking
Terms To Know
 Search engine optimization (SEO):
Process of improving the visibility of
a website in search engine search results.
In general, the earlier (or higher ranked on
the search results page), and more
frequently a site appears in the search
results list, the more visitors it will receive
from the search engine's users.
Terms To Know
 Malware (Malicious Software): Software
designed to disrupt computer operation,
gather sensitive information, or gain
unauthorized access to computer systems.
It can also appear in the form of script or
code. General term used to describe any
software or code specifically designed to
exploit a computer, or the data it contains.
Malware includes computer viruses,
worms, trojan horses, spyware, adaware,
ransomeware, rootkits and keyloggers.
Terms To Know
 Firewall: Software or hardware based
network security system that controls
incoming and outgoing network traffic by
analyzing data packets and determining
whether they should be allowed through or
not, based on a rule set.
Terms To Know
 Personally Identifiable Information:
Information that can be used on its own or
with other information to identify, contact, or
locate a single person, or to identify an
individual in context. Can be used to
distinguish or trace an individual‘s identity,
such as name, social security number, date
and place of birth, mother‘s maiden name or
biometric records. Can link medical,
educational, financial, and employment
information.
Terms To Know
 Metadata: Data about data. Structural
Metadata data about the containers of
data. Descriptive Metadata is about data
content.
 Examples





Means of creation of the data
Purpose of the data
Time and date of creation
Creator or author of the data
Location on network where the data was created
7 Deadly Sins of Social Networking
 Over-sharing company activities
 Mixing personal with professional
 Engaging in Tweet (or Facebook / LinkedIn
/ Myspace) rage
 Believing he/she who dies with the most
connections wins
 Password sloth
 Trigger finger (clicking everything,
especially on Facebook)
 Endangering yourself and others
Social Media Security Awareness
Scams To Avoid
 Phishing: Attempting to acquire
information such as usernames,
passwords or credit card details by
masquerading as a trustworthy entity in an
electronic communication. Typically
carried out by email spoofing or instant
messaging and it often directs users to
enter details at a fake website whose look
and feel are almost identical to the
legitimate one.
Scams To Avoid
 Clickjacking: Certain malicious websites
contain code that can make your browser
take action without your knowledge or
consent. Clicking on a link on one of these
websites might cause the website to be
posted to your profile. Never click strange
links, even if they are from friends. Also be
sure to notify the person sending the link if
you see something suspicious.
Scams To Avoid
 Malicious Script: When you are asked to
copy and paste text into your browser’s
address bar in order to see something
interesting or surprising. This "code" is
actually a malicious script. Instead of
showing you what was advertised, it uses
your account to send your friends spam.
Scams To Avoid
 Malicious Script:
Scams To Avoid
 Koobface: Worm that targets Facebook by
posting spam messages on behalf of
people. The message contain a link, which
prompts to download and install a newer
version of Adobe Flash player. However,
this download actually contains a malicious
file that, once opened, uses your Facebook
account to continue posting this malicious
link on your behalf, thus spreading the
virus.
Scams To Avoid
 Koobface:
Scams To Avoid
 Koobface:
Use Advanced Security Settings
 Enable Secure Browsing

SSL Protocol Encryption
 Enable One-Time Passwords

Use when signing onto a computer that is not
yours
 Enable Single Sign-On

Eliminates multiple passwords
 Enable Login Notification and Approvals

Monitor account activity
Using Good Passwords
 Don’t use same passwords on all accounts
 Don’t share and change regularly
 At least 8 characters, 1 number and 1
special character
 Use non-words that associate with
something you know: “4the$cash”,
“2crackedribs!”
 Don’t save in the browser
 Logout don’t just close the browser
Tips To Stay Secure
 Think before you click
 If you don’t know what it is, don’t paste it
into your internet address bar
 Maintain strong passwords
 Never give out your username or password
 Update your browser
 Run and update anti-virus software
Resources
 Computer Crime Info

http://www.computercrimeinfo.com
 CSO Online: Social Medial Security

http://www.csoonline.com/topic/587704/socialnetworking-security
 Facebook: Security, Safety, Privacy



http://www.facebook.com/security
http://www.facebook.com/safety
http://www.facebook.com/privacy
Questions
Don Knox, CPP, CITRMS
Global Security and Risk Analysis Manager
Caterpillar
(309) 494 1523
knox_don@cat.com
Download