Upload
carolina-chapter-of-stc
View
606
Download
0
Tags:
Embed Size (px)
DESCRIPTION
From "Lightning Strikes Thrice" Jan 20, 2011 (http://www.stc-carolina.org/Lightning+Strikes+Thrice). Ben Woelk of the Rochester Chapter will talk about the top ten things to do to stay safely grounded as you use social media.
Citation preview
Ben WoelkPolicy and Awareness AnalystRochester Institute of [email protected]
Ten Ways to Shockproof Your Use of Social Media
Introduction
• Everyone is a target• Identity theft is big business• You can’t rely on others to protect you
2
Identity Theft
• What’s the problem with this picture?
3
General Trends
https://www.cisco.com/en/US/prod/collateral/vpndevc/security_annual_report_2010.pdf
Digital Self Defense
• Protect yourself and everyone else• Use the right tools• Do the right things
5
Avert Labs Malware Research
6Retrieved July 24, 2009 from:http://www.avertlabs.com/research/blog/index.php/2009/07/22/malware-is-their-businessand-business-is-good/
Tip # 1 Passwords
• Weak passwords can be guessed– Automated programs– Personal details
• Use different passwords– How many accounts can be accessed with
just one of your passwords?– Password vaults
• Passphrases
7
8
Tip # 2 Patching/Updating
Patching:• Fixes “vulnerabilities” in software
You need to: • Turn on auto-updating (Windows, Mac OS X)• Check regularly for application updates
(Adobe, Microsoft Office, etc.)• ESPECIALLY ADOBE (malicious PDFs)
Tip #3 Security Software
• Anti-Virus Protection• Firewall• Anti-Spyware Protection
9
10
Tip #4 Recognize Phishing/Scams
• Purpose– “verify/confirm/authorize” account or
personal information
• Source– Appear to come from PayPal, banks, ISPs,
IT departments, other official or authoritative sources
• Tone– Appeals to fear, greed, urgency,
sympathy
Phishing Tips
11
• Does it seem credible?– Misspellings, bad grammar,
formatting errors
• File attachments– Is it expected? If not, ignore it!
• Never respond directly to e-mail requests for private information– Verify with company– Don’t click on links
Phishing on Social Network Sites
http://www.markmonitor.com/download/bji/BrandjackingIndex-Spring2009.pdf12
13
Tip #5 Use Social Networks Safely
Do:• Make friends• Use privacy settings• Be conscious of the
image you project
Don’t:• Post personal information• Post schedules or whereabouts• Post inappropriate photos
Tip #6 Remember Who Else is There
• Who else uses social networking?– Employers– Identity Thieves– Online Predators
• Facebook Stalker(http://www.youtube.com/watch?v=wCh9bmg0zGg)
14
15
What You Post Can Be Used To…
• Make judgments about your character• Impersonate you to financial institutions• Monitor what you do and where you go
– Theft– Harassment– Assault
16
Not YourSpace
Would I be comfortable if this were posted on a billboard?
The Internet is public space!• Search results• Photo “tagging”
Tip #7 Be wary of others
• Choose your friends carefully• "41% of Facebook users agreed to be
friends with this plastic frog, opening themselves up to the risk of identity theft."
• The frog’s name was Freddi Staur– http://podcasts.sophos.com/en/sophos-
podcasts-019.mp3
17
Is this really your friend?
When “friends” ask for money online• Do they speak/write like your friend?• Do they know any details about you or
themselves that do NOT appear on Facebookprofile pages?
• Do they refuse other forms of help, phone call requests, etc.?
Just because it is your friend’s account does not mean that it’s your friend!
18
Tip #8 Search for your name
• Do a vanity search• Set up a Google Alert
19
Tip #9 Guard Your Personal Information!
• Even less sensitive information can be exploited by an attacker!
• Don’t post it in public places• Know to whom you’re giving it• Watch out for Facebook Applications!!
– A 2008 study found that 90.7% of apps had access to private user data (only 9.3% actually used the data)
20
Tip #10 Use Privacy Settings
• Default settings are set to sharing information
• Adjust Facebook privacy settings to help protect your identity
• Think carefully about who you allow to become your friend
• Show "limited friends" a cut-down version of your profile
• Disable options, then open them one by onehttp://www.sophos.com/security/best-practice/facebook.html
The First Line of Defense
Stay alert—you will be the first to know if something goes wrong– Are you receiving odd communications from
someone?– Is your computer sounding strange or slower
than normal?– Has there been some kind of incident or warning
in the news?
Do something about it!– Run a scan– Ask for help