Security Awareness and Social Media
Should you use Social Media?
One of the many data security seminars I attended this year to stay current as a computer security specialist (I can’t remember which or I’d give credit) included a good story as illustration…
Imagine this is 1989 and you’re a foreign intelligence agent tasked with identifying potential “assets” in a US aerospace defense contractor. You target female senior engineers, divorced, in their 40s. It might take months of research to identify individuals, and months more to find their interests and daily habits. All of this would be quite costly. Fast forward to 2009: you could find all this data and much more in minutes through Facebook, Twitter, LinkedIn and similar sites. People tend to trust contacts they make through social networking sites so after a few dozen interactions, and almost no expense, they trust you. You know what their hobbies are, their likes and dislikes, and are well placed to recruit them. This is one of the many nightmares facing big business and government, and it’s one of the reasons the Department of Defense policy has been an absolute ban on all use of social networks.
Contrast this with a company like online shoe retailer Zappos.com which actively encourages employees to engage online, with 489 employees on Twitter. Or Starbucks, with over 360,000 followers on Twitter and over 4.5 million fans on Facebook.
Which policy is right? They both are. Weigh the risks and the benefits of computer information security versus social media marketing influence and choose what’s appropriate for you.
Simple Security and Privacy Steps
If you decide that a Social Media presence makes sense for you then take some basic precautions:
1. Be aware of the threats. These include cyberstalking, phishing, scams, and identity theft.
2. Choose a complex/unique password for your social media accounts. Using the same password on multiple services can leave all your accounts vulnerable if one site is compromised. Longer passwords are usually better. Use a combination of letters (upper and lower case), numbers and special characters (such as +, *, $, @, !). Do not use your address, phone number, birthday, license plate, or social security number. Do not use any word that could be found in a dictionary. Do not give your password to anyone else.
3. Set privacy levels for each of your social media accounts. Each service has different defaults but generally your information will be public and easy to find. You can choose to restrict who can (easily) see certain information.
4. Be careful what you post online. Essentially everything you write and every image you upload should be considered public. Don’t assume that only your friends can read your messages and see your pictures, even if that’s how a service is supposed to work. Would you be comfortable seeing your comments and images on page one of the newspaper? If not then don’t post them anywhere online. Announcing that you are traveling can increase the risk of your home being burgled.
5. Be careful about accepting friend/follow requests. People may not be who they claim they are, and their intentions may not be good. Also, accounts can be compromised, messages may originate from someone other than the rightful owner of an account: be attentive for strange messages or behavior from friends, they may be trying to lure you into being compromised too.
6. Be careful installing third party applications. Facebook, MySpace and others make it easy to install third-party application in your profile. If these applications are maliciously coded, or just not programmed with attention to potential abuses, they can expose your private data to computer security issues. Of course you should also use anti-virus software and keep it up-to-date. Even more important, install all computer operating system and software updates. Most important of all, make sure the passwords you use to log into your computer, your email or any application or online service are secure.
You can read more on Staying Safe on Social Network Sites as well as general Cyber Scurity Tips at the US Computer Emergency Readiness Team website, US-CERT.gov.