20160317 arma wyoming social media security threats

Copyright © AIIM | All rights reserved.

#AIIMThe Global Community of Information Professionals

Social Media Security Threats

Jesse Wilkins, CIP, IGP, CRMDirector, Professional Development

AIIMMarch 17, 2016

Copyright © AIIM | All rights reserved.2

Jesse Wilkins, CIP, IGP, CRM Director, Research & Development, AIIM Twenty years experience as a vendor, consultant, end

user, trainer Lead architect for Certified Information Professional

(CIP) certification Frequent author and speaker on

IM-related topics Developer, AIIM Social Media Governance

Training Course


Agenda

Introduction to Social Media & Security Social Media & Identity Theft Social Media & Hacking Social Media & Privacy


Agenda

Introduction to Social Media & Security

Social Media & Identity Theft

Social Media & Hacking

Social Media & Privacy


Social Is Everywhere

1,350+ years worth of time spent every day on Facebook.

1.7B Facebook users. 65% log in on any day - and post 4.5B likes/day. 300M photos uploaded per day. And… Twitter and LinkedIn and Pinterest and Google+

and Tumblr and Flickr and Instagram and Myspace(!) and Livejournal and Orkut and Yammer and WhatsApp and blogs and millions of private social networks and enterprise social networks and all of the


Social Media Is Social

Making connections Reestablishing lost connections Making new ones

Sharing information Sharing thoughts & moments Searching for interesting stuff

All of which can be scary from a security perspective!


Who Owns The Content?


What Laws & Jurisdictions Apply?


Who Owns The Accounts?


Social Media Security Threats

Identity theft Impersonation Hacking Privacy disclosures Disclosure of other sensitive information Reputational damage


Neither is denial.

Prohibition is not realistic.


Agenda






Impersonation

Fake account pretending to be a celebrity, politician, etc. You connect, they have access to your stuff Their links could be to malware or spoof sites


Impersonation

Fake account pretending to be YOU Your friends (re)connect to “you”, bad guys have

access to their stuff “You” send out bad links “You” send out requests for money etc.

Big issue on social networks you DON’T use


Social Media Identity Theft

How much have you shared? Significant dates High school, college Kids’ names Parents’ names Pets’ names Favorite books & hobbies

On the internet nobody knows you’re a dog… Or an imposter!


Agenda






Hacking Via Social Engineering

Bad links: https://www.facebook.com/login/identify http://bit.ly/50m47h1ng84d

Spoofed emails with bad links Spoofed site – you enter your credentials Site may be able to install malware

Adware Keystroke loggers Other stuff

https://www.facebook.com/login/identify

https://www.facebook.com/login/identify

http://bit.ly/50m47h1ng84d



Special addons “Who viewed my FB posts?” “Change your FB profile & colors!” Could simply lead to bad link Could have you install a bad app Game apps a big vector here – “cheat apps”


Hacking Via Bad App example

Source: https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the_risks_of_social_networking.pdf

https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the_risks_of_social_networking.pdf




Another Bad App Example - Walkthrough

http://www.fightidentitytheft.com/blog/facebook-quizzes-sharing-your-private-data




How much did you share? Those questions are often:

Basis for passwords Security questions

All those QUIZZES!


Hacking Via Shared Passwords

Across your accounts With others – even significant others


Agenda






What Are You Posting?

Your favorite stuff Where you are

And where you aren’t http://www.pleaserobme.com

What you’re doing Home sick…posting pics from the big game? Gaming?

http://www.pleaserobme.com/



“I hate my boss, I hate my customers, I hate my job!”

-- Lots of people



“Just figured out how to get around IT’s stupid limits on email!

-- Lots of politicians(and lots of employees)



“That feeling when you drank so much the night before but you have no hangover because you’re still drunk!”

-- Hopefully NOT your boss, your pilot, your surgeon…



And the usual suspects: Personal/personnel information Proprietary information Sensitive or confidential

information Customer information Internal strategies &

deliberations Negotiations Pictures including faces


What Are Other People Posting?

Other people can: Upload pictures of you and tag you (Facebook will try to auto-tag you using facial

recognition) Check in with you at a location Check you into a location Share stuff to your timeline


Other Peoples’ Posts


Conclusion

It’s a scary social media world out there! But you can protect yourself…


Questions?


Additional Resources Social Media Policy Database

http://socialmediagovernance.com/policies/ SHRM Social Media Policy Template

http://www.shrm.org/templatestools/samples/policies/pages/socialmediapolicy.aspx

NARA Best Practices for Capture of Social Media Records http://www.archives.gov/records-mgmt/resources/socialmediacaptu

re.pdf

AIIM Social Business Assessment http://info.aiim.org/how-to-conduct-a-social-business-assessment

AIIM Social Business Roadmap http://www.aiim.org/Social-Business-Roadmap

http://socialmediagovernance.com/policies/

http://socialmediagovernance.com/policies/




http://www.archives.gov/records-mgmt/resources/socialmediacapture.pdf

http://www.archives.gov/records-mgmt/resources/socialmediacapture.pdf

http://info.aiim.org/how-to-conduct-a-social-business-assessment

http://www.aiim.org/Social-Business-Roadmap


For More Information

Jesse Wilkins, CIP, CRM, IGPDirector, Professional DevelopmentAIIM International +1 (720) 232-9638 direct

[email protected]

http://www.twitter.com/jessewilkins

http://www.linkedin.com/in/jessewilkins

mailto:[email protected]

http://www.twitter.com/jessewilkins

http://www.linkedin.com/in/jessewilkins