Managing the Security and Managing the Security and Privacy Risks of Social MediaPrivacy Risks of Social Media

Don Knox, CPP, CITRMSGlobal Security and Risk Analysis ManagerCaterpillar(309) 494 1523knox_don@cat.com

Spring Conference May 10th 2012

Why Social Media

Why Social Media

Share Status Tag Photos Upload Videos Broadcast Location Like Companies Recommend Products and Services Endorse Colleague Search Jobs

Social Media Statistics

Facebook: 1.11 Billion plus users Twitter: 200 Million plus users LinkedIn: 225 Million plus users Google: 4 Billion searches per day YouTube: 2 Billion searches per day Yahoo: 280 Million searches per day Bing: 280 Million searches per day

Social Media Sites

Social Media Sites

https://www.eff.org/who-has-your-back-2013

Social Media Revolution

Security Uses For Social Media

Investigations and Background Screening

Information Gathering and Intelligence Monitoring

Crisis / Emergency Management Notification and Tracking

Terms To Know

Search engine optimization (SEO): Process of improving the visibility of a website in search engine search results. In general, the earlier (or higher ranked on the search results page), and more frequently a site appears in the search results list, the more visitors it will receive from the search engine's users.

Terms To Know

Malware (Malicious Software): Software designed to disrupt computer operation, gather sensitive information, or gain unauthorized access to computer systems. It can also appear in the form of script or code. General term used to describe any software or code specifically designed to exploit a computer, or the data it contains. Malware includes computer viruses, worms, trojan horses, spyware, adaware, ransomeware, rootkits and keyloggers.

Terms To Know

Firewall: Software or hardware based network security system that controls incoming and outgoing network traffic by analyzing data packets and determining whether they should be allowed through or not, based on a rule set.

Terms To Know

Personally Identifiable Information: Information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. Can be used to distinguish or trace an individual‘s identity, such as name, social security number, date and place of birth, mother‘s maiden name or biometric records. Can link medical, educational, financial, and employment information.

Terms To Know

Metadata: Data about data. Structural Metadata data about the containers of data. Descriptive Metadata is about data content.

Examples Means of creation of the data Purpose of the data Time and date of creation Creator or author of the data Location on network where the data was created

7 Deadly Sins of Social Networking

Over-sharing company activities Mixing personal with professional Engaging in Tweet (or Facebook /

LinkedIn / Myspace) rage Believing he/she who dies with the most

connections wins Password sloth Trigger finger (clicking everything,

especially on Facebook) Endangering yourself and others

Social Media Security Awareness

Scams To Avoid

Phishing: Attempting to acquire information such as usernames, passwords or credit card details by masquerading as a trustworthy entity in an electronic communication. Typically carried out by email spoofing or instant messaging and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.

Scams To Avoid

Clickjacking: Certain malicious websites contain code that can make your browser take action without your knowledge or consent. Clicking on a link on one of these websites might cause the website to be posted to your profile. Never click strange links, even if they are from friends. Also be sure to notify the person sending the link if you see something suspicious.

Scams To Avoid

Malicious Script: When you are asked to copy and paste text into your browser’s address bar in order to see something interesting or surprising. This "code" is actually a malicious script. Instead of showing you what was advertised, it uses your account to send your friends spam. 

Scams To Avoid

Malicious Script:  

Scams To Avoid

Koobface:  Worm that targets Facebook by posting spam messages on behalf of people. The message contain a link, which prompts to download and install a newer version of Adobe Flash player. However, this download actually contains a malicious file that, once opened, uses your Facebook account to continue posting this malicious link on your behalf, thus spreading the virus.

Scams To Avoid

Koobface:

Scams To Avoid

Koobface:

Use Advanced Security Settings

Enable Secure Browsing SSL Protocol Encryption

Enable One-Time Passwords Use when signing onto a computer that is not

yours

Enable Single Sign-On Eliminates multiple passwords

Enable Login Notification and Approvals Monitor account activity

Using Good Passwords

Don’t use same passwords on all accounts Don’t share and change regularly At least 8 characters, 1 number and 1

special character Use non-words that associate with

something you know: “4the$cash”, “2crackedribs!”

Don’t save in the browser Logout don’t just close the browser

Tips To Stay Secure

Think before you click If you don’t know what it is, don’t paste it

into your internet address bar Maintain strong passwords Never give out your username or password Update your browser Run and update anti-virus software

Resources

Computer Crime Info http://www.computercrimeinfo.com

CSO Online: Social Medial Security http://www.csoonline.com/topic/587704/social-

networking-security

Facebook: Security, Safety, Privacy http://www.facebook.com/security http://www.facebook.com/safety http://www.facebook.com/privacy

Questions

Don Knox, CPP, CITRMSGlobal Security and Risk Analysis ManagerCaterpillar(309) 494 1523knox_don@cat.com