top ten tips to shockproof your use of social media, lavacon 2011

20
Ten Tips to Shockproof Your Use of Social Media Ben Woelk Policy and Awareness Analyst Rochester Institute of Technology [email protected] @benwoelk

Upload: ben-woelk-cissp

Post on 08-May-2015

497 views

Category:

Technology


0 download

TRANSCRIPT

Page 1: Top Ten Tips to Shockproof Your Use of Social Media, Lavacon 2011

Ten Tips to Shockproof Your Use of Social Media

Ben Woelk Policy and Awareness Analyst

Rochester Institute of Technology [email protected]

@benwoelk

Page 2: Top Ten Tips to Shockproof Your Use of Social Media, Lavacon 2011

Introduction

• Everyone is a target • Organized crime funds the attacks

2

Page 3: Top Ten Tips to Shockproof Your Use of Social Media, Lavacon 2011

Avert Labs Malware Research

3 Retrieved July 24, 2009 from: http://www.avertlabs.com/research/blog/index.php/2009/07/22/malware-is-their-businessand-business-is-good/

Page 4: Top Ten Tips to Shockproof Your Use of Social Media, Lavacon 2011

Phishing on Social Network Sites

http://www.markmonitor.com/download/bji/BrandjackingIndex-Spring2009.pdf 4

Presenter
Presentation Notes
Per the MarkMonitor Brandjacking Index for Spring 2009: Phish attacks targeting social networks have grown 241 percent from Q1 2008 to Q1 2009 and have grown 1,500-fold since we first started tracking the category in 2007.
Page 5: Top Ten Tips to Shockproof Your Use of Social Media, Lavacon 2011

Tip # 1 Strong Passwords/ Passphrases

• Length more important than complexity

It was a dark and stormy night

becomes

ItwasaDark215andStormyNight

5

Presenter
Presentation Notes
Weak passwords can be guessed Automated programs Personal details Use different passwords How many accounts can be accessed with �just one of your passwords? Password vaults Passphrases
Page 6: Top Ten Tips to Shockproof Your Use of Social Media, Lavacon 2011

Password Safes

6

Page 7: Top Ten Tips to Shockproof Your Use of Social Media, Lavacon 2011

7

Tip # 2 Keep up to date!

• Operating Systems • Applications

Presenter
Presentation Notes
Patching: Fixes “vulnerabilities” in software You need to: Turn on auto-updating (Windows, Mac OS X) Check regularly for application updates (Adobe, Microsoft Office, etc.) ESPECIALLY ADOBE (malicious PDFs)
Page 8: Top Ten Tips to Shockproof Your Use of Social Media, Lavacon 2011

Tip #3 Use Security Software

Layers of Security • Anti-Virus Protection • Firewall • Anti-Spyware Protection Don’t overlook mobile devices!

8

Page 9: Top Ten Tips to Shockproof Your Use of Social Media, Lavacon 2011

9

Tip #4 Recognize Phishing/Scams

Presenter
Presentation Notes
Targets hundreds or thousands of people using botnets to send e-mail and instant messages that direct people to download malicious attachments or visit spoofed websites. Often appear to come from PayPal, banks, or other financial institutions. The comments/message board sections on social networking websites has become a very popular attack vector for spam, phishing, and malware. If you receive something suspicious, report it to [email protected] or the ITS HelpDesk.
Page 10: Top Ten Tips to Shockproof Your Use of Social Media, Lavacon 2011

Phishing Tips

10

Page 11: Top Ten Tips to Shockproof Your Use of Social Media, Lavacon 2011

11

Tip #5 Use Social Networks Safely

Don’t: • Post personal information • Post schedules or whereabouts • Post inappropriate photos

http://www.sileo.com/facebook-status-update-leads-to-robbery/

Presenter
Presentation Notes
DO: Use privacy settings (visit security.rit.edu for more information) DON’T use these sites to: Post personal information (contact info, class schedule, residence, etc.). A talented hacker can see this, even if you’ve restricted your privacy settings! Post potentially embarrassing or compromising photos. It’s hard to deny you’ve done something when you post a photo of it. Be aware of what photos you’re being “tagged” in—don’t hesitate to ask others to remove photographs of you from their pages. Publicize which events you’ll be attending Your friends might not be the only ones looking!
Page 12: Top Ten Tips to Shockproof Your Use of Social Media, Lavacon 2011

Tip #6 Remember Who Else is There

• Who else uses social networking? – Employers – Identity Thieves – Online Predators

• Facebook Stalker (http://www.youtube.com/watch?v=wCh9bmg0zGg)

12

Page 13: Top Ten Tips to Shockproof Your Use of Social Media, Lavacon 2011

What You Post Can Be Used To…

• Make judgments about your character

• Impersonate you to financial institutions

• Monitor what you do and where you go

13

Presenter
Presentation Notes
RIT – No, RIT does not log your every move online; however, Public Safety and other the Center for Student Conduct do receive reports of online postings where there may be evidence of conduct violations. These postings may become part of investigative reports.
Page 14: Top Ten Tips to Shockproof Your Use of Social Media, Lavacon 2011

Tip #7 Be wary of others

• Choose your friends carefully • "41% of Facebook users agreed to be

friends with this plastic frog, opening themselves up to the risk of identity theft."

• The frog’s name was Freddi Staur – http://podcasts.sophos.com/en/sophos-

podcasts-019.mp3

14

Page 15: Top Ten Tips to Shockproof Your Use of Social Media, Lavacon 2011

Is this really your friend?

Just because it’s your friend’s account does not mean that it’s your friend!

15

Page 16: Top Ten Tips to Shockproof Your Use of Social Media, Lavacon 2011

Tip #8 Search for your name

• Do a vanity search • Set up a Google Alert

16

Page 17: Top Ten Tips to Shockproof Your Use of Social Media, Lavacon 2011

Tip #9 Guard Your Personal Information!

• Watch out for Facebook Applications!! – A 2008 study found

that 90.7% of apps had access to private user data (only 9.3% actually used the data)

17

Page 18: Top Ten Tips to Shockproof Your Use of Social Media, Lavacon 2011

Tip #10 Use Privacy Settings

• Default settings are set to sharing information

• Adjust Facebook privacy settings to help protect your identity

• Show "limited friends" a cut-down version of

your profile

• Disable options, then open them one by one

http://www.sophos.com/security/best-practice/facebook.html

Page 19: Top Ten Tips to Shockproof Your Use of Social Media, Lavacon 2011

The First Line of Defense

Stay alert—you will be the first to know if something goes wrong – Are you receiving odd communications from

someone? – Is your computer sounding strange or slower

than normal? – Has there been some kind of incident or warning

in the news?

Page 20: Top Ten Tips to Shockproof Your Use of Social Media, Lavacon 2011

Practice Digital Self Defense

• Infosec Communicator blog • @benwoelk • @RIT_Infosec

20