Social Media Security Awareness for Business or Home Computing Users



Similar documents
First Global Data Corp.

Home Computing Security Awareness

AMWA Chapter Subgroups on LinkedIn Guidance for Subgroup Managers and Chapter Leaders, updated

Internet and Social Media Solicitations: Wise Giving Tips

Preventing Identity Theft

ACTIVITY MONITOR Real Time Monitor Employee Activity Monitor

Access EEC s Web Applications... 2 View Messages from EEC... 3 Sign In as a Returning User... 3

Information & Communications Technology ICT Security Compliance Guide (Student)

In addition to assisting with the disaster planning process, it is hoped this document will also::

Internet and Policy User s Guide

Privacy Plicy Welcme, Sensati & JHI

Often people have questions about new or enhanced services. This is a list of commonly asked questions and answers regarding our new WebMail format.

Data Protection Policy & Procedure

Customers FAQs for Webroot SecureAnywhere Identity Shield

KIK s GUIDE FOR LAW ENFORCEMENT

FAQs for Webroot SecureAnywhere Identity Shield

Writing a Cell Phone Strategy

Hand-out:do:Nothing (social media security settings with Facebook used in examples)

For students to participate in BYOD please follow these two steps

Process of Setting up a New Merchant Account

State Bank Virtual Card FAQs

Service Desk Self Service Overview

Best Practices on Monitoring Hotel Review Sites By Max Starkov and Mariana Mechoso Safer

Business Marketing Self-Assessment Checklist. The fast and simple way to identify your most critical marketing needs.

PENNSYLVANIA SURPLUS LINES ASSOCIATION Electronic Filing System (EFS) Frequently Asked Questions and Answers

990 e-postcard FAQ. Is there a charge to file form 990-N (e-postcard)? No, the e-postcard system is completely free.

Module 3: Checklists, Forms, and Templates and Disaster Preparedness Planning

Part I: Welcome to BoardEffect -- Overview & Online Tour

Montana Acquisition & Contracting System (emacs) emacs Handbook. Vendor Registration and Data Management

HIPAA HITECH ACT Compliance, Review and Training Services

Social media guidelines

Tipsheet: Sending Out Mass s in ApplyYourself

COPIES-F.Y.I., INC. Policies and Procedures Data Security Policy

Treasury Gateway Getting Started Guide

Corporations Q&A. Shareholders Edward R. Alexander, Jr.

Annuities and Senior Citizens

Key Steps for Organizations in Responding to Privacy Breaches

Retirement Planning Options Annuities

FAQ Frequently Asked Questions & Answers for using the online assessment platform of ΜanpowerGroup

CSAT Account Management

Data Protection Act Data security breach management

LOGOS Purchase Agreement How will you acquire this valuable digital tool?

Using PayPal Website Payments Pro UK with ProductCart

Disk Redundancy (RAID)

Privacy Policy. The Central Equity Group understands how highly people value the protection of their privacy.

Remote Desktop Tutorial. By: Virginia Ginny Morris

Search Engine Optimisation and Web Analytics

How Checking Accounts Work

FundingEdge. Guide to Business Cash Advance & Bank Statement Loan Programs

Important 2015 Date!!! Our home swim meet The Ukiah Dolphins Soroptimist Swim Meet is the weekend of July 24 th.

WHAT SHOULD I LOOK FOR WHEN I BUY HEALTH INSURANCE?

The ADVANTAGE of Cloud Based Computing:

CONTENTS UNDERSTANDING PPACA. Implications of PPACA Relative to Student Athletes. Institution Level Discussion/Decisions.

BRILL s Editorial Manager (EM) Manual for Authors Table of Contents

Calling from a Cell Phone

GETTING STARTED With the Control Panel Table of Contents

Online Banking Agreement

QBT - Making business travel simple

Security in Business and Applications. Madison Hajeb Stefan Hurst Benjamin Von Slade

Merchant Management System. New User Guide CARDSAVE

To discuss Chapter 13 bankruptcy questions with our bankruptcy attorney, please call us or fill out a Free Evaluation form on our website.

ARE YOU INTERESTED IN THE PRIOR LEARNING ASSESSMENT (PLA) PROGRAM?

Amazon Marketing Services Content Policies and Standards

Integrating With incontact dbprovider & Screen Pops

Net Conferencing User Guide: Advanced and Customized Net Conference with Microsoft Office Live Meeting Event Registration

DIGITAL MARKETING STRATEGY CHECKLIST

LISTSERV ADMINISTRATION Department of Client Services Information Technology Systems Division

HP Connected Backup Online Help. Version October 2012

efusion Table of Contents

Remote Working (Policy & Procedure)

Kronos Workforce Timekeeper Frequently Asked Questions

What Happens To My Benefits If I Get a Bunch of Money? TANF Here is what happens if you are on the TANF program when you get lump-sum income:

Exercise 5 Server Configuration, Web and FTP Instructions and preparatory questions Administration of Computer Systems, Fall 2008

Process for Responding to Privacy Breaches

Exercise 5 Server Configuration, Web and FTP Instructions and preparatory questions Administration of Computer Systems, Fall 2008

OCR LEVEL 2 CAMBRIDGE TECHNICAL

Helpdesk Support Tickets & Knowledgebase

MaaS360 Cloud Extender

Transcription:

Scial Media Security Awareness fr Business r Hme Cmputing Users The purpse f all scial media sites, whether fr business r persnal use, is cmmunicatin, sharing, and smetimes cllabratin. The benefits f the scial netwrking mdel is that yu can put ut infrmatin yu want thers t have access t withut having t direct that infrmatin t a specific individual at a specific time. Cnnecting yurself t thers thru scial media sites such as Facebk, Twitter, and Linkedin has advantages fr the user in terms f staying in tuch withut much effrt. Taking advantage f scial media t stay cnnected means that yu must knw the risks that cme with the nted ease f use, and hw t prtect yurself against bad actrs wh are interested in things ther than yur vacatin pictures! Besides yur friends, wh else is lking at yur infrmatin, and hw might they be intending t use it! The purpse f this shrt mdule is t set frth the basic risks and defenses necessary t have a safer experience with scial media netwrking. Defensive Cmputing Be Aware f What Infrmatin is Public Thru Scial Media Scial netwrking has grwn in ppularity since being adpted n a large scale in the late 1990 s. Internet users with a scial netwrk prfile quadrupled between 2004 and 2008 and Facebk claimed a Billin users in 2012. Many peple are interested in the infrmatin all f thse users pst. Many f thse interested parties are nt necessarily yur friends! Identity thieves, scam artists, debt cllectrs, stalkers, and crpratins lking fr a market advantage are using scial netwrks t gather infrmatin abut cnsumers and cmpetitrs. Cmpanies that perate scial netwrks are themselves cllecting a variety f data abut their users, bth t persnalize the services fr the users and t sell t advertisers. There are tw kinds f infrmatin that can be gathered abut a user frm a scial netwrk: infrmatin that is shared and infrmatin gathered thrugh electrnic tracking. Once that infrmatin is prvided and psted, it is ging t be there essentially in perpetuity, unless sme actin is taken by the wner f the infrmatin (the user) t take it dwn. Infrmatin a user shares may include : Phts, ther media, age and gender infrmatin, bigraphical infrmatin such as emplyment histry, hmetwn, and family histry infrmatin. Psted status updates such as travel, interests, activities. Embedded in this seemingly harmless infrmatin is a wealth f identity and activity infrmatin fr a bad actr t mine. Obvius prfile infrmatin n name, address, age. Relevant identity supprting infrmatin such as mther and father s names, mther s maiden name, pet s names, where yu like t vacatin, when yu like t vacatin, restaurants yu like t eat in, parks yur children play in, etc..

Sme f the user Prfile infrmatin is hidden frm the public unless the user des nt activate privacy settings crrectly, r when the privacy settings get reset after an update. Scial netwrks can, and d, change their privacy plicy withut the user s permissin, expsing infrmatin frmally hidden unless the user understands the change and resets their preferred privacy level. Many users are nt aware f hw t maintain their privacy settings r just chse nt t use them. Yur friends may cpy and pst infrmatin frm yur site, which they had access t, n their wn sites, withut yur permissin, bypassing yur privacy settings cmpletely. Yu may have third party applicatins which stre and expse sme f yur prfile infrmatin which yu thught was private. Scial netwrks d nt guarantee the privacy f their user data and have had numerus failures t prtect infrmatin: 2010 Facebk -expsure f persnal chat lgs f users. 2012 Facebk -expsure f ld private messages n the walls f Eurpean users. 2012 LinkedIn- 6.5 millin hashed passwrds fr the business fcused scial netwrk LinkedIn were published n hacker frums. Scial netwrks als benefit frm yur public infrmatin by which a prfile f yur interests may be made s as t direct custmized ads t yu. They encurage users t pst mre and mre infrmatin and are successful in this encuragement! Scial netwrks als gather infrmatin thru electrnic tracking using ckies t track infrmatin such as Websites visited and infrmatin assciated with websites (ex: shpping cart items) This infrmatin ges int a prfile f their users which is further useful in their directed advertising Knw the Ptential Risks f Scial Netwrk Expsure f Yur Infrmatin Identity Theft Identity thieves use an individual s persnal infrmatin t pretend t be yu. They use the infrmatin gathered frm public psts, and public infrmatin in yur prfile. They als use infrmatin gathered frm scial engineering, by friending a user and eliciting infrmatin thru messaging and chats ver suppsed cmmn interests r cmmn friends. Illegitimate third party Apps may gather infrmatin frm yur private prfile that yu are nt aware f thru cnfusing use statements which yu may cnsent t. This infrmatin is used t blster the false identity. Attacks may als appear in the frm f quizzes, questinnaires, r game links n friend sites that yu visit that reveal persnal infrmatin abut yu if yu play them. Phishing attempts, the ffering f a lure t hk yu int revealing persnal infrmatin, such as the fill ut the frm t qualify t win an Ipd are als a part f the identity theft fraud tlbx. If it seems t be t gd, it prbably is s dn t click the link!

Spear Phishing, highly directed Phishing aimed at a particular individual, where yu receive a legitimate lking message which asks yu t click a link and enter yur lgin and passwrd n a site usually knwn t yu, but spfed r falsified in this fraud, tries t elicit yur infrmatin by making yu think yu have an accunt prblem r a false billing. Always check by ther means directly with the accunt site. Dn t click the link! Using the infrmatin gathered, they then can use the synthetic identity t impersnate yu t an extent, the mre infrmatin they gather, the better the impersnatin. Intrductin f Malware Malware is malicius sftware that cvers a wide range f prgrams intended t gather infrmatin r damage yur cmputer s sftware r perating system. Malware can spread thru the scial netwrk frm cntact t cntact, as the malware appears t cme frm a trusted cntact, which induces peple t dwnlad it. Messages suppsedly frm a trusted cntact may include malware links when directed t suppsedly t view a file r vide, which result in infectin. Always be wary f unknwn links. A shrtened URL n a status update, newsfeed, r blg link may lead the user t dwnlad a virus r g t a website that will attempt t dwnlad a virus t the user s cmputer. Email may appear t be frm the scial netwrk itself asking fr infrmatin, with a link t click. This is anther frm f Phishing attack. Always check directly with the site by ther means t see if yu are being phished. Fake security alerts, with the virus psing as anti-virus, r anti-spyware sftware, ffering t help yu by clicking the link. Never accept an ffer t give yu free antivirus help! Scial Engineering Attacks Several f the scial engineering methds have been mentined previusly, as all f these fraud attempts have verlapping appraches. Scial engineering is the use f infrmatin knwn abut a user t elicit additinal infrmatin frm the user. All f the fraudulent methds are part f scial engineering. Phishing and Spear Fishing mentined previusly are scial engineering methds. They use a small amunt f knwn infrmatin t elicit additinal mre valuable infrmatin. Misleading Slicitatins is the attempt t make peple feel bligated t jin a cause r a grup because they receive email frm a friend wh has jined. The intent is t slicit the registratin infrmatin frm anther user. If yu are interested, check with the friend by ther means, befre signing up. Hijacked Accunts is the use f cmprmised legitimate accunts after they are taken ver by malware r spyware t defraud ther users. The accunts are used t send ut spam, malware links, r slicitatins t the cntacts and friends f the riginal accunt. A classic example is the slicitatin letter frm yur friend, stuck in Hnduras and needing a wire transfer t buy a ticket hme, after a rbbery. Aviding Fraudulent Usage f Yur Scial Netwrking Infrmatin

Use a strng passwrd different frm the passwrds yu use t access ther sites. Never recycle yur passwrds as yu change them peridically. Use infrmatin that thers d nt knw abut yu in yur security questins, and never pst this infrmatin n yur public infrmatin! It is best t nt prvide a wrk email t a scial netwrk. Cnsider using a specific new email accunt nly fr the scial netwrk. If the accunt is cmprmised, as in the case f the Linked In lss f millins f accunt registratins, yur wrk accunt will nt be cmprmised. Review the privacy plicy and hw t cnfigure it befre yu sign up fr the accunt. Make sure yu knw if there is a change in the privacy plicy r terms f service. Only prvide necessary infrmatin yu are cmfrtable with revealing. Leaning t the side f less, is better. Never grant access t yur cntacts r email address bk. The netwrk may prmise t cnnect yu t peple yu knw wh are already n the netwrk, but this expses yur cntact list t the whle variety f frauds if it shuld be cmprmised. Sme netwrks als use yur list, if yu d nt prhibit them, t slicit yur cntacts t jin. Be careful abut clicking unknwn links in messages frm friends n scial sites, particularly less well knwn friends. Links may be fraudulent paths t malware r scial engineering attacks. Yur friend may nt be yur friend if they are a stranger. Examine links fr ddities, such as misspellings r dd phrasing in the message. If it seems dd, avid it r check with the friend by ther cntact means befre yu g there. Dn t assume that a message is frm wh it seems t be frm. Hackers break accunts and cmprmise cntacts lists cmmnly. If yu suspect a fraud, cntact yur friend by alternate means t see if they are cmprmised. Messages frm the scial netwrk site will nt be asking yu t cnfirm persnal infrmatin r passwrds. Such a message is highly likely t be fraud. D nt click any links and reprt it t the site. Knw what infrmatin yu have psted abut yurself. This infrmatin is the basis f fraud attacks and t help hackers access accunts thru the frgtten passwrd apprach. Pet names, Mther s maiden name, first schl, favrite hbby, are all cmmn security questins. Think befre yu pst. Dn t pst vacatin plans fr the wrld t knw when yu are nt ging t be hme! Physical rbbery ccurs t, nt just cyber theft! Turn ff ge tagging fr yur pictures s that the wrld des nt knw as much abut yur physical lcatin. Dn t share all the details f yur daily rutine. Again, bad actrs can be physical criminals, nt just cyber criminals. Make sure yur children understand what infrmatin nt t share as they participate in scial netwrking as well. Dn t make it easy fr scammers by psting t the public part f yur site yur birthdate, age, phne number, and address. This identity infrmatin is a gift t scammers. If this infrmatin is required fr registratin, restrict it with yur privacy settings. Type in the name f yur scial netwrk link r use a persnal bkmark when accessing thru the internet. Never click a link t yur scial netwrking site n smene else s site. Yu may be giving yur user ID and passwrd infrmatin t a hacker when yu d.

Be selective abut wh yu accept as friends. Identity thieves may create fake, but attractive prfiles, t slicit persnal infrmatin frm yu and yur site. There is n reward fr having the mst friends! The safest strategy is t reject strangers. If yu decide t accept a stranger, limit their access thru yur privacy settings. Understand yur scial netwrk s privacy settings in detail. They are yur best prtectin against scammers. Chse yur scial netwrk carefully. Knw the privacy plicy and hw t cnfigure it. Find ut and understand if the site mnitrs psted material, and what they d with it. Yu are prviding persnal infrmatin, s knw what they are ding with it. Assume that everything yu put up n the site is permanent and public. Cnsider if yu wuld want the infrmatin n a billbard? The best assumptin is that anything yu pst may becme public infrmatin. Be careful f installing third party apps that let yu d mre with yur site. They may be malware traps. Validate their authenticity and privacy plicies carefully befre yu decide t use them. The best practice is t nt use them at all. Discuss the risks f scial netwrking with yur children relating t hme cmputing. Review their prfiles, and pstings. Help them cnfigure their sites fr prper privacy and t maintain them. Make sure they understand what persnal infrmatin nt t pst. Make sure they understand what phts nt t pst, such as embarrassing shts r shts with identifiable lcatin infrmatin, such as their huse, and including sites away frm hme such as their schl r a favrite playgrund. Make sure they knw never t meet with smene they have met n line. If huse rules are nt fllwed, remve the child s scial site by cntacting the scial netwrk. In the event yu feel yur accunt has been cmprmised, ntify the scial netwrking site immediately and alert yur cntacts. Malware may have been installed n yur cmputer. While nt a guarantee f safety, scan yur cmputer immediately with up t date Anti-Virus sftware. Useful Links Micrsft.Cm Safety and Security Center Stay Safe Online.Org Windws Supprt-Security, Privacy, and Accunts

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information