Managing the Security and Privacy Risks of Social Media Don Knox, CPP, CITRMS Global Security and Risk Analysis Manager Caterpillar (309) Spring Conference May 10 th 2012

Why Social Media

 Share Status  Tag Photos  Upload Videos  Broadcast Location  Like Companies  Recommend Products and Services  Endorse Colleague  Search Jobs

Social Media Statistics  Facebook: 1.11 Billion plus users  Twitter: 200 Million plus users  LinkedIn: 225 Million plus users  Google: 4 Billion searches per day  YouTube: 2 Billion searches per day  Yahoo: 280 Million searches per day  Bing: 280 Million searches per day

Social Media Sites

who-has-your-back- 2013

Social Media Revolution

Security Uses For Social Media  Investigations and Background Screening  Information Gathering and Intelligence Monitoring  Crisis / Emergency Management Notification and Tracking

Terms To Know  Search engine optimization (SEO): Process of improving the visibility of a website in search engine search results. In general, the earlier (or higher ranked on the search results page), and more frequently a site appears in the search results list, the more visitors it will receive from the search engine's users.

Terms To Know  Malware (Malicious Software): Software designed to disrupt computer operation, gather sensitive information, or gain unauthorized access to computer systems. It can also appear in the form of script or code. General term used to describe any software or code specifically designed to exploit a computer, or the data it contains. Malware includes computer viruses, worms, trojan horses, spyware, adaware, ransomeware, rootkits and keyloggers.

Terms To Know  Firewall: Software or hardware based network security system that controls incoming and outgoing network traffic by analyzing data packets and determining whether they should be allowed through or not, based on a rule set.

Terms To Know  Personally Identifiable Information: Information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. Can be used to distinguish or trace an individual‘s identity, such as name, social security number, date and place of birth, mother‘s maiden name or biometric records. Can link medical, educational, financial, and employment information.

Terms To Know  Metadata: Data about data. Structural Metadata data about the containers of data. Descriptive Metadata is about data content.  Examples  Means of creation of the data  Purpose of the data  Time and date of creation  Creator or author of the data  Location on network where the data was created

7 Deadly Sins of Social Networking  Over-sharing company activities  Mixing personal with professional  Engaging in Tweet (or Facebook / LinkedIn / Myspace) rage  Believing he/she who dies with the most connections wins  Password sloth  Trigger finger (clicking everything, especially on Facebook)  Endangering yourself and others

Social Media Security Awareness

Scams To Avoid  Phishing: Attempting to acquire information such as usernames, passwords or credit card details by masquerading as a trustworthy entity in an electronic communication. Typically carried out by spoofing or instant messaging and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.

Scams To Avoid  Clickjacking: Certain malicious websites contain code that can make your browser take action without your knowledge or consent. Clicking on a link on one of these websites might cause the website to be posted to your profile. Never click strange links, even if they are from friends. Also be sure to notify the person sending the link if you see something suspicious.

Scams To Avoid  Malicious Script: When you are asked to copy and paste text into your browser’s address bar in order to see something interesting or surprising. This "code" is actually a malicious script. Instead of showing you what was advertised, it uses your account to send your friends spam.

Scams To Avoid  Malicious Script:

Scams To Avoid  Koobface: Worm that targets Facebook by posting spam messages on behalf of people. The message contain a link, which prompts to download and install a newer version of Adobe Flash player. However, this download actually contains a malicious file that, once opened, uses your Facebook account to continue posting this malicious link on your behalf, thus spreading the virus.

Scams To Avoid  Koobface:

Scams To Avoid  Koobface:

Use Advanced Security Settings  Enable Secure Browsing  SSL Protocol Encryption  Enable One-Time Passwords  Use when signing onto a computer that is not yours  Enable Single Sign-On  Eliminates multiple passwords  Enable Login Notification and Approvals  Monitor account activity

Using Good Passwords  Don’t use same passwords on all accounts  Don’t share and change regularly  At least 8 characters, 1 number and 1 special character  Use non-words that associate with something you know: “4the$cash”, “2crackedribs!”  Don’t save in the browser  Logout don’t just close the browser

Tips To Stay Secure  Think before you click  If you don’t know what it is, don’t paste it into your internet address bar  Maintain strong passwords  Never give out your username or password  Update your browser  Run and update anti-virus software

Resources  Computer Crime Info   CSO Online: Social Medial Security  networking-security networking-security  Facebook: Security, Safety, Privacy   

Questions Don Knox, CPP, CITRMS Global Security and Risk Analysis Manager Caterpillar (309)