A+to+z+of+safe+social+media
Upcoming SlideShare
Loading in...5
×
 

A+to+z+of+safe+social+media

on

  • 492 views

 

Statistics

Views

Total Views
492
Views on SlideShare
492
Embed Views
0

Actions

Likes
0
Downloads
1
Comments
0

0 Embeds 0

No embeds

Accessibility

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

A+to+z+of+safe+social+media A+to+z+of+safe+social+media Presentation Transcript

  • The A to Z of Safe Social Media Our simple guide to wise Social Media habits Not for resaleWritten by Mark Johnson I Illustrated by Corinne Blandin I Foreword by Lord Toby Harris I Produced by The The Risk Management Group 2012 Produced by Risk Management Group, 2012
  • Foreword Businesses and other organisations are increasingly being encouraged to use social media both for marketing purposes and for better internal communications. At the same time, many organisations worry about exactly what they are doing on social media and whether they are posting messages that might damage the brand. All this is made more complicated as people increasingly use their own devices for work purposes (whether this is sanctioned/encouraged by their employers or not). Yet social media are also used by those who are malevolent to attack firms and individuals, not only by planting malware but also through social engineering to effect identity and data theft. Most of us do not know enough about the risks or are blind to the threats that may affect us: a recent Legal & General survey found that a significant percentage Lord Toby Harris of users are happy to "friend" total strangers online without a second thought. Awareness and common sense are the best and simplest form of security and this "A to Z Guide" is an excellent starting point for everyone - from senior managers to the newest joiner. i Produced by The Risk Management Group 2012Copyright Mark Johnson & Corinne Blandin, 2012
  • Introduction Early in 2012 we were asked to support the efforts of UK financial services firm Legal & General in the production of their Digital Criminal 2012: Cybersafety Report. This report, which can be downloaded here, focused on consumer risks arising from poor social media habits. The results of the survey were alarming: • 91% of the Facebook users surveyed had received friend requests from strangers • 51% of those users admitted having accepted such requests • 56% of users also discuss evening and holiday plans ‘wall-to-wall’ Our own tests, using a network of fake Facebook, Mark Johnson Twitter and LinkedIn profiles, demonstrated that many of our fake profiles were able to gather up to 150 friends within a few weeks. One fake profile amassed a staggering 79 friends in under 12 hours, simply by using a pretty picture. Many of these new ‘friends’ were willing to share personal data with our fake personas. The risks for business and consumers arising from poor social media habits are very real, with fraud, identity theft and the exposure of corporate data being only the tip of the iceberg. The second in our series of free A-to-Z Guides is designed to raise awareness and to suggest commonsense security measures for social media activities carried out by the average person in the home and at places of work. ii Produced by The Risk Management Group 2012Copyright Mark Johnson & Corinne Blandin, 2012
  • Sanity Check Number One: A is for… Do you really know all of your online ‘friends’? Awareness Relatively few social media users are aware of just how many vulnerabilities these services can have. The failure of some leading social media sites to introduce effective validation of users’ identities means that fake accounts are very easy to setup and use. Social media users sometimes have no idea who they are really connected to and this can lead to them giving out information that could be used by fraudsters, burglars and other criminals. 1Copyright Mark Johnson & Corinne Blandin, 2012 Produced by The Risk Management Group 2012
  • B is for… Bragging ‘Face bragging’, or showing off online about your material wealth, could makeSanity Check Number Two: you a target for criminals.Do you ever post comments online about your Reformed burglar Michael Fraser hasincome or possessions, or photos displaying spoken frequently of the ways in whichthem? today’s burglars, fraudsters and con artists are using social media sites as a source of target data. (See the Legal & General report.) Posting photos of your car, house or jewellery, or comments about your income, bonuses and other assets might win you a few new ‘friends’, but it could also win you some unwelcome visitors. 2Copyright Mark Johnson & Corinne Blandin, 2012 Produced by The Risk Management Group 2012
  • Sanity Check Number Three: C is for… Have you ever accepted a friend request from a stranger just because you liked their picture? Checking The average Facebook user has 140 Facebook friends and in one survey, 95% of users admitted having accepted friend requests from total strangers. Often, a friend request is accepted because the person making it appears attractive to the user, or because they are already a ‘friend of an online friend’. Many of us fail to check before accepting such requests, to establish whether the friend who appears to link us would actually recommend this new person, or whether they even know them. 3Copyright Mark Johnson & Corinne Blandin, 2012 Produced by The Risk Management Group 2012
  • D is for… Deleting What you post online could, in theory, stay online forever. However, you do haveSanity Check Number Four: some control and if you delete your old social media posts there is a reasonableHave you deleted any old posts that, in chance that they will be difficult orretrospect, you probably should not have impossible for others to retrieve.made? It may be as simple as a former relationship you’d rather hide from your new love, or a silly comment that could affect you professionally years later. Whatever it is, it’s always a good idea to: • have a trawl through your old posts • do a bit of house cleaning But your best bet is to avoid saying anything silly in the first place! 4Copyright Mark Johnson & Corinne Blandin, 2012 Produced by The Risk Management Group 2012
  • Sanity Check Number Five: E is for… Is your email address shown in your public profile? Email When you first sign up for many social media sites, your email address is requested of you and it may even be displayed in your public profile. Not only that, but your email address often becomes your user name for the service because many social media sites take shortcuts around more sensible security measures. Having your email address in your public profile exposes you to SPAM as well as harassment. It will also give a fraudster the first half of your logon information and thus help them to take over your account. 5Copyright Mark Johnson & Corinne Blandin, 2012 Produced by The Risk Management Group 2012
  • F is for… Fraud Online fraud is a growing problem. As more and more services go online we canSanity Check Number Six: expect fraud levels to rise even further.Have you ever disclosed information in an Many fraudsters who once searchedonline profile that a fraudster could use, such as through rubbish bins for discarded bankyour date of birth? statements now browse social media sites for personal data. Most of us are oblivious to this risk and our online posts and profiles often contain a wealth of information that a clever fraudster could use. Always limit what you post and what your profile discloses about you. 6Copyright Mark Johnson & Corinne Blandin, 2012 Produced by The Risk Management Group 2012
  • Sanity Check Number Seven: G is for… Do you ever post information about your geographic locations, past, present or future? Geography Some social media sites are moving users towards a geographic paradigm. This can involve putting your posts and images on a timeline and inviting you to add more information, such as the geographic location you were in. Why would you want to put that online? Your real friends probably know where you were anyway and you wouldn’t want to tell strangers these facts about you, would you? After all, your movements in the past might serve as clues to your likely movements in the future. 7Copyright Mark Johnson & Corinne Blandin, 2012 Produced by The Risk Management Group 2012
  • H is for… Home The Legal & General Digital Criminal report also revealed that 4% of Facebook usersSanity Check Number Eight: surveyed had included their home address in their public profile.Have you ever publicly posted your homeaddress online? This is not only a matter of concern for those users, it also affects any partners and children they may have. Posting your home address next to your real name in any online public forum is a big no-no, as is posting someone else’s address details. Keep the real world and the online world separate. 8Copyright Mark Johnson & Corinne Blandin, 2012 Produced by The Risk Management Group 2012
  • Sanity Check Number Nine: I is for… Are you careful about what types of image you post? Images The posting of images online has become commonplace, often without the consent of those depicted. Several services are driving this trend. The problem is that even if you are careful about what images you post, anyone else can post images of you without your knowledge. You should be particularly wary about posting images of your children. One tool you can use is to setup notifications anytime you are ‘tagged’ in a post or image, if the social media service you are using supports that. 9Copyright Mark Johnson & Corinne Blandin, 2012 Produced by The Risk Management Group 2012
  • J is for… Joining You are likely to make most personal security mistakes in social media on theSanity Check Number Ten: day you first join a site. After all, it’s exciting to sign-up and you are lookingDo you only enter the minimum profile forward to connecting to old friends, lovedinformation required to get an account? ones or new found contacts. Social media sites want to collect as much information about you as they can – they might use this for marketing purposes and your data is often their main asset. They will encourage you to complete your profile, providing all manner of personal data. You should only provide the bare minimum of data required to obtain service. Why would you provide more? 10 Produced by The Risk Management Group 2012Copyright Mark Johnson & Corinne Blandin, 2012
  • Sanity Check Number Eleven: K is for… Do you blindly follow links suggested by online friends? Keystrokes Did you know that there are forms of Spyware out there (software that can monitor your activities) that can capture every one of your keystrokes? The type of Spyware that records your keystrokes is known as a ‘Key logger’. This kind of Spyware may send a record of each of your keystrokes to someone else. Social media sites are one route used to get Spyware onto your system. For example, a ‘friend’ might suggest that you click on a link. Then, while you watch a video, Spyware may also be downloaded and installed on your machine. 11 Produced by The Risk Management Group 2012Copyright Mark Johnson & Corinne Blandin, 2012
  • L is for… Liking Clever online fraudsters and con-artists make good use of the like button toSanity Check Number Twelve: attract prospective targets. It works like this:Have you ever ‘friended’ someone becausethey ‘liked’ your posts or photos? • A fraudster will persuade someone to accept their friend request, perhaps by using an attractive photo. • The fraudster will browse that person’s pages and click the ‘Like’ button under posts or images of their friends. • Some of those friends will be curious about the person who liked their post or image. They might actually invite the fraudster to be their friend. The fraudster can thus attract ‘friends’ who may never even realise that they have been targeted. 12 Produced by The Risk Management Group 2012Copyright Mark Johnson & Corinne Blandin, 2012
  • Sanity Check Number Thirteen:M is for… Do you auto-update the anti-virus software installed on ALL of your devices? Malware Malware is malicious software that can do more than just steal data – it can harm your system or turn your machine into part of a ‘Botnet’: • Botnets are networks of infected devices • they are controlled remotely by a hacker • the largest known contains 12 million PCs • 25% of all PCs may be infected Malware can be accidentally downloaded by following links to infected sites. Other examples of Malware are Viruses, Trojans and Worms. Any of these can wreak havoc on your PC, laptop, mobile smart phone or tablet. 13 Produced by The Risk Management Group 2012Copyright Mark Johnson & Corinne Blandin, 2012
  • N is for… Names There are many instances in which using our real names online is our only option.Sanity Check Number Fourteen: Setting up a social media account for professional networking is one example.If you are a younger user, do you use anickname online? However, if you are going to link to social contacts via a social media site then using your full name might be more of a risk. This is especially true for younger users and until site providers fix their weak security and identity verification systems, we suggest never using your whole real name if you are a young user. 14 Produced by The Risk Management Group 2012Copyright Mark Johnson & Corinne Blandin, 2012
  • Sanity Check Number Fifteen: O is for… Have you deactivated any old social media and email accounts you no longer use? Old accounts Social media sites come and go and today’s giants will most likely become tomorrow’s forgotten dinosaurs. This has happened in the past and many of us have old social media accounts that we haven’t used for years - we may even have forgotten their existence. Dormant social media accounts are a gold mine for fraudsters because they can take them over and use them without us ever noticing. A hacked account might: • reveal information about you • be used to fool your friends into disclosing their data 15 Produced by The Risk Management Group 2012Copyright Mark Johnson & Corinne Blandin, 2012
  • P is for… Password If your email address is the same as your login name then a strong password isSanity Check Number Sixteen: essential as a hacker or fraudster may already know 50% of your loginAre your passwords difficult to crack? information. Having your account taken over, denying you access and exposing you to fraud or reputational harm, is an identity theft experience you don’t want to have. • Use strong passwords • Use 7 or 9 characters • Use a mix of letters, numbers and cases • Avoid using real words, dates & places Keep your password secret! 16 Produced by The Risk Management Group 2012Copyright Mark Johnson & Corinne Blandin, 2012
  • Sanity Check Number Seventeen: Q is for… Do you refuse to answer personal questions from those ‘friends’ you are not 100% sure of? Questions If you do stumble across a fake online profile, you might become suspicious. Fakers are generally out there to trawl for personal data and the questions they ask you are often a little unusual. Examples we have seen include: • “What’s your email address?” • “When’s your birthday?” • “Where are you now?” • “Can you suggest me to your friends?” You can see a video about what it’s like to have your identity stolen here. 17 Produced by The Risk Management Group 2012Copyright Mark Johnson & Corinne Blandin, 2012
  • R is for… Recommendations Social media fraudsters sometimes setup one fake profile in order to recommendSanity Check Number Eighteen: other faked profiles to people.Do you accept friend recommendations from The first profile is never used for fraud or toonline friends you don’t know well? collect data – only the recommended profiles do that. This approach allows the fraudster to create the impression of an innocent network of friends where, in fact, there is only one person - the fraudster. This may lead innocent users to trust the recommended fake profiles on the basis that they are ‘friends of a friend’. 18 Produced by The Risk Management Group 2012Copyright Mark Johnson & Corinne Blandin, 2012
  • Sanity Check Number Nineteen: S is for… Do you have links to social media ‘friends’ who never seem to be online? Silence A common sign of a faked online account is silence. As explained, a fraudster will have multiple motives for connecting with people and while some connections exist for the purpose of targeting or harvesting data, others are designed simply to build up a convincing contact base. Once you are a part of such a fake network, the fraudster might not have a reason to continue talking to you. 19 Produced by The Risk Management Group 2012Copyright Mark Johnson & Corinne Blandin, 2012
  • T is for… Tetris Tetris is only one example of a popular online game that can be very addictive.Sanity Check Number Twenty: Game addiction is a growing problem worldwide. Addiction clinics have evenAre you investing too much of your time and been setup in some countries.money in online games? Some online games also access your social media profile and other data. This data may be stored by the game provider. It has been alleged that in some games you may actually be competing against automated ‘Bots’ and not against real people as you might have assumed. Many games demand payment from you if you want to continue playing once you have become hooked. 20 Produced by The Risk Management Group 2012Copyright Mark Johnson & Corinne Blandin, 2012
  • Sanity Check Number twenty-one: U is for… Do you ‘un-friend’ contacts you are unsure about? Un-friending Did you know that you can often ‘un- friend’ a social media contact at any time? If you are suspicious about any of your online contacts, don’t be shy: • ask questions to validate who they are • check with your real life friends • un-friend anyone you have doubts about 21 Produced by The Risk Management Group 2012Copyright Mark Johnson & Corinne Blandin, 2012
  • V is for… Virus Some viruses have been specifically built to target social media users.Sanity Check Number Twenty-two: The LilyJade Virus is the most recent (2012)Is your anti-virus software set to automatically virus seen that specifically targets socialdownload and install updates? media users of sites like Facebook. The first iteration of LilyJade used infected PCs to send out Spam messages about teen pop star Justin Bieber. You can read more about LilyJade here. 22 Produced by The Risk Management Group 2012Copyright Mark Johnson & Corinne Blandin, 2012
  • Sanity Check Number twenty-three:W is for… Do you realise that anything you post in public may have a worldwide audience? Worldwide web Unless you secure them, your pages can be public places. Anything you post there might be read by others, whether friends or not. Strangers can sometimes post on your page as well, potentially saying anything they choose about you or your friends. There have been many cases of online bullying that exploit this loophole. One of the most serious involved a convicted Internet Troll named Sean Duffy. He posted offensive comments on the tribute pages of teenagers who had committed suicide. You can read about the Duffy case here. 23 Produced by The Risk Management Group 2012Copyright Mark Johnson & Corinne Blandin, 2012
  • X is for… Xtra careful The bottom line when it comes to using any social media site safely is personalSanity Check Number Twenty-four: awareness of the risks as well as the benefits.Do you keep your personal and businesssecurity in mind when using social media? We use several sites ourselves and we think the positive aspects of the technology are truly amazing. However, because we work in the risk arena, we also see numerous cases of security breaches, personal data loss, fraud and harassment via social media. Be aware, be extra careful and stay safe online. 24 Produced by The Risk Management Group 2012Copyright Mark Johnson & Corinne Blandin, 2012
  • Sanity Check Number twenty-five: Y is for… If you are responsible for children, are you managing and monitoring their social media and other online activities effectively? Youngsters Younger users often have a more advanced understanding of how to exploit the features of new technologies, but without necessarily being able to comprehend the risks. As parents or simply as adults, we all share a responsibility to inculcate safe practices and to set a good example, whether for our children, guardians, younger siblings or other relatives. Our A to Z of Safe Children Online provides specific advice for keeping children safe online. It can also be downloaded free of charge here. 25 Produced by The Risk Management Group 2012Copyright Mark Johnson & Corinne Blandin, 2012
  • Z is for… Zoning A simple but effective mechanism for operating safely online is to ‘zone’ yourSanity Check Number Twenty-six: activities. For example, you could use:Do you use different social media tools to • Facebook for social friendshipscreate separate types of social media Zone? • LinkedIn for business relationships • Twitter for general broadcasts to the world • Blogs for more considered opinion • A website for corporate statements • Email for official correspondence • Instant messaging for team use You should choose your own approach, but having clearly defined zones can really enhance your personal and professional security. 26 Produced by The Risk Management Group 2012Copyright Mark Johnson & Corinne Blandin, 2012
  • About the authors The writer, Mark Johnson, is a prominent thinker and speaker on emerging communications security, online and social media risks. He is the author of Demystifying Communications Risk, to be published by Gower Publishing in late 2012, as well as numerous industry training guides and papers. Mark is currently working on his second book which addresses the subjects of Cyber Security and Digital Intelligence. The illustrator, Corinne Blandin (www.corinneblandin.com), is a teacher, demonstrator and artist, born in France and now living in Cambridgeshire, England. She works extensively with children and has produced illustrations for teaching materials now in use by a leading private school in Cambridge. This is Corinne’s second set of illustrations in the A to Z series, her first being used in The A to Z Guide to Safe Children Online. Read, enjoy and stay safe online! Cambridge, 2012Copyright Mark Johnson & Corinne Blandin, 2012 Produced by The Risk Management Group 2012
  • About The Risk Management Group TRMG delivers consultancy, training and product design services in the area of high technology risks. Our main areas of focus are financial fraud risks, telecoms fraud control, cyber security, digital intelligence, revenue assurance, and the control of money laundering, cyber-laundering and terrorist financing online. TRMG Services • Risk assessments and business case reviews • Business process design & re-engineering • Software solution design, project management & acceptance testing TRMG Training Courses • Introduction to Cyber Security • Communications Fraud Control (Introductory through to Advanced) • Crime Investigations (Introductory through to Advanced) • Digital Intelligence and Internet Investigations (Introductory through to Advanced) • Telecom Revenue Assurance (Introductory through to Advanced) • Social Media Risk Awareness (Workshop) Contacting TRMG Email: info@trmg.biz Web: www.trmg.biz Blog: http://theriskmanagementgroup.blogspot.com/ Phone: +44 1223 257 723Copyright Mark Johnson & Corinne Blandin, 2012 Produced by The Risk Management Group 2012
  • About this work This work has been sponsored and published online by The Risk Management Group (TRMG) Compass House, Vision Park Chivers Way, Histon Cambridge CB24 9AD United Kingdom www.trmg.biz All rights reserved. This Guideline is provided free of charge subject to the condition that it may be reproduced and distributed freely and without restriction but that it may not be resold or used for any commercial purpose without the written agreement of the publishers. Disclaimer In creating this Guideline every effort has been made to offer the most current, correct, and clearly expressed information possible. Nevertheless, inadvertent errors in information may occur. In particular, the authors and the Publisher all disclaim any responsibility for any errors contained within the Guideline or in any related communications, web pages or other printed or online resources. The information and data included in the Guideline have been gathered from a variety of sources and are subject to change without notice. The authors make no warranties or representations whatsoever regarding the quality, content, completeness, suitability, adequacy, sequence, accuracy, or timeliness of such information and data.Copyright Mark Johnson & Corinne Blandin, 2012 Produced by The Risk Management Group 2012