The document discusses the implications of social technology in various domains such as marketing, human resources, and personal privacy, emphasizing the challenges and risks associated with online presence and identity theft. It outlines the importance of having a social media policy in companies, the need for strategic planning in social media marketing, and the potential dangers of personal information exposure through various means such as data breaches and malware. Furthermore, it highlights the significant issues related to trust and control over personal information, urging individuals and organizations to be proactive in managing their digital footprints.

2. Donald E. Hester
CISSP, CISA, CAP, MCT, MCITP, MCTS, MCSE Security, Security+, CTT+
Director, Maze & Associates
University of San Francisco / San Diego City College
www.LearnSecurity.org | www.linkedin.com/in/donaldehester | www.facebook.com/LearnSec | www.twitter.com/sobca
DonaldH@MazeAssociates.com

3. Rev2/28/2011 © 2011 Maze & Associates 3

4. Pervasive By Nature
Social Tech
Private
Life
Work
Family
School
Rev2/28/2011 © 2011 Maze & Associates 4

5. Social Tech Issues
Rev2/28/2011 © 2011 Maze & Associates 5
M
• Marketing
• Brand Protection
• Customer
Relations
HR
• Hiring
• Personnel
Management
P
• Privacy
• Identity
• Home/Work

6. MARKETING & BRANDING USES
Rev2/28/2011 © 2011 Maze & Associates 6

7. Brand Protection - Concerns
• Fear of losing control
• Fear of losing customers
• Fear of losing money
• Fear of customers speaking up
• Avoiding social media
– Fear of the unknown
– Thinking it is a fade
• Not understanding social media
• How will you measure impact
Rev2/28/2011 © 2011 Maze & Associates 7

8. Brand Issues
Rev2/28/2011 © 2011 Maze & Associates 8

9. Monitor Social Media for your Brand
Rev2/28/2011 © 2011 Maze & Associates 9

10. Social Shopping
Rev2/28/2011 © 2011 Maze & Associates 10

11. How to get started
• Social Technology
– The train has left the building, are you on it?
• Get informed
• Get help (technical and soft skills)
• Develop a social media marketing
strategic plan
• Create short term goals
• Execute and Adapt
Rev2/28/2011 © 2011 Maze & Associates 11

12. Marketing
• Manger's Guide to Social Media
– by Scott Klososky
• The FaceBook Era
– by Clara Shih
• Facebook Marketing: An Hour a Day
– by Chris Treadaway and Mari Smith
• New Rules of Marketing and PR
– by David Meerman Scott
• The Zen of Social Media Marketing: An Easier Way to
Build Credibility, Generate Buzz, and Increase
Revenue
– by Shama Kabani and Chris Brogan
Rev2/28/2011 © 2011 Maze & Associates 12

13. Establish Brand in Social Media
Rev2/28/2011 © 2011 Maze & Associates 13

14. Market Saturation
Rev2/28/2011 © 2011 Maze & Associates 14

15. Integration
Your
Website
Facebook
Twitter
LinkedIn
Other
Rev2/28/2011 © 2011 Maze & Associates 15

16. Deceptive Marketing
Rev2/28/2011 © 2011 Maze & Associates 16

17. Endorsements
• If you are being paid to endorse a product, you
must make that clear to consumers.
Rev2/28/2011 © 2011 Maze & Associates 17
http://www.ftc.gov/opa/2009/10/endortest.shtm

18. HUMAN RESOURCES USES
Rev2/28/2011 © 2011 Maze & Associates 18

19. Social Media Uses in HR
• The use of social media outside of
personal lives has increased and
continues to increase
• Concern that potential employers will
misconstrue what is seen
• Used for monitoring current employees
• Used for screening job applicants
– Employees see it as a good way to “get to
know” the applicant
Rev2/28/2011 © 2011 Maze & Associates 19

20. http://www.ajc.com/news/barrow-teacher-fired-over-733625.html
Rev2/28/2011 © 2011 Maze & Associates 20

21. http://www.dailyfinance.com/story/media/facebook-spying-costs-canadian-woman-her-health-benefits/19250917/
Rev2/28/2011 © 2011 Maze & Associates 21

22. Rev2/28/2011 © 2011 Maze & Associates 22
http://smallbiztrends.com/2009/09/social-media-background-checks.html

23. Horns of a dilemma
• If employers use social media to do
background checks on employees
– The company is open to discrimination
charges
– The candidates is vulnerable to
discrimination
Rev2/28/2011 © 2011 Maze & Associates 23

24. Horns of a dilemma
• If employers don’t use social media to do
background checks on employees
– The company is open to negligent hires
– Good candidates are missed
– Bad candidates are hired
Rev2/28/2011 © 2011 Maze & Associates 24

25. Use of Social Media at Work
• Does your company have a social media
policy?
• How much time do employees use social
media?
• Does it effect employee productivity?
• How much cross over between work /
home life?
Rev2/28/2011 © 2011 Maze & Associates 25

26. PERSONAL USES
Rev2/28/2011 © 2011 Maze & Associates 26

27. Computer Security: Malware
Rev2/28/2011 © 2011 Maze & Associates 27

28. Online Privacy
• Do you have control of what is posted?
• Not all fame is good!
• People use anonymity to post stuff
about others!
• Embarrassing, loss of credibility
Rev2/28/2011 © 2011 Maze & Associates 28

29. Information about you online
• Do I have control of
what is posted about
me?
• Look yourself up!
• All but one of these
is about me.
• One of these I was
completely unaware
of.
• Even if you are not
on the web, you may
be on the web!
• Do what you can to
control what is out
there.
• What is you social
relevancy
(Reputation)?
Rev2/28/2011 © 2011 Maze & Associates 29

30. Sony Play Station Network Breach
Rev2/28/2011 © 2011 Maze & Associates 30

31. SOCIAL MEDIA & POLITICS
Rev2/28/2011 © 2011 Maze & Associates 31

32. Elections
Rev2/28/2011 © 2011 Maze & Associates 32

33. Social Media and Politics
Rev2/28/2011 © 2011 Maze & Associates 33

34. IDENTITY THEFT
Rev2/28/2011 © 2011 Maze & Associates 34

35. Social Media (Web 2.0)
 Services are extremely popular and useful
 Almost a must today, (if you are not in, you are
out)
 People post too much information about
themselves or their kids
 Be aware of your aggregate information
 The key is to be aware of what you are sharing
Rev2/28/2011 © 2011 Maze & Associates 35

36. Online Privacy
• Would you invite
a stranger into
your house to
look at your
children's photo
album?
• Public v. Private
• Aggregate
information
sources could
give someone
more information
than intended.
Rev2/28/2011 © 2011 Maze & Associates 36

37. Situation
• Why does someone want your
personal information?
– In an information age information
becomes a commodity
– Information has a value
– Some information has a greater
value
– Your personal information is
potentially worth more than you
think
Rev2/28/2011 © 2011 Maze & Associates 37

38. What is PII
• Personally Identifiable Information
– Name and account number
– Name and social security number
– Name and address
– Credit Card Number
• Where you might find it
– Tax files
– Account Statements
– Records (Medical, Public and other)
– Businesses you do business with
Rev2/28/2011 © 2011 Maze & Associates 38

39. ID Theft vs. ID Fraud
• “Identity fraud," consists mainly of
someone making unauthorized charges
to your credit card.
• “Identity theft,” is when someone
gathers your personal information and
assumes your identity as their own.
"Identify theft is one of the fastest
growing crimes in the US."
John Ashcroft
79th US Attorney General
Rev2/28/2011 © 2011 Maze & Associates 39

40. • March 20th 2001, MSNBC reported the first
identity theft case to gain widespread public
attention
• Thief assumed the identities of Oprah Winfrey
and Martha Stewart, took out new credit cards in
their names, and accessed their bank accounts
• Stole more than $7 million from 200 of the
world’s super rich - Warren Buffet and George
Soros, tech tycoons Paul Allen and Larry Ellison
• Used a library computer, public records, a cell
phone, a fax machine, a PO Box, and a copy of
Forbes Richest People
• 32-year-old Abraham Abdallah was described as
“a high school dropout, a New York City busboy, a
pudgy, disheveled, career petty criminal.”
The Busboy That Started It All
Rev2/28/2011 © 2011 Maze & Associates 40

41. ID Theft & Fraud
• PII exposed by others (Data Breaches)
• PII exposed by ourselves (online & others)
• Malware (Spyware, Viruses, etc…)
• Social Engineering
– Phone
– Internet (Phishing, social websites etc…)
– In Person (at your door, in a restaurant etc…)
• Physical theft
– Mail box
– Trash (Dumpster diving)
– ATMs (skimming)
– Home break-ins
Rev2/28/2011 © 2011 Maze & Associates 41

42. What do they do with stolen IDs?
Rev2/28/2011 © 2011 Maze & Associates 42

43. Drug Trafficking and ID Theft
Meth users see mail theft and check washing as a low risk
way to pay for their habit.
The same chemicals used in Meth production are used in
check washing.
Meth users, dealers and fraudsters are partners in crime.
Rev2/28/2011 © 2011 Maze & Associates 43

44. FTC 2009 Stats
• Top counties with ID theft
– Solano County 18 out of 375
• Average per victim loss
– $10,000
• Total complaints filed in 2009
– 1.3 Million
Rev2/28/2011 © 2011 Maze & Associates 44
FTC http://www.ftc.gov/opa/2010/02/2009fraud.shtm

45. HOW MIGHT YOU EXPOSE YOUR
PII
Rev2/28/2011 © 2011 Maze & Associates 45

46. Watch what you put online
Rev2/28/2011 © 2011 Maze & Associates 46
http://www.youtube.com/watch?v=Soq3jzttwiA

47. Can someone use what you post
against you?
Rev2/28/2011 © 2011 Maze & Associates 47

48. P2P (Peer to Peer file sharing)
• Napster used to fit in this category
• Used to ‘share’ computer files
• Legal issues with copyright
• Malware issues, often the P2P software
will install adware or tracking software.
• Privacy issues, do you know what you
are sharing?
Rev2/28/2011 © 2011 Maze & Associates 48

49. HOW BAD GUYS MIGHT GET
YOUR PII
Rev2/28/2011 © 2011 Maze & Associates 49

50. Malware
• Malware (Viruses, Worms, Spyware,
etc…)
– 1999 Melissa, Kevin Mitnick,
– 2000 Mafiaboy, DoS Assault,
– 2001 Code Red, Nimda,
– 2002 Root Rot, Slapper,
– 2003 SQL Slammer,
– 2004 MyDoom, BerBew,
– 2005 Samy (MySpace),
– 2007 Storm Worm, Botnets, etc..
Malware has cost
trillions of dollars in
the last decade
Rev2/28/2011 © 2011 Maze & Associates 50

51. Viruses
• In the past they were primarily
destructive
• Today they focus on stealing information
• Using your computer as a Bot (Zombie)
to send out SPAM
Rev2/28/2011 © 2011 Maze & Associates 51

52. Phishing: Internet Fraud
• Oldest trick in the book,
there are examples in the
1500s
• One particular fraud is called
the “Nigerian 419” scam or
“Advanced Fee Fraud”
• Started as a letter, then it
showed up in faxes and now
it is sent by email.
• Many variations on the story
the message contains
http://www.secretservice.gov/fraud_email_advisory.shtml
Rev2/28/2011 © 2011 Maze & Associates 52

53. Rev2/28/2011 © 2011 Maze & Associates 53

54. Phishing Example
Rev2/28/2011 © 2011 Maze & Associates 54

55. Spyware
Rev2/28/2011 © 2011 Maze & Associates 55

56. Cell Phone Spyware
Rev2/28/2011 © 2011 Maze & Associates 56
http://www.youtube.com/watch?v=uCyKcoDaofg
http://news.rutgers.edu/medrel/news-releases/2010/02/rutgers-researchers-20100222
http://www.youtube.com/watch?v=UZgf32wVTd4

57. Physical theft
• Dumpster diving
• ATM – Credit Card skimming
• Mailbox
• Home Break-in
Rev2/28/2011 © 2011 Maze & Associates 57

58. Close to Home
Rev2/28/2011 © 2011 Maze & Associates 58

59. “Lock Bumping”
http://cbs11tv.com/seenon/Bump.Key.Safety.2.499252.html
Rev2/28/2011 © 2011 Maze & Associates 59

60. ATM Skimming
Rev2/28/2011 © 2011 Maze & Associates 60
http://www.youtube.com/watch?v=m3qK46L2b_c

61. Credit Card Skimming
Rev2/28/2011 © 2011 Maze & Associates 61

62. Credit Card Skimming Stats
TOP MERCHANT GROUPS
RESTAURANTS
GAS
HOTELS
CAR RENTALS
ALL OTHER
SOURCE: CALIFORNIA RESTAURANT ASSOCIATION, VISA USA, UNITED STATES SECRET
SERVICERev2/28/2011 © 2011 Maze & Associates 62

63. Credit Card Skimming Stats
BY MERCHANT LOCATIONS
CALIFORNIA
FLORIDA
NEW YORK
NEW JERSEY
TEXAS
MEXICO
ILLINOIS
ALL OTHER
SOURCE: CALIFORNIA RESTAURANT ASSOCIATION, VISA USA, UNITED STATES SECRET
SERVICERev2/28/2011 © 2011 Maze & Associates 63

64. HOW OTHERS MIGHT EXPOSE
YOUR PII
Rev2/28/2011 © 2011 Maze & Associates 64

65. How others might expose your PII
• Data Breach
– Lack of security on the part of businesses
– Organization may post information online
– Loss of a laptop, hard drive or paper work
– Data loss by a third party
– Hacker (Organized Crime & Nation State)
– Organizations may break into your
computer
Rev2/28/2011 © 2011 Maze & Associates 65

66. Sony PlayStaion Network Breach
Rev2/28/2011 © 2011 Maze & Associates 66

67. Public Records
Rev2/28/2011 © 2011 Maze & Associates 67
“The federal government is the
biggest offender.”
Paul Stephens
Privacy Rights Clearinghouse

68. Others losing your ID
4.2 million customer card transactions were compromised by hackers
Rev2/28/2011 © 2011 Maze & Associates 68

69. Unknown Exposure
Rev2/28/2011 © 2011 Maze & Associates 69

70. Top 10 Largest Breaches*
Records Date Organizations
130,000,000 2009-01-20 Heartland Payment Systems
94,000,000 2007-01-17 TJX Companies Inc.
90,000,000 1984-06-01 TRW, Sears Roebuck
76,000,000 2009-10-05 National Archives and Records Administration
40,000,000 2005-06-19 CardSystems, Visa, MasterCard, American Express
30,000,000 2004-06-24 America Online
26,500,000 2006-05-22 U.S. Department of Veterans Affairs
25,000,000 2007-11-20 HM Revenue and Customs, TNT
17,000,000 2008-10-06 T-Mobile, Deutsche Telekom
16,000,000 1986-11-01 Canada Revenue Agency
Rev2/28/2011 © 2011 Maze & Associates 70
*Top ten data breaches as of 22 Feb 2010. Data provided by DataLoss db.
725,797,885 breached records out of 2466 reported incidents.

71. Repeat Offenders*
Company Number of
Reported Breaches
LPL Financial 12
Nationwide 11
Equifax 11
Experian 11
Blue Cross 10
B of A 9
Cornell University 9
University of Iowa 9
HSBC 8
Pfizer 8
Rev2/28/2011 © 2011 Maze & Associates 71
*As of 22 Feb 2010. Data provided by DataLoss db.
725,797,885 breached records out of 2466 reported incidents.

72. Sony Root kit
• Sony, in its efforts to preserve control
over its product, installed root kits on
consumers computers
• Consumers were not aware it was
installed (on copy-protected CDs)
• Gave Sony and potentially hackers the
ability to remotely control your computer
• Removal of software disabled CD drives
on consumers computers
http://www.cnet.com/4520-6033_1-6376177-1.html?tag=nl.e501
Rev2/28/2011 © 2011 Maze & Associates 72