1 1 Social Networking Security How to Manage the Information Security Risks of Facebook, Linked In and Other Web Marketing Tools by Scott Wright The Streetwise Security Coach June 19, 2009 Ottawa Carleton Research and Innovation n’t Leave the Keys to the Kingdom Under the Door Ma
20
Embed
Social Networking Security For OCRI - Scott Wright - Condensed July 9, 2009
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
11
Social Networking Security
How to Manage the Information Security Risks ofFacebook, Linked In and Other Web Marketing Tools
by
Scott WrightThe Streetwise Security Coach
June 19, 2009Ottawa Carleton Research and Innovation
“Don’t Leave the Keys to the Kingdom Under the Door Mat”
22
What Kind Of Day Would It Be For You?
33
Social Networking Security Agenda
When you let another entity control your data
Important Risks and Tips for users
Insider Risks to Organizations
A New Approach to Security Awareness
Summary
Questions and Answers
44
When You Are Not In Control Of Your Data
Prevention of risks is not always possible
Reaction is the other alternativePlanned reactions are best!
Risk #1 - Bogus ProfilesOver 40% of new Facebook profiles are fake
To initiate ID Theft and Phishing attacksAccepting invitations allows more access to info
Tip 1: #Strangers – Don’t accept invitations from strangers
Hard to prevent in Twitter unless you block followers (not considered sociable)
Don’t feel obligated to reciprocate with strangers
66
Risk #2 - Too Much InfoThe SN value proposition is information sharing
“Linked In” - defaults for outsider access is not bad“Facebook” - defaults very openTwitter - no expectation of privacy anyway
Try this: go to your Facebook account and search for:<any company name in your city or area> and
“Software” or “Technology”From the list of results click until you find one that has
all their profile information visible... there are usually many!
Can lead to guessed passwords or recovery questions
77
Sarah’s Hacker: Just a heartbeat away…
“…it took seriously 45 mins on wikipedia and google to find the info, Birthday? 15 seconds on wikipedia, zip code? well she had always been from wasilla, and it only has 2 zip codes (thanks online postal service!) the second was somewhat harder, the question was “where did you meet your spouse?”
88
Security Tip #2 - #Settings and #Sensitivity
#Settings – Check your profile’s privacy settings
Facebook – “Friends Only” in “Settings”Free guide to privacy settings
Linked In – check the defaults (Account & Settings)#Sensitivity – Remember, Mom may be
Which site is likely to be least dangerous?1. http://contest.microsoft.com.cn/windows7.html2. http://tinyurl.com/windowscontest3. http://www.2months-interestfree.com
They can ALL be dangerous!
Malware spreads 10 times faster on Social Networks!