social media cyber security awareness briefing

Social Networking Cyber SecurityAwareness Briefing

Department of StateBureau of Diplomatic SecurityOffice of Computer Security

DS/SI/CS – Awarenesshttp://cs.ds.state.gov

v1.0

Overview

• What is Social Networking?• Social Networking Security Concerns• Social Networking Security In the News• How to Protect the Department• How to Protect Yourself• Questions?

Social Networking Cyber Security Awareness Briefing

•Social networking sites, sometimes referred to as “friend-of-a-friend” sites, allow you to connect to new people through people you already know. These sites let you post information about yourself and offer some type of communication mechanism (forum, chat rooms, email, instant messenger) that enables you to connect with other users.•Social networking sites include MySpace, Facebook, LinkedIn, and Twitter.

What is Social Networking?



Because social networking sites are

well known for storing vast amounts of

personal information and are easily

accessible, they also attract people who

harbor malicious intent.

What can they do?

The more personal the information you post on

a site, the more vulnerable you become to losing your identity, your money, or your personal privacy.

Any personal information gained from these sites can be used

to conduct social engineering attacks

(e.g. phishing). Using information published

by you about your location, hobbies,

interests, family, and friends, a stranger could impersonate a trusted

friend or legitimate business in order to

trick you into providing access to other

personal or financial data.

Security Concerns


Predators also access these sites. The more personal information they can learn about you at the site, the

easier it is for them to pretend they share

common interests in order to form

relationships and possibly convince

unsuspecting individuals to meet in person, which could lead to a dangerous

situation. The TV show “NBC Dateline – To Catch A Predator” shows numerous examples of this.

Popular social networking sites are

also targets for hackers and a prime

venue for distributing

malicious code. Sites that offer

applications developed by third

parties are particularly susceptible.

Security Concerns cont’d


Social Networking Security in the News

February 2009 •Thousands of Sex Offenders who had been kicked off MySpace were found on Facebook .

March 2009 •Malicious code was spread via popular social networking sites, including myspace.com, facebook.com, hi5.com, friendster.com, myyearbook.com, bebo.com, and livejournal.com. Reports indicate that the malware, named Koobface, was spreading through the use of each victim’s contact list. The malware automatically sent fraudulent invitations from the victim’s address to his contacts. The message included a link to view a video. If the users click on the link, they are prompted to update Adobe Flash Player. This update is not a legitimate Adobe Flash Player update; it is malicious code.


Social Networking Security in the News cont’d

March 2009 •Multiple bogus Facebook applications were used by hackers to obtain users' private information. By downloading the application, users were giving hackers access to their profile and personal information, and also unwittingly forwarding fake messages to their friends, which encouraged them to download the programs.

May 2009 •Facebook was used by scam artists to contact relatives of deployed U.S. military personnel. Posing as soldiers, the impostors advised the grandparents that they were returning home on leave from Iraq and asked that this be kept secret so they could surprise their parents. They then asked the grandparents to wire significant amounts of money to cover the cost of car repairs.


Protecting the Department

Do not post Department sensitive information on these sites. See 12 FAM 540, Sensitive but Unclassified (SBU), and 5 FAM 770, Federal Websites, for additional information.

Do not use your Department email address.


Protecting the Department cont’d

Use caution. Don’t automatically download, open or respond to content published on a social networking site or sent to you. It may contain malicious code. Verify the sender if possible.

If using a Department computer to access these sites, you must ensure that no executable software is downloaded.

As a rule, if you wouldn’t say it or show it to your grandmother or your boss, don’t post it online.

THINK before you post!

Protecting Yourself


Use anti-virus, anti-spam and firewall software. Keep them patched and updated. The Department provides this anti-virus software to all employees for their personal home use.

For more information contact the Virus Incident Response Team by phone on 202-203-5172 or by email [email protected].

Always keep your operating system and browser software updated and patched.

Secure your personally owned computer. It is

your first line of defense

Protecting Yourself, con’t


https://intranet.ds.state.sbu/DS/SI/CS/Awareness1

















































Prior to enabling web site applications, check to see what information these applications will be able to access.

When deciding to install third party applications on a personally owned computer, remember that you could be downloading malicious code to your computer.

Don’t automatically download, open or respond to content published on a site or sent to you. It may contain malicious code. Verify the sender if possible.

When on a Department computer, do not download software applications or other executable files.

Use caution when navigating social networking sites.



Make sure your screen name does not say too much about you. It could be combined with other information you post and used against you.

Keep in mind that even if you select controls to limit who has access to your site information, there is still a risk that this “private” information could be exposed to others.

Be wary of strangers. The internet makes it easy for people to fake their identities. Consider limiting the people you allow to contact you, as the more “friends” you have means more people have access to your information.

Exercise ownership of your web page!



Type your name into a web search engine, (e.g. Google, Yahoo) and see what information about you is available.

Learn what information is available about you, and then adjust your profile, settings and habits appropriately. This should be done often to ensure that only the information you intend to make public is available.

Customize privacy settings to restrict access to only certain people.

Be aware of the message you are

sending



Try to use sites that encrypt your interactive sessions. These sites will have “https:” in the link.

Check the privacy policies on these sites. Some sites share information such as email addresses or user preferences with other companies. This could lead to an increase in spam emails.

Try not to access your online profiles from public computers.

Check the security of the sites you visit



People You Should Know

Your ISSO • Report all known or

suspected cyber security incidents to your ISSO.

• Your manager or system admin staff can tell you who this person is.

Computer Security Policy and Awareness

• Will answer questions on Department’s Cyber Security Policies.

• Email: [email protected] or ASKCS – Computer Security Questions in the GAL.

Office of Computer Security

(DS/SI/CS)• Provides computer security

support and services for protecting Department information and systems assets.

• Website: http://cs.ds.state.gov/index.cfm


QUESTIONS ?


social media cyber security awareness briefing

Education