October was National Cybersecurity Awareness Month and, since I am in IT Security, it was a busy month for me. Besides having to deal with the day-to-day operational activities and the on-going project work, I had to come up with Cybersecurity stuff for the month. “Stuff” is my technical term for all of it: mass emails to my company on topics such as physical security and social engineering (do you know what vishing is?); presentations that I had to approve for others; and my presentation to the corporate office.
The presentation that I gave was on Social Media. It included a brief history of the Internet as it relates to Social Media, the good parts, the bad parts, some helpful tips, and information about my company’s policy on the topic. Fortunately, I had help for the last part from my Corporate Communications department – it is great to collaborate with others on presentations.
I cannot share my presentation as it is internal (and has my company’s name all over the place). However, the tips were my own and really designed for anyone.
- Double-check your privacy and security settings. While Social Media sites will (usually) not change your settings, they can change the settings themselves (even add or remove settings). Take a quick look every so often to make sure you are sharing what you want to share.
- Check you public profile. “Google” yourself. Log out and search for yourself. See what others that you do not know can see about you. If someone is trying to scam you, this can be a great way to find our details about you.
- Do not accept all “friend” requests. I am on LinkedIn and get a lot of friend requests. If I do not know the person, I do not accept. You have no control on what your friends do so there is no need to be friends with someone you do not know.
- Limit your personal information. Seems obvious but it goes back to your public profile and scammers.
- Do not post anything that you would not share with others. Barring the social interaction issue, if you are unwilling to stand up in a crowd of strangers and tell them something about yourself, why post it online?
- Be careful with add-ons. Ever play a game on Facebook? That can have a different end user licensing agreement and you could be accepting something that you should not.
- Review the Terms of Service at least annually. These can change without your knowledge and Social Media companies do not have to tell you. If you do not have that much time, start at the bottom as that is where the juicy stuff tends to exist.
So these tips are not earth shattering but they are good to remember. Even IT Security people can forget simple rules from time to time. Good things to remember as you surf the online social world.
(BTW, vishing is voice phishing – a topic that I may take up in a future post)