20160317 arma wyoming social media security threats
TRANSCRIPT
Copyright © AIIM | All rights reserved.
#AIIMThe Global Community of Information Professionals
Social Media Security Threats
Jesse Wilkins, CIP, IGP, CRMDirector, Professional Development
AIIMMarch 17, 2016
Copyright © AIIM | All rights reserved.2
Jesse Wilkins, CIP, IGP, CRM Director, Research & Development, AIIM Twenty years experience as a vendor, consultant, end
user, trainer Lead architect for Certified Information Professional
(CIP) certification Frequent author and speaker on
IM-related topics Developer, AIIM Social Media Governance
Training Course
Copyright © AIIM | All rights reserved.3
Agenda
Introduction to Social Media & Security Social Media & Identity Theft Social Media & Hacking Social Media & Privacy
Copyright © AIIM | All rights reserved.4
Agenda
Introduction to Social Media & Security
Social Media & Identity Theft
Social Media & Hacking
Social Media & Privacy
Copyright © AIIM | All rights reserved.5
Social Is Everywhere
1,350+ years worth of time spent every day on Facebook.
1.7B Facebook users. 65% log in on any day - and post 4.5B likes/day. 300M photos uploaded per day. And… Twitter and LinkedIn and Pinterest and Google+
and Tumblr and Flickr and Instagram and Myspace(!) and Livejournal and Orkut and Yammer and WhatsApp and blogs and millions of private social networks and enterprise social networks and all of the
Copyright © AIIM | All rights reserved.6
Social Media Is Social
Making connections Reestablishing lost connections Making new ones
Sharing information Sharing thoughts & moments Searching for interesting stuff
All of which can be scary from a security perspective!
Copyright © AIIM | All rights reserved.7
Who Owns The Content?
Copyright © AIIM | All rights reserved.8
What Laws & Jurisdictions Apply?
Copyright © AIIM | All rights reserved.9
Who Owns The Accounts?
Copyright © AIIM | All rights reserved.10
Social Media Security Threats
Identity theft Impersonation Hacking Privacy disclosures Disclosure of other sensitive information Reputational damage
Copyright © AIIM | All rights reserved.11
Neither is denial.
Prohibition is not realistic.
Copyright © AIIM | All rights reserved.12
Agenda
Social Media & Identity Theft
Introduction to Social Media & Security
Social Media & Hacking
Social Media & Privacy
Copyright © AIIM | All rights reserved.13
Impersonation
Fake account pretending to be a celebrity, politician, etc. You connect, they have access to your stuff Their links could be to malware or spoof sites
Copyright © AIIM | All rights reserved.14
Impersonation
Fake account pretending to be YOU Your friends (re)connect to “you”, bad guys have
access to their stuff “You” send out bad links “You” send out requests for money etc.
Big issue on social networks you DON’T use
Copyright © AIIM | All rights reserved.15
Social Media Identity Theft
How much have you shared? Significant dates High school, college Kids’ names Parents’ names Pets’ names Favorite books & hobbies
On the internet nobody knows you’re a dog… Or an imposter!
Copyright © AIIM | All rights reserved.16
Agenda
Social Media & Hacking
Social Media & Identity Theft
Introduction to Social Media & Security
Social Media & Privacy
Copyright © AIIM | All rights reserved.17
Hacking Via Social Engineering
Bad links: https://www.facebook.com/login/identify http://bit.ly/50m47h1ng84d
Spoofed emails with bad links Spoofed site – you enter your credentials Site may be able to install malware
Adware Keystroke loggers Other stuff
Copyright © AIIM | All rights reserved.18
Hacking Via Social Engineering
Special addons “Who viewed my FB posts?” “Change your FB profile & colors!” Could simply lead to bad link Could have you install a bad app Game apps a big vector here – “cheat apps”
Copyright © AIIM | All rights reserved.19
Hacking Via Bad App example
Source: https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the_risks_of_social_networking.pdf
Copyright © AIIM | All rights reserved.20
Another Bad App Example - Walkthrough
http://www.fightidentitytheft.com/blog/facebook-quizzes-sharing-your-private-data
Copyright © AIIM | All rights reserved.21
Another Bad App Example - Walkthrough
http://www.fightidentitytheft.com/blog/facebook-quizzes-sharing-your-private-data
Copyright © AIIM | All rights reserved.22
Another Bad App Example - Walkthrough
http://www.fightidentitytheft.com/blog/facebook-quizzes-sharing-your-private-data
Copyright © AIIM | All rights reserved.23
Hacking Via Social Engineering
How much did you share? Those questions are often:
Basis for passwords Security questions
All those QUIZZES!
Copyright © AIIM | All rights reserved.24
Hacking Via Shared Passwords
Across your accounts With others – even significant others
Copyright © AIIM | All rights reserved.25
Agenda
Social Media & Privacy
Social Media & Identity Theft
Introduction to Social Media & Security
Social Media & Hacking
Copyright © AIIM | All rights reserved.26
What Are You Posting?
Your favorite stuff Where you are
And where you aren’t http://www.pleaserobme.com
What you’re doing Home sick…posting pics from the big game? Gaming?
Copyright © AIIM | All rights reserved.27
What Are You Posting?
“I hate my boss, I hate my customers, I hate my job!”
-- Lots of people
Copyright © AIIM | All rights reserved.28
What Are You Posting?
“Just figured out how to get around IT’s stupid limits on email!
-- Lots of politicians(and lots of employees)
Copyright © AIIM | All rights reserved.29
What Are You Posting?
“That feeling when you drank so much the night before but you have no hangover because you’re still drunk!”
-- Hopefully NOT your boss, your pilot, your surgeon…
Copyright © AIIM | All rights reserved.30
What Are You Posting?
And the usual suspects: Personal/personnel information Proprietary information Sensitive or confidential
information Customer information Internal strategies &
deliberations Negotiations Pictures including faces
Copyright © AIIM | All rights reserved.31
What Are Other People Posting?
Other people can: Upload pictures of you and tag you (Facebook will try to auto-tag you using facial
recognition) Check in with you at a location Check you into a location Share stuff to your timeline
Copyright © AIIM | All rights reserved.32
Other Peoples’ Posts
Copyright © AIIM | All rights reserved.33
Other Peoples’ Posts
Copyright © AIIM | All rights reserved.34
Other Peoples’ Posts
Copyright © AIIM | All rights reserved.35
Conclusion
It’s a scary social media world out there! But you can protect yourself…
Copyright © AIIM | All rights reserved.36
Questions?
Copyright © AIIM | All rights reserved.37
Additional Resources Social Media Policy Database
http://socialmediagovernance.com/policies/ SHRM Social Media Policy Template
http://www.shrm.org/templatestools/samples/policies/pages/socialmediapolicy.aspx
NARA Best Practices for Capture of Social Media Records http://www.archives.gov/records-mgmt/resources/socialmediacaptu
re.pdf
AIIM Social Business Assessment http://info.aiim.org/how-to-conduct-a-social-business-assessment
AIIM Social Business Roadmap http://www.aiim.org/Social-Business-Roadmap
Copyright © AIIM | All rights reserved.38
For More Information
Jesse Wilkins, CIP, CRM, IGPDirector, Professional DevelopmentAIIM International +1 (720) 232-9638 direct
http://www.twitter.com/jessewilkins
http://www.linkedin.com/in/jessewilkins