Protect Your Company with This Social Media Security Advice

Social media is an excellent tool for small businesses, yet, the use of social media by small business staff can definitely put the company in danger. Many small business owners and managers don’t realize this.

Recently, I was talking to employees of a credit union about what to do in a robbery. Before this presentation, police officers had staged a robbery in the same credit union. The fake robbery was so real, some of the tellers were brought to tears, thinking they were really getting robbed.

After they were filled in on what was happening, everyone on the team discussed it. One of the most telling moments is when one of the tellers shared her story. During the mock robbery, one of the “robbers” handed a teller a note. It said this: “Your husband works at Pine Street Motors. We kidnapped him this morning. He is being held at another location. If you hit the alarm and notify police, he’s going to be killed.”

How did the bad guys know that her husband worked at Pine Street Motors? They simply looked online. They found the name of the bank, and then found out that the teller was listed as working at the bank on social media. Her social media account was connected to her husband’s, and his account said that he worked at Pine Street Motors.

Yes, it was that easy.

Here are some tips for social media that you might want to share with your staff:

Don’t Tell the Internet Where You Work

Tell employees that it’s not a good idea to share too many details about their work on social media pages. Though you can’t stop them from adding their employer on Facebook, you can tell them how this information can be used against them and the company. Make sure that they understand that this information could backfire and harm everyone involved.

Teach Your Staff How to Use Privacy Settings

You should also teach staff how to manage their social media privacy settings. Ideally, they should have maximum protection on every account. The default settings are lacking, and those put them at risk for hacking. You should also tell them that even the highest settings that social media sites have won’t keep everyone out. However, this level of protection is better than nothing.

Create a Workplace Policy for Social Media Use

Set up a policy in your workplace for social media use. Make sure this policy covers what employees associated with your company can say and what is totally prohibited.

Stop Banning the Use of Social Media in the Office

The moment you ban the use of social media at work, that’s the moment that someone will sneak around and do it anyway. This, of course, leads to dangerous things, as they can try getting around the firewall and other things that make your network vulnerable.

Train Your IT Team

Finally, make sure that your IT team is up to date on the latest ways to combat online-security issues. These teams must also know about the security risks that your business faces due to social media.

Additionally, the policy for employee social media use should be examined and updated quite regularly, and make sure to enforce it, too. Invest in anti-virus protection and make sure that all operating systems and browsers are always kept up to date when updates become available.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

14 Social Media Disasters Ready to Strike

There are many ways that you or a small business could get caught up in a social media disaster. Can you think of any off the top of your head? If you are like most of us, probably not. Here are 14 ways that you could be in danger:

social-media-privacy-security

  1. A Terrible Online Reputation – Do you keep a watchful eye on you or your business’ Facebook page? Are people posting to it? Are your staff? Even things that seem good-natured at first can be taken the wrong way by friends or potential customers.
  2. Racy Images or Text – If you or your employees are sharing racy text or images on social media, it could negatively affect your life or business. Though you definitely can’t control what they are posting, you can certainly educate them on the smart use of social media. Typically, these things happen because someone is ignorant about it, not feeling malicious. Even something as innocent as sharing a scantily clad photo of themselves while at work or play could give you or your company a bad name.
  3. Imposters – You might be surprised, but there could be someone out there posing as you or your business. So, make sure to patrol the internet to see if anyone is using your company’s logo or name. This even includes phony websites. Set up a Google Alert to notify you if your name or your business name appears online.
  4. Financial Identity Theft – It might seem harmless to post a photo of your employee’s puppy on your company website, but it could lead to financial identity theft. How? Well, if you post the photo, you surely would post the name of the cute little guy, and many people use their pet’s names as their passwords or answers to security questions. With that name, now identity thieves could have one more piece of the pie that they will use to hack into a financial account. Post pics of puppies all day long, just don’t use their names.
  5. Photo Geo Tracking – When you post photos, make sure that the GPS technology is off. This way, criminals can’t use it to find you or your employees addresses. Yes, GPS technology can save lives, but it can also ruin them.
  6. Robberies at Home – Make sure to educate your family or staff about the dangers associated with posting business or vacation travel information on social media. Burglars often use social media as a way to find a good house to break into. If they know Bob in accounting is out of the office and on vacation, they also know that he is likely not home, making his house a target.
  7. Corporate Snoops – It’s also possible that a spy could set up a page on Facebook, post as an employee of a well-known company or other branch, and then attract your real employees to a fake group. This way, he knows that they could give him sensitive information about your business, as they see him as trustworthy.
  8. Sex Offenders – Know who you are talking to online. Also, make sure to tell your staff to be careful when communicating with someone new. This person could be a sex offender, or worse.
  9. Attack of the Badmouth – At some point or another, you will get a disgruntled employee. Perhaps this person believes that they were unjustly terminated, or maybe they still even work for you. Employees who believe they have been “picked on” might try to get revenge by posting a bad review or blog about your company.
  10. Bullies – You might also find that one of your friends or employees is a bully. Are they posting bullying comments on your social media sites? If so, it could be bad for business.
  11. Government Spies – Even if it seems outlandish, many reports say that there are certainly law enforcement agents of the U.S. government that use social media to learn more about criminal suspects.
  12. Fake Sites – Someone could set up a fake site and pretend that they are from your business. When customers go to that site, they unknowingly give information about themselves, such as account numbers, email addresses, and phone numbers. Now, the bad guys have access to this information.
  13. Account Takeovers – You might remember when the show 60 Minutes, the Associated Press and others had their Twitter account hacked. The AP tweet that got out, claimed that then President Obama had been attacked at the White House. The stock market dropped significantly causing billions in losses as a result. If it can happen to the AP, it can certainly happen to you.
  14. Liability – Though you can use Facebook’s privacy settings to hide posts, that doesn’t mean that they can’t be used in some type of legal case. And studies show that Facebook is being used as evidence in 1 out of 5 divorce cases.

What is the takeaway here? It’s that there is no such thing as a fully private Facebook page just because you might have all of the privacy tools in use. A person with bad intentions, or your own ill conceived posts or a skilled hacker can still get in and ruin your good earned reputation.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Protect Your Company with This Social Media Security Advice

Social media is an excellent tool for small businesses, yet, the use of social media by small business staff can definitely put the company in danger. Many small business owners and managers don’t realize this.

Recently, I was talking to employees of a credit union about what to do in a robbery. Before this presentation, police officers had staged a robbery in the same credit union. The fake robbery was so real, some of the tellers were brought to tears, thinking they were really getting robbed.

After they were filled in on what was happening, everyone on the team discussed it. One of the most telling moments is when one of the tellers shared her story. During the mock robbery, one of the “robbers” handed a teller a note. It said this: “Your husband works at Pine Street Motors. We kidnapped him this morning. He is being held at another location. If you hit the alarm and notify police, he’s going to be killed.”

How did the bad guys know that her husband worked at Pine Street Motors? They simply looked online. They found the name of the bank, and then found out that the teller was listed as working at the bank on social media. Her social media account was connected to her husband’s, and his account said that he worked at Pine Street Motors.

Yes, it was that easy.

Here are some tips for social media that you might want to share with your staff:

Don’t Tell the Internet Where You Work

Tell employees that it’s not a good idea to share too many details about their work on social media pages. Though you can’t stop them from adding their employer on Facebook, you can tell them how this information can be used against them and the company. Make sure that they understand that this information could backfire and harm everyone involved.

Teach Your Staff How to Use Privacy Settings

You should also teach staff how to manage their social media privacy settings. Ideally, they should have maximum protection on every account. The default settings are lacking, and those put them at risk for hacking. You should also tell them that even the highest settings that social media sites have won’t keep everyone out. However, this level of protection is better than nothing.

Create a Workplace Policy for Social Media Use

Set up a policy in your workplace for social media use. Make sure this policy covers what employees associated with your company can say and what is totally prohibited.

Stop Banning the Use of Social Media in the Office

The moment you ban the use of social media at work, that’s the moment that someone will sneak around and do it anyway. This, of course, leads to dangerous things, as they can try getting around the firewall and other things that make your network vulnerable.

Train Your IT Team

 Finally, make sure that your IT team is up to date on the latest ways to combat online-security issues. These teams must also know about the security risks that your business faces due to social media.

Additionally, the policy for employee social media use should be examined and updated quite regularly, and make sure to enforce it, too. Invest in anti-virus protection and make sure that all operating systems and browsers are always kept up to date when updates become available.

How to Delete Yourself from Social Media

Have you been thinking that it’s time to make the drastic choice to remove yourself from social media? Most of us were quick to join the social media bandwagon, but these days, you might have worries about privacy. Though it’s possible to delete yourself from social media, the process isn’t easy, and it might not be totally foolproof.

Why Do You Want to Leave?

Before getting into how to delete yourself from social media, it’s important to ask yourself why you want to leave. Experts say totally deleting yourself might not be the best move. For instance, a potential employer, who will more than likely search for you on social media sites, especially LinkedIn, might wonder what you are trying to hide. There is also the fact that removing yourself from social media can make you look boring, unhip, or illegitimate.

Deleting Your Accounts

If you are sure that you want to delete your social media accounts, there are sites that you can use to find out how. These include:

Are Deleted Accounts Really Deleted?

Even if you have deleted your social media accounts, it’s important to make sure that you are fully deleting them or simply deactivating them. Some sites, even after you delete the accounts, will continue to retain the data you supplied.

Delete All Social Media, Not Just The Big Four

If you are serious about deleting your social media account, make sure that you are looking beyond the big four: Facebook, Twitter, LinkedIn, and Google Plus. Other sites have your data, too, including sites like Flickr, dating sites, blogs, support forums, Amazon, eBay, etc. There are also old social media sites you might not use anymore, like MySpace. Whether you have signed in lately or not, your old MySpace could be lurking out there.

What You Will Lose…and Gain…From Deleting Social Media Accounts

You will lose and gain when you delete your social media accounts. You stand to lose your marketing presence, for one, and you might not be able to go back. You also might lose touch with friends and family, or your sense of community. On the flip side, though, you will gain more time and probably have less anxiety.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Parents Beware of Finstagram

You have surely heard of Instagram, the photo sharing social network, but what about “Finstagram?” If you are like most parents, you have rules about the social media practices of your kids. However, once you learn about Finstagram, those might all go out the window.

When you combine the words “fake” and “Instagram,” you get Finstagram. Essentially, these are fake, or alternative, Instagram accounts that are created by teens, for the most part. These accounts can be used for harmless laughs, such as sharing embarrassing pictures with your close circle of friends, or for harmful deeds, such as hiding alcohol or drug use from parents. Finstagram accounts are also commonly used for bullying.

You can look at your child’s Instagram account and see the innocent angel that you believe you have raised. But, do they have a Finstagram account that shows a different side? It’s possible, and you might even be able to find it by using the Find Friends feature on the software. Of course, it’s possible that your child has linked their Finstagram to a new email address or even name.

On top of all of this, kids are using Finstagram accounts to do things that would never be acceptable on their “real” Instagram accounts. For instance, there have been instances where these fake accounts are used to post inappropriate or altered photos of their classmates in inappropriate situations. In some cases, things get so serious that the schools, themselves, have to contact Instagram to get the accounts shut down.

Even if you think that you have nothing to worry about with your own kids, it might be worth it to do a check on them. You can certainly ask your child if they have an account, and they might be forthcoming and tell you. Odds are, however, that they won’t. In fact, about 90% of Finstagram accounts are unknown, so it is the parent’s responsibility to look for the signs.

Parent should have all passcodes to access the device and its applications. Or the child can’t have a phone. Non-negotiable. Done deal.

Sit down with your child to talk about their usage of social media, and the repercussions of their actions on social media. You also might want to talk to other parents you know about Finstagram accounts. These accounts might be for innocent fun, but they could also ruin someone’s life.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Investigators Using Social Media to Find Missing Children

Gone are the days when social media is only used to share what you had for dinner or announcing to the world that you are headed to the gym. But social media has become a platform for any and everyone to say what’s on their mind, and sometimes that’s great, but all too often it isn’t. Social is significantly lacking in decorum. But at least some are using social for good.

These days, law enforcement is using social media to find missing children.

Washington, DC police are leading the way on this. In 2017, alone, the district is averaging about 190 missing kids a month. By using social media, information about the children is getting out quickly. Previous to this, the district was issuing press releases, but with social media, there are now thousands of people getting information about these children.

This new way of spreading the word is helping to find missing children, for example a Twitter user recently created a screenshot of several missing person’s flyers. She then shared the tweet with her followers, and it received over 108,000 retweets. It also, however, raised the red flag that these girls might be the victims of a human-trafficking scheme.

DC police admits that missing children are vulnerable to this type of exploitation, but are quick to point out that there is no evidence that these missing people were linked to any type of known human trafficking scheme.

Other groups, such as the Black and Missing Foundation, are also using social media to share leads, but still use traditional media, too. For instance, in 2012, a missing teen in New York was found in a matter of hours after her story appeared on the television show, The View.

Thanks to this new way of making the public aware of missing kids, DC police are seeing results. During the last two weeks of March, for instance, eight children were found after their stories were shared on social media.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Stop being a Social Media Idiot

Leave personal details off your Facebook page.

14DDoes the whole world—or even your private circle, many of whom you haven’t seen in person for years, or even at all—have to know you’re laid up from hernia surgery (i.e., vulnerable, defenseless)?

Try this experiment for a week: Assume that the only visitors to your Facebook are 1) future possible employers, 2) master gossip spreaders and reputation bashers, and 3) your future in-laws (if you’re not married). This should really change the game plan of how you post.

Never send naked photos of yourself.

Not even to your significant other. After all, in many cases of leaked nude images…the significant other is the leaker! If your lovey-dove wants to see you in your birthday suit, then present yourself that way in person—after you know for sure all the cameras in the room are turned off.

Enough with the selfies.

It’s gotten to a point where all selfies look alike: Some doofus holding up the phone and staring INTO the phone. Whatever happened to the nice images of yesteryear, where someone, posing nicely, was facing the viewer? Selfies are fine if you’re showing off your abs when the selfie next to it of 90 days ago shows the Pillsbury Dough Boy, but please, nobody is special enough to justify endless selfies, including those for which you corralled a bunch of people to take part in it.

Instagram is not for food images.

Don’t waste your time. Think “borrrrrring!” Who really wants to see your beet salad? If you want to promote your recipe skills, start a website.

“Like” only recent posts.

Nobody pays attention to likes on old posts.

Cross out cross-posting.

Post an item on your Snapchat story, then put it in a private message…NOT.

No ODRs, no oversnapping.

Avoid opening but not replying on Snapchat. Avoid double-snapping someone.

Say no to screengrabbing.

Read that again. Don’t grab a Snapchat unless you want the sender to know who did it.

For parents…

Be mindful of commenting on your teenagers’ pages. Be sincere if you must, like a congratulations for qualifying for the state wrestling finals.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Hacking the CEO with Social Media

If the super big wigs could get their social media accounts hacked, you can too. If you can believe it, the Twitter accounts of the following were recently hacked:14D

  • Google CEO Sundar Pichai
  • Yahoo CEO Marissa Mayer
  • Oculus CEO Brendan Iribe
  • Twitter co-founder Jack Dorsey

Shouldn’t these CEOs know how to prevent getting hacked? One little slip could let in the cybercriminals: reusing the same password.

Times have really changed. During the good ‘ol days, employees barely knew the CEO. Sometimes he was faceless, and at most, they received form letters from him…or her. Nowadays, company workers know the names of the CEO’s grandkids, new puppy, where they spent their last vacation, complete with photos.

CEOs want a human connection to their company’s worker bees and hence, many are very active on social media—so active, in fact, that they hardly think of security…like using old passwords for new accounts and/or using the same password for multiple accounts…and/or using an easily crackable password.

Other mistakes CEOs make:

  • Posting personal information—way too much, more than enough for hackers to use against them.
  • This includes names of kids and vacation destinations, details about hobbies, relatives and other personal data.
  • Inclusion of personal information on a professional social media profile.

That may all sound innocent and just a way for CEOs to humanize themselves, but the more personal information they share with the world, the easier it is for cybercriminals to bust in. Crooks can often easily obtain the CEO’s e-mail and send a message that appears innocent, but has a link or attachment that the recipient is lured into clicking.

Once clicked, the attachment or e-mail unleashes malware, giving the crook control of the CEO’s computer. So even if the CEO has a unique and very strong and long password for each social media account, all it takes is a moment of having their guard down and hastily clicking a malicious link or attachment to get infected.

The hacker may have many motives for breaking into an account, and this includes posing as the CEO and posting items on the social media account with the hopes of damaging the CEO’s reputation.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Case allows Employees to run amok on Social Media

Lesson learned: If you run a fast-food restaurant or any company for that matter, you’d better treat your employees right. After all, they have a legal right to tweet all they want about you.

14DA Chipotle Mexican Grill in Havertown, PA, had a ban in place: Employees are prohibited from using social media to spread “inaccurate information” or “disparaging, false or misleading statements.”

But the National Labor Relations Board recently deemed that this rule violates federal labor law, even though an employee, James Kennedy, had tweeted less-than-favorable information about working conditions and had also circulated a petition (that the franchise tried to ban).

Chipotle violated the NRLA, according to the administrative law judge, when it demanded that Kennedy cease tweeting and delete the other tweets.

Another violation on Chipotle’s part was the firing of Kennedy, who had refused to stop circulating a petition among coworkers after a manager ordered him to do so. Kennedy’s use of social media was a protected activity under the law, and so was his circulation of the petition. The establishment was ordered to reinstate Kennedy and pay him lost wages.

Just what exactly was Chipotle’s rule about circulating a petition? It barred employees from doing this even during non-working hours and within visual or hearing range of patrons.

Chipotle was ordered by the NLRB to reverse its rules pertaining to social media and solicitation of petitions. And believe it or not, Chipotle even had a policy in place that banned discussing politics on the job. This ban, too, was lifted, courtesy of NRLB’s order.

Chipotle corporate was also required to make sure that all of its employees in the U.S. would be made aware of these policy reversals.

As of August 19, neither Chipotle nor its legal team have responded to any requests to comment.

Frankly, as an employer, this ruling is scary. And knowing employees often blather on about anything and everything, this ruling may open a can of worms that can’t be put back in.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Set Privacy on these Social Media Apps

Just like older generations never thought that the dial phone in the kitchen could be dangerous (think phone scams), today’s kids don’t have a clue how hazardous smartphone apps can really be. They are a godsend to pedophiles, scammers and hackers. And let’s not forget other kids who just want to be cruel bullies.

14DParents should have informative discussions with their kids about the various apps out there. And it’s okay to forbid particular apps you aren’t comfortable with. Like Musicly, search “Musicly safe for kids” and see why. Apps aren’t as innocent as you think. They are potential gateways to some real creepsters out there—and that’s putting it mildly.

Applications have safety settings. Do you know what they are? How they work?

Instagram

  • A person with or without an Instagram account can view your images unless you have the security setting on for “Private Account” under “Options.”

Snapchat

  • Enable the self-destruct feature to destroy communications quickly after they are sent.
  • But don’t rely on this entirely, because it takes only seconds for the recipient to screenshot the text or sext into cyberspace.
  • Set the “Who Can Contact Me” setting to “My Friends” so that strangers posing as 13-year-olds don’t get through to your child.

Whisper

  • Don’t let the name fool you; Whisper is not anonymous, thanks to geotagging.
  • Go to your iPhone’s settings and change the location access to “Never.”

Kik

  • Kik is not anonymous, contrary to popular belief, because anyone can get ahold of a youth’s username on other social media, making it possible to then contact that person on Kik.
  • Under “Notifications” disable “Notify for New People.” This will put strangers’ messages in a separate list.
  • Don’t share usernames.

Askfm

  • This question-and-answer service attracts cyberbullies.
  • In the privacy settings, uncheck “Allow Anonymous Questions.”
  • The user should remain anonymous.

Omegle

  • This video-chatting service is a draw for pedophiles.
  • It should never be linked to a Facebook account.

Your worries are fully justified. Words, images, and video, are very powerful. Though the age of e-communications is here to stay, so are psychos. It’s their world too. Your kids, unfortunately, must share it with them, but that doesn’t mean they have to receive communications from them or be “friends” with them.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.