Posts

8 Ways to bullet proof your Social Accounts

There are ways to keep the hackers at bay—for the most part, anyways, since no protection is 100 percent efficient.

14D#1 Password protect.

A device lost or stolen puts all your accounts at risk. Even simply placing your devices on your desk, they can be accessed by a nosy spouse, contractor or baby sitter, putting your accounts at risk. All of your devices should be protected by a password or some kind of passcode, and set to lock up or hibernate after a certain period of inactivity. The lock can be a fingerprint or even a picture password.

Even if you’re the only person who uses your device, having a password is very important because you never know when someone may be able to abscond with your device, then pose as you in your Facebook account.

#2 Log out.

Setting your device to automatically get you onto a social media site eliminates the hassle of having to enter your username and password every time you want to visit the site. However, if the wrong person gets ahold of your computer, mobile or tablet, that person can easily get into your social media accounts. Log out.

#3 Remove apps you don’t use.

If your accounts like Facebook and Twitter are linked to a bunch of third-party apps and services that have accumulated over time, sift through these and knock out the ones you don’t use.

Each third-party app has the potential to act as a portal to hackers. In fact, every so often, go through these to weed out ones you don’t need anymore. Even legitimate applications can open doors of opportunity to hackers because their databases can become infiltrated.

#4 Two-step Verification.

With this, the login process has an extra step if you sign in on a different device. This means that crooks can’t get on with only your password and username. They need the extra code of two-step.

For instructions on how to set this up for social media, here are some common sites that provide them: Facebook, Twitter, Google, Gmail, Tumblr, Dropbox

#5 Don’t get reeled in.

Don’t blindly click on links in e-mails or instant messenger programs! Even if the link comes from a sender you know, that “sender” could actually be a fake sender line generated by a hacker.

Contact the person separately in a new e-mail and ask if they sent you a link. If the link is from a business, go to the business’s site rather than clicking its alleged link in your e-mail.

Though Web browsers and e-mail programs can spot these “phishing” attacks, they miss some; just don’t click on links inside an e-mail.

#6 Encrypt internet connections.

Whenever connecting to any critical account make sure the page you are connecting to is HTTPS, which the “S” makes it a “secure” page. Otherwise on open unsecured, unencrypted wireless, connect only using security software such as Hotspot Shield which encrypts all your wired and wireless communications.

#7 Easy Passwords.

The easier a password is for you to handle and remember, the easier it is for a hacker to crack. Stop using “princess” and 123456 as your passwords. Use a gibberish of characters that have no pattern and do not use words that can be found in a dictionary.

A password manager can help you manage a ton of passwords. Use different passwords for all of your accounts and include upper and lower case letters.

#8 Beef up password resets.

Review the social network’s password reset procedure. See if there are other measures they offer for restoring a hacked account, and get those activated. An example would be Facebook’s Trusted Contacts feature.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

10 Tips to Protect Yourself on Social Networks

With the prevalence of mobile devices, more than ever, it’s easy for us to share our lives with the world. And yes, social networks are all about staying in touch with friends and family, and sharing events in your life, but perhaps it’s too easy to share information?

14DWith just a few clicks, posts and messages, you could give away enough personal information to compromise your privacy and even open yourself up to identity theft. So that’s why it’s critical that you know how to protect yourself when using these sites. Here’s my top 10 list:

  1. Remember the Internet is permanent: Assume that once you put information on the site, it stays there forever. Even if you delete the account, you don’t know if someone has already printed/copied your text or photos off of it.
  2. Be selective when accepting a friend: Do you really know that their profile is real and not fake? Only “friend” people you know in the real world.
  3. Exercise caution when clicking on links: Even if they’re from friends. Hackers prey on social networks because you are more likely to click on something from your friends. Also be wary of offers with the word “free” in them, or ones that sound too good to be true, as they usually are.
  4. Manage your privacy settings: Make sure that you are only sharing information with friends and family and check them regularly in case there are any changes.
  5. Be aware of the fact that the information you share on one social network may be linked to another: For instance, a photo you post to Twitter may automatically post to your Facebook profile.
  6. Don’t reveal personal information: Be suspicious of anyone who asks for your personal information online and never share your home address, phone number, Social Security number, or other personal identifying information.
  7. Turn off the GPS function on your smartphone camera: If you plan to share images online, make sure that you turn off the GPS on your device to keep your exact location private.
  8. Don’t enable auto login: Make sure that you don’t have your apps set to automatically log you in and that you don’t have your computer’s browser “remember” your login and password. That way if someone does get access to your devices, they can’t automatically access your social sites.
  9. Change your passwords frequently: Choose hard-to-guess passwords that are at least eight characters long and a combination of letters, numbers, and symbols, and change them regularly. Also make sure you use different passwords for each account.
  10. Close old accounts that you don’t use anymore: Don’t risk leaving personal data in an old account, such as a MySpace page you haven’t used in years, or on an online dating site you no longer need. Instead, close the accounts you don’t use and delete as much personal information from them as possible.

Social networking is meant to be fun…let’s keep it that way by staying safe online. 

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

15 Small-Business Social Network Nightmares

You may think you’ve guarded your company, but are your social media outlets unprotected? Look at these 15 potential weaknesses in your defense.

11DCan you think of five social network nightmares you hope never happen to your business? How about 10?

Well, I can top that, because there are at least 15 social network mishaps that can haunt a business owner. Here’s a closer look at 15 types of trouble you can encounter on Facebook, Twitter and other popular social media platforms. Once you’re aware of all these potential dangers, you should take the necessary steps to prevent them from damaging your company.

1. Posting about illegal or questionable activities. Can you think of an illegal activity your employees might engage in that could get your company into trouble if they posted it on Facebook? How about underage drinking? If you employ teens under the age of 18 and any of them posted a photo of themselves drinking at your place of business, you could be in trouble with the law. And even if all your employees are adults, they can still post something unflattering (though not illegal) that could smear your reputation.

2. Account hijacking. Remember when the Dow dropped 150 points last April after someone hacked the Associated Press’ Twitter account and sent out a tweet that fraudulently claimed the White House had been attacked and President Obama had been injured? Don’t shrug it off—account hijacking can happen closer to home. Fraudsters may send your employees Twitter messages on their workplace computers that are designed to fake the recipients into thinking they’re receiving authentic messages when, in fact, the fraudster’s motive is to get money or sensitive data.

3. Bullying on Facebook. Bullying doesn’t just happen among kids; workplace bullying also exists, and what better place than on social media? Sometimes employees who manage a company’s social media get frustrated with the public’s comments and fight back with below-the-belt comments.

4. Online reputation management. Make sure you and your employees never post anything on Facebook that you wouldn’t show your grandmother or wouldn’t want going viral and damaging your brand.

5. Social media identity theft. Ever considered the possibility that someone could take your business’s name and use it for nefarious purposes? Someone could crack your password, take over an account and cause a trail of destruction. Or they could create a new account using your business’s name and post all sorts of alarming, but false, things about your company. Make sure your business name is protected by constantly navigating the Web, seeking out spoofed sites and your likeness or logo.

6. Financial identity theft. Does your company’s Facebook page include personal information about employees, such as the names of their pets or children? What about their birthdays? Hackers can take this information and use it to crack passwords to online business accounts. Be sure to use privacy settings, and make sure your company’s Facebook page isn’t full of personal details.

7. Burglaries. Never post information about vacation or travel dates on your social pages. Do you want the whole world (which includes crafty burglars) to know when you’ll be away?

8. Geo-stalking. Don’t use location-based GPS technology unless you absolutely need to (for instance, if you and your employees are on a “team building” trek in the wilderness and get lost). While search-and-rescue teams need to find you, stalkers who want your identity do not.

9. Corporate spying. Yes, it’s possible: A crook could pose as one of your employees, set up a Facebook group and invite all your employees to join. This enables the bad guy to gather sensitive data from your business and use it against you.

10. Harassment. Someone who’s disgruntled could stalk your brand and make false accusations. They could set up blogs and social sites, post videos and continually tweet their angry thoughts.

11. Government spying. It’s 10 p.m.: Do you know who it is you just friended on your Facebook page? The Associated Press says, “U.S. law enforcement agents are following the rest of the Internet world into popular social networking services, going undercover with false online profiles to communicate with suspects. Just don’t be a ‘suspect.’”

12. Sex offenders. Sex offenders have been known to pose as someone other than themselves—younger, a different sex, etc.—so they can gain the trust of their victims. You might connect with them online as a business only to discover down the road that they’re a predator.

13. Scams. A bad guy could set up a phony Facebook page and then create phony contests to slurp sensitive customer data such as names, addresses, emails, phones, account numbers and credit card numbers.

14. Legal liabilities. Privacy settings on Facebook can hide posts, but that doesn’t matter to a judge in New York who recently ruled that items posted on Facebook (as well as other social networking sites) can be used as evidence in court—even if the posts were concealed by the privacy settings.

15. Zero privacy. And speaking of privacy, don’t assume you actually have any, because thieves have already figured out how to yank data from the innards of Facebook that’s supposedly just for you and your closest colleagues to see. So be very careful what you put up on Facebook, privacy settings or not.

Robert Siciliano is the author of four books, including The 99 Things You Wish You Knew Before Your Identity Was Stolen. He is also a corporate media consultant and speaker on personal security and identity theft. Find out more at www.RobertSiciliano.com.

7 Social Media Security Tips To Protect Your Business

Your employee’s online life could open your business to some serious dangers.

1SMany small businesses recognize the benefits of having a social media presence for customer service and long-term marketing purposes. However, many are slow to recognize social media’s security issues and how employees’ own social presence can add to the company’s security issues.

Some companies restrict internal access. Others may prevent employees from having any corporate association outside of work on their own social platforms. This is due to the fact that whatever an employee says outside of work publicly can have a significant impact on the organization.

Turns out the robbers scanned the teller’s social media sites based on searching the name of the bank as employer.

Last year I presented a robbery response program to a credit union. My presentation came after a mock robbery was staged, using real cops acting as masked robbers with guns. The robbers came in, guns blazing and screaming profanities, and, quite frankly, were very disturbing in their delivery. Some tellers cried, others cowered. Pregnant women were not allowed to participate and for good reason: Cops make great robbers!

At the end of the robbery, we all circled and discussed what happened. The teller who received the robbery note read it aloud, stating: “Your husband works at the Main Street Garage. We intercepted him when he was opening this morning. He is in a trunk at an undisclosed location. If you hit the silent alarm and the police come, we will kill him.”

Turns out the robbers scanned the teller’s social media sites based on searching the name of the bank as employer. Once done, they looked up her spouse’s place of employment. They were able to learn what time he opened and closed the shop. Scary.

Follow these social media security tips for small business to prevent security issues just as scary:

Institute a policy. Social media policies must be in place to regulate employee access and establish guidelines for appropriate behavior. Policies must specifically state what can and cannot be said, referring to slang, abusive language, etc. Employers should train their employees on proper use, as well. At this point, many of the mistakes have already been made; a quick search for “social media policy” will return lots of great ideas.

Consider a no-employment disclosure. Request employees leave their employment status blank when setting up a social site profile. Employees represent their employer 24/7/365, so what an employee says on or off the job and online directly reflects on his or her employer and, as stated in my credit union story, can be used against the organization.

Limit access to social networks. There are numerous social networks serving different uses, from wine and recreation to music to movies, used for everything from friending to finding a job. Some are more or less appropriate, and others are less than secure. Employee association with a social network that is considered off-color in any way will come back and haunt the company.

Train IT personnel. Policies and procedures begin from the top down. Managers and IT personnel responsible for managing technology need to be fully up to speed with social media security risks and set leadership examples.

Maintain ongoing monitoring and security. Once a policy is in place, it needs to be updated and enforced, and employees’ online lives must constantly be scrutinized. Invest in consulting, hardware, software and anti-virus protection, and update critical security patches for your operating system to make sure your business network is up to date.

Lock down social settings. Require employees to learn about and incorporate maximum privacy settings. Most social networks have privacy settings that need to be administered to the highest level. Default settings generally leave the networks wide open for attack.

Don’t completely eliminate social media. Eliminating access to social media opens an organization up to other business security issues. Employees who want access will get it—and when this happens, they sometimes go around firewalls, making the network vulnerable.

How do you ensure social media security in your business? Share your experiences in the comments.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.