Posts

Protect Your Company with This Social Media Security Advice

Social media is an excellent tool for small businesses, yet, the use of social media by small business staff can definitely put the company in danger. Many small business owners and managers don’t realize this.

Recently, I was talking to employees of a credit union about what to do in a robbery. Before this presentation, police officers had staged a robbery in the same credit union. The fake robbery was so real, some of the tellers were brought to tears, thinking they were really getting robbed.

After they were filled in on what was happening, everyone on the team discussed it. One of the most telling moments is when one of the tellers shared her story. During the mock robbery, one of the “robbers” handed a teller a note. It said this: “Your husband works at Pine Street Motors. We kidnapped him this morning. He is being held at another location. If you hit the alarm and notify police, he’s going to be killed.”

How did the bad guys know that her husband worked at Pine Street Motors? They simply looked online. They found the name of the bank, and then found out that the teller was listed as working at the bank on social media. Her social media account was connected to her husband’s, and his account said that he worked at Pine Street Motors.

Yes, it was that easy.

Here are some tips for social media that you might want to share with your staff:

Don’t Tell the Internet Where You Work

Tell employees that it’s not a good idea to share too many details about their work on social media pages. Though you can’t stop them from adding their employer on Facebook, you can tell them how this information can be used against them and the company. Make sure that they understand that this information could backfire and harm everyone involved.

Teach Your Staff How to Use Privacy Settings

You should also teach staff how to manage their social media privacy settings. Ideally, they should have maximum protection on every account. The default settings are lacking, and those put them at risk for hacking. You should also tell them that even the highest settings that social media sites have won’t keep everyone out. However, this level of protection is better than nothing.

Create a Workplace Policy for Social Media Use

Set up a policy in your workplace for social media use. Make sure this policy covers what employees associated with your company can say and what is totally prohibited.

Stop Banning the Use of Social Media in the Office

The moment you ban the use of social media at work, that’s the moment that someone will sneak around and do it anyway. This, of course, leads to dangerous things, as they can try getting around the firewall and other things that make your network vulnerable.

Train Your IT Team

 Finally, make sure that your IT team is up to date on the latest ways to combat online-security issues. These teams must also know about the security risks that your business faces due to social media.

Additionally, the policy for employee social media use should be examined and updated quite regularly, and make sure to enforce it, too. Invest in anti-virus protection and make sure that all operating systems and browsers are always kept up to date when updates become available.

How to Delete Yourself from Social Media

Have you been thinking that it’s time to make the drastic choice to remove yourself from social media? Most of us were quick to join the social media bandwagon, but these days, you might have worries about privacy. Though it’s possible to delete yourself from social media, the process isn’t easy, and it might not be totally foolproof.

Why Do You Want to Leave?

Before getting into how to delete yourself from social media, it’s important to ask yourself why you want to leave. Experts say totally deleting yourself might not be the best move. For instance, a potential employer, who will more than likely search for you on social media sites, especially LinkedIn, might wonder what you are trying to hide. There is also the fact that removing yourself from social media can make you look boring, unhip, or illegitimate.

Deleting Your Accounts

If you are sure that you want to delete your social media accounts, there are sites that you can use to find out how. These include:

Are Deleted Accounts Really Deleted?

Even if you have deleted your social media accounts, it’s important to make sure that you are fully deleting them or simply deactivating them. Some sites, even after you delete the accounts, will continue to retain the data you supplied.

Delete All Social Media, Not Just The Big Four

If you are serious about deleting your social media account, make sure that you are looking beyond the big four: Facebook, Twitter, LinkedIn, and Google Plus. Other sites have your data, too, including sites like Flickr, dating sites, blogs, support forums, Amazon, eBay, etc. There are also old social media sites you might not use anymore, like MySpace. Whether you have signed in lately or not, your old MySpace could be lurking out there.

What You Will Lose…and Gain…From Deleting Social Media Accounts

You will lose and gain when you delete your social media accounts. You stand to lose your marketing presence, for one, and you might not be able to go back. You also might lose touch with friends and family, or your sense of community. On the flip side, though, you will gain more time and probably have less anxiety.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Parents Beware of Finstagram

You have surely heard of Instagram, the photo sharing social network, but what about “Finstagram?” If you are like most parents, you have rules about the social media practices of your kids. However, once you learn about Finstagram, those might all go out the window.

When you combine the words “fake” and “Instagram,” you get Finstagram. Essentially, these are fake, or alternative, Instagram accounts that are created by teens, for the most part. These accounts can be used for harmless laughs, such as sharing embarrassing pictures with your close circle of friends, or for harmful deeds, such as hiding alcohol or drug use from parents. Finstagram accounts are also commonly used for bullying.

You can look at your child’s Instagram account and see the innocent angel that you believe you have raised. But, do they have a Finstagram account that shows a different side? It’s possible, and you might even be able to find it by using the Find Friends feature on the software. Of course, it’s possible that your child has linked their Finstagram to a new email address or even name.

On top of all of this, kids are using Finstagram accounts to do things that would never be acceptable on their “real” Instagram accounts. For instance, there have been instances where these fake accounts are used to post inappropriate or altered photos of their classmates in inappropriate situations. In some cases, things get so serious that the schools, themselves, have to contact Instagram to get the accounts shut down.

Even if you think that you have nothing to worry about with your own kids, it might be worth it to do a check on them. You can certainly ask your child if they have an account, and they might be forthcoming and tell you. Odds are, however, that they won’t. In fact, about 90% of Finstagram accounts are unknown, so it is the parent’s responsibility to look for the signs.

Parent should have all passcodes to access the device and its applications. Or the child can’t have a phone. Non-negotiable. Done deal.

Sit down with your child to talk about their usage of social media, and the repercussions of their actions on social media. You also might want to talk to other parents you know about Finstagram accounts. These accounts might be for innocent fun, but they could also ruin someone’s life.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Investigators Using Social Media to Find Missing Children

Gone are the days when social media is only used to share what you had for dinner or announcing to the world that you are headed to the gym. But social media has become a platform for any and everyone to say what’s on their mind, and sometimes that’s great, but all too often it isn’t. Social is significantly lacking in decorum. But at least some are using social for good.

These days, law enforcement is using social media to find missing children.

Washington, DC police are leading the way on this. In 2017, alone, the district is averaging about 190 missing kids a month. By using social media, information about the children is getting out quickly. Previous to this, the district was issuing press releases, but with social media, there are now thousands of people getting information about these children.

This new way of spreading the word is helping to find missing children, for example a Twitter user recently created a screenshot of several missing person’s flyers. She then shared the tweet with her followers, and it received over 108,000 retweets. It also, however, raised the red flag that these girls might be the victims of a human-trafficking scheme.

DC police admits that missing children are vulnerable to this type of exploitation, but are quick to point out that there is no evidence that these missing people were linked to any type of known human trafficking scheme.

Other groups, such as the Black and Missing Foundation, are also using social media to share leads, but still use traditional media, too. For instance, in 2012, a missing teen in New York was found in a matter of hours after her story appeared on the television show, The View.

Thanks to this new way of making the public aware of missing kids, DC police are seeing results. During the last two weeks of March, for instance, eight children were found after their stories were shared on social media.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Stop being a Social Media Idiot

Leave personal details off your Facebook page.

14DDoes the whole world—or even your private circle, many of whom you haven’t seen in person for years, or even at all—have to know you’re laid up from hernia surgery (i.e., vulnerable, defenseless)?

Try this experiment for a week: Assume that the only visitors to your Facebook are 1) future possible employers, 2) master gossip spreaders and reputation bashers, and 3) your future in-laws (if you’re not married). This should really change the game plan of how you post.

Never send naked photos of yourself.

Not even to your significant other. After all, in many cases of leaked nude images…the significant other is the leaker! If your lovey-dove wants to see you in your birthday suit, then present yourself that way in person—after you know for sure all the cameras in the room are turned off.

Enough with the selfies.

It’s gotten to a point where all selfies look alike: Some doofus holding up the phone and staring INTO the phone. Whatever happened to the nice images of yesteryear, where someone, posing nicely, was facing the viewer? Selfies are fine if you’re showing off your abs when the selfie next to it of 90 days ago shows the Pillsbury Dough Boy, but please, nobody is special enough to justify endless selfies, including those for which you corralled a bunch of people to take part in it.

Instagram is not for food images.

Don’t waste your time. Think “borrrrrring!” Who really wants to see your beet salad? If you want to promote your recipe skills, start a website.

“Like” only recent posts.

Nobody pays attention to likes on old posts.

Cross out cross-posting.

Post an item on your Snapchat story, then put it in a private message…NOT.

No ODRs, no oversnapping.

Avoid opening but not replying on Snapchat. Avoid double-snapping someone.

Say no to screengrabbing.

Read that again. Don’t grab a Snapchat unless you want the sender to know who did it.

For parents…

Be mindful of commenting on your teenagers’ pages. Be sincere if you must, like a congratulations for qualifying for the state wrestling finals.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Hacking the CEO with Social Media

If the super big wigs could get their social media accounts hacked, you can too. If you can believe it, the Twitter accounts of the following were recently hacked:14D

  • Google CEO Sundar Pichai
  • Yahoo CEO Marissa Mayer
  • Oculus CEO Brendan Iribe
  • Twitter co-founder Jack Dorsey

Shouldn’t these CEOs know how to prevent getting hacked? One little slip could let in the cybercriminals: reusing the same password.

Times have really changed. During the good ‘ol days, employees barely knew the CEO. Sometimes he was faceless, and at most, they received form letters from him…or her. Nowadays, company workers know the names of the CEO’s grandkids, new puppy, where they spent their last vacation, complete with photos.

CEOs want a human connection to their company’s worker bees and hence, many are very active on social media—so active, in fact, that they hardly think of security…like using old passwords for new accounts and/or using the same password for multiple accounts…and/or using an easily crackable password.

Other mistakes CEOs make:

  • Posting personal information—way too much, more than enough for hackers to use against them.
  • This includes names of kids and vacation destinations, details about hobbies, relatives and other personal data.
  • Inclusion of personal information on a professional social media profile.

That may all sound innocent and just a way for CEOs to humanize themselves, but the more personal information they share with the world, the easier it is for cybercriminals to bust in. Crooks can often easily obtain the CEO’s e-mail and send a message that appears innocent, but has a link or attachment that the recipient is lured into clicking.

Once clicked, the attachment or e-mail unleashes malware, giving the crook control of the CEO’s computer. So even if the CEO has a unique and very strong and long password for each social media account, all it takes is a moment of having their guard down and hastily clicking a malicious link or attachment to get infected.

The hacker may have many motives for breaking into an account, and this includes posing as the CEO and posting items on the social media account with the hopes of damaging the CEO’s reputation.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Case allows Employees to run amok on Social Media

Lesson learned: If you run a fast-food restaurant or any company for that matter, you’d better treat your employees right. After all, they have a legal right to tweet all they want about you.

14DA Chipotle Mexican Grill in Havertown, PA, had a ban in place: Employees are prohibited from using social media to spread “inaccurate information” or “disparaging, false or misleading statements.”

But the National Labor Relations Board recently deemed that this rule violates federal labor law, even though an employee, James Kennedy, had tweeted less-than-favorable information about working conditions and had also circulated a petition (that the franchise tried to ban).

Chipotle violated the NRLA, according to the administrative law judge, when it demanded that Kennedy cease tweeting and delete the other tweets.

Another violation on Chipotle’s part was the firing of Kennedy, who had refused to stop circulating a petition among coworkers after a manager ordered him to do so. Kennedy’s use of social media was a protected activity under the law, and so was his circulation of the petition. The establishment was ordered to reinstate Kennedy and pay him lost wages.

Just what exactly was Chipotle’s rule about circulating a petition? It barred employees from doing this even during non-working hours and within visual or hearing range of patrons.

Chipotle was ordered by the NLRB to reverse its rules pertaining to social media and solicitation of petitions. And believe it or not, Chipotle even had a policy in place that banned discussing politics on the job. This ban, too, was lifted, courtesy of NRLB’s order.

Chipotle corporate was also required to make sure that all of its employees in the U.S. would be made aware of these policy reversals.

As of August 19, neither Chipotle nor its legal team have responded to any requests to comment.

Frankly, as an employer, this ruling is scary. And knowing employees often blather on about anything and everything, this ruling may open a can of worms that can’t be put back in.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Set Privacy on these Social Media Apps

Just like older generations never thought that the dial phone in the kitchen could be dangerous (think phone scams), today’s kids don’t have a clue how hazardous smartphone apps can really be. They are a godsend to pedophiles, scammers and hackers. And let’s not forget other kids who just want to be cruel bullies.

14DParents should have informative discussions with their kids about the various apps out there. And it’s okay to forbid particular apps you aren’t comfortable with. Like Musicly, search “Musicly safe for kids” and see why. Apps aren’t as innocent as you think. They are potential gateways to some real creepsters out there—and that’s putting it mildly.

Applications have safety settings. Do you know what they are? How they work?

Instagram

  • A person with or without an Instagram account can view your images unless you have the security setting on for “Private Account” under “Options.”

Snapchat

  • Enable the self-destruct feature to destroy communications quickly after they are sent.
  • But don’t rely on this entirely, because it takes only seconds for the recipient to screenshot the text or sext into cyberspace.
  • Set the “Who Can Contact Me” setting to “My Friends” so that strangers posing as 13-year-olds don’t get through to your child.

Whisper

  • Don’t let the name fool you; Whisper is not anonymous, thanks to geotagging.
  • Go to your iPhone’s settings and change the location access to “Never.”

Kik

  • Kik is not anonymous, contrary to popular belief, because anyone can get ahold of a youth’s username on other social media, making it possible to then contact that person on Kik.
  • Under “Notifications” disable “Notify for New People.” This will put strangers’ messages in a separate list.
  • Don’t share usernames.

Askfm

  • This question-and-answer service attracts cyberbullies.
  • In the privacy settings, uncheck “Allow Anonymous Questions.”
  • The user should remain anonymous.

Omegle

  • This video-chatting service is a draw for pedophiles.
  • It should never be linked to a Facebook account.

Your worries are fully justified. Words, images, and video, are very powerful. Though the age of e-communications is here to stay, so are psychos. It’s their world too. Your kids, unfortunately, must share it with them, but that doesn’t mean they have to receive communications from them or be “friends” with them.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

32 Million Twitter Pass for sale Add two-factor NOW

The Dark Web, according to LeakedSource, got ahold of 33 million Twitter account details and put them up for sale. Twitter thus locked the accounts for millions of users.

5DTwitter, however, doesn’t believe its servers were directly attacked. So what happened? The bad guys may have created a composite of data from other breached sources. Or, they could have used malware to steal passwords off of devices.

Nevertheless, the end result meant that for many Twitter accounts, there was password exposure—leading to the lockdown of these accounts. The owners of these accounts had to reset their password after being notified of this by e-mail.

Some users who did not receive this e-mail notification will find that their accounts are locked.

An Ounce of Prevention

  • Go through the passwords of all of your vital accounts, and see which ones are unique, long and strong. You’ll likely need to change many passwords, as most people use simple to remember passwords that often contain keyboard sequences and/or words/names that can be found in a dictionary, such as 890Paul. These are easily cracked with a hacker’s software.
  • Who’d ever think that Facebook’s chief executive Mark Zuckerberg’s Twitter account could be hacked? It was, indeed, and it’s believed this was possible due to him reusing the username of his LinkedIn account several years ago.
  • So it’s not just passwords that are the problem; it’s usernames. Not only should these be unique, but every single account should have a different username and password. However if a username is an email address, you can’t do much here.
  • Passwords and usernames should be at least eight characters long.
  • Use more than just letters and numbers-use characters if accepted (e.g., #, $, &).
  • So Paul’s new and better password might be: Luap1988($#.
  • Sign up with the account’s two-factor authentication. Not all accounts have this, but Twitter sure does. It makes it impossible for a crook to sign into your account unless he has your cell phone to receive the unique verification code that’s triggered with every login attempt.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Parents: do You know your Teen’s Social Media Platforms?

With all the apps out there that individualize communication preferences among teens, such as limiting “sharing,” parents should still hold their breath. Face it, parents: times have changed. It’s your duty to discuss these applications with your kids. And parents should also familiarize themselves with the so-called temporary apps.14D

  • Temporary messages do not vanish forever.
  • Are anonymous applications really anonymous?
  • How temporary is “temporary”?

Kik Messenger

  • Users can stay anonymous and conduct all sorts of communication.
  • Has perks, like seeing if someone read your message.
  • Has drawbacks, such as accidentally sending content to more people than the user intended.
  • Easy to end up communicating with anonymous strangers.
  • Involves ads disguised as communication.

Ask.fm

  • Kids anonymously ask questions, e.g., “How do I conceal my eating disorder from my parents?” This question is benign compared to others on the site, though many users are innocent teens just hanging out.
  • This kind of site, though, promotes cyberbullying.

Whisper

  • Intended for adults, this app is where you post what’s eating you.
  • Some posts are uplifting and inspirational, while others are examples of human depravity.
  • Replete with references to drugs, liquor and lewd behavior—mixed in with the innocent, often humorous content.

Yik Yak

  • For users wanting to exchange texts and images to nearby users—hence having a unique appeal to teens.
  • And it’s anonymous. Users have made anonymous threats of violence via Yik Yak.
  • Due to the bond of communicating with local users and the anonymity, this medium is steeped in nasty communication.
  • Threats of violence will grab the attention of law enforcement who can turn “anonymous” into “identified.”

Omegle

  • This anonymous chat forum is full of really bad language, sexual content, violence, etc.
  • The app’s objective is to pair teens up with strangers (creepy!).
  • Yes, assume that many users are adult men—and you know why.
  • Primarily for sexual chat and not for teens, but teens use it.

Line

  • Texting, sending videos, games, group chats and lots of other teeny features like thousands of emoticons.
  • The Hidden Chat feature allows users to set a self-destruct time of two seconds to a week for their messages.
  • For the most part it’s an innocent teen hub, but can snare teens into paying for some of the features.

Burn Note

  • Text messages are deleted after a set time period.
  • Texts appear one word at a time.
  • Burn Note can promote cyberbullying—for obvious reasons.

Snapchat

  • Users put a time limit on imagery content before it’s erased. So you can imagine what some of the imagery might be.
  • And images aren’t truly deleted, e.g., Snapsaved (unrelated to Snapchat) can dig up any Snapchatted image, or, the recipient can screenshot that nude image of your teen daughter—immortalizing it.

REPEAT: Face it, parents: times have changed. It’s your duty to discuss these applications with your kids. And parents should also familiarize themselves with the so-called temporary apps.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.