Posts

Some Simple Steps to Social Media Privacy

When was the last time you checked your privacy settings on your social media profiles? Being aware of the information you share is a critical step in securing your online identity. Below we’ve outlined some of the top social media sites and what you can do today to help keep your personal information safe.

FACEBOOK Social Media Privacy

Click the padlock icon in the upper right corner of Facebook, and run a Privacy
Checkup. This will walk you through three simple steps:

  • Who you share status updates with
  • A list of the apps that are connected to your Facebook page
  • How personal information from your profile is shared.

As a rule of thumb, we recommend your Facebook Privacy setting be set to “Friends Only” to avoid sharing your information with strangers. You can confirm that all of your future posts will be visible to “Friends Only” by reselecting the padlock and clicking “Who can see my stuff?” then select “What do other people see on my timeline” and review the differences between your public and friends only profile. Oh, and don’t post anything stupid!

TWITTER Social Media Privacy

Click on your profile picture. Select settings. From here you will see about 15 areas on the left-hand side. It’s worth it to take the time to go through each of them and select what works for you. We especially recommend spending time in the “Security and Privacy” section where you should:

  • Enable login verification. Yes, it’s an extra step to access your account, but it provides increased protection against unauthorized access of your account.
  • Require personal information whenever a password reset request is made. It’s not foolproof, but this setting will at least force a hacker to find out your associated email address or phone number if they attempt to reset your password.
  • Determine how private you want your tweets to be. You can limit who (if anybody) is allowed to tag you in photos and limit your posts to just those you follow.
  • Turn off the option called “Add a location to my Tweets”.
  • Uncheck the options that allow others to find you via email address or phone number.
  • Finally, go to the Apps section and check out which third-party apps you’ve allowed access to your Twitter account (and in some cases, post on your behalf) and revoke access to anything that seems unfamiliar or anything that you know you don’t use anymore.

Oh, and don’t post anything stupid!

INSTAGRAM Social Media Privacy

The default setting on Instagram is public, which means that anyone can see the pictures you post. If you don’t want to share your private photos with everyone, you can easily make your Instagram account private by following the steps below. NOTE: you must use your smartphone to change your profile settings; it does not work from the website.

  • Tap on your profile icon (picture of person), then the gear icon* to the right of your name.
  • Select Private Account. Now only people you approve can see your photos and videos.
  • Spend some time considering which linked accounts you want to keep and who can push notifications to you.

*Icons differ slightly depending on your smartphone. Visit the Instagram site for specifics and for more in depth controls.

Oh, and don’t post anything stupid!

SNAPCHAT Social Media Privacy

Snapchat’s settings are really basic, but there’s one setting that can help a lot: If you don’t want just anybody sending you photos or videos, make sure you’re using the default setting to only accept incoming pictures from “My Friends.”  By default, only users you add to your friends list can send you Snaps. If a Snapchatter you haven’t added as a friend tries to send you a Snap, you’ll receive a notification that they added you, but you will not receive the Snap they sent unless you add them to your friends list.  Here are some other easy tips for this site:

  • If you want to change who can send you snaps or view your story, click the snapchat icon and then the gear (settings) icon in the top right hand corner. Scroll down to the “Who can…” section and make your selections.
  • Like all services, make sure you have a strong and unique password.
  • Remember, there are ways to do a screen capture to save and recover images, so no one should develop a false sense of “security” about that.

In other words, (all together now) don’t post anything stupid!

A Final Tip: The privacy settings for social media sites change frequently. Check in at least once a month to ensure your privacy settings are still as secure as possible and no changes have been made.

John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

Twitter privacy expert John Sileo talking with 9News on the AP hack

,

This Tweet disrupted the stock market as well as gold and oil prices: “Two explosions in the White House and Barack Obama is injured”.

Oh No! My Kid Wants to Get on Facebook… What Now?

,
I’m starting a new video series on my AskSileo YouTube channel to address common questions that parents have about their kid’s safety on Facebook and online privacy in general.

AskSileo Episode 1: Children’s Safety on Facebook and Social Networking (drawing from first-hand experience)

I get this question all of the time: Is my kid safe on Facebook? The answer to that questions depends on three basic factors:

  • The amount of time you have invested in helping your child set up their Facebook account. If you haven’t spent at least 90 minutes in the process, they are in no way safe. It takes at least 1.5 hours to wisely populate their profile, customize privacy and security settings and read through the Facebook Data Use Policy (notice that Facebook no longer refers to it as a privacy policy, because the reality is that you have almost no privacy on Facebook).
  • The amount of time you have spent training your child in an age appropriate way on the risks associated with sharing information on Facebook (stalking, Like-jacking, college admissions background checks, malware loading, identity theft, cyber bullying, social manipulation, digital blackmail, location tracking, surfing behavior analysis, purchase and sale of private information by marketing companies, etc.)
  • The degree to which you engage in Facebook yourself and use it as a tool to communicate and monitor your child’s online behavior. Social media is about conversation, and the most important person you can converse with is your child. In the same way that you would parent them in a restaurant if they used foul language, wore risque clothing or bullied another child, so you must be part of their virtual life. If you are not involved in your child’s online life on a daily basis, they have an identity about which you know nothing.
It’s one thing to talk about privacy as an expert on the topic and another to actually live through it with a child (without killing them). Which is why I have decided to create a video log while helping my 14-year-old daughter get safely onto Facebook. Enough theory, let’s talk practice.
I will admit right up front that I am learning as much as you are during this process, so your comments and feedback below are welcomed and will help educate other parents just trying to figure this thing out.
What are your questions? Let me know if the comments box below. Who knows, your question might appear next on AskSileo!
For more tips on privacy, identity and reputation control, subscribe to the AskSileo video series or to the Sileo Blog.

7 Security Secrets of Social Networking

On the surface, social networking is like a worldwide cocktail party—full of new friends, fascinating places and tasty apps. Resisting the urge to drink from the endless fountain of information is nearly impossible because everyone else is doing it—connecting is often advantageous for professional reasons, it’s trendy and, unchecked, it can be dangerous.

Beneath the surface of the social networking cocktail party lives a painful data-exposure hangover for the average business. Sites like Facebook and Twitter are now the preferred tool for malware delivery, phishing, and “friends-in-distress” scams while more business oriented sites, like LinkedIn, allow for easy corporate espionage and the manipulation of your employees.

To avoid the cocktail party altogether is both impractical and naïve—the benefits of social networking outweigh the dangers—but applying discretion and wisdom to your social strategy makes for smart business. Follow these 7 Security Secrets of Social Networking to begin locking down your sensitive data.

  1. On social networks, possession is ten-tenths of the law.When you put your business’s information on a social network, you have forfeited your exclusive right to that information. Unlike a physical asset, information can be simultaneously recreated, stored and accessed by unlimited users at any one time, allowing it to flow like water through your fingers. Additionally, there are very few laws governing the ownership of information once it leaves your office (e.g., goes into the cloud), leaving you no legal precedence for winning back your privacy. On a personal level, for example, when you populate your Facebook profile with a birthdate, it is sold to advertisers along with your demographics, “Likes” and a map of your friend network. Similarly, in the business world, the minute you establish a Facebook page and begin to attract “fans” or a Twitter page for followers, you’ve just centralized and publicized your customer list for competitors. Solution: Create a strategic plan before you expose your intellectual property. Prior to going live with a corporate social networking profile or sharing your next post, think through how much sensitive information you are sharing, and with whom. Unlike a traditional website, social networks connect human beings, some of whom want to map your organizational structure, track your marketing initiatives, hire your star employees, breach your systems, poach your fan list or steal sensitive intellectual capital. It is imperative that you: 1. Create a strategic social networking plan that 2. Defines what information can and should be shared by executives and employees on Facebook, Twitter, LinkedIn, etc. 3. Consider using social media to attract new prospects rather than creating a following of existing (and poachable) clients. 4. Populate your profile with only publicly available, marketing-based data. 5. Keep personal comments for personal pages, as they have no place at work. 6. Don’t rely on a policy to communicate your intentions and requirements surrounding social media. The most successful companies build a culture of privacy through an interactive process that allows the entire team to co-create a solution.
  2. Lack of education, not technology, is the greatest source of risk. It’s easy to blame our data privacy woes on technology. At the heart of every security failure (technological or otherwise), is a poor human decision, generally due to a lack of awareness. For instance, an employee, not a machine, decides to spend their lunch break using their work computer to post on personal social networking sites. In many cases, they do so because the business has not established guidelines for these scenarios, nor have they educated them on the risks. For example, most employees don’t understand that more than 30% of all malware is delivered to corporate computers via social spam through personalsocial networking use conducted on work computers. Solution: Educate your team as individuals first, employees second. The most effective way to change a human being is to appeal to them emotionally, not intellectually. Most of us are more emotionally connected to our personal lives than to our jobs. Consequently, by motivating your employees to protect their own social networking profiles first (and their kids’), you are not only lowering the malware and fraud that they introduce into your computers through lunchtime surfing, you are also giving them the framework and language to protect the company’s social networking efforts. Be sure to: 1. Break the training down into bite-sized, single topic morsels that won’t overwhelm or discourage employees. 2. Allow employees to spend a few moments applying the fixes you’ve just given them. 3. Once they’ve made the changes personally, reconvene and discuss what it all has to do with your organization’s social networking strategy. They will return to the learning table with emotional buy-in and awareness. Strategies Three and Five (below) are examples of this bite-sized, personal to professional adaptation process.
  3. Most social networking risks are old scams with new twists.During a lunch break at work, you receive a Facebook post that seems like it’s from a friend. It’s impossible not to click, enticing you with captions like, “check out what our old high school friend does for a living now!” Seemingly harmless, you click on a video, a coupon, or a link to win a FREE iPad and presto, you’ve just infected your computer with malware that allows cyber thieves full access into your company network. You’ve been tricked by a repackaged version of the virus-delivering-spam-emails of five years ago. Spam has officially moved into the world of social media (thus, social spam), and is now responsible for 30% of all viruses, spyware and botnets that infect our computers. Solution: Discuss social spam self defense at your next team meeting. It’s amazing how quickly people detect social spam once they’ve been warned! After all, they’ve seen it all before disguised in other forms. In addition to giving employees visual examples of social spam, click-jacking and like-jacking, make sure that they are equipped with the following knowledge: 1. If an offer in a social networking post is too enticing, too good to be true, too bad to be real or just doesn’t feel right, don’t click! 2. If you do click and aren’t taken directly to the site you expected, make sure you never click a second time, as this gives cyber thieves the ability to download malware onto your system. 3. Deny social media account takeover by using strong alphanumeric passwords that are different for every site and that you change frequently. 4. Account takeover is easy for criminals, which means that not all “friends” are who they say they are. If you suspect foul play, call your contact and verify their post. 5. Make sure that you protect your business with the latest cyber security and anti-theft prevention tools available. I will discuss these in the next strategy.
  4. Cyber thieves follow the path of least resistance by looking for open doors. Data thieves aren’t interested in delivering malware to just anybusiness (using social networking as their primary delivery device); they specifically target organizations that have done the least to protect their computers, networks, mobile devices, Wi-Fi and Internet connection. Why burgle a house with deadbolts and an alarm when you can attack the home down the street that left the front door wide open? In business, the “open door” usually comes in the form of poor computer security. Solution: Create a Path of Strategically Elevated Resistance. Thieves get discouraged (and move on to other victims) when you put roadblocks in their way. Keeping your network security up-to-date is the smartest way to quickly and effectively elevate your defenses against cybercrime. Follow these simple steps: 1. Hire a professional to conduct a security assessment on your network; the investment will pay for itself hundreds of times over. During the assessment and follow-up process, make sure that the IT professional: 2. Installs a security suite like McAfee on every computer, including mobile devices that travel, 3. Sets up your operating system and critical software for automatic security updates, 4. Enables and configures a firewall to block incoming cyber criminals, and 5. Configures your Wi-Fi network with WPA2+ encryption. To cover all of your bases, make sure that 6. You are prepared for a breach if it does happen. Deluxe, in partnership with EZShield, provides state-of-the-art identity protection and recovery services for businesses. It’s like health insurance for your information assets.
  5. Data criminals systematically exploit our defaults. Another way to create a path of strategically elevated resistance is to take away the “broadcast” nature of social networking exploited by thieves and competitors. Instead of inviting everyone to your cocktail party, only allow people you know and trust. When users set up a new social networking profile, the tendency is to accept the “default” account settings. For example, when you establish a Facebook account, by default, your name, birthdate, photo, hometown, friend list and every post you makeare available to more than one billion people. Solution: Change your defaults! It only takes minutes to modify every Privacy and Security setting offered by a social network. On a personal level, 1. Consider limiting who can view your hometown, friend list, family, religious affiliation and interests to Friends Only or even Only Me and 2. Disallow Google to index and share your profile on its search engine. Businesses will want to 3. Leave the indexing feature On to maximize search engine traffic. 4. Post updates to categories of friends (friend groups), not to the entire world. This isn’t only safer personally, it also makes for more targeted and appreciated customer service. 5. Make sure to update your defaults regularly, as social networking sites tend to make frequent changes. Many businesses with Facebook Fan Pages, for example, have not updated their profile in accordance with Timeline, meaning that their page is outdated and unprofessional.
  6. Social engineers mine social networks to build trust and exert influence. The greatest social networking threat inside of your organization isn’t malware or information scraping. Your greatest risk comes from a data spy’s ability to get to know youand your co-workers through your online footprint. Social engineering is the art of manipulating data out of you using emotional triggers such as similarity, likeability, fear of offending, authority, etc. A social engineer’s greatest tool of deception is to gain your trust, which is easy once they know your likes, friends and updates that you publish daily. After a month or so of cultivating what appears to be a legitimate relationship, social engineers begin to manipulate you for information. Solution: Verify, then trust. In the information economy, where data is quite literally currency, you must verify someone’s intentions and credibility before you begin to trust them. Here’s how: 1. Don’t befriend strangers; your ego wins, but you lose. 2. Before you accept a second-hand friend, verify that your existing network actually knows and trusts that person. Too many users accept friends indiscriminately, so you need to investigate their credibility before you hit the Accept button. 3. Don’t believe everything you read on social networking sites. In fact, don’t believe anything of substance until you verify it with reputable, primary sources like a national newspaper, ethical blogger or noted expert. 4. Never send money to a friend in need, download an entertaining app or give away sensitive information via social networking unless you know beyond a shadow of a doubt that the request is legitimate and that your communication is private and secure.
  7. In social networking, there are no secrets. The title of this paper was intentional – people want exclusive access to knowledge that others don’t have. We all want to know the secret, and I used that human desire in a gentle form of social engineering to get you to read the article. But in social networking, there are no secrets. The instant you hit the post button, your information becomes public, permanent and exploitable. It’s public because you have little control over how it is forwarded, accessed by others or subpoenaed by law enforcement. In the blink of an eye, your information is backed up, re-tweeted and shared with strangers. Digital DNA has no half-life; it never disappears. And as you’ve seen above, it can be used against you. Solution: Don’t just read, act! Reading is not enough; you must act on what you have read: 1. Revisit the information you over-share on your social networking profiles and remove it. 2. Modify your account privacy and security defaults so that you share only with the people you trust. 3. Educate your team from a personal perspective first and then apply it to your organization’s needs. 4. Strategically elevate your defenses by securing your computer network with software like McAfee, and recovery services like EZShield. 5. Research advanced fraud and social engineering tactics to protect yourself and your company.

Every company I’ve consulted to that has experienced a data breach wishes that they could “go back in time”. Why? Because recovery is often 10-100 times more expensive than prevention, and because data breach causes customer flight, bad press and depreciated value. Companies that prepare for the coming onslaught of social networking fraud will escape relatively unaffected. Businesses that are unprepared will suffer extensively. According to the Ponemon Institute, the average cost to a business of any size that experiences a data breach is $7.2 million, which explains why so many small businesses go bankrupt after a data loss event, as they are unable to pay the recovery costs. That gives you 7.2 million reasons pay attention.

John Sileo is an award-winning author and international speaker on the dark art of deception (identity theft, data privacy, social media manipulation) and its polar opposite, the powerful use of trust, to achieve success. He is CEO of The Sileo Group, which advises teams on how to multiply performance by building a culture of deep trust. His clients include the Department of Defense, Pfizer, the FDIC, and Homeland Security. Sample his Keynote Presentation or watch him on Anderson Cooper, 60 Minutes or Fox Business. 1.800.258.8076.

Avoiding Social Spam Hackers on Facebook and Twitter

, ,

The post appears like it’s coming from a known friend. It’s enticing (“check out what our old high school friend does for a living now!”), feeds on your curiosity and good nature, begs you to click. A quick peek at the video, a chance to win a FREE iPad or to download a coupon, and presto, you’ve just infected your computer with malware (all the bad stuff that sends your private information to criminals and marketers). Sound like the spam email of days gone by? You’re right – spam has officially moved into the world of social media, and it’s like winning the lottery for cyber thugs.

What is Social Spam?

Nothing more than junk posts on your social media sites luring you to click on links that download malicious software onto your computer or mobile device.

Social media (especially Facebook and Twitter) are under assault by social spam. Even Facebook cautions that the social spam volume is growing more rapidly than their user base. The spam-fighting teams at both Facebook and Twitter are growing rapidly. The previous handful of special engineers has seen the inclusion of lawyers, user-operations managers, risk analysts, spam-science programmers and account-abuse specialists. Spammers are following the growing market share, exploiting our web of social relationships. Most of us are ill-prepared to defend against such spam attacks. Here’s how social spam tends to work:

  1. Malware infects your friend’s computer, smartphone or tablet, allowing the spammer to access their Facebook or Twitter account exactly as if the spammer were your friend.
  2. The spammer posts a message on your friend’s Facebook or Twitter page offering a free iPad, amazing coupons or a video you can’t ignore.
  3. You click on the link, photo, Like button (see Like-jacking below) or video and are taken to a website that requires you to click a second time to receive the coupon, video, etc. It’s this second click that kills you, as this is when you authorize the rogue site to download malware onto your computer (not a coupon or video).
  4. The malware infects your computer just like it has your friend’s and starts the process all over again using your contacts, your wall and your profile to continue the fraud.
  5. Eventually, the spammer has collected a massive database of information including email addresses, login information and valuable social relationship data that they can exploit in many ways. In the process, the malware may have given them access to other data on your computer like bank logins, personal information or sensitive files. In a highly disturbing growth of criminal activity, social malware can actually impersonate users, initiating one-on-one Facebook chat sessions without your consent.

“Like-jacking” involves convincing Facebook users to click on an image or a link that looks as if a friend has clicked the “Like” button, thereby recommending that you follow suit. If our friends Like it, why shouldn’t we. So we click and download in an almost automated response. The key is to interrupt this automatic reflex before we get stung.

Fighting social spam requires immense investments of time, which can mean lost productivity (and money). Gratefully, various company site-integrity teams watch trends in user activity to spot spam. Every day, Facebook says it blocks 200 million malicious actions, such as messages linking to malware. The company can’t prevent spam, but it’s diligently working to make it harder to create and use fake profiles.

But never count on someone else to protect what is yours. You must Own Up to your responsibility. Follow these 5 Steps to Minimize the Risks of Social Spam:

  1. If the offer in the post is too enticing, too good to be true or too bad to be real, Don’t Click.
  2. If you do click and aren’t taken directly to what you expected, make sure you Don’t Click a 2nd Time. This gives the spammer the ability to download malware to your system.
  3. Don’t let hackers gain access to your account in the first place – use strong alpha-numberic-upper-lower case passwords that are different for every site and that you change frequently.
  4. Remember, in a world where your friend’s accounts are pretty easily taken over, not all friends are who they say they are. Be judicious. If something they post is out of character, it might not be them writing the post. Call them and verify.
  5. Don’t befriend strangers. Your ego wins, but you loose.
  6. Make sure you have updated computer security: operating system patches, robust passwords, file encryption, security software, firewall and protected Wi-Fi connection.

John Sileo is an award-winning author and international speaker on the dark art of deception (identity theft, data privacy, social media manipulation) and it’s polar opposite, the powerful use of trust, to achieve success. He is CEO of The Sileo Group, which advises teams on how to multiply performance by building a culture of deep trust. His clients include the Department of Defense, Pfizer, the FDIC, and Homeland Security. Sample his Keynote Presentation (he shares how he lost $300,000, 2 years and his business to data breach) or watch him on Anderson Cooper, 60 Minutes or Fox Business. 1.800.258.8076.

3 Exposure Lessons Learned Via Anthony Weiner

Just for a minute, put yourself in the shoes of Anthony Weiner. You’ve done something exceptionally stupid, whether it’s sending sexually explicit photos of yourself to strangers you don’t even know, or another unrelated mistake. To compound the stupidity, you involve social networking – you Facebook or tweet or YouTube the act – or even simply email details of what you’ve done.

Everyone of us makes impulsively bad decisions (probably not as bad as Weiner, but bad nonetheless). Prior to the internet, you at least had a chance to recover from your past transgressions, as there wasn’t a readily accessible public record of the act unless you happened to be caught on tape (think Nixon, Rodney King, etc.). But now that pretty much every human carries either a camera or video recorder with them at all times (mobile phones), can communicate instantly with a massive audience (Facebook, Twitter, SMS, blogs), and have access to more information than exists in the Library of Congress just by pulling up Google, the equation of how you control sensitive information about yourself has changed radically. Every stranger (and even friend) is like a full service news station with video, distribution and commentary, just waiting to report on your missteps.

Here are three lessons the rest of us can take from the Anthony Weiner affair:

  1. Fame raises the bar. Celebrity, for all of it’s glory, puts a spotlight on your conduct. When you get paid for attracting attention, you are bound to attract unwanted attention. Unless your brand consciously involves a rebel persona (Paris Hilton, Lindsey Lohan, Dennis Rodman – in other words, the more trouble you get in, the more money you make), you will be held to a higher standard than those of us who fly under the radar. Fame has its faults. Remember when Gary Hart challenged the press to prove he wasn’t a standup guy? Now everyone who has even the most basic tech tools is an instant paparazzi.
  2. Mind the 3 Laws of Posting Online. When you post anything online, what you have published is most often immediately public, permanent and exploitable. You may think that you have a claim to privacy online, but you are deluding yourself. What you upload is only as private as the company or individual housing the data. Once you post, there is no “taking it back”. Weiner removed his tweets quickly, but posts, pictures and videos are backed up, re-tweeted, liked, screen captured and otherwise saved long before you can put a stop to it. Finally, as this case reinforces, what you post online can and will be used against you if it falls into the wrong hands. In Weiner’s case, the wrong hands were those of a political enemy, conservative blogger Andrew Breitbart. Because Weiner chose to make the posts public (even accidentally), Breitbart has a free pass to commit perfectly legal extortion. Before it is all over, the Democratic party will lose one of it’s brightest stars. That is probably a just result, but there is still a question about the forceful nature of the means involved.
  3. Admitting fault early and often. If you’ve done something wrong and it is recorded online, “hang a lantern on it” as quickly as possible. This is a phrase that Chris Matthews used in his book on political survival, Hardball. To summarize Matthews position, if you make a mistake and it goes public, admit to it as quickly as possible, take ownership of the wrongdoing and don’t lapse into the web of lies brought on by panic. Hang a lantern on it – expose it to the light, take your lumps and move on. In the end, what will bring Weiner down will likely not be his obscene tweets or explicit photos. Rather, it will be the fact that he blatantly lied about his posts. Had he come clean immediately, he would be judged as a person who made some mistakes just like the rest of us, not as a Congressman who deliberately mislead his constituents.

And there is a larger, more important lesson in all of this. In a world where your every action is subject to capture, publication and mass distribution, it’s far easier to be a moral, upstanding, well-adjusted individual than it is to attempt to hide a dysfunctional dark side. Ultimately, a bit of restraint, discretion and even therapy will be much cheaper than living a double life.

 

John Sileo speaks, writes and consults professionally on information leadership: managing the exposure of personal and corporate information. His clients include the Department of Defense, Pfizer, Homeland Security and Blue Cross. Learn more at www.ThinkLikeASpy.com or contact him directly on 1.800.258.8076. Expose yourself wisely.

5 Steps to Avoid Facebook Destruction in Business

, ,

How should my business balance the risks of social media with the rewards of this increasingly dominant and highly profitable marketing medium? That’s the very insightful question that a CEO asked me during a presentation I gave on information leadership for a Vistage CEO conference.

Think of your move into social media (Facebook/Fan/Business Pages, LinkedIn, Twitter, YouTube, etc.) like you would approach the task of helping your fifteen-year-old daughter prepare to drive on her own. You love her more than anything on earth and would do anything for her (just like you will go to great lengths grow your business), but that doesn’t mean you just hand her the keys. Trying to forbid or ignore the movement into social marketing is like telling your teen that they can’t get their license. It isn’t going to happen, so you might consider putting down the denial and controlling those pieces of change that are within your power. The task is to maximize the positives of her newly bestowed freedom while minimizing any negatives; the same is true in social media.

Here’s a simple plan to follow that will help keep you safe and productive:

  1. Understand the Risks & Rewards. Just like you need to know the risks of a teen driving (peer pressure, alcohol, inexperience, inferior equipment), you need to fully understand the risks of operating this powerful piece of equipment we call social media or social networking. Privacy Concerns: Users who fail to customize their Facebook privacy, security and sharing settings are giving away massive amounts of information to other Facebook users, Facebook Vendors (e.g., Farmville), Facebook itself and potentially competitors, thieves and social engineers. Over Exposure: You can share too much on Facebook, including posts, photos and videos that you later regret uploading. If done improperly or without thought, this can lead to increased risk of identity theft, reputation hijacking, burglary or fraud. Reputation Damage: AFLAC fired comedian Gilbert Godfrey as their spokesperson for making a negative comment about the insurance giant on his wall. How you and your employees use social media directly influences your reputation.  Account Takeover: Imagine a pornography crime-ring taking over your fan page for a day. It’s usually not this extreme of a case, but accounts are constantly being compromised and used for nefarious and illegal purposes (sending SPAM, peddling pornography, covering crimes). Just because there are risks doesn’t mean you abandon the medium. It means that you prepare for them, just like training your daughter to drive defensively, break properly on ice and make smart choices about who gets in the car.
  2. Define Your Destination. Many businesses that utilize social media don’t actually know why they are using it, other than it’s the thing to do. But using it effectively takes a huge time and knowledge investment, so make sure you define what you want to achieve before you invest. Are you there to make friends, to network, to increase visibility, reshape your reputation or improve customer service? Driving without a destination in mind might be fun, but it will ultimately get you nowhere.
  3. Choose the Right Equipment. Once you have defined your objective, you will have a better idea of which social medium to use (Facebook, Fan Page, Twitter, etc.). If your objective is to get your daughter safely from one place to another, you will choose a very different car than if you are trying to enhance her image with friends by buying a sports car. Trying to be part of every last social network means that you will use none of them effectively. Choose one or two platforms and take the time to perform the final two steps.
  4. Fasten Your Seat belt. An hour spent understanding and modifying the default privacy and security settings (which are very lax by default) on Facebook or another social site can save you and your organization tragic amounts of data loss and abuse. Our refusal as a society to take this simple, available step to protect our information is the equivalent of not fastening our seat belts while driving. Is it slightly inconvenient and a occasionally uncomfortable? Yes. Does it drastically increase your safety? Without question. With great power comes great responsibility, and we must start communicating that to others around us.
  5. Educate Your Driver. This knowledge, from awareness to customization, is only effective if it is passed on to others. You might know how to drive safely, but that doesn’t mean your daughter has picked it up by osmosis. The same is true inside of your organization; it’s not good enough for you do drive safely, the other members of the team must do the same – and not just for their own good, but because it also helps you be safe. After all, just like your daughter will ride in another teen’s car (and you want them to be well trained), your contacts will be handling your data in a social context (think of the picture of you at a St. Patrick’s Day party they consider posting) and need to know how to treat it.

There is nothing gained by ignoring or denying this social movement. It won’t be stopped and you will be part of it, either directly or indirectly. In turn, your business will be affected by how the employees and executives approach and even leverage the energy of social media. If you’re not out there educating your drivers, they are off doing it on their own anyway, seat belt-less and clueless.

John Sileo trains organizations on information leadership, including social media control, identity theft prevention and reputation management. His satisfied clients include the Department of Defense, FDIC, Pfizer and Homeland Security. To bring John in to speak to your organization, contact his staff on 800.258.8076 or watch him entertain audiences with vital content at www.ThinkLikeASpy.com.

Twitter Security Loophole Exposes Your Direct Messages

,
Direct messages sent through Twitter can be easily exposed, thanks to a loophole in Twitter’s API, according to Gary-Adam Shannon at Search Engine Watch Reports. When a user logs into another site using their Twitter user name and password, the site can gain access to the private messages, says Shannon. He goes into technical detail, but essentially it’s just a small hack.

Shannon recommends you don’t ever log in to a site (other than Twitter.com, obviously) using your Twitter user name and password. Another writer at Search Engine Watch recommends that users erase their Direct Messages after viewing them.  There has been no comment from Twitter, but we hope they are looking into the issue now that the problem has been made public.

Read more…

John Sileo is the award-winning author of Stolen Lives, Privacy Means Profit and the Facebook Safety Survival Guide. His professional speaking clients include the Department of Defense, the FTC, FDIC, Pfizer, Prudential and hundreds of other organizations that care about their information privacy. Contact him directly on 800.258.8076.

Has Twitter Peaked? Is Privacy Back?

Picture 25What began in early 2009 as a free ‘information network’ that offers users the ability to microblog may have already reached the top. A new CNN article discusses how the number of Twitter users has flattened out and even deccreased recently. In July 2009, the site had 21.2 million users which dropped to 19.9 users only 5 months later in December.

Some believe this slump is due to Twitter’s inability to keep up with its users and others are finding the site less and less useful. Perhaps people are less inclined to put so much personal information on the World Wide Web, knowing that everything you post is public, permanent and exploitable. Or maybe we’re just tired of seeing how boring the average person’s day is.

Click Here to read this entire article.

John Sileo became one of America’s leading Social Networking Speakers & Identity Theft Expert after he lost his business and more than $300,000 to identity theft and data breach. His clients include the Department of Defense, Pfizer and the FDIC. To learn more about having him speak at your next meeting or conference, contact him by email or on 800.258.8076.

Social Engineering: Scams that play on your Human Emotion

, ,

If it seems too good to be true, it probably is. Picture 12

That is the best way to Think Like A Spy and be alert of Social Engineers that are trying to manipulate you.  With such a gloomy economy and many people without work, offers for fast cash and huge discounts become more and more attractive. Most of these Identity Theft cases use the technique of Social Engineering.

Social Engineering is the act of manipulating people into performing actions or divulging confidential information by playing on their human emotions. The term typically applies to deception for the purpose of information gathering, fraud, or computer system access; in most cases the attacker never comes face-to-face with the victim. These days most thieves can nab your identity over the phone, mail, email, and through social networking sites such as Facebook and Twitter.

While some schemes scam you into giving out social security numbers, bank account numbers or other confidential identity pieces, others are as simple as a pickpocket distracting you emotionally while another thief steals your wallet or purse. Here are what a few of the most widely used savvy cyber attacks look like:

  • Phony charitable phishing scams, many of which are designed to look as if they come from real charities. Always enter in the exact URL for the Charity that you wish to donate to rather than clicking on a link.
  • Urgent email or text notices from your bank. They tell you to click on a link to access your account to fix an important, time sensitive problem. Don’t click on a link via email. Always type in the exact URL of your your bank or call the number on the back of your card. Nothing is that urgent.
  • Nigerian Email Scam. This scam has been around for decades in different versions and states that a wealthy foreigner needs help moving millions of dollars from his homeland and promises a hefty percentage for helping him. This scheme is designed to part you with your money. Once you send a check or bank account numbers you won’t see a dime in return and most victims report losing thousands and hundreds of thousands of dollars to this scam.
  • Notices via email, phone, or mail that announce that You Have Won the Lottery! The message usually claims that you will be paid a large sum of money after you pay them a small amount now. Although this is tempting, just say no. Legitimate lotteries don’t ask you pay anything after you have already won.
  • Facebook or Twitter distress messages from your friends. If you see a friend asking for money and you are considering helping them out, you should ALWAYS call that friend first. Make sure that their account hasn’t been hacked by a thief.
  • Malware-ridden E-cards. It is sad, but true that it is no longer safe to open E-cards. Many contain malware to attack your desktop and gain access to confidential information. Make sure you have updated virus software protection to notify you of viruses that come through emails or the Internet.
  • Make fast cash now! AKA: Make thousands a day working from home! All you have to do is send $50.00 for the starter kit. More often than not people will send their $50.00 and never receive anything in return. This scam has become more popular with our nations high unemployment rate.

These are only a few of the many variations of Identity Theft through Social Engineering. Since social engineering often plays on emotions, you should be careful not to get duped during a tragedy or commemorative event. This is when people are in a mood of giving and their emotions run high.  So remember to stop and think about the possible consequences of an offer that may just be too good to be true. Never be afraid to say no!

John Sileo became America’s leading Identity Theft Speaker & Expert after he lost his business and more than $300,000 to identity theft and data breach. His clients include the Department of Defense, Pfizer and the FDIC.  To learn more about having him speak at your next meeting or conference, contact him by email or on 800.258.8076