This week’s theme for National Cyber Security Awareness Month is about connected communities. Social media sites such as Facebook, LinkedIn, Twitter and Instagram allow users to communicate and share information and events with friends, family, co-workers and others. As you connect to these types of sites it is critical to be aware of the potential privacy and security issues that could surface without proper safeguards and knowledge of application privacy settings, encryption, strong passwords, two-factor authentication, and phishing schemes.
Most popular social media sites provide the ability for a user to modify their privacy settings. These privacy settings are the key to who is allowed to see the information, pictures and events posted on the site. For example, in Facebook, the privacy settings are found in the upper right corner of the interface by selecting “settings” and then privacy. Here you can determine who will see your posts along with the timeline for viewing those posts. You can also control photos that may have been tagged by someone. Before you start posting and using the social media sites, be sure you understand and set the privacy settings appropriately.
Don’t share private information on social media sites. Many hackers use social engineering techniques to gather information from you from multiple social media sites. Private information such as birth dates, social security numbers, children’s names, banking locations, and even pet names can be used to guess passwords and other information to gain access to financial or other sensitive accounts.
When logging on to any account, be sure you are using strong passwords or two-factor authentication. Strong passwords consist of numbers, symbols and mix of upper and lower case letters. Longer passwords are also more difficult to guess than shorter passwords. Two-factor authentication adds an additional layer of security by requiring two-forms of identification to access the system. For example, if you participate in Google’s two-step verification process you will be asked for your password and then for an additional piece information such as a code sent to you via text. Also, be sure the data being sent between your computer or mobile device and the web site or server is secure. HTTPS should be the default connection when accessing any accounts on remote machines.
Finally, be sure you carefully review hyperlinks provided to you in an email before you click on the link. Phishing schemes attempt to steal your account information by pretending to be your bank or another vendor and request you to login or reset a password. These emails can be quite convincing so have your IT or security expert review the email before you provide any information. These schemes have been around for quite some time and some people still fall victim to this scam.
In summary, use computer security best practices when connecting to any sites. Hackers love easy targets who share all of their private information on social web sites and use simple passwords. Don’t make their job easy. Always work to protect yourself while you are connected.
Dr. James Robertson is a collegiate professor and Chair for Computer Science and the Software Development and Security programs in the undergraduate school at UMUC. Prior to joining UMUC, he worked as a Principle consultant for the Oracle corporation. Dr. Robertson has more than 20 years of technical, engineering, and information systems experience with progressively increasing responsibilities in the areas of education administration, software development, application security testing, database design and development, modeling and simulation, and data mining. He has designed and developed secure software, algorithms, and techniques for image and signal processing in federal, health and commercial industries within all phases of software life cycle.