Contributed by: Ben Woelk, Policy and Awareness Analyst, Information Security Office, RIT
Did you know you’re a target every time you go online? Did you know that cyber criminals are targeting social networking sites? Do you know how to recognize a phishing attempt? Following these tips will help make your use of social networking sites safer. While there’s no way to guarantee that social networking sites are safe, following these tips will help make your use of them safer.
Tip #1: Use strong passwords/passphrases.
It’s important to use strong passwords because automated “cracking” programs can break weak passwords in minutes. At a minimum, you should follow the RIT Password Security Standard, with a minimum of 8 characters, mixing upper and lower case letters and numbers. Many websites also allow the use of longer passwords and special characters. Incorporating special characters into your password will make them more difficult to crack. You’ll also want to use different passwords on different accounts. Using a password safe such as LastPass will help you manage these passwords by generating strong passwords and then supplying them when needed.
Tip #2: Keep up to date.
Attackers take advantage of vulnerabilities in software in order to place malware on your computers. Keeping up to date with patches/updates helps thwart attackers from using “exploits” to attack known vulnerabilities. It’s important to keep both your Operating System (Windows, Mac OS, Linux, etc.) and your applications (Microsoft Office, Adobe, QuickTime) patched.
Tip #3: Use security software.
It’s a good practice to follow the requirements of the RIT Desktop and Portable Computer Security Standard on personally-owned computers as well as RIT computers. Among other elements, the standard requires use of a firewall, antivirus, and anti-spyware programs. Many security suites contain all of the elements needed to protect your computer. (Your Internet Service Provider may also provide security software.)
Tip #4: Learn to recognize phishing attacks.
You’ve all seen phishing attacks. They’re typically emails that appear to come from a financial institution that ask you to verify information by providing your username and password. Never respond to these requests. Your financial institution should not need your password.
Tip #5: Think before you post.
Don’t post personal information (contact info, class schedule, residence, etc.), as a talented hacker can see this even if you’ve restricted your privacy settings! Don’t post potentially embarrassing or compromising photos. Be aware of what photos you’re being “tagged” in—don’t hesitate to ask others to remove photographs of you from their pages.
Regarding placing of RIT Private or Confidential Information on social networking/media sites, the RIT Information Access and Protection Standard forbids storage of Private or Confidential Information on social networking/media sites that are not administered by RIT. Please use discretion when considering placing Internal Information on these sites.
Tip #6: Remember who else is online.
Did you know that most employers “Google” prospective employees? Have you seen the stories of people’s homes being burglarized because they’ve posted their vacation plans online? Many people other than your friends use these sites.
Tip #7: Be wary of others.
You can’t really tell who’s using a social network account. If you use Facebook, you’ve certainly seen posts by your “friends” whose accounts have been compromised. Don’t feel like you have to accept every friend request, especially if you don’t know the person.
Tip #8: Search for your name.
Have you ever done a “vanity search?” Put your name in a search engine and see what it finds. Did you know that Google allows you to set up an Alert that will monitor when your name appears online? Setting this up with daily notifications will help you see where your name appears.
Tip #9: Guard your personal information.
Using information you share, identity thieves can put together a profile to help them impersonate you. Be especially careful of Facebook applications. They may collect information that they sell to marketing companies and their databases could be compromised. Do they really need the information they’re requesting?
Tip #10: Use privacy settings.
Default settings in most social networks are set to share all information. Adjust the social network’s privacy settings to help protect your identity. Show "limited friends," a cut-down version of your profile. Choose the strongest privacy settings and then “open” them only if needed.