This document discusses cyber security issues related to social media and personal information online. It notes that the amount of data created annually has grown exponentially and this data can remain online for years. Both personal profiles created by individuals and those created about people by others shape their online reputation. The document warns that employers, insurers, and other parties increasingly check social media and that anonymity online allows false posts that can damage credibility. Various risks of oversharing personal information are outlined, as are strategies to monitor and control one's online profile and reputation.
8. • Amount of data created, captured, and replicated in
2007 was 281 exabytes (281,000,000,000 GB)
• In 2011 there will be nearly 1,800 exabytes of information
created
• In 2012 we created more data than in the last 5000 years
11. • Your "online profile" is the sum of online content about you
that you've created and content about you created by
others. Items include: emails, videos, posts on social networks,
someone posting a picture or comments about you on a
social network or website, credit, financial, and medical
information.
• Your "online reputation" is the image created of you through
information you or others shared online in blogs, posts,
pictures, tweets, and videos.
12. • The use of social media outside of personal lives has
increased and continues to increase
• Concern that potential employers will misconstrue what is
seen
• Used for monitoring current employees
• Used for screening job applicants
• Employees see it as a good way to “get to know” the applicant
14. • Employers are increasingly using
social media for background
checks.
• Insurance companies use social
media to look for fraud.
• Spies use social media to look for
informants.
15. • Do you have control of what is
posted?
• Not all fame is good!
• People use anonymity to post
stuff about others!
• Embarrassment, loss of credibility
Rev2/28/2011
16. • Would you invite a
stranger into your
house to look at your
children's photo
album?
• Public v. Private
• Aggregate
information sources
could give someone
more information
than intended.
19. Bad guys can exploit
your use of social media
to infect your computer
with malware
20. • Do I have control of what is
posted about me?
• Look yourself up!
• Even if you are not on the web,
you may be on the web!
• Do what you can to control
what is out there.
• What is your social relevancy
(Reputation)?
• Setup alerts and monitor what is
posted about you.
• Public records on the web…
21.
22. If you own a business or are
self-employed:
• Have you looked to see what
is posted about you?
• Do you monitor for
comments or ratings?
• How do you address
complaints?
• Do you monitor for brand-jacking?
http://knowem.com/
29. Information, once on the Internet, can be there for
years, even if the service claims it is gone
Don’t post anything you wouldn’t want seen by
everyone
30.
31.
32.
33.
34.
35.
36.
37.
38. • "Cyberbullying" happens when a child, preteen, or teen is
tormented, threatened, harassed, humiliated,
embarrassed or otherwise targeted by another child,
preteen, or teen using the Internet, interactive and digital
technologies, or mobile phones
• Examples of cyberbullying include, mean text messages or
emails, rumors sent by email or posted on social
networking sites, and embarrassing pictures, videos,
websites, or fake profiles.
• http://www.stopbullying.gov
39.
40. • In extreme cases,
some children have
committed suicide
• Distracts from
academics
• Increases risk of
depression
• Hurts self-esteem
Megan Meier
Ryan Halligan
Hope Witsell
Tyler Clementi
Ty Smalley
Jesse Logan
41. Virtually You: The
Dangerous Powers of the
E-Personality
Elias Aboujaoude
42.
43.
44.
45.
46. • Why does someone want
your personal information?
• In an information age,
information becomes a
commodity
• Information has a value
• Some information has a
greater value
• Your personal information is
potentially worth more than
you think
47. • Personally Identifiable Information
• Name and account number
• Name and social security number
• Name and address
• Credit Card Number
• Where you might find it
• Tax files
• Account Statements
• Records (Medical, Public and other)
• Businesses you do business with
48.
49.
50.
51. • “Identity fraud," consists mainly of someone making
unauthorized charges to your credit card.
• “Identity theft,” is when someone gathers your personal
information and assumes your identity as their own.
"Identify theft is one of the fastest growing
crimes in the US."
John Ashcroft
79th US Attorney General
52. • March 20th 2001, MSNBC reported the first identity
theft case to gain widespread public attention
• Thief assumed the identities of Oprah Winfrey and
Martha Stewart, took out new credit cards in their
names, and accessed their bank accounts
• Stole more than $7 million from 200 of the world’s
super rich - Warren Buffet and George Soros, tech
tycoons Paul Allen and Larry Ellison
• Used a library computer, public records, a cell
phone, a fax machine, a PO Box, and a copy of
Forbes Richest People
• 32-year-old Abraham Abdallah was described as
“a high school dropout, a New York City busboy, a
pudgy, disheveled, career petty criminal.”
53. • PII exposed by others (Data Breaches)
• PII exposed by ourselves (online & others)
• Malware (Spyware, Viruses, etc…)
• Social Engineering
• Phone
• Internet (Phishing, social websites etc…)
• In Person (at your door, in a restaurant etc…)
• Physical theft
• Mail box
• Trash (Dumpster diving)
• ATMs (skimming)
• Home break-ins
59. TOP MERCHANT GROUPS
RESTAURANTS
GAS
HOTELS
CAR RENTALS
ALL OTHER
SOURCE: CALIFORNIA RESTAURANT ASSOCIATION, VISA USA, UNITED STATES SECRET SERVICE
60. BY MERCHANT LOCATIONS
CALIFORNIA
FLORIDA
NEW YORK
NEW JERSEY
TEXAS
MEXICO
ILLINOIS
ALL OTHER
SOURCE: CALIFORNIA RESTAURANT ASSOCIATION, VISA USA, UNITED STATES SECRET SERVICE
61. “The federal government is the
biggest offender.”
Paul Stephens
Privacy Rights Clearinghouse
62. • Information is sold on the
Black Market
• Sometimes the information is
traded for drugs
• Used to fund terrorist
operations
63.
64.
65. • Used to ‘share’ computer
files
• Legal issues with copyright
• Malware issues
• Privacy issues, do you know
what you are sharing?
66. • Malware (Viruses, Worms, Spyware,
etc…)
• 1999 Melissa, Kevin Mitnick,
• 2000 Mafiaboy, DoS Assault,
• 2001 Code Red, Nimda,
• 2002 Root Rot, Slapper,
• 2003 SQL Slammer,
• 2004 MyDoom, BerBew,
• 2005 Samy (MySpace),
• 2007 Storm Worm, Botnets, etc..
• 2102 Advanced Persistent Threat APT
Malware has cost trillions
of dollars in the last
decade
67. • In the past, they were primarily destructive
• Today, they focus on stealing information
• Or using your computer as a Bot (Zombie) to send out SPAM
or attack other systems
68.
69. • Oldest trick in the book, there
are examples in the 1500s
• One particular fraud is called
the “Nigerian 419” scam or
“Advanced Fee Fraud”
• Started as a letter, then it
showed up in faxes and now
it is sent by email.
• The message contains many
variations on the story
Rev2/28/2011
http://www.secretservice.gov/fraud_email_advisory.shtml
78. Albert Gonzalez, 28
With accomplices, he was involved in of most of the major data breaches: Heartland, Hannaford
Bros., 7-Eleven, T.J. Maxx, Marshalls, BJ’s Wholesale Club, OfficeMax, Barnes & Noble, Sports
Authority, Dave & Busters, Boston Market, Forever 21, DSW, and others.
79.
80. • 70% from external agents
• 48% caused by insiders
• 11% implicated business partners
• 27% involved multiple parties
81. • Data Breach
• Lack of security on the part of
businesses
• Organizations may post information
online
• Loss of a laptop, hard drive, or
paper work
• Data loss by a third party
• Hacker (Organized Crime & Nation
State)
• Organizations may break into your
computer