social media & cybersecurity in the workplace media & cybersecurity in the workplace...
TRANSCRIPT
![Page 1: Social Media & Cybersecurity in the Workplace Media & Cybersecurity in the Workplace November 4, ... United: Social media case study, presented by Lora O’Riordan and Karin Moan](https://reader033.vdocuments.us/reader033/viewer/2022051509/5ae63c637f8b9a6d4f8c77ec/html5/thumbnails/1.jpg)
Social Media & Cybersecurity in the Workplace
November 4, 2016 TSHHRAE 2016 Annual Conference
Kate Morris Attorney CIPP/US
![Page 2: Social Media & Cybersecurity in the Workplace Media & Cybersecurity in the Workplace November 4, ... United: Social media case study, presented by Lora O’Riordan and Karin Moan](https://reader033.vdocuments.us/reader033/viewer/2022051509/5ae63c637f8b9a6d4f8c77ec/html5/thumbnails/2.jpg)
2
Agenda
1. Rise of social media 2. Risks of social media use 3. Impact of social media on information security 4. Minimizing the risks
![Page 3: Social Media & Cybersecurity in the Workplace Media & Cybersecurity in the Workplace November 4, ... United: Social media case study, presented by Lora O’Riordan and Karin Moan](https://reader033.vdocuments.us/reader033/viewer/2022051509/5ae63c637f8b9a6d4f8c77ec/html5/thumbnails/3.jpg)
3 1. Rise of Social Media
https://cybermap.kaspersky.com/
![Page 4: Social Media & Cybersecurity in the Workplace Media & Cybersecurity in the Workplace November 4, ... United: Social media case study, presented by Lora O’Riordan and Karin Moan](https://reader033.vdocuments.us/reader033/viewer/2022051509/5ae63c637f8b9a6d4f8c77ec/html5/thumbnails/4.jpg)
4
Source: https://www.youtube.com/watch?v=N4znQDyz038
Social Media (v. 2016)
![Page 5: Social Media & Cybersecurity in the Workplace Media & Cybersecurity in the Workplace November 4, ... United: Social media case study, presented by Lora O’Riordan and Karin Moan](https://reader033.vdocuments.us/reader033/viewer/2022051509/5ae63c637f8b9a6d4f8c77ec/html5/thumbnails/5.jpg)
5
Want more statistics for 2016?: https://www.brandwatch.com/2016/03/96-amazing-social-media-statistics-and-facts-for-2016/
![Page 6: Social Media & Cybersecurity in the Workplace Media & Cybersecurity in the Workplace November 4, ... United: Social media case study, presented by Lora O’Riordan and Karin Moan](https://reader033.vdocuments.us/reader033/viewer/2022051509/5ae63c637f8b9a6d4f8c77ec/html5/thumbnails/6.jpg)
6 2. Risks of Social Media Use
https://cybermap.kaspersky.com/
![Page 7: Social Media & Cybersecurity in the Workplace Media & Cybersecurity in the Workplace November 4, ... United: Social media case study, presented by Lora O’Riordan and Karin Moan](https://reader033.vdocuments.us/reader033/viewer/2022051509/5ae63c637f8b9a6d4f8c77ec/html5/thumbnails/7.jpg)
7
Risks to Personal Information
Q: What is “Personally identifiable information?” A: Personally identifiable information (PII), as used in US privacy law, is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context.
![Page 8: Social Media & Cybersecurity in the Workplace Media & Cybersecurity in the Workplace November 4, ... United: Social media case study, presented by Lora O’Riordan and Karin Moan](https://reader033.vdocuments.us/reader033/viewer/2022051509/5ae63c637f8b9a6d4f8c77ec/html5/thumbnails/8.jpg)
8
This policy describes what information FB collects and how it is used and shared.
https://www.facebook.com/about/privacy/#
Kinds of Information FB collects:
• Things you do and information you provide • Information provided by others • Your network and connections • Your payment information • Your device information
![Page 13: Social Media & Cybersecurity in the Workplace Media & Cybersecurity in the Workplace November 4, ... United: Social media case study, presented by Lora O’Riordan and Karin Moan](https://reader033.vdocuments.us/reader033/viewer/2022051509/5ae63c637f8b9a6d4f8c77ec/html5/thumbnails/13.jpg)
13
https://www.facebook.com/about/privacy/#
![Page 14: Social Media & Cybersecurity in the Workplace Media & Cybersecurity in the Workplace November 4, ... United: Social media case study, presented by Lora O’Riordan and Karin Moan](https://reader033.vdocuments.us/reader033/viewer/2022051509/5ae63c637f8b9a6d4f8c77ec/html5/thumbnails/14.jpg)
14
![Page 15: Social Media & Cybersecurity in the Workplace Media & Cybersecurity in the Workplace November 4, ... United: Social media case study, presented by Lora O’Riordan and Karin Moan](https://reader033.vdocuments.us/reader033/viewer/2022051509/5ae63c637f8b9a6d4f8c77ec/html5/thumbnails/15.jpg)
15
Risks for Businesses
Reputational risk Operational risk Investment risk Legal/Compliance risk
![Page 16: Social Media & Cybersecurity in the Workplace Media & Cybersecurity in the Workplace November 4, ... United: Social media case study, presented by Lora O’Riordan and Karin Moan](https://reader033.vdocuments.us/reader033/viewer/2022051509/5ae63c637f8b9a6d4f8c77ec/html5/thumbnails/16.jpg)
16
Reputational Risk
Q: What is “reputational risk?” A: Risk arising from negative perception on the part of customers, counterparties, shareholders, investors or regulators that can adversely affect an organization’s ability to maintain existing, or establish new, business relationships and continued access to sources of funding.
![Page 17: Social Media & Cybersecurity in the Workplace Media & Cybersecurity in the Workplace November 4, ... United: Social media case study, presented by Lora O’Riordan and Karin Moan](https://reader033.vdocuments.us/reader033/viewer/2022051509/5ae63c637f8b9a6d4f8c77ec/html5/thumbnails/17.jpg)
17
![Page 18: Social Media & Cybersecurity in the Workplace Media & Cybersecurity in the Workplace November 4, ... United: Social media case study, presented by Lora O’Riordan and Karin Moan](https://reader033.vdocuments.us/reader033/viewer/2022051509/5ae63c637f8b9a6d4f8c77ec/html5/thumbnails/18.jpg)
18
Source: United: Social media case study, presented by Lora O’Riordan and Karin Moan - https://vimeo.com/98272378
![Page 19: Social Media & Cybersecurity in the Workplace Media & Cybersecurity in the Workplace November 4, ... United: Social media case study, presented by Lora O’Riordan and Karin Moan](https://reader033.vdocuments.us/reader033/viewer/2022051509/5ae63c637f8b9a6d4f8c77ec/html5/thumbnails/19.jpg)
19
![Page 20: Social Media & Cybersecurity in the Workplace Media & Cybersecurity in the Workplace November 4, ... United: Social media case study, presented by Lora O’Riordan and Karin Moan](https://reader033.vdocuments.us/reader033/viewer/2022051509/5ae63c637f8b9a6d4f8c77ec/html5/thumbnails/20.jpg)
20
A: An internal or external event causing a loss. • Strategic Risk – leveraging the full power of social media. • Market Risk –losses to investors. • Business Risk – losses when social media is misused.
• Employees sharing too much information • Loss of confidential/business sensitive information • Loss of employee productivity • Increased exposure to malware
Operational Risk
Q: What is “Operational Risk”?
![Page 21: Social Media & Cybersecurity in the Workplace Media & Cybersecurity in the Workplace November 4, ... United: Social media case study, presented by Lora O’Riordan and Karin Moan](https://reader033.vdocuments.us/reader033/viewer/2022051509/5ae63c637f8b9a6d4f8c77ec/html5/thumbnails/21.jpg)
21
![Page 22: Social Media & Cybersecurity in the Workplace Media & Cybersecurity in the Workplace November 4, ... United: Social media case study, presented by Lora O’Riordan and Karin Moan](https://reader033.vdocuments.us/reader033/viewer/2022051509/5ae63c637f8b9a6d4f8c77ec/html5/thumbnails/22.jpg)
22 Legal/Compliance Risks • International
• EU Privacy Shield • APEC Framework
• Federal Laws (enforced by DOJ, FTC, FCC, SEC, EEOC, NLRB) • Children’s Privacy (COPPA, CIPA) • Consumer Privacy (FTC Act, FCRA, ECPA, CAN-SPAM, VPPA, TCPA, JFPA) • Health Privacy (HIPAA, HITECH) • Educational Privacy (FERPA) • Financial Privacy (GLBA, Red-Flags Rule) • Law Enforcement (USA-Patriot Act, CALEA)
• State Law • Breach Notification Laws - 47 States (Ala, NM, SD), • Marketing laws • Data Security Laws (SSN, Data destruction) • California SB-1
• Guidelines • PCI-DSS; ISO 27001
• Company policies, Terms of Use, content ownership • Harassment, discrimination and defamation
https://www.ftc.gov/tips-advice/business-center/privacy-and-security
![Page 23: Social Media & Cybersecurity in the Workplace Media & Cybersecurity in the Workplace November 4, ... United: Social media case study, presented by Lora O’Riordan and Karin Moan](https://reader033.vdocuments.us/reader033/viewer/2022051509/5ae63c637f8b9a6d4f8c77ec/html5/thumbnails/23.jpg)
23 3. Impact of Social Media on Information Security
https://cybermap.kaspersky.com/
![Page 24: Social Media & Cybersecurity in the Workplace Media & Cybersecurity in the Workplace November 4, ... United: Social media case study, presented by Lora O’Riordan and Karin Moan](https://reader033.vdocuments.us/reader033/viewer/2022051509/5ae63c637f8b9a6d4f8c77ec/html5/thumbnails/24.jpg)
24 Who is the enemy?
![Page 25: Social Media & Cybersecurity in the Workplace Media & Cybersecurity in the Workplace November 4, ... United: Social media case study, presented by Lora O’Riordan and Karin Moan](https://reader033.vdocuments.us/reader033/viewer/2022051509/5ae63c637f8b9a6d4f8c77ec/html5/thumbnails/25.jpg)
25 Enemies
Source: State of Cybersecurity: Implications for 2015 - www.isaca.org/cyber/Documents/State-of-Cybersecurity_Res_Eng_0415.pdf
![Page 26: Social Media & Cybersecurity in the Workplace Media & Cybersecurity in the Workplace November 4, ... United: Social media case study, presented by Lora O’Riordan and Karin Moan](https://reader033.vdocuments.us/reader033/viewer/2022051509/5ae63c637f8b9a6d4f8c77ec/html5/thumbnails/26.jpg)
26 But the biggest threat to the security of a company could be….
YOU!
![Page 27: Social Media & Cybersecurity in the Workplace Media & Cybersecurity in the Workplace November 4, ... United: Social media case study, presented by Lora O’Riordan and Karin Moan](https://reader033.vdocuments.us/reader033/viewer/2022051509/5ae63c637f8b9a6d4f8c77ec/html5/thumbnails/27.jpg)
27
What are enemy schemes on social media?
• Social engineering • Phishing (spear phishing, smishing and vishing) • Ransomware • Malware, clickjacking, likejacking • Survey scams
![Page 28: Social Media & Cybersecurity in the Workplace Media & Cybersecurity in the Workplace November 4, ... United: Social media case study, presented by Lora O’Riordan and Karin Moan](https://reader033.vdocuments.us/reader033/viewer/2022051509/5ae63c637f8b9a6d4f8c77ec/html5/thumbnails/28.jpg)
28
Q: What is “Social Engineering”
Social Engineering
A: “Social engineering is an attack vector that relies heavily on human interaction and often involves tricking people into breaking normal security procedures.”
![Page 29: Social Media & Cybersecurity in the Workplace Media & Cybersecurity in the Workplace November 4, ... United: Social media case study, presented by Lora O’Riordan and Karin Moan](https://reader033.vdocuments.us/reader033/viewer/2022051509/5ae63c637f8b9a6d4f8c77ec/html5/thumbnails/29.jpg)
29
![Page 30: Social Media & Cybersecurity in the Workplace Media & Cybersecurity in the Workplace November 4, ... United: Social media case study, presented by Lora O’Riordan and Karin Moan](https://reader033.vdocuments.us/reader033/viewer/2022051509/5ae63c637f8b9a6d4f8c77ec/html5/thumbnails/30.jpg)
30
Phishing
Characteristics: • Phishing attacks seek PII; • Tend to use shortened URLs or
embedded links; • usually attempt to get the user to
act immediately.
Q: What is “Phishing?” A: Phishing is a type of social engineering attack used to gain personal information for purposes of identity theft, using fraudulent e-mails and messages.
![Page 31: Social Media & Cybersecurity in the Workplace Media & Cybersecurity in the Workplace November 4, ... United: Social media case study, presented by Lora O’Riordan and Karin Moan](https://reader033.vdocuments.us/reader033/viewer/2022051509/5ae63c637f8b9a6d4f8c77ec/html5/thumbnails/31.jpg)
31
![Page 32: Social Media & Cybersecurity in the Workplace Media & Cybersecurity in the Workplace November 4, ... United: Social media case study, presented by Lora O’Riordan and Karin Moan](https://reader033.vdocuments.us/reader033/viewer/2022051509/5ae63c637f8b9a6d4f8c77ec/html5/thumbnails/32.jpg)
32
![Page 33: Social Media & Cybersecurity in the Workplace Media & Cybersecurity in the Workplace November 4, ... United: Social media case study, presented by Lora O’Riordan and Karin Moan](https://reader033.vdocuments.us/reader033/viewer/2022051509/5ae63c637f8b9a6d4f8c77ec/html5/thumbnails/33.jpg)
33
Other Kinds of Phishing Spear Phishing – A more targeted version of Phishing, conducted by sending emails to a group known to have a particular relationship. Smishing – Phishing through text messages “Urgent! Your Bank of America Debit Card has been compromised call 555-1212 immediately to verify your information. Vishing – Robocalling with the urgent message to enter confidential information like a debit card and PIN.
![Page 34: Social Media & Cybersecurity in the Workplace Media & Cybersecurity in the Workplace November 4, ... United: Social media case study, presented by Lora O’Riordan and Karin Moan](https://reader033.vdocuments.us/reader033/viewer/2022051509/5ae63c637f8b9a6d4f8c77ec/html5/thumbnails/34.jpg)
34
Ransomware
Source: https://www.fbi.gov/news/stories/2015/january/ransomware-on-the-rise (includes latest threats and tips for prevention)
![Page 35: Social Media & Cybersecurity in the Workplace Media & Cybersecurity in the Workplace November 4, ... United: Social media case study, presented by Lora O’Riordan and Karin Moan](https://reader033.vdocuments.us/reader033/viewer/2022051509/5ae63c637f8b9a6d4f8c77ec/html5/thumbnails/35.jpg)
35
Malware
Q: What is “Malware?” A: “Malware” is short for “malicious software” - computer programs designed to infiltrate and damage computers without the users consent. "Somebody just put up these pictures of
you drunk at this wild party! Check ‘em out here!“
"During our regular verification of accounts, we couldn't verify your information. Please click here to update and verify your information.”
"We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below and confirm your identity."
![Page 36: Social Media & Cybersecurity in the Workplace Media & Cybersecurity in the Workplace November 4, ... United: Social media case study, presented by Lora O’Riordan and Karin Moan](https://reader033.vdocuments.us/reader033/viewer/2022051509/5ae63c637f8b9a6d4f8c77ec/html5/thumbnails/36.jpg)
36
![Page 37: Social Media & Cybersecurity in the Workplace Media & Cybersecurity in the Workplace November 4, ... United: Social media case study, presented by Lora O’Riordan and Karin Moan](https://reader033.vdocuments.us/reader033/viewer/2022051509/5ae63c637f8b9a6d4f8c77ec/html5/thumbnails/37.jpg)
37
Scams
![Page 38: Social Media & Cybersecurity in the Workplace Media & Cybersecurity in the Workplace November 4, ... United: Social media case study, presented by Lora O’Riordan and Karin Moan](https://reader033.vdocuments.us/reader033/viewer/2022051509/5ae63c637f8b9a6d4f8c77ec/html5/thumbnails/38.jpg)
38
The Facebook Color Changer
![Page 39: Social Media & Cybersecurity in the Workplace Media & Cybersecurity in the Workplace November 4, ... United: Social media case study, presented by Lora O’Riordan and Karin Moan](https://reader033.vdocuments.us/reader033/viewer/2022051509/5ae63c637f8b9a6d4f8c77ec/html5/thumbnails/39.jpg)
39
The Exploit Video Scam
![Page 40: Social Media & Cybersecurity in the Workplace Media & Cybersecurity in the Workplace November 4, ... United: Social media case study, presented by Lora O’Riordan and Karin Moan](https://reader033.vdocuments.us/reader033/viewer/2022051509/5ae63c637f8b9a6d4f8c77ec/html5/thumbnails/40.jpg)
40
Twitter Instant Follower Scam
![Page 41: Social Media & Cybersecurity in the Workplace Media & Cybersecurity in the Workplace November 4, ... United: Social media case study, presented by Lora O’Riordan and Karin Moan](https://reader033.vdocuments.us/reader033/viewer/2022051509/5ae63c637f8b9a6d4f8c77ec/html5/thumbnails/41.jpg)
41
“OMG! You did something” Bait Scam
![Page 42: Social Media & Cybersecurity in the Workplace Media & Cybersecurity in the Workplace November 4, ... United: Social media case study, presented by Lora O’Riordan and Karin Moan](https://reader033.vdocuments.us/reader033/viewer/2022051509/5ae63c637f8b9a6d4f8c77ec/html5/thumbnails/42.jpg)
42
The “Look Who is Viewing your Profile” Scam
![Page 43: Social Media & Cybersecurity in the Workplace Media & Cybersecurity in the Workplace November 4, ... United: Social media case study, presented by Lora O’Riordan and Karin Moan](https://reader033.vdocuments.us/reader033/viewer/2022051509/5ae63c637f8b9a6d4f8c77ec/html5/thumbnails/43.jpg)
43
Bogus Pinterest Pin Scam
![Page 44: Social Media & Cybersecurity in the Workplace Media & Cybersecurity in the Workplace November 4, ... United: Social media case study, presented by Lora O’Riordan and Karin Moan](https://reader033.vdocuments.us/reader033/viewer/2022051509/5ae63c637f8b9a6d4f8c77ec/html5/thumbnails/44.jpg)
44 4. Minimizing the Risks of Social Media
https://cybermap.kaspersky.com/
![Page 45: Social Media & Cybersecurity in the Workplace Media & Cybersecurity in the Workplace November 4, ... United: Social media case study, presented by Lora O’Riordan and Karin Moan](https://reader033.vdocuments.us/reader033/viewer/2022051509/5ae63c637f8b9a6d4f8c77ec/html5/thumbnails/45.jpg)
45
How do accounts get hacked? How to prevent hacking on social media?
Public Wi-Fi
• Don’t use unsecured wireless networks. • Use a personal hotspot
Password exposed
Keep passwords private: • Do share your passwords. • Use strong passwords or passphrases • Use two-factor authentication. • Consider using a password manager (i.e. Last Pass)
Social Engineering Phishing Spear Phishing
• Don’t open files, click on links, or download programs sent by strangers.
• Don’t electronically transmit personal information. • Learn your company’s policy for reporting suspicious
messages and emails. • Report suspicious messages.
Malware / Scams • Don’t click on shortened URLs. • Install and automatically update security software. • Use a pop-use blocker – don’t click on popups • Use at least a medium browser security setting.
Oversharing. • Don’t overshare on social networking sites
![Page 46: Social Media & Cybersecurity in the Workplace Media & Cybersecurity in the Workplace November 4, ... United: Social media case study, presented by Lora O’Riordan and Karin Moan](https://reader033.vdocuments.us/reader033/viewer/2022051509/5ae63c637f8b9a6d4f8c77ec/html5/thumbnails/46.jpg)
46
![Page 47: Social Media & Cybersecurity in the Workplace Media & Cybersecurity in the Workplace November 4, ... United: Social media case study, presented by Lora O’Riordan and Karin Moan](https://reader033.vdocuments.us/reader033/viewer/2022051509/5ae63c637f8b9a6d4f8c77ec/html5/thumbnails/47.jpg)
47
• Coordination and communication between departments – IT, HR, Legal, Business units, and outside counsel (privilege!)
• Enterprise-wide physical, technical and administrative controls. • Develop a compliance work plan
– Policies, Codes of Conduct – Training – Incident Response Plan – Review and update regularly – Review with outside counsel
• Monitor compliance
Security Plan
![Page 48: Social Media & Cybersecurity in the Workplace Media & Cybersecurity in the Workplace November 4, ... United: Social media case study, presented by Lora O’Riordan and Karin Moan](https://reader033.vdocuments.us/reader033/viewer/2022051509/5ae63c637f8b9a6d4f8c77ec/html5/thumbnails/48.jpg)
48
Additional References General https://staysafeonline.org/stay-safe-online/protect-your-personalinformation/social-networks http://lancasteronline.com/features/how-it-s-done-internet-quizzes-maycollect-more-than/article_c58e438a-9b2b-11e3-8304-001a4bcf6878.html http://www.cnet.com/how-to/how-to-enable-two-factor-authentication-onpopular-sites/ Social Media Account Identity Theft http://www.idtheftcenter.org/Fact-Sheets/fs-138.html http://www.utica.edu/academic/institutes/cimip/idcrimes/schemes.cfm Social Network Site Security https://help.linkedin.com/app/answers/detail/a_id/267/~/account-security-andprivacy---best-practices https://www.facebook.com/help/379220725465972 https://support.twitter.com/articles/76036 https://security.google.com/settings/security/secureaccount (security checkup)
![Page 49: Social Media & Cybersecurity in the Workplace Media & Cybersecurity in the Workplace November 4, ... United: Social media case study, presented by Lora O’Riordan and Karin Moan](https://reader033.vdocuments.us/reader033/viewer/2022051509/5ae63c637f8b9a6d4f8c77ec/html5/thumbnails/49.jpg)
49
Kate Morris, Esq., CIPP/US PRIVACY, INTERNET & TECHNOLOGY LAW
901 Main Street, Suite 6000 Dallas, TX 75202 [email protected] Tel: 214.651.2043
https://www.linkedin.com/in/kathrynemmorris/
http://www.strasburger.com/blogs/intellectual-property-law/