San Diego Industrial Counterintelligence Working Group

San Diego, CA20 June 2012

Social Networking Best Practices

This document is intended solely for the use and information of the client to whom it is addressed.

2

Table Of Contents

What is Social Networking?

Why Do We Engage in Social Network?

The Vulnerabilities of Social Networking

Social Networking Best Practices

San Diego Industrial Counterintelligence Working Group

3

Social Networking

Social Networking Sites (SNS) allow people to network, interact and collaborate to share information, data and ideas without geographic boundaries

San Diego Industrial Counterintelligence Working Group

4

Why Do We Use Social Networking?

Easy to keep in contact with family and friends

Meet new people

Networking

Centralized location to share information

Marketing efforts

Gather ideas and receive feedback

Promote products and services

San Diego Industrial Counterintelligence Working Group

5

The Vulnerabilities of Social Networking

Unsecured communications

Not everyone is who they say they are– Adversaries such as thieves, stalkers, hackers and terrorist use social networking as well

A Virtual Dumpster of Information– Excellent tool to use for social engineering– Good source for data aggregation

Lack of attention to security settings

San Diego Industrial Counterintelligence Working Group

6

The Vulnerabilities of Social Networking

The user

Mobile Applications– Geotagging photos– Providing current geographical location

Sharing too much information

San Diego Industrial Counterintelligence Working Group

7

Social Networking Best Practices

Use caution when sharing feelings– Your feelings could increase your risk of being approached or targeted

Update your security settings– Only allow users you trust access to your information– Restrict what other users can do with your information– Naval OPSEC Support Team (NOST) updates Facebook Security settings on a quarterly basis– www.slideshare.net/NavalOPSEC/

Know who you are allowing access to your account– Billy, who you have not seen since high school, and rarely socialized may not be someone

you allow into your social network– Don’t accept all access requests, verify each request

How do they know you?Is this person a friend of a friend?

San Diego Industrial Counterintelligence Working Group

8

Social Networking Best Practices

Do not use known information for your “Forgot Password” challenge questions– Use fake information as challenge answers

Do not post sensitive information that could relate to your job– Ex. Just finished a client meeting with PMW 130– A quick Google search of PMW 130 reveals that you work in the cyber security field and

may have access to sensitive network security plans

Be aware of what your friends are posting about you

Parents should closely monitor their children's use of social media

Verify all requests before accepting

San Diego Industrial Counterintelligence Working Group

9

Social Networking Best Practices

Beware of applications and plugins from third party vendors

Do not disclose your, or anyone else’s, security clearance level

Do not provide location or travel information when traveling

Always assume that whatever you post on the internet will be there FOREVER

San Diego Industrial Counterintelligence Working Group

10

Social Networking Best Practices

Don’t post Personally Identifiable Information– Address– Phone Numbers

Before posting information to the Internet think to yourself– Would this information be of use to an adversary?– Can any additional information be gleaned from my post?– Am I putting anyone in danger by posting this?

Review all User Agreements– Once you post something on a site it belongs to the site– Many social networks sell your information

San Diego Industrial Counterintelligence Working Group

11

Questions

San Diego Industrial Counterintelligence Working Group