12 Days to a Safe Christmas: Day 5 – Don’t Tell Facebook You Won’t Be Home for the Holidays

Holiday Security Tips: On the fifth day of Christmas, the experts gave to me, 5 Facebook fixes

In general, we share too much information on social media sites. During the holidays, we are positively intoxicated with the giving spirit! Without thinking, we share our holiday travel plans, click on seemingly charitable links or post pictures of a fun night out. And when you share with friends on Facebook, you are sharing with their friends and ultimately, most of the literate world. The problem is, some of those people aren’t really friends and only want to separate you from your holiday dollars.

Solution:  Apply these five fixes to ALL of your social sharing (not just Facebook)

  1. Customize your privacy settings. Sixty percent of social network users are unaware that their default privacy settings let others into most of their personal information. Facebook does a decent job of explaining how to lock your privacy down( but you must spend at least 90 minutes going over the settings to properly protect yourself.
  2. Protect your passwords. Don’t let the bad guys take over your account and contact your friends as if they were you. Create a unique, strong, alpha-numeric-symbol password without using a dictionary word, birthdate, pet’s name or other personal identifier. Use this password only for a single site and don’t share it with anyone. Be careful of using your Facebook login for other sites, as those sites gain access to your private information.
  3. Log into Facebook only ONCE each session. If it looks like Facebook is asking you to log in a second time, skip the links and directly type into your browser address bar. Phishing emails and social media posts will often send you to sites that look like Facebook but act like a data criminal. When in doubt, log out.
  4. Beware of free offers, big discounts and requests for charity (even if they come from your friends). If the offer in the post is too enticing, too good to be true or too bad to be real, don’t click. Chances are pretty good that your friend’s account has been hijacked and the hacker is serving you a warm dish of malware. If the post is out of character for that friend, email them and ask if it’s real.
  5. Don’t check in when you aren’t home and don’t post your travel plans. Based on social media feeds and locational check-in services alone (Foursquare), it is simple to map your whereabouts and signal thieves when you aren’t home. If you have to let friends know where you are during the holidays, send a group text or email.

No matter if you’re headin’ home for the holidays or off to Whoville, remember to post your pictures and tell those tales AFTER you’re safely home. On the sixth day of Christmas…

To review our tips from previous days, click here.

About Cybersecurity Keynote Speaker John Sileo

John Sileo is the founder and CEO of The Sileo Group, a cybersecurity think tank, in Lakewood, Colorado, and an award-winning author, keynote speaker and expert on technology, cybersecurity, and tech/life balance. He energizes conferences, corporate trainings and main-stage events by making security fun and engaging. His clients include the Pentagon, Schwab, and organizations of all sizes. John got started in cybersecurity when he lost everything, including his $2 million business, to cybercrime. Since then, he has shared his experiences on 60 Minutes, Anderson Cooper, and even while cooking meatballs with Rachel Ray. Contact John directly to see how he can customize his presentations to your audience.

Some Simple Steps to Social Media Privacy

When was the last time you checked your privacy settings on your social media profiles? Being aware of the information you share is a critical step in securing your online identity. Below we’ve outlined some of the top social media sites and what you can do today to help keep your personal information safe.

FACEBOOK Social Media Privacy

Click the padlock icon in the upper right corner of Facebook, and run a Privacy
Checkup. This will walk you through three simple steps:

  • Who you share status updates with
  • A list of the apps that are connected to your Facebook page
  • How personal information from your profile is shared.

As a rule of thumb, we recommend your Facebook Privacy setting be set to “Friends Only” to avoid sharing your information with strangers. You can confirm that all of your future posts will be visible to “Friends Only” by reselecting the padlock and clicking “Who can see my stuff?” then select “What do other people see on my timeline” and review the differences between your public and friends only profile. Oh, and don’t post anything stupid!

TWITTER Social Media Privacy

Click on your profile picture. Select settings. From here you will see about 15 areas on the left-hand side. It’s worth it to take the time to go through each of them and select what works for you. We especially recommend spending time in the “Security and Privacy” section where you should:

  • Enable login verification. Yes, it’s an extra step to access your account, but it provides increased protection against unauthorized access of your account.
  • Require personal information whenever a password reset request is made. It’s not foolproof, but this setting will at least force a hacker to find out your associated email address or phone number if they attempt to reset your password.
  • Determine how private you want your tweets to be. You can limit who (if anybody) is allowed to tag you in photos and limit your posts to just those you follow.
  • Turn off the option called “Add a location to my Tweets”.
  • Uncheck the options that allow others to find you via email address or phone number.
  • Finally, go to the Apps section and check out which third-party apps you’ve allowed access to your Twitter account (and in some cases, post on your behalf) and revoke access to anything that seems unfamiliar or anything that you know you don’t use anymore.

Oh, and don’t post anything stupid!

INSTAGRAM Social Media Privacy

The default setting on Instagram is public, which means that anyone can see the pictures you post. If you don’t want to share your private photos with everyone, you can easily make your Instagram account private by following the steps below. NOTE: you must use your smartphone to change your profile settings; it does not work from the website.

  • Tap on your profile icon (picture of person), then the gear icon* to the right of your name.
  • Select Private Account. Now only people you approve can see your photos and videos.
  • Spend some time considering which linked accounts you want to keep and who can push notifications to you.

*Icons differ slightly depending on your smartphone. Visit the Instagram site for specifics and for more in depth controls.

Oh, and don’t post anything stupid!

SNAPCHAT Social Media Privacy

Snapchat’s settings are really basic, but there’s one setting that can help a lot: If you don’t want just anybody sending you photos or videos, make sure you’re using the default setting to only accept incoming pictures from “My Friends.”  By default, only users you add to your friends list can send you Snaps. If a Snapchatter you haven’t added as a friend tries to send you a Snap, you’ll receive a notification that they added you, but you will not receive the Snap they sent unless you add them to your friends list.  Here are some other easy tips for this site:

  • If you want to change who can send you snaps or view your story, click the snapchat icon and then the gear (settings) icon in the top right hand corner. Scroll down to the “Who can…” section and make your selections.
  • Like all services, make sure you have a strong and unique password.
  • Remember, there are ways to do a screen capture to save and recover images, so no one should develop a false sense of “security” about that.

In other words, (all together now) don’t post anything stupid!

A Final Tip: The privacy settings for social media sites change frequently. Check in at least once a month to ensure your privacy settings are still as secure as possible and no changes have been made.

John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

Twitter Security Loophole Exposes Your Direct Messages

Direct messages sent through Twitter can be easily exposed, thanks to a loophole in Twitter’s API, according to Gary-Adam Shannon at Search Engine Watch Reports. When a user logs into another site using their Twitter user name and password, the site can gain access to the private messages, says Shannon. He goes into technical detail, but essentially it’s just a small hack.

Shannon recommends you don’t ever log in to a site (other than, obviously) using your Twitter user name and password. Another writer at Search Engine Watch recommends that users erase their Direct Messages after viewing them.  There has been no comment from Twitter, but we hope they are looking into the issue now that the problem has been made public.

Read more…

John Sileo is the award-winning author of Stolen Lives, Privacy Means Profit and the Facebook Safety Survival Guide. His professional speaking clients include the Department of Defense, the FTC, FDIC, Pfizer, Prudential and hundreds of other organizations that care about their information privacy. Contact him directly on 800.258.8076.

Privacy, Social Media, Technology and the Law

Picture 6Can the Law keep up with technology?

CNN has a new article that addresses this growing issue. Cases are continuing to pop up based on an offense or crime committed in cyberspace. Five years ago suing someone for allegedly slamming you on Twitter would have been unimaginable.  But just recently an apartment tenant is being sued for $50,000 in damages after she took to her twitter to complain about her living situation to another user.
Many legal experts are watching these cases carefully because they will lay the groundwork for these unaddressed areas of the law. They said that in this growing age of technology it takes almost 5 years to play catch up with current American law. Lawmakers are unable to predict the next big wave in technology and the legal issues that will follow. With such a severe gray area when it comes to Social Media and your Privacy, society must be able to balance accountability with free speech.

Click Here to read more on this CNN article.

John Sileo provides identity theft training to human resource departments and organizations around the country. His clients include the Department of Defense, Pfizer and the FDIC. To learn more about having him speak at your next meeting or conference, contact him by email or on 800.258.8076.

Tweet Breach: 140 Characters of Destruction

tweet-breachLike a wounded, cornered Doberman, I was irrational and reactive.

My blog was down, non-existent. When you earn your keep by communicating ideas, like I do as a professional speaker, any threat to the distribution of those ideas raises the peach fuzz on the back of your neck. After days of being unable to reach my webmaster by office phone, cell phone, SMS text, instant message or email, I dialed up the pressure on him to respond. I turned to the powerful and influential world of social media…

I tweeted him. Publicly.

@johnswebguy Where in the name of Google Earth are you? Why won’t you contact me? [poetic license applied to save face]

140 characters that delivered the impact of a rabid canine. Yes, there was obvious anger in my words, but they were transformed into a venomous rant in the hands of others. Those reading it from the outside could feel the rage I felt at having been cornered without a backup plan. Unfortunately, in my anger, I didn’t make it a direct tweet (a private communication that only the recipient could see), so anyone following these hyper-succinct mini-blogs could view my dirty laundry and fill in the blanks with any back-story they liked. And fill in they did.

In the ensuing minutes, my tweet was re-tweeted (sent out to a mass number of recipients), screen shot (digitally captured to be preserved forever in all its glory) and used as an example as why others shouldn’t do business with my webmaster. I had never even considered ending my relationship with my webmaster, so driving his customers away was the last thing on my mind.

I just wanted to know where he was!

In that instant, dumbfounded with regret, I understood the power of social media to communicate, influence and destroy. Destroy personal reputations. Destroy brand identity. Destroy profit margins, relationships and open communication. As I hit the enter button, I thought I was tossing a snowball, but quickly discovered it had the potential to become an all-out avalanche. For all of its brevity, the words we publish on Twitter or Facebook can be misinterpreted, read as gospel or spread like the plague. It can be very difficult to separate emotion from fact in 140 characters.

My webmaster contacted me from the hospital; he had just gotten out of surgery. Fortunately, I deleted the tweet before it went totally global, explained my mistake to my followers, apologized to my webmaster and got down to resuscitating my blog (when he had recovered from surgery).

Explaining what I had done to someone the following day, I used a term that has stuck in subsequent conversations — tweet breach. Here is my current working definition of tweet breach:

tweet•breach n. 1. Accidentally or intentionally exposing data through social media or other Web 2.0 applications (e.g., Twitter, Facebook, LinkedIn, Wikipedia, Second Life, blog posts, webmail, text messaging, instant messaging, etc.) that would otherwise have remained acceptably private, confidential, anonymous or otherwise properly controlled by the owner or agent responsible for the information. 2. Self-inflicted tweet breech (common) is the act of accidentally or reactively releasing one’s own private information without thinking through the consequences.

Examples: a) posting an individual’s personally identifying information (phone number, credit card account, social security number, etc.) without their consent, knowledge and understanding; b) posting someone’s physical whereabouts, personal history or confidential information without their agreement; c) improperly revealing proprietary corporate information such as intellectual capital, corporate financials, business processes, deal secrets, organizational structure or other sensitive commercial data; d) improperly using social media as a tool of leverage, extortion (if you don’t do this, I will…), or revenge (posting sordid details about your ex, dirty laundry about your former employer, etc.).

I learned so much as a product of my experience that it will provide materials for years to come. Let me share a few of the many fundamental takeaways that you should keep in mind both personally and professionally:

  1. Posting is Public. This seems so obvious, but it is constantly overlooked. When you post (I use the term post to encompass tweeting, blogging, commenting, writing on a wall, publishing to a website, and certain types of texting, instant messaging, etc.), you are making the information available to everyone on the internet (unless you somehow restrict access).In-person relationships are often subtle. For example, you probably wouldn’t tell the same joke to your young child as you would your closest friend. You wouldn’t tell your boss about a successful job interview with another company in the same way that you would tell your sister. But when you post these items online, you are collapsing those layers of distinction, or access, into a one-dimensional view. Everyone has equal and identical access to your joke and your job news, whether you want them to or not. Denial and misunderstanding of this basic principle, that posting is public and will be seen by others, is what leads teenagers to populate MySpace with pictures and content that they would never want their future employers, college admissions officers or even parents, to see.
  2. Posting is Permanent. When you post, you are creating a permanent piece of digital DNA that, for all practical purposes, never disappears. Your words and photos and videos are forwarded, replicated, backed up, quoted and made a permanent part of the internet firmament. In other words, if you post it, you’d better be willing to claim ownership of it for the rest of your life. It is very hard to think a week in advance, let alone 20 years. Would George W. Bush have ever been President had he tweeted his DUIs or possession of Cocaine arrest? The viral and permanent and traceable nature of the information would have doomed his chances.
  3. Posts are Exploitable. Whether they are used against you in a court of law (yes, posts have been used as admissible evidence), used by identity thieves and social engineers (e.g., once a con knows your social network, they can easily use it against you to establish undeserved trust), or aggregated by companies that want to sell you something, posts can and will be used in ways that we average users are not currently considering.

Without question, social media and social networking are killer apps and are here for the long haul. They fulfill too deep a need and too profitable a role in our lives and businesses to write off as a fad. Fortunately, there are concrete solutions for preventing tweet breach and for minimizing damage when it does inevitably happen. I am already experiencing corporations (probably because of their increased risks and liability) beginning to pro-act on the ever evolving side effects of social media. For starters, they are gaining a competitive advantage by:

  • Learning about Twitter, Facebook and other social media first hand. A fun place to start are the videos by Twitter Goddess Gina Schreck (@GinaSchreck).
  • Educating their workforce on the benefits and drawbacks of social media, including tweet breach, productivity gains and losses, social media exhaustion, etc.
  • Establishing guidelines for how to use Twitter, Facebook and Web 2.0 tools in responsible, productive ways
    that deliver the greatest ROI with the least risk
  • Incorporating age-old ideas of etiquette, editorial policy and discretion into the fabric of their new media strategies

I would love to hear your ideas on tweet breach and examples that you have come across. Please feel free to comment with your own tweet breach or similar stories.

After losing his business to data breach and his reputation to identity theft, John Sileo became America’s leading identity theft and data breach speaker. He speaks on the topics of workplace identity theft, data breach and tweet breach. His recent clients include the Department of Defense, the FDIC, Blue Cross Blue Shield, and Pfizer. You can follow his tweets at @john_sileo.