Good Social Media Hygiene

We’ve all started to get used to our “new normal” of working from home. There have been a lot of posts about how to do this effectively, and some of you may even have used some of the guidance I recently published on here. (A big thank you if you have!)

A quick heads up is probably in order here. As with my previous article, this one isn’t necessarily intended for cyber professionals: rather, it’s aimed at those who don’t work in the industry and will hopefully give them some insight into how to help their online health.

We now know that this is going to be how we live and work for – probably – months to come, so we best settle in and make the best / most of it.

It’s been great to see how we are making more use of collaboration tools, and there are any number of posts and videos about the pros and cons of the different solutions, as well as the creative ways teams are coming together. I’m not going to talk about that in this post. What I do want to talk about is how we use social media.

We’ve all (hopefully) got the message from our government that washing hands for 20 seconds is a good starting point in our efforts to slow the transmission of the coronavirus. We’re seeing initiatives such as supermarkets provide antibac wipes and gel so you can clean the handles on trolleys before going in. On my rare forays away from the house I’ve noticed so many more people cleaning their hands, and that’s been very reassuring.

But it seems to me that all this time at home has also led to much more engagement on social media, with many more helpful and inclusive posts on neighbourhood forums for example. There seem to me to be so many more people joining in online conversations etc, which seems to be helping build more of a community spirit. (Yes, I still see the backbiting and trolling too, but much more infrequently recently.)

Talking of people being online, it seems like every day we’re hearing about new scams, new ways which the bad guys and gals (I’m going to call them bad actors from here) are trying to get access to our systems and to our details.

I believe that now is a good time to apply good hygiene to our online selves, as well as our physical selves. With all this additional engagement, but also increase in time spent online, I think now is a good opportunity to encourage people to check their privacy settings and reduce them where appropriate.

Just as antibac wipes and handwashing help protect your physical health against the pandemic that’s assaulting us, locking down your social media profiles helps protect your online health against the bad actors mentioned above.

Restricting who can see your friends lists, or your latest posts, reduces the open sources intelligence (OSINT) gathering opportunities for the bad actors: this in turn reduces the information they have to try to use against you in phishing and spear phishing attacks for instance.

How do you do this? For each of your social media accounts the process will be slightly different, and if you’re unsure where to start, open Google (or any other search tool) on your internet browser and search for “privacy settings” and the name of the app you’re using. It should then be a case of following the instructions, but bear in mind that these could vary depending on whether you’re accessing your account from a PC, a laptop, an Android phone, an iPhone or other devices.

For most applications, it’s worth bearing in mind that they automatically open up your account as much as possible and may reset your settings every so often without warning. In general terms, making sure you use two factor authentication on each account, and restricting who can view your profile / posts to people you know are good things to do. For information on what each setting does, check them out on the application’s web site.

For example, I use an iPhone, and the initial steps are:

  • Facebook – Open the app, click on the three horizontal bars at the bottom right of the screen (next to the bell icon that shows you you have notifications), scroll down to Settings & Privacy and then click on Privacy Shortcuts. Go through each of the topics there in turn and amend your settings.
  • Twitter – Open the app, click on your account icon in the top left corner (typically that’s your profile picture), and click on Settings and Privacy. Again, go through each of the topics and amend your settings.
  • Instagram – Open the app, click on your account icon in the bottom right corner (the icon is a person, next to the heart icon), click on the three horizontal bars at the top right of the screen, then click on Settings. Go through each of the topics under Privacy and also under Security and make changes as necessary.
  • LinkedIn – Open the app, click on your account icon in the top left corner (typically that’s your profile picture), click on Settings, then amend the relevant items under the Account and Privacy tabs.

Repeat the process for other apps, but by now you should get the idea I hope. I appreciate that these appear to be convoluted and time consuming, but in reality they don’t take long and they help to reduce the amount of information you share, and who you share it with.

The Great Hack

It would appear that the furore over Facebook / Cambridge Analytica and manipulation of elections hasn’t died down that much. I recently watched a documentary on Netflix called The Great Hack, and I’d recommend that you do too, if you can.

The programme provided a lot of the backstory to who was involved, how and when, as told by some of the people who were there. This included:

  • Brittany Kaiser was the Director for Business Development at Cambridge Analytica, and had previously worked on Barack Obama’s presidential campaigns.  She comes across as very naive at times, though towards the end of the show it becomes obvious that the penny drops and the seriousness of the situation is made apparent;
  • David Caroll, a professor who not unreasonably asked for a copy of all data that Cambridge Analytica held on him.  If not for him, the whole situation might not have escalated as it did;
  • Julian Whitehead, the former CFO at Cambridge Analytica. I was concerned at how little he seemed bothered by the morality of what was carried out by his company; and
  • Carole Cadwalladr is an investigative journalist at The Guardian and Observer newspapers in the UK.  She did a lot of the digging and legwork, trying to find people who would and could talk to her about things that had gone on.  Carole was the reporter who broke the news, and who continued to find and release fresh information as time went on.

Perhaps the most shocking aspect of the programme was the revelation that Cambridge Analytica had been involved in some way in elections around the world since the mid-2000s.  There was an expose of how their work influenced the elections in Trinidad and Tobago which showed how manipulative Facebook posts could be, as well as discussions of how the same techniques were used both for the Brexit campaign and for Trump’s election in 2016.

It was notable that Alexander Nix, the former head of Cambridge Analytica, declined to be interviewed, and also that Julian Assange / Wikileaks should be a part of the story. I didn’t know until I watched this that Steve Bannon, erstwhile Strategist at the White House under Donald Trump and former executive chairman of Breitbart news was a cofounder of Cambridge Analytica, or that Nigel Farage was closely linked with him.

It’s worth checking out Carole Cadwalladr’s TED talk in Silicon Valley, where she asks the heads of the big tech companies whether they are happy with the world they are creating. She suggests that it is now impossible to have a free and fair election because of abuse of their technologies.

She illustrated this ably by talking to people in South Wales to ask why they voted for Brexit: many had said they worried about immigration (she also spoke to someone who thought they were the only immigrants in the area), while others said the EU had done nothing for them yet they were surrounded by construction and facilities paid for by well advertised EU funding.

I’ve mentioned the perils of taking part in online quizzes and personality profiles “for fun” on Facebook. This documentary provides the evidence of how that information can be harvested and used to target specific people – never mind groups – who are deemed to be persuadable and who can swing an election result one way or another.

 

O is for …

On-premise

This term is used to describe equipment which is physically located in your offices. The alternative would be a third party hosted service such as those offered by cloud hosting providers.

Open Source Intelligence

The internet is full of many sources of information, many of which are free. This is known as Open Source Intelligence (commonly called OSINT).

The most well known sources of information are social media sites like Facebook, LinkedIn and Twitter. If users do not lock down their accounts, potential attackers can learn a lot about them just by trawling their details. For example, Facebook allows you to list family members, friends, schools, colleges and work places, all of which are invaluable to attackers.

Operating System

All computers need code to tell them how to interact with their components eg keyboards, mice, monitors etc. They also need code which tells them what to do when switched on, how to store files and how the file store is structured. All of these services are provided by the Operating System, or OS for short. The most common operating systems for desktop and laptop computers are Microsoft Windows, Mac OS and Linux. Smartphones and tablet devices also have operating systems, the most common being Apple iOS, Android, Blackberry and Windows Mobile.

It’s just a Like…

What harm can it do? You know, seeing your favourite hairdresser or coffee shop on social media, and clicking on the Like button? And what about all those little quizzes and fun games that appear? Like what are your top 5 places to visit, what was your first pet called etc. Not to mention the “your rock star name is…” and you have to give two pieces of information and then share them with your friends. That’s just opened up a treasure trove for the bad guys.

This short video shows what can happen in the time it takes you to order and receive your coffee.

How can you protect yourself from giving away all this information? Just spend a little time going through the security settings on all your social media platforms. If you’re not sure how to do this, use Google to find the answer. Oh, and do this on a regular basis, as the social media firms can and do change your settings from time to time.

Cambridge Analytica – who knew?

Err, we did!

Regular readers will have seen my post last year which talked about the dangers of over sharing. It described pretty much exactly what’s happened with Cambridge Analytica, on a massive scale.

I’m not going to go into detail on what they did – there’s a lot of news coverage you can check out – but basically an individual’s details and those of their friends were harvested and used for targeted advertising with the aim of swaying voting in the US election in 2016. Other elections may also have been influenced in this way.

This is a great example of why you should regularly check your privacy settings on social media, and be careful what information you decide to share.

I told you so…

Just thought I’d share this piece from the Hoax-Slayer website (great site to visit often, in my opinion) which basically confirms everything I said in my previous article on here. It’s good to know I wasn’t giving you false information! 

Other things to look out for, which I hadn’t mentioned previously are:

  • the sensationalist videos, like one purportedly showing a snake which has eaten a man
  • the enticing videos, like those purportedly showing celebrities flashing parts of their body
  • the desperate videos, where people are going to be in distress and need your help

All of these are deliberately crafted to get you to click on the initial link. From there, who can tell what you’ll be persuaded to do…