Is a Bank Account Number Personal Identifiable Information

Document Sample
Is a Bank Account Number Personal Identifiable Information Powered By Docstoc
					The University of Idaho




       Social Networking Security
                 Darren Kearney
         Information Technology Services
What to take away from this presentation.

• What is social networking?
• What dangers are involved with social
  networking sites?
• How do I protect myself?
• Examples of social networking issues.
What are social networking sites?

• A social network service focuses on
  building online communities of people
  who share interests and activities, or
  who are interested in exploring the
  interests and activities of others. Most
  social network services are web based
  and provide a variety of ways for users
  to interact, such as e-mail and instant
  messaging services.
What are social networking sites?
What are social networking sites?

• How big are these sites?
  – The largest social networking sites contain
    hundreds of millions of accounts.
  – Facebook = 300,000,000+ accounts and is
    still growing rapidly.
• Why all the concern?
  – While most of these sites make privacy
    tools available to users, their very nature is
    to be as open with information as possible.
What are the dangers?

• Identity Theft.
• Professional Concerns.
• Personal Concerns.
• Physical Dangers.

• Yes, all the scary stuff.
Identity Theft

• What are the primary pieces of
  information needed to steal an identity?
   – Full name
   – Social Security number
   – Date of birth
Identity Theft

• Sensitive Personal Information (SPI)
   –   Social Security Number
   –   Birth Date
   –   Credit Card / Bank Account Numbers
   –   Drivers License Number
• Personally Identifiable Information (PII)
   – Non-sensitive information that can be used to
     build a profile of you.
        • Mother‟s maiden name
        • Address
        • Phone number
Professional Concerns

• Employers do view social networking
  sites to see not only what you have
  posted but who your „friends‟ are.
  Having a fun and lively site may make
  finding work difficult.
• Work stories can impact your current
  job and future positions.
• Posting confidential information will
  impact your current employment.
Personal Concerns

• Do not post medical information.
• You have the right to remain silent, but
  pictures are worth a thousand words.
• You may feel comfortable showing
  embarrassing pictures or video to
  friends, but are you ready for
  worldwide ridicule?
• Are you sure you want your mom
  finding out?
Physical Dangers

• Do not post your address in a public
  site.
• Do not let the world know when you‟re
  going to be home or not.
• Information about when you are alone
  and where you will be can be used by a
  potential stalker.
How can you protect yourself?
•   A quick note about passwords.
•   Make sure your computer is set to protect you.
•   If you can set your site as private, do so.
•   Limit the amount of personal information you
    post.
•   Remember that the internet is a public
    resource.
•   Be wary of strangers.
•   Be skeptical.
•   Check privacy policies.
•   Know what metadata your providing.
Quick notes about passwords.
• Make your password complex and do not
  share it.
• Do not use the same password for every
  site.
• If you see any unusual activity on your
  account, immediately change the
  password.
• Your dogs name or mothers maiden name
  are not secure passwords. If you want to
  use words make up a phrase that exceeds
  20 characters.
Quick notes about passwords/passphrases.

• UI Employees should follow the
  requirements for passwords in the APM.
   – http://www.uihome.uidaho.edu/default.aspx?pi
     d=80597
   – 30.15 -- UI Password/Passphrase Policy
   – Users shall not use the same passwords for
     University of Idaho accounts as for other non-
     University of Idaho access (e.g., personal Internet
     Service Provider accounts, free online email
     accounts, instant messaging accounts, other online
     services, etc.).
Set your computer to protect you.
• Do not have administrator rights on your
  computer. Give your computer account
  „User‟ rights and have an admin account
  available.
• Make sure your antivirus is setup and
  updating.
• Have a firewall running.
• Make sure the browser security settings are
  High.
• Be aware of unusual issues on your
  computer.
Visit Sophos Best Practices Site

• Sophos provides a best practices site for
  Facebook. If your not a Facebook user
  the information may still be useful.

• http://www.sophos.com/security/bes
  t-practice/facebook.html
Set your site private.

• Most social networking sites give you the
  ability to limit who can access your
  information.
• Move any concerning materials under the
  private portion of the site.
• Understand that joining „networks‟ or
  „groups‟ may give a lot of people access to
  your information.
• Remove anything that may cause you
  discomfort in the future.
Limit the personal information you post.

• Do not post information that would
  make you vulnerable (e.g., your
  address, information about your
  schedule or routine). If your
  connections post information about
  you, make sure the combined
  information is not more than you
  would be comfortable with strangers
  knowing.
Remember that the internet is a public place.

• Only post information you are
  comfortable with anyone seeing. This
  includes information in your profile
  and in blogs and other forums. Also,
  once you post information online, you
  can't retract it. Even if you remove the
  information from a site, saved or cached
  versions may still exist on other
  people's machines.
Be wary of strangers.

• The internet makes it easy for people to
  misrepresent their identities and
  motives. Consider limiting the people
  who are allowed to contact you on these
  sites. If you interact with people you do
  not know, be cautious about the
  amount of information you reveal or
  agreeing to meet them in person.
Be skeptical.

• Don't believe everything you read online.
  People may post false or misleading
  information about various topics, including
  their own identities. This is not necessarily
  done with malicious intent; it could be
  unintentional, a product of exaggeration, or a
  joke. Take appropriate precautions, though,
  and try to verify the authenticity of any
  information before taken any action.
Check privacy policies.

• Some sites may share information such
  as email addresses or user preferences
  with other companies. This may lead to
  an increase in spam. Also, try to locate
  the policy for handling referrals to
  make sure that you do not
  unintentionally sign your friends up for
  spam. Some sites will continue to send
  email messages to anyone you refer
  until they join.
Examples of social networking issues.

• Specialized Search Engines.
• Identify what the person did wrong.
• Think about what they could have done
  better to protect themselves.
• Make sure you do not make the same
  mistakes.
Specialized Search Engines.

• Search engines specializing in finding
  people on multiple sites make finding
  personal information and correlating it
  easier then ever.
• Spock.com
• ZabaSearch.com
• Wink.com
• Spokeo.com
What about Twitter?
• Twitter is considered a micro-blogging service with
  social networking aspects.
• 140 character „Tweets‟ are delivered to the site and
  pushed out to „followers‟.
• “If you want to restrict your twitter updated to only
  those that follow you, check the box marked „Protect
  my updates‟. You‟ll maintain your privacy but limit
  your reach. To get the full twitter experience, leave
  the box unchecked.”
• Twitter „owns‟ your information.
Examples to not follow.

• A couple notes:
  – Most of the following examples are made
    up based on real information found online.
  – Many more serious examples can be found
    online but these focus on the common
    mistakes made on social networking sites.

  – Yes there is a picture of me in a propeller
    beanie floating around out there.
The Family Emergency

The email to the
boss….
The Family Emergency


   The picture
   on face
   book.
Is it private?
Is it private?
Is it private?
Is it private?
Is it private?
Meet Joey Smith
Joey gets setup.

• Using the standard tools Joey setup a
  facebook page by filling out the default
  fields.
• He was excited to start being part of a
  community so he joined a couple
  „networks‟.
• Planning to use his new site daily he
  added schedule information to help
  organize his life.
Basic Information
Personal Information
Contact & Other Information
When will you be home?
To much information?
Does everyone need to know?
Adding Others.
Questions?

• Questions?




• Reference material used:
  – http://www.us-cert.gov/cas/tips/ST06-
    003.html
The University of Idaho




               Thank you!

				
DOCUMENT INFO
Description: Is a Bank Account Number Personal Identifiable Information document sample