UHV Logo
University of Houston-Victoria

University Of Houston-Victoria

CSATS - Computer Security Awareness Training for Students

Social Networking

Online social networks, such as Facebook and MySpace, are popular places for sharing your profile, photos, videos, music, and artwork with family and friends. They allow you to keep in touch with others through wikis, blogs, chat, Instant Messaging (IM), and video networks such as YouTube.

There are sites that you browse or search for people based on certain criteria. Other sites require an "introduction" to new people. Also, these sites have communities or subgroups that are based on a particular interest.

Social networking sites rely on connections. They encourage you to provide a certain amount of information. In this situation, you may not exercise as much caution as you would if you met someone in person.

Lack of caution is due in large part to the following:

  • The Internet provides people with a sense of anonymity.
  • The lack of physical interaction provides a false sense of security.
  • People tailor their information for their friends to read, not realizing or not considering that others may see it.
  • People want to offer insights to try to impress potential friends or associates.

Certainly, the majority of people do not pose a threat. However, you do not want to increase your exposure to cyberbullies, stalkers, and identity thieves.

Personal information can be used to conduct a social engineering attack.

In a social engineering attack, the attacker uses their social skills to obtain information about an organization or its computer systems.

The attacker appears to be respectable, possibly claiming to be an employee, a friend, or even a relative. They may even offer credentials to support that identity. The attacker will ask a series of questions about your location, hobbies, and friends.

He or she may be able to convince you that they have the authority to access other personal or financial data. Social engineering attacks are also used to gather enough information to infiltrate an organization's network.

Keep in mind that social networking sites can be accessed by tial prospective employer.

Many employers review online sites to check out potential prospective employees.

Law enforcement officials are also using online sites as a tool to identify potential suspects in crimes. What you say and do online can be used against you in court. Therefore, use good judgment when posting information about yourself and others.

Next Step. Compete with our contestants for a spot on the All-Star List.

Security Risk
  • Social Engineering
  • Loss of personal or financial data
  • Infiltration of an organization's network
  • Posting incriminating information about yourself.

 

Best Practices
  • Avoid using names like PizzaLover or Madison_77204, which identify you and/or your location.
  • Do not post personal information about your friends.
  • Set privacy controls so that only approved friends can view your profile.
  • Before posting photos, make sure that they do not reveal information about your location.