Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security / Privacy Advice?

Posted by kdawson on from the all-ears dept.

James-NSC writes "My employer is changing its policy towards employee use of social networks. I've been asked to give a 40-minute presentation to the entire company, with attendance mandatory, on the security and privacy concerns relating to social networking. While I was putting it together, I ended up with some miscellaneous information that pertains to security/privacy in general, for example: the emerging ATM skimming (mainly for our European employees), a reminder that email is not private, malware/drive-by in popular search results, etc. Since these topics don't directly relate to the subject I've been asked to address, I've ended up with a section titled 'While I have you...' I'm going to have the mandatory attention of every employee and I thought it would be a great opportunity to give advice on security/privacy issues across the board. As it's an opportunity that one seldom gets, I certainly want to utilize it fullly. If you had the attention of an entire company with employees in the US, UK, Asia, and Australia, what security / privacy advice would you give?"

13 of 260 comments (clear)

  1. Mandatory? by DoofusOfDeath · · Score: 5, Insightful

    I'm going to have the mandatory attention of every employee

    No, you're going to have the mandatory presence of every employee. And unless you make the talk riveting, every seconds of unnecessary content will make them despise you more.

    1. Re:Mandatory? by CannonballHead · · Score: 5, Insightful

      I have found that food helps everyone like you more; perhaps he should provide lunch. Or at least cookies.

    2. Re:Mandatory? by PylonHead · · Score: 5, Insightful

      This is correct.

      Present just the information you've been tasked to convey.

      Present it in at least 2 different ways.

      Take questions.

      Summarize once more and let them out early.

      Honestly, the more you try to cram in there the less they're going to take away.

      --
      # (/.);;
      - : float -> float -> float =
    3. Re:Mandatory? by theeddie55 · · Score: 5, Funny

      But cookies can cause security problems if not handled properly.

      --
      Blazing Spiders
    4. Re:Mandatory? by Anonymous Coward · · Score: 5, Funny

      3) you will be fired.

    5. Re:Mandatory? by BadAnalogyGuy · · Score: 5, Insightful

      Have you ever tried growing tomatoes? It's very difficult because there are lots of things that can go wrong. Bugs, bad soil, wind, even the tomatoes themselves can be too heavy and break off the vine. It's not a matter of planting the seed and then letting it grow. You've got to be involved almost every day to make sure the growth is under control, that the vine is tied where it needs to be, that the plant is properly pruned so that you don't end up with a scraggly set of leaves and scrawny tomatoes. It's a very difficult, but very rewarding activity.

      So when you say:
      Take questions.

      You are wrong.

      Ask questions. If you want your audience involved, you need to solicit feedback. You can't expect them to come with any questions, so you need to frame your speech to include questions *to* your audience so that they become part of the program, not just spectators.

  2. krsmav by krsmav · · Score: 5, Insightful

    When you have a captive audience, the temptation is nearly irresistible to force-feed them something they wouldn't willingly listen to. Put yourself in their place. Don't say anything that you would resent being forced to sit through. Keep it short and jargon-free, and lighten up if possible.

  3. Secure Your Presentation PC/software by sfled · · Score: 5, Funny

    Secure the PC & software you're going to use in the presentation, just to keep pranksters or jealous peers from having fun at your expense. Terribly embarrassing to give a talk on security while boobies are flashing on the screen behind you.

    --
    I'm not really a web designer, I just play one on the Internet.
  4. While you're at it.. by 3Cats · · Score: 5, Funny

    explain to them that's MY FREAKIN BACON SANDWICH in the fridge! I had my NAME ON IT!!

    Farkin' lunch thieves...

  5. Cutting off social networking? by syousef · · Score: 5, Insightful

    My employer is changing its policy towards employee use of social networks. I've been asked to give a 40-minute presentation to the entire company, with attendance mandatory, on the security and privacy concerns relating to social networking.

    Correct me if I'm wrong but that just sounds to me like your employer is going to start blocking Facebook, Myspace, Youtube, private email, and possibly everything else your filtering software classifies as social networking. Or at least a prelude to this.

    If I'm right, the only opportunity you're being given here is to become the public face of a very unpopular move. Adding a lecture on security to this will only irritate people who'll be thinking "Well it's not going to matter anyway once it's blocked". It's going to be very difficult to come across as anything but condescending. People are quite likely to associate the decision with you personally. Your aim should be to stay brief and informative, not to "utilize" the opportunity, because it's an opportunity for social suicide. Ideally this should have been undertaken by email, been short and been to the point.

    --
    These posts express my own personal views, not those of my employer
  6. Back it up with a little detail helps. by Kyle · · Score: 5, Interesting

    Everyone knows you need a secure password. Now show them the log of the 3k connection attempts to the SSH port that occurred overnight.

    Unknown Entries:
                authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.46.49.199 : 2366 Time(s)
                authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.73.205.44 user=root : 364 Time(s)
                authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=140.116.236.46 user=root : 80 Time(s)
                authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.73.205.44 : 73 Time(s)

    Maybe ask permission to do a live demonstration of a password cracking tool. See how many passwords you can get in 2 minutes. This may be dangerous though, hide the results, just show the usernames, you don't want to find out who is using the CEO's wife's name as a password.

    Really get their attention with some specifics like that.

    --
    The previous comments are only true, if no-one says they're wrong.
    1. Re:Back it up with a little detail helps. by s.d. · · Score: 5, Insightful

      You really think that secretaries and accountants and HR reps, who are being forced to sit through a "don't put stupid shit on Facebook because it reflects badly on us" or "don't Twitter about company business or you'll get fired" presentation would understand or care about brute force ssh attacks?

      Everyone is being told, "This discussion of social networking and how to protect yourself and the company is mandatory." Don't waste their time with things that they won't understand and are totally off-topic.

  7. Advice by Anonymous Coward · · Score: 5, Interesting

    I gave a similar presentation to a smaller group. My advice would be to do a live demonstration on the actual information that one can get from a social networking site. For example, I pulled someones information from the social networking site, googled them using stuff I learned about them from facebook, found their email address, home address, and phone number. Using this information I was able to find out friends and family members of theirs, including photos etc. I also found their myspace page and looked up other social networking, dating, etc. sites. Off of other social networking sites, I started to build a profile in my talk about what type of person this was and also talked about additional things I might be able to gather, if I had malicious intent.

    I used this talk as a means to introduce other security related issues such as email encryption, etc. I did not go into any details of those things, but I did introduce them and asked if they would be interested in learning a little more about those topics. People overwhelmingly asked me to do another series of small presentations on additional security topics, as many were shocked at how much information I was able to gather.

    Don't put too much on your plate as it will be difficult to focus on your main task and it might not go over too well. Security is a huge issue and every topic cannot be done justice in one presentation. However, if you do your main presentation right, you can get people interested in how it really impacts them.

    I hope this helps out a little. Good luck!