SECURITY AWARENESS MONTH IS HERE!
It’s that time of year again! Yes, the kids are back to school (somewhat), Thanksgiving and Halloween are right around the corner…and organizations around the world are celebrating International Security Awareness Month! That’s right! For the entire month of October, cybersecurity professionals on a global scale are celebrated and employees world-wide are learning about how they can ensure online safety both at work and at home.
At our organization, this year’s theme will be “Social Media”. You’ll see articles, infographics, contests, and even prize giveaways all centering around the do’s and don’ts of social media in a manner that best protects you and your personal and sensitive information.
For this week’s article, we’ll discuss our role in social media, the types of information we share, how cybercriminals exploit this information and how we can stop them.
Risky Behaviour – T.M.I. “Too Much Information”
Social media can be a major part of our social lives. We share things about ourselves, our family, what we’re up to…and that’s just the tip of the iceberg! On the various social media platforms, there is an infinite number of topics to discuss, and similarly a lot of people willing to share their point of view. Though initially seen as a tool to “stay connected”, it has expanded to become, for some, a daily journal recording people’s thoughts and feelings – something cybercriminals are eagerly awaiting to read. Why? These criminals will use the same social media platform to try and gain your trust by pretending to share common interests and points of view. Once they have your trust, they then try to convince you to click on links that download malware, or try to lead you to malicious websites designed to steal your usernames and passwords. The more you use social media, the more visible you become to cybercriminals. Often, these attacks start with a social media invitation. So, be wary accepting invitations from senders you do not recognize. The person requesting your friendship could very well be a hacker on the other end.
Here’s a video that illustrates the risky behaviours and security threats that lurk on social media.
Reduce the Risk
Whether you think you “rarely” use social media or consider yourself a “social media influencer”, here are seven (7) security steps that will help protect you from common social media attacks.
Change passwords regularly: Change the passwords for your social media accounts at least once a month. Consider using passphrases instead of passwords as the length will make it more difficult for criminals to guess when using specialized password guessing software. Here’s a link to an article that discusses passwords more in depth: http://imitsinfocentre.healthbc.org/about/news/password-challenge.
Use two-step authentication: This method requires you to perform two-steps of verification before accessing an account, and adds to the overall security of the account. Here’s a link to an article that discusses two-factor authentication more in depth: http://imitsinfocentre.healthbc.org/about/news/passphrases-2fa.
Never, EVER post personal information: Posting personal or sensitive information is like winning the lottery for cybercriminals. Remember that survey you answered with your friends on Facebook? Attackers are reading them too and may use this information to steal your identity or your password(s).
Customize the privacy settings: Become familiar with the privacy policies of the social media sites you use and customize your settings to control who sees what.
Click links with caution: Hover your mouse over links until a pop-up displays the real location. For instance, this link looks like it goes to PHSA, but it will actually take you to Google www.phsa.ca. This technique is meant to direct unsuspecting victims to fake websites where usernames and passwords are stolen or malware is installed.
Use mobile apps from trusted sources: Most social media sites provide mobile apps to access your online accounts. Make sure you download these mobile apps from trusted sites such as the Google Play Store and Apple Store to reduce the risk of malicious software (malware) downloading as well. And remember, if you have social media apps, password protect your device.
Keep your software current: Keep up to date with your device’s latest security software, web browser and operating system. This is one of the best defenses against viruses, malware and other online threats.
*** BONUS *** Remember to log off of shared workstations! By not doing so, you create an opportunity for someone else to hop on your computer, access your social media account and cause havoc on your personal profile.
We will be providing a quiz for our first Security Awareness Month contest. To participate, click here (quiz will be available on the Infocentre via SharePoint survey) and submit your responses by Friday, October 9th at 5:00pm. Those with all correct answers will be entered into our prize draw. Good luck!
To learn more about Security Awareness Month and all the activities that will be offered, visit
Written by Joseph Tesoro, education awareness specialist, security awareness program and Sabrina Young, education awareness specialist, information security.
If you need to reach PHC’s Infection Prevention and Control Team (IPAC), please call local 69357. Do not contact individual IPAC team members.