I shared this presentation at the October program meeting of the Rochester Chapter of the Society for Technical Communication. The presentation demonstrates how the Information Security Office at the Rochester Institute of Technology used marketing techniques to reinforce key messages to raise awareness around information security concerns such as phishing.
To see more about how we’re using blogging to raise awareness in a specific academic course, visit the RIT Cyber Self Defense blog.
Leave a Comment » | 
Facebook, Higher Education, Information Security, Internet Safety, Presentations, Social Networking, STC, STC Rochester, techcomm | Tagged: Best practice, Facebook, Facebook privacy, Higher education, Information security, Information Technology, Internet Safety, Marketing, Phishing, RIT, Rochester Institute of Technology, Security, Social media, Society for Technical Communication, STC Rochester | 
Permalink
Posted by Ben Woelk
How can you tell how secure your web browser may be? Scanit’s Browser Security Test checks your browser security settings and provides a report explaining the vulnerabilities, the potential impacts, and how to correct them.
Your security software should include an antivirus, anti-spyware, and a firewall.
Keep your browser and applications up to date. If you’re prompted for an update, accept it.
Use a strong complex password or passphrase. Consider using a password vault such as LastPass to generate and store your passwords.
Current browsers all provide some protection against phishing. There are also browser tools that you’ll find helpful.
Limiting account privileges (WindowsXP) provides simple but effective protection when working online. Limited accounts allow you to do most daily activities but do not allow you to install software (only accounts with administrative privileges can install software on the computer).
Many attacks take advantage of administrative privileges to install malware on your computer. If you’re using a limited account, attackers and malicious websites will not be able to install malware. (This is less of an issue with Windows 7 and Mac OS X because they ask you to confirm software changes.)
Threats have doubled since 2009 and the threat vectors have increased. Vigilance is even more important.
One thing hasn’t changed. The key to safe browsing is not which browser you choose. It’s following safe practices.
Please comment on the post and let us know some safe practices you recommend.
2 Comments | Information Security, Internet Safety | Tagged: Best practice, Browser, Information Technology, Internet Explorer, Internet Safety, LastPass, McAfee SiteAdvisor, Password, Phishing, Security, Web browser | Permalink
Posted by Ben Woelk
I had the privilege of presenting my 25-minute presentation on Shockproofing Your Use of Social Media as a five-minute Lightning Talk at the STC Summit in Sacramento on May 18th.
Lightning talks introduce an additional element of stress for the presenters: the slides advance every 15 seconds whether they’re ready or not. Our audience was ~150 Summit attendees, so we were presenting to our peers as well.
It’s quite the experience sharing the stage with eight other presenters with totally different styles. Would I do it again? In a heartbeat!
9 Comments | Cyberstalking, Facebook, Information Security, Internet Safety, Presentations, Privacy, Risk, Social Networking, STC, Summit, Uncategorized | Tagged: Best practice, Facebook privacy, Information security, Information Technology, Internet Safety, Lightning Talk, Phishing, Privacy, Risk, RIT, Rochester Institute of Technology, Security, security awareness video, social networking, Society for Technical Communication, STC Rochester | Permalink
Posted by Ben Woelk
Last year, I kicked off this blog by posting about Twitter Use at the #STC10 Summit in Dallas. I thought it would be interesting to look at Twitter use at #STC11 as well.
I’ve only analyzed results from May 13-21, 2011. However, use of the #STC11 hashtag occurred for months preceding this year’s Summit conference. (This is a departure from last year, when the use of tweets with the #STC10 hashtag started much later.) Because my Google RSS feed for #stc11 was unable to handle the volume of tweets this year, I relied on three sources for this post:
Here’s a Wordle of the tweets containing the hashtag #stc11 from 5/13 through 5/21/11. If you’re unfamiliar with Wordle, it produces a wordcloud where the frequency of word usage determines the size of the words in the graphic.
Karen Mardahl*(@kmdk) began curating the #STC11 tweets in late April. The two graphics and lists below are taken from her archive.
#STC11 Tweets by User (from Karen Mardahl)
Most Commonly Used Words (from Karen Mardahl)
Again, contrary to some expectations, “beer” was not the most commonly used word in the tweets appearing only 13 times. (This was the same number of occurences as #stc10, but a much lower frequency.)
I’m not sure if there’s any correlation, but “karaoke” also appeared 14 times. The last two years have seen almost equal occurrences of beer and karaoke. Coincidence? I don’t think so!
Just like last year, Twitter provided a sense of community and a “conference within a conference.” Most tweets were positive, implying that many of the Twitter users enjoyed the conference.
I spent much of the conference meeting F2F with Tweeps gained from #stc10. If you’re not using Twitter at conference, I urge you to do so. You’ll find that it will create a new sense of comraderie with other Tweeters, and besides, that’s where all of the really cool STC people hang out!
I’ve curated the tweets into a 341-page MSWord document. This “raw” data is available upon request.
What are your thoughts and observations?
Ben
Vanessa Wilburn put together a more detailed analysis of the Twitter usage at #STC10. Her work focuses on the subject matter of the tweets. She found that after removing the “chitchat,” the twitter streams paralleled the key topics of the conference and that many of the tweets relayed content from or observations about specific sessions.
20 Comments | Social Networking, STC, Summit, Uncategorized | Tagged: Business, Communication, Information Technology, Organization, social networking, Society for Technical Communication, Technical Writing, Twitter | Permalink
Posted by Ben Woelk
Digital Self Defense for Technical Communicators was first published in the Society for Technical Communication‘s Intercom magazine in November 2010.
Higher education is a mix of cutting-edge and legacy computing systems. Unlike many large companies, most universities and colleges continue to use computing equipment well past its retirement age. At the other end of the spectrum, faculty and students always want the newest technology available. Securing such a heterogeneous environment is a challenge. With limited resources, RIT needed to find a way to reach a large user population that may be indifferent to security issues. Even worse, these users might consider themselves to be “experts,” especially because this is a technology university that attracts some of the brightest students.
To communicate digital security issues to RIT students, faculty, and administrators, we used standard communications vehicles such as a series of brochures on Internet safety topics and computer security requirements, email alerts and advisories for specific threats, and an RIT Information Security website containing electronic copies of the materials. We also used some more innovative methods, such as classes, social media, and community discussion and messaging.
Digital Self Defense
We developed a series of Digital Self Defense classes that we offered to faculty and staff. We advertised these classes through email, using every cliché about safe Internet use that we could think of. The initial class, “Introduction to Digital Self Defense,” was instructor led and primarily a presentation with discussion. In that class, we focused on communicating desktop, portable computer, and password standards. We also discussed safe Internet use.
New Student Orientation
Although the Digital Self Defense classes developed a strong following among faculty and especially staff, it was not an appropriate vehicle for reaching students. Recognizing that security awareness is a multi-year project, we developed an “up tempo” presentation to focus on three areas of concern to students: Safe Computing, Illegal File Sharing, and Safe Social Networking.
We discussed the various technical requirements for using computers at RIT after setting the stage by talking about the various threats students might face and the role of organized crime in creating malware. We incorporated video resources that illustrated key concepts or provided a “friendly” way to introduce concepts that we knew would be hotly debated by the students, such as illegal file sharing. To help students understand the need for safe social networking, we discussed examples of risky student Internet behavior at RIT and other universities. We also used videos to reinforce the importance of being selective about what information you place online.
Social Media
We established Facebook and Twitter accounts for the RIT Information Security Office designed to reach students. To build our fan base, we advertised the site through posters and emails, and we kick off each fall by entering students who become fans of the RIT Information Security Facebook page in a drawing for a $100 gift card. Over a three-year period, we gained almost 4,000 fans. We used the Facebook page to post articles about safe social networking and to engage fans in discussions about information security issues.
RIT's Information Security Office mascot, Phishy, with Ritchie the Tiger
Phishing
Over the past couple of years, higher education has seen an increase in phishing attempts, known in the industry as “spear phishing.” Spear phishing targets a specific group of individuals by crafting emails or other “bait” that appear to come from a known and trusted source, such as a school’s information technology department. In 2009, RIT saw a string of phishing attempts that had, from our view, a success rate that was unacceptable. (As much as we’d like to block all phishing attempts and train our community to recognize and ignore such password requests, someone always falls for a well-crafted phish.)
Unsure of how best to combat the threat, we formed a team of our best information technology thinkers to address the issue. We chose a multipronged approach with both technology and people initiatives. We increased our email alerts and advisories to inform the community of the problem. Our Information Technology Services organization began prepending a warning message to all incoming emails that contained the word “password” in the text. However, we knew that this wouldn’t be enough to solve the problem. In conjunction with a poster campaign adapted from Yale University, our student employees wore a fish costume around campus; “Phishy” was an instant hit. Phishy reminded students to never respond to requests for their passwords. Although we haven’t been able to stop everyone from responding to phishing attempts, we usually see only a few people respond now.
Different messages require different vehicles. Faculty and staff may still use email as a primary means of communication. Students, however, get much of their information from social networking, so that’s where we need to be to reach them.
“Facebook, Twitter Revolutionizing How Parents Stalk Their College-Aged Kids.” (www.theonion.com/video/facebook-twitter-revolutionizing-how-parents-stalk,14364/).
Moscaritolo, Angela. “InfoSec: 23 percent of users fall for spear phishing.” SC Magazine. 9 March 2009. (www.scmagazineus.com/infosec-23-percent-of-users-fall-for-spear-phishing/article/128480/).
Nation, Joe. “Facebook Mini Feeds with Steve.” (www.youtube.com/watch?v=w35cFqG4qLk).
RIT Information Security website (http://security.rit.edu).
RIT Information Security Facebook page (www.facebook.com/RITInfosec).
“Sophos Facebook ID probe shows 41% of users happy to reveal all to potential identity thieves.” 14 August 2007 (http://www.sophos.com/pressoffice/news/articles/2007/08/facebook.html).
Leave a Comment » | Cyberstalking, Facebook, Higher Education, Information Security, Internet Safety, Privacy, Risk, Social Networking, STC, STC Rochester | Tagged: Facebook, Facebook privacy, Higher education, Information security, Information Technology, Internet Safety, Phishing, RIT, Rochester Institute of Technology, Security, social networking, Society for Technical Communication, STC Rochester | Permalink
Posted by Ben Woelk
