Give some thought to social media and privacy

Social Media Summit | by Ragan Communications at Cisco Systems headquarters in San Jose, Calif.

I attended one of the pre-sessions of the Ragan Communications Social Media Summit at Cisco today. The session was on legal issues, but the first part was really all about security, and Christopher Burgess a senior security officer at Cisco (@burgessct on Twitter) brought up some interesting points.

True, most of it is very common-sense to the average person who’s been online “forever”, but it’s important to remember that not all of the people in the room may have been online as much as we have. It’s still it’s good to touch base with security now and again anyway right?

There is no such thing as internet privacy
I say it almost every time I speak publicly, and I’ll say it again. There really isn’t any such thing as internet privacy. You write an email and save it in a folder on your Gmail account only to have it suddenly show up on a web site. You click a “like” button to your website or blog or share a favorite website with a friend.  “Private” groups on Facebook, Linkedin, or just about any other network have information leaked all the time. Sometimes it’s completely innocent, as in the case of a friend tweeting your latest status update even though you are in their “private info only” group on Facebook. Sometimes it’s more nefarious like malware built into an application you unwittingly downloaded and used for private information that was then transmitted to somewhere you didn’t intend.

Small businesses who don’t have big security structures need to be more wary–perhaps than those that do. Your network may be more vulnerable or your security practices lax and allowing employees to share data on insecure services. Again, the example of forwarding your company mail to Gmail so you can “check it from home” creates a security risk.

Leaks happen all the time from supposedly private networks
Look at the Hotmail security breach where over 30,000 email passwords were posted online for all to see. Or the Google Buzz nightmare, the phishing scam that released malware on thousands of Linkedin users computers, or even the malware attached to those cute e-cards you get from your less savvy relatives.

Don’t self-edit
Another good point for bloggers and anyone who write public information on web sites, press releases etc., is to not self-edit your work. This isn’t just to catch mere typos but to find improperly phrased messaging that could affect your brand’s perspective or unwittingly release information sensitive before it’s time.

Cisco has what sounds like a pretty robust process for this. If you write a blog post about a particular process or tool it gets vetted by the team before it goes out on the blog. In talking about how the process works Christopher said he writes a post, it’s “eviscerated by the team” and then he re-writes it based on the feedback before publishing. While this may seem extreme think about it in the context of your own business. Is there information that needs to be precisely stated? How does the person writing your blog posts know that?

On geo-location
Some applications default to having the geo-location turned on. I certainly agree with Christopher that these apps should default to “off”. Check on your laptops and handheld devices as well as your home computer to see that you’ve opted out of geo-location except when you want to use it. You are responsible for the safety of home and family, why put them at risk by drawing a big circle around your house on Google maps and then telling Twitter or Foursquare you’re leaving for the weekend?

On Personal data
Sure, there are lots of ways or me to find your phone number and even your home address with some searching online, but again, why make it easy? Christopher told the story of how he dealt with it in his house. The family has specific (likely fake) addresses for each social network and they keep track of which mailing address, user name etc. they use for each network. This way it’s been easy–and quite informative–to see which networks are sharing their data by observing spam and un-requested information and which address it comes from. You can simply cross reference that with the network and voila, you know who leaked it. There’s a good reason to get a P.O. box if there ever was one!

Want to learn more? Here are some good resources on internet privacy and keeping your data and personal information private. (well, as private as it gets).