Millions of users access Social Networks every day in order to share, engage, and look for information as well as entertainment. The transparency of social networks come with a risk and we are very often expose ourselves to hackers and scammers that can take advantage of information we share. Social platforms constantly improve security and privacy settings, to deliver a safe experience to the users, but who has time to follow all this news? Well, you can relax and rely on us. AVAST specialists are here to deliver this information in an accessible way.
Last month we warned you against the four sneakiest Facebook scams. Now we have a summary of the latest security and privacy related news. Check it out and enjoy a secure social media experience!
At the end of July, Facebook announced that it will migrate all users to the http connection. HTTPS - Hypertext Transfer Protocol Secure is a communication protocol primarily used to ensure a safe internet connection. For Facebook users, this means a safer experience, when communicating between a browser and Facebook servers.
Facebook first offered it to users in 2011, as an optional setting. However from now on it will be a default one, so the good news is that you don’t have to change any settings.
Now this is what you will see in your browser, when accessing Facebook.
New anti-bullying features on Facebook
During the last week of July, Facebook announced that,
Child psychologist Marc Brackett, director of the Yale Center for Emotional Intelligence, is working with Facebook to develop what he says is the first emotionally-intelligent bullying prevention system on a social network.
Whether on business travel or vacation, you don’t want to worry about the security of your devices when you connect to the internet. Using a WiFi network in a café, airport, or hotel is a serious security risk that requires additional protection to secure your data and computer.
avast! SecureLine VPN is now completely integrated into all of AVAST’s free and premium products. Here’s the top 6 reasons why you should use avast! SecureLine VPN:
1. Hides your data from thieves – avast! SecureLine VPN encrypts your public WiFi communications. That means that someone snooping on you will see a bunch of gibberish instead of your email, files, passwords, etc.
2. Keeps eavesdroppers from listening to your VOIP calls – avast! SecureLine VPN makes your voice or video conversations through the internet using Skype or Viber, for example, safe and secure by encrypting your conversation. This allows you to talk to people without fear of being eavesdropped on by cybercrooks, your ISP, and even the government! Read more…
In the coming weeks, secure.me will be fully integrated into AVAST and even get a new name, but you will still enjoy the safe and carefree online experience that you have grown to appreciate. If anything, it will be enhanced through the joint powers of AVAST and secure.me.
We invite you to continue your relationship with secure.me here on AVAST. Become an AVAST fan, follower, and blog reader to stay informed about the latest in security and privacy. As you make the transition with us, we ask that you take a look around, and give our famous avast! Free Antivirus or one of our premium paid products, avast! Pro Antivirus, avast! Internet Security, or avast! Premier a try. You can compare products here, and look for deals at the avast! Store.
Thank you and welcome to AVAST!
Social media profiles affects college admission, job searches, and careers
A 24-year-old high school teacher in Georgia, USA, lost her job after an anonymous e-mailer complained about a Facebook picture of her sipping wine and drinking beer while on vacation in Europe. An Arizona woman was fired after ranting on Facebook when she was passed over for a job promotion. An 18-year-old Buckingham Palace guard was fired after he called Kate Middleton a ‘stupid stuck up cow’ in a Facebook post. A star high school football recruit lost his scholarship to the University of Michigan because of vulgar tweets.
By now, you know that you should not reveal personal information to strangers or on your Facebook profiles, and that you should utilize the privacy settings on social networking sites. You also need to be careful with what you are posting online because potential employers or college admission officers could be looking at your page.
A newly published report tells us that 1 in 10 people between ages 16 and 34 have been turned down for a new job because of photos or comments on Facebook, Twitter, Pinterest, and other social networking sites. “The majority (two-thirds) are not concerned that their use of social media now, may harm their future career prospects and are not deterred from using it,” states ondevice research, “They are also more likely to have altered their social media profile to look good to their friends, as opposed to prospective employers.”
If you can’t live without social networking, especially Facebook, during your job search, use it to your advantage.
- Give your profile a makeover. Prune old posts to highlight what’s great about you instead of what you ate for lunch in 2010. Either delete or restrict the view to images and albums that don’t show you in your best light. Get a handle on tagged photos by setting ‘Review Posts Friends Tag You in Before They Appear on Your Timeline.’
- Build a compelling professional profile. Show off your strengths and accomplishments. To keep it personal as well as professional, add interests, hobbies, volunteering, educational information, and professional pictures.
- Follow and engage with companies and career–related groups on LinkedIn and Twitter so you’ll know about company hires and other news.
- Add value to the company you are interested in by participating in conversations, answering questions, and sharing links. Make sure you use solid grammar and communication skills.
If your Facebook profile is beyond help, then consider deactivating it for a time. The deactivation option gives you the flexibility to leave and come back whenever you want. Select Account Settings>Click Security in the left-hand column>Click Deactivate your account.
As we have recently mentioned on our blog, October is National Cyber Security Awareness Month. And I’m sure we will post more to raise awareness of the risks you personally face, the risks to the institutions you do business with, and to the government itself.
Today, though, I want you to start to broaden your outlook on this issue. While you are getting acquainted with new threats like nation-state funded attacks, cyber-terrorism, and hactivism, I’d also ask you to look at some of the things our legislatures have been proposing in the name of cybersecurity. This includes early efforts to protect critical industry sectors our energy grid or banking systems against cyberattack, and requirements that we move beyond passwords when we access Web sites where we perform transactions or access personal data. As all these initiatives come with costs, none have universal support. But some cybersecurity proposals have generated more controversy than others, including: like the SOPA and PIPA bills that coddled the media industry by conflating digital piracy with cybersecurity and whose proposed remedies would have create a regime of censorship, or the federal development and control of a so-called “Internet Kill Switch“.
There will continue to be a lot going on here legislatively, and anything that changes the government’s role in the Internet will affect you as well. So let’s make also do our job as responsible, informed citizens. Let’s make October National Cybersecurity Policy Awareness Month. Let’s get educated, and involved.
My last post was about how we’re steadily moving towards consumer online privacy regulations over the collection and use of personal online data by businesses. At the same time, however, we’re seeing the US government relentlessly expanding their efforts to monitor people online – and in ways that may completely negate any efforts to regulate the privacy practices of businesses.
It is the fear over cyberterrorism (a term you can’t expect the average person to understand) that is driving many to cede their privacy rights to the government. There are two competing cybersecurity bills working their way through Congress: the Cybersecurity Act of 2012 and the Secure IT Act. They differ fundamentally in areas of jurisdiction (the NSA versus the DHS) and whether the voluntary approach promoting and fostering public-private collaboration is sufficient, or a whether a regulatory approach is also required. But what they have in common is the aggregation and analysis of data on unprecedented scales.
In the background to all this, the Obama administration has just expanded the ability of the National Counterterrorism Center (NCTC) to retain data on people for five years (previously, it was 6 months) – even if they are not suspected of terrorist activity. The NCTC receives data from many other agencies.
So at the same time one side of the US government (the consumer protection side) is restricting what personal data businesses can collect, another side (the cybersecurity side) is moving not only to expand its own access to and control over personal data, but also to enlist in its efforts those very same businesses whose data collection efforts the FTC is otherwise trying to restrain: ISPs and mobile carriers, search engine and web portal companies, social media companies, etc. This opens a very wide door to abuse of any consumer privacy efforts currently underway with the FTC.
Monday, the FTC released a report publishing principles and recommendations for consumer privacy. The report, “Protecting Consumer Privacy in an Era of Rapid Change” (summary and full report[PDF]) provides what the FTC considers best business practices around privacy. These best practices are not regulations, but they are intended to serve as guidelines for legislators in drafting privacy regulations. And they can also serve as a framework for the federal government’s own privacy policies and personal data practices.
At the core of the report, and in broader privacy circles, we see discussions center around three foundational elements of privacy: knowledge, consent, and control.
- Knowledge. The collection and use of information should be transparent. Consumers should know what is being collected, how it is being collected, how it is being used, and how it is being shared.
- Consent. Consumers should be presented with a mechanism for agreeing to these practices. The recommendations did not mandate an “opt-in” versus “opt-out” approach: whether the default policy if the consumers don’t take any specific action would be not to collect (“opt-in”) or to collect (“opt-out”). But the report does advance the notion that it is insufficient for organizations to provide an all or nothing approach, where conditions on use of a service or product requires you to submit to full data collection.
- Control. Consumers should have choices as to whether and to what degree, to participate in data collection, and how that data could be used; and companies should make those choices simple for consumers to understand and to execute.
Consumer attitudes about privacy and data collection is undergoing a fundamental change, driven by online data collection practices. Historically in the US, businesses have traditionally been given broad latitude in their actions as long as they are not fraudulent or deceptive. However, we’re witnessing a full 180-degree turn in consumer attitudes, which is what’s behind the FTC’s actions. Consumer concern over personal data collection and use by businesses is reaching critical mass, and it’s driven by concern over Internet powerhouses such as Google and Facebook, mobile carriers and ISPs, and the shadow worlds of online advertising networks and data brokers. Restraints on businesses over their privacy practices are inevitable.
Unfortunately, not all the consumer privacy news these days is good. More about that in my next post.
The RSA Conference – the largest gathering of security vendors and the companies who buy their products – was held in San Francisco last month. Avast was in attendance, and I had the pleasure of moderating a panel on mobile security. Mobile security was also one of the top topics permeating the entire event. What I heard on the panel and throughout the conference, and what has been reinforced from my discussions with analysts and consultants to businesses, should have you all pretty worried.
The good news is that businesses want to embrace employees use of mobile phones and tablets. And it’s not just the biggest companies doing so: even small businesses are eager adopters of mobile technologies. After all, employees are more accessible and more productive when they can use their mobile devices for work. However, these are your devices; they are not the company’s and shouldn’t be treated as such. And that’s the challenge.
Businesses have legitimate concerns that these devices are inherently insecure, and that consumers don’t always secure their devices to the same level businesses do their PCs. They are also concerned about all the corporate data that these devices contain or can access, and that their loss or theft can compromise a company. And they are concerned that people will misuse their access to this data now that it’s on their person device.
The problem is that businesses want more security and control over your phone then they should have or even need: even more control than they have over the PCs they provide you.
- Because there are malicious apps, they want to keep a catalog of every app you install and be able to remove those applications without prior notice to you.
- Because mobile devices can hold private corporate data, they want the ability to wipe all data on your phone, also without prior notice to you.
- Because you could potentially misuse the phone by transferring corporate data between a business app (like email) and a personal app (like Facebook), they want to be able to monitor everything you do on that phone: your call logs, your text messages, all your social networking activity, all your browsing activity.
This blatant company disregard for employees’ privacy and property all in the name of security has gotten completely out of hand. One product that was given prominent attention at the conference basically rooted your device to put a monitoring and management layer underneath the operating system. Besides taking any semblance of control of your device away from you, this procedure would likely lead to voiding the warranty for many of your devices, especially Apple devices.
Using your mobile devices for work purposes should not require you giving up all your privacy rights or giving your company effective ownership of your device, without having to pay for it. If your company is letting you use your phone or tablet for work purposes, especially if it’s for more than email, then you should take a close look at your organization’s mobile policies – not just for what you should or should not be doing, but for what your company could be doing.
On the heels of the Zappos cyber robbery last Sunday that left 24M customers fretting over stolen passwords and email addresses, articles are being published about how people can protect themselves online. The number one point is always about passwords. Clean up your passwords. Never Share Your Password. Create different passwords for different accounts.
Sage advice, which we at AVAST support. We even have a dedicated password manager called avast! EasyPass to help you juggle it all. The theft at Zappos and the struggle for greater online privacy made it even more startling when I read about the growing trend among teenagers to share their passwords as an act of trust with their current BFFs. Read more…
T minus 8 hours until we see if the threats of the hacktivist group Anonymous are fulfilled. November 5 is the scheduled demise of Facebook, according to a YouTube “press release” published months ago, and since removed. Last August a rally cry went out to willing hacktivists or guys who want “to protect the freedom of information” to “join the cause and kill facebook for the sake of your own privacy.” It seems that this group has the technical chops to do it too – these are the same folks who brought us publicized attacks on the IMF, Sony and the Iranian government.
However, there is an indication that the big take-down won’t happen. The OP_Facebook account which was fairly active in the beginning has been pretty dead since last month. And the larger group has distanced themselves from the threat. Earlier today on AnonOps, one of the Twitter accounts regularly used by the Anonymous group, they tweeted, “We told you many times ddosing Facebook was a fake operation.”
So the world’s most popular social networking site will probably live to see another day. But maybe the threat of attack issued by Anonymous was designed to make us think about Facebook and their dalliances with individuals’ privacy. Facebook admitted this September that they had been tracking their 750 million users, even after they logged out of Facebook, using browsing monitoring cookies. The stated reasons were for security and fraud prevention.
We hope to see Facebook survive, if only for our thriving avast! antivirus page. It’s a great way to interact with like-minded people and learn a thing or two from you and share things about avast!. If Facebook is still around tomorrow, please share http://www.facebook.com/avast with a friend.