There was a time in the not-so-distant past when personal and work lives were two separate things. A person worked at the office, went home, and usually had little to do with his or her employer until the next day. Since the advent of the home computer, the mobile phone, then telecommuting and social media, these lines have blurred. For better or for worse, our personal lives creep into our work, and we’re often working during our “off” hours. What many people don’t consider is the unprecedented security risk this poses to our employers. Our personal choices can impact the security of our organizations, and making the right choices can help deter attempts at theft and damage.

This is part one of a multi-part blog series.

SOCIAL NETWORKING

There’s no question - social media has changed the world. There are nearly a billion active users of Facebook, and half a billion active Twitter users. Collectively, social networking websites store a massive amount of data about people. Much of this information is publicly visible. Facebook, Twitter, LinkedIn, Google+, and other popular social networking websites provide privacy features that can restrict access to individuals’ information. Unfortunately, not everyone configures these features.  The information we post publicly can pose a risk to our organizations and to ourselves, and nothing can be reliably erased once it’s posted to the internet.

First, let’s look at how social networking data can be used to make scams more believable. Many people are familiar with the concept of ”phishing” - scams sent via email. Imagine a phishing email specifically targeted to an individual or group. The term for this is ”spear phishing”.  If Jane Hacker wants to trick you into clicking on an email attachment that contains a virus, or simply revealing your password, she will have significantly more success if she first researches your social networking profiles and identifies your interests, history, and connections. She can then tailor her emails to pique your interest, or to imitate a business or a colleague. A Trend Micro study showed that in 91% of targeted attacks, spear phishing was used to break into organizations’ networks. Be aware of the personal data you broadcast, and how it could be used to fool you.

Next, let’s consider the ‘security questions’ that are required for many accounts – for example, ‘birth date’, ‘mother’s maiden name’, or ‘favorite band’. Users must answer a combination of personal questions to access these accounts. Unfortunately, this security mechanism was developed before social networking was popular. If Jane Hacker is trying to access your account, she might find your birthday on your Amazon.com profile, your mother’s maiden name via your Facebook page, and (because Jane Hacker is rather clever), she might also note that you are following your favorite band on Twitter. Two-factor authentication is now offered by many providers as an alternate means to verify users’ identity. It is a smarter choice. Instead of relying on questions to which somebody else may find the answer, an external device such as your phone or a token is used to verify your identity.

Perhaps you avoid social sites like Facebook or Twitter altogether. What about LinkedIn? Online résumé websites are great tools for us to market our professional skills and network. However, they can also impact security.  Let’s imagine that the maleficent Jane Hacker is planning to launch an attack against your organization’s network. She’ll need to evaluate what software, security, and systems are in use by your organization before she can begin. However, Jane Hacker is a bit lazy. She does a quick search on LinkedIn for technical, procurement, or management staff from your organization. Several of their résumés contain detailed descriptions of systems in use, as well as your organization’s processes and procedures. Now, Jane Hacker has less work to do.

Social networking has become an integral part of our society, but there are some important security considerations to keep in mind when we use it. First of all, limiting access to our social networking posts and profiles is key.  If we post publicly, we need to be mindful about what we post. We should choose our account security questions carefully, and when possible, use two-factor authentication instead of relying on security questions.  Finally, we should police the technical or operational details which we include in our online résumés. Keeping these things in mind can help better defend our organizations and ourselves.

Lesley Carhart is a Senior Information Security Specialist in the Motorola Solutions Security Operations Center. She has 13 years of experience in information technology, including computer networking and tactical communications. For the past five years, she has focused on security, specializing in digital forensics.

Learn more about Security Services here, or read this white paper about Understanding Cybersecurity.

Read another blog by Lesley Carhart: Log Monitoring and Cyberthreat Detection.

The National Law Enforcement Officers Memorial is our nation's tribute to our heroic law enforcement professionals—men and women who vow to serve and protect us. Nearly 20,000 American peace officers have fallen in the line of duty, and they are forever remembered and honored at the National Memorial in Washington.

A special time to pay tribute to our law enforcement professionals is during National Police Week, which is celebrated this year from May 12 to 18. By a joint resolution on Oct. 1, 1962, President John F. Kennedy signed Public Law 87-726, which declared May 15 as National Peace Officers Memorial Day and the surrounding week as National Police Week, the annual tribute to law enforcement service and sacrifice.

This year, 321 names of officers who died in the line of duty were inscribed on the memorial, bringing the total names engraved to 19,981. The newly etched names include 120 federal, state, and local law enforcement officers who died in 2012. These names, along with the names of 201 recently discovered fallen officers who died in past years, will be officially dedicated on the National Law Enforcement Officers Memorial at the 25th annual Candlelight Vigil on May 13, a truly spectacular and powerful event.

Leaving mementos and personal tributes near an officer’s name has become a rich tradition at the memorial. Each year, thousands of items are displayed—everything from colorful wreaths to photos and notes signed by loved ones to an unhinged door from an officer’s patrol vehicle. Once Police Week comes to a close, these mementos are gathered so they can be included in the collection of the National Law Enforcement Museum, which will open in 2015 in Washington. Due to weather and both the volume and perishable nature of the items left at the wall, not every memento can be kept.  However, a selection of these special “objects of tribute” will be exhibited in the Museum’s Hall of Remembrance.

As chairman and CEO of the memorial’s fund, I’ve been blessed to meet thousands of inspiring men and women from around the country at the memorial throughout the years, especially during National Police Week. Seeing the personal mementos and tributes that cover the memorial walls is truly amazing. For those who can’t make it to see in person, click here to see just a few of the many tributes left at the memorial.

And for more information about the memorial, visit www.LawMemorial.org.

Craig W. Floyd is chairman and chief executive officer of the National Law Enforcement Officers Memorial Fund (NLEOMF), a nonprofit organization established in 1984 to honor the service and sacrifice of America's law enforcement officers.

Read an additional blog by Craig Floyd here.