Generally speaking, people are social beings.  We are naturally wired to help each other and share information.  This is great when the recipient is good natured and terrible when they are collecting information for social engineering attacks against the network.  We can help inhibit social engineering while still assisting our customers by following a few simple steps:

  Online Persona:  
  • Never use your work email on social media website unless you are directed to by management.  If you must provide an email address, ask your IT department to create a distribution list that is generalized to its purpose (e.g. Customer Assistance; Fraud Reporting; etc...).
  • Do not post your phone number on any publically accessible site.  Establish general business unit phone numbers for public sites and provide those alternatively
  • Never post your name and email address on any publically assessable site; this is how spammers and phishing campaigns target users.  This includes government sponsored directories and conference sites.
  • Never like or friend someone unless you verify you know them or review their profile to determine if its fake.  These signs can include few known friends, a short age since creation, or few posts over a long period of time.
  Separate Professional and Private Identities:  
  • Never link or otherwise cross post between your professional persona and personal persona.  This can lead to social targeting include a technique called DOXING or SWATING.  These actions are undertaken by hacktivists and other threat actors who may not agree with the position take by the government, your agency, or yourself.  These action can both expose you and your family to professional and personal safety risks.
  • Never use the same password or recovery pin on both professional and personal sites.  A compromise of one can lead to both!
This site is the property of the CA-CND | All Rights Reserved