Security nerd blog post number one. Lurking near the back of our #domosocial media experiment meeting and listening to Josh share insight into the crazy online future, I got thinking about security. I thought it might be a good idea for all of us to make sure this experiment doesn’t mess with Domo’s security posture. At the same time, I wanted to put out some basic, but important, tips that we should all have in the back of our minds as we ride the cutting edge. Social media is an interesting animal to a tinfoil-hat wearin’ security czar ex-attacker. It used to be very difficult to find names of sales executives or marketing directors so I could call the help-desk and talk them into resetting a password to let me in. The thing I used to dread when doing those attack assessments was being asked to verify some personal information like “What is your wife’s name?” or “What is your dog’s name?” or “What is your username?” Well, my friends, those days are gone. If any of you are nervous about executing your mayoral coup to take political ownership of Josh’s park without exposing the gory details of your personal life to a host of Chinese hackers, I have boiled my years of security common sense into a few easy items for you, all of which I’m sure you know deep in your heart, but I thought I might try to put into words:
- Don’t use any of your Domo passwords on your social media sites.
- Don’t post your home phone numbers, cell numbers, home addresses, banking or financial institutions, birthdays, passwords, usernames, or any other twinky information.
- Don’t click on links that you think may be “fishy.” You’ll be okay if you don’t see everything on the net. You may have followers who send you suspicious links. You don’t have to click all of them. You won’t hurt their feelings.
- Don’t download or install software that comes from questionable sources. Stick with well-known and reputable companies or applications.
- Recognize that strangers will see everything you post. If you are uncomfortable with that idea, consider posting something else.
- To reset forgotten passwords, some sites store your answers to questions that only you can answer. Don’t post the answers on your social media sites. Don’t select secret questions that have easily obtained answers.
- Keep your browsers and operating systems patched and up-to-date.
- Look at your online profiles at each social media site and be aware of the information you are sharing to the world about yourself.