A recent New York Times article highlights how much information we give away inadvertently by having a presence in the world of social networking.
Friends and coworkers can reveal our workplace, gender, what town we live in, and many other things in the course of general interactions on social sites.
However, there’s another increasingly popular trend out there that has us giving away our own private information: the Internet "meme."
A meme is a "catchphrase or concept that spreads quickly from person to person" and in many cases is innocuous. These may start with electronic chain letters that require participants to fill out information on specific social sites.
A recent popular meme in the news was the "Bra Color" meme that swept through Facebook in January. Women simply posted the colors of the bras they were currently wearing to their status, with no further explanation. It’s not clear how it all started, and some participants posted colors without fully realizing what they were implying.
Bra color is not going to result in stolen identities or security breaches, but some of the memes we see flying by on Facebook and Twitter might. Even if your profile information is hidden from all but your closest friends, you may be revealing more than you think when you participate in one of those quick memes.
And while we’re at it, how do we help our colleagues prevent giving away private information that might compromise our corporate security?
Around Valentine’s Day, a popular meme on Facebook had people posting photos of themselves and their spouse or partner, and stating how long they’d been married. Many people posted their full names, including middle and maiden names, as well as the date they were married.
Another meme more recently asks for the town you were born in. And there’s a long-running "25 things about me" post that persuades us to divulge our favorite color, high school mascot, and numerous other details you might also find in a list of security questions from your financial institution.
Two companies I worked for had me use my high school mascot as my "secret question" to get a new badge for high-security sites. Banks commonly ask for your mother’s maiden name… does your mother include her maiden name in her online profiles?
One of the three questions available to authorize my computer to connect to my online banking site is, "What’s your favorite color?" The other two questions had answers listed in my Facebook personal information.
Facebook and other sites have put in a lot of safeguards for our privacy, but the best rule-of-thumb continues to be: Information we post on the Internet is about as a secure as sending an old fashioned postcard. (Obvious exceptions can be made for secure financial sites, but even there, the number of successful attacks by hackers is going up.)
What can be done?
First of all, we need to eliminate overly simplistic security questions. Passwords shouldn’t be my birthday or my pet’s name; we should also avoid using an online alias or nickname.
As IT folk, we need to re-tune our security questions so that our users are protected. "What color was your bedroom [or the family car] when you were 10 years old?" is much better than "What is your favorite color?" With so much personal information available, thanks to social networks, more RSA authentication and other alternative authentication is likely in the future as well.
From the user perspective, answers to security questions need to be remembered, not only so that we can answer them later, but also so we don’t inadvertently share the same information on Twitter.
And, of course, implementing a moment of common sense before participating in what seems like an innocuous meme might save us from ourselves.
— Carla C. Emmons has 15 years of experience in the IT field.