Cyberbullying Information = Protection and Prevention

cbfinal

I think that the discussion about cyberbullying is undergoing a tremendous transformation.  The idea of cyberbullying was originally a campaign to identify the concept, but now it is almost solely focused on the prevention of bullying in any form.

I recently had a discussion with a group of middle school students about cyberbullying and they had some great questions about what it entailed.  They asked questions like: “Can I go to jail for cyberbullying?”  and “What is cyberbullying?”

I found through some research that there is an entire web site dedicated to the discovery and definition of cyberbullying called www.cyberbully.org.  The site is not a secure site (HTTPS), but it does not ask for any identifying information, so the information is still useful.  The site has so much information that it would be impossible for me to list everything here.  However, some of the main topics include state legislation that has been passed, or scheduled to be reviewed, in each state, which was a great way for me to answer the questions posed to me by these students.  The very nature of cyberbullying makes it a mandatory topic for discussion at school and at home.  I had to explain that calling a fellow student a jerk one time would not necessarily be cyberbullying, but to enlist others to jointly and consistently call this student a jerk (or comment on their looks, their clothing, etc.) would be considered a bullying incident according to their state law.  I recommended that they discuss this topic with a parent and/or trusted adult to ensure that they are not wandering into illegal activity.

I also went into other cybersecurity issues like not sharing passwords, passcodes, or user ids with other students or other people (other than your parents of course).  The idea of protecting the password helps to protect your information, which if in the wrong hands can cause a problem with identity protection causing possible identity theft.  It also leaves you open to cyberbullying since an individual can make it seem as if a message is coming from YOUR account when in actuality it is THEIR message but they have access to your account!

When asked about cyberbullying, I told the students that ANYONE can be a cyberbully.  You do not need to be stronger, bigger, or smarter, just start a campaign to put the other person down.  By showing the other person in a “low light” it makes the bully feel stronger.  Protecting your information and ensuring you are aware of what cyberbullying entails can help to prevent you becoming a victim.  I urged the student not to focus on the punishment, but to be aware of what they were doing online and stop any online action that could be taken as bullying.  I also gave them the cyberbully.org web site.  In my opinion, that site is one of the best I have seen.

On thing I did not tell them — if you are being bullied, block or defriend these individuals.  No reaction from you means that their messages are meaningless.

Talk to your children (texting does not count).

Learn, Offer, Value, Educate (LOVE)

Advertisements

Occam’s Razor and “Cutting Edge” Email Security

You have probably all heard of Occam’s Razor, a theory that was attributed to William of Okham centuries ago that the conventional use is associated with the adage “given two solutions, the simplest solution is probably the best.”  Well, after some research, it turns out that this is just one of many interpretations of this theory, others being that an “entity should not be multiplied beyond its necessity” as well as others (see the wikipedia entry on Occam’s as well as read Charles Mackay’s Extraordinary Popular Delusions and Madness of Crowds by Tim Phillips).  The reason I write today about this used (and somewhat overused) theory is something that can be useful with computer security in your company.

After working in several federal government agencies, I found two different security methods.  The first one was “keep it secure at some point, but otherwise keep it open” while the other one was “keep it secure until otherwise needed.”  These two competing forms of information security had their advantages and disadvantages, but I found one thing in common – keep it simple.  For instance, the email address.  In order to ensure consistency, most email addresses contained something that was pretty easy to remember for the user – the first name and the last name.  The problem with having this as a standard is that all an amateur hacker needs to get into someones email is the user name since that gives them the ability to attach a text file with malware and they are in the company.  I could give you some advice on this, but that could make me a black hat, so I will not do that here.  However, instead, let me give you some advice on email names.

First, do NOT base your email name on your first and last names!  I cannot count the times that I see this, even with friends that are computer security specialists.

Second, do NOT put a date in that email address!  Any date has to be based on something and someone will figure it out – period.  If someone wants to get to your personal information, why make it easy for them?  If you must put a number in your email address, make it something that means nothing to you personally (like the number for pi – 314 – or something similar).

Third, do NOT use your middle name if  you have a choice.  Again, the middle name can mean something more than just your middle name.  It could be your mother’s maiden name and you never want to give that out.

Treat your email address as you would any other piece of personal information.  Make the information displayed as hidden as possible.  Don’t worry.  Those people that you know will probably know when your birthday or anniversary is, so they will remember.

Just a quick bit of tips from the people at GRECTECH (www.grectech.com).

 

 

Is CyberSecurity “Child’s Play?”

I have read so much about the technology that accompanies monitoring for possible breaches that I consistently come back to “Ockham’s Razor.”  Most people believe that this adage is about “the simplest solution usually being the best” but that is not the whole story.  The Latin phrase that William of Ockham used meant “Among competing hypotheses, the one with the fewest assumptions should be selected” (according to wikipedia).  Another interpretation would be that “entities should not be multiplied beyond necessity.”  In all these theories, it is evident that it is best to keep things simple.  So why are we increasingly making cybersecurity more difficult?

No matter how many people you have as employees, by having more than one set of eyes and ears, you have a monitoring system already in place.  If you do not have the employee loyalty that you need for people to help this monitoring then the bottom line is you need to increase that loyalty through some good ol’ fashioned management and mentoring.  Other IT professionals that I talk with mention the “insider threat” but I counter that if you have a loyal workforce, the insider threat is reduced or even eliminated.  There is a difference between insider threat and insider mistake.  Your yearly computer security policy is rarely read and rarely dignified more than a perfunctory glance, so make it part of the weekly staff meetings or town hall meetings.  Point to people that were vigilant and what they received in the way of reward for being that vigilant.  Ladies and gentlemen, treat your workforce as if they were people you want to respect and they will respect you.  If you are a parent, you know that treating your children with respect always lands you on your feet — do the same with your workforce.  I will write more on this as this topic is beginning to finally sink in to the cyber workforce.  The more “buttonology” we employ, the more difficult it is to get the “troops on the ground” to take notice.  In fact, if you make the cybersecurity so complex, the workforce will work to avoid or to bypass that security — making again an insider threat into an insider mistake.

If we do not start considering the human factor in all this, we are doomed to making people more scared of the cure than of the disease.