An overview of key points to bear in mind or tactics to bring into play in case of an online incursion by members of anyone’s so-called “Cyber Army”
Harsh as it might seem, treat all former contacts that reappear after an absence with neutral (not hostile) caution. Accounts do get hacked, and occasionally, people do get recruited to “the other team”. If you had a really trusted contact and you didn’t put a challenge/response protocol* in place so you could verify their identity, then you have to assume there is a 50% chance they are not the person you once knew until they can prove themselves.
*Establish a challenge/response protocol with your trusted contacts. This is an agreed question you can ask the other person and an agreed response they must give. Like a password reminder. Tip: Do NOT use any of your existing password reminder Q&A’s!!
New accounts, especially breathlessly dramatic ones, should also be treated with measured caution. Wait for verification of all news, especially any that will have serious or long term repercussions. We learned this the hard way when a very plausible fraud appeared on Twitter in the middle of protest and declared that bit.ly shortened links were blocked in Iran. The ensuing panic and last minute changes caused a lot of people a lot of unneccessary extra effort.
“Breaking News” reports always seem to demand an urgent response, where in fact they should be treated as “unconfirmed news“. As we all know, a lie is halfway around the social network world before the truth has got its pants on. So, as always, wait and verify, verify, verify. Remember that even the most experienced social media users and big name mass media outlets like the BBC, CNN etc have all been fooled by fake news. If you do happen to post a false report in good faith, you should be prepared to spend at least as much time retracting it and letting everyone know, than the time you spent sharing it.
Mark unconfirmed status updates as UNCONFIRMED or UNCONF. Do not remove text that identifies news as unconfirmed when re-tweeting or re-posting.
Watch out for private message requests or emails containing sensational news, documents, image, videos etc. asking you to share news. Suggest to whoever sent it that they post it themselves and you (might) share their update. If they claim to be unable to use or create a social network account, suggest they use posterous.com. Any text emailed to firstname.lastname@example.org is instantly posted as a blog that can be activated and shared. Look for the information being shared with you privately using search to see if it can be verified, or if anyone is posting warnings about it.
Take responsibility for your online safety and security.
- Change to a strong password and keep changing it, if not daily then as often as you can.
- Scan your computer to check for intrusions, keyloggers, rootkits, malware, and trojans and keep your security software up to date.
- Make sure that your recovery details for websites like Twitter, FaceBook & blogs etc are accurate and up to date.
- Protect the email accounts you use to register with websites and services.
- Use https to acces websites and services, so that when you do connect, the information you send is encrypted.
- Copy and paste log in names and passwords rather than type them.
- Do no store unencrypted user names and passwords on your computer.
- Protect files on you computer or on external storage devices or removab le storage like flash drives, SD cards or USB sticks using encryption, such as TrueCrypt.
- Use a password on all your devices.
Be alert for apparently innocent requests for information about your own or anyone else’s details, such as location, online activity, other connections, friends or contacts.