The A to Z of Safe Social Media

We are delighted to announce the release for download of our second free A to Z Guide to online safety.  This new Guide addresses adult use of social media and can be found here: http://www.trmg.biz/the-a-to-z-guides/.

As always, there is no requirement to register on our site and downloading the PDF will not trigger any form of marketing or sales follow-up.

Our Guides can be used, as you see fit, to raise awareness at home or in the workplace, to support employee training sessions or as an input to your security policies.  You can even host them on your website or forward the above link to your contacts.

A large number of people have already downloaded our first Guide, which addressed child safety online.  Several firms (including Legal & General and Northern Trust) have either created dedicated web pages linking to the Guide or distributed it to customers and staff. 

Your feedback helps us to grow and will once again be greatly appreciated.

The Free A to Z of Safe Children Online

We are delighted to offer the first in a series of A to Z Guides on risk in the modern world as a free download from our website.

The A to Z of Safe Children Online is provided free of charge to all for non-commercial use.  The only restriction is that the Guide should not be resold under any circumstances.  

You can freely link to our page from your website or host the guide on your own site.

No registration is required and no marketing contact will follow.

The A to Z of Safe Children Online is intended to be read by teachers, parents and even children.  The Guide has been written by Mark Johnson, a prominent security expert and TRMG's founder and was illustrated by the wonderful French artist, Corinne Blandin.

Legal & General's Digital Criminal Report 2012 released

Legal and General has just released its latest report on digital and online crime.  This year's report focuses on risks in social media.  TRMG was heavily involved in researching the topic and providing several key inputs to the L&G document.

Follow the link above to view a copy of the 2012 report.

How to Steal an Identity

How to Steal an Identity - Documentary

A link to the excellent documentary by Bennett Arron, based on his personal experiences, has been added to our Links page on our website and is also provided above.  We highly recommend this entertaining and insightful film.

I saw Bennett speak on this topic at the 2011 Winter SASIG event in London this week.  We were in stitches, but the serious side of his message also came across clearly.

Malware Hits U.S. Military Drone Fleet

From a report by Noah Shachtman, Wired, October 7, 2011


"A computer virus has infected the cockpits of America’s Predator and Reaper drones, logging pilots’ every keystroke as they remotely fly missions over Afghanistan and other war zones.

The virus, first detected nearly two weeks ago by the military’s Host-Based Security System, has not prevented pilots at Creech Air Force Base in Nevada from flying their missions overseas. Nor have there been any confirmed incidents of classified information being lost or sent to an outside source. But the virus has resisted multiple efforts to remove it from Creech’s computers, network security specialists say. And the infection underscores the ongoing security risks in what has become the U.S. military’s most important weapons system.

“We keep wiping it off, and it keeps coming back,” says a source familiar with the network infection, one of three that told Danger Room about the virus. “We think it’s benign. But we just don’t know.”

Military network security specialists aren’t sure whether the virus and its so-called “keylogger” payload were introduced intentionally or by accident; it may be a common piece of malware that just happened to make its way into these sensitive networks. The specialists don’t know exactly how far the virus has spread. But they’re sure that the infection has hit both classified and unclassified machines at Creech. That raises the possibility, at least, that secret data may have been captured by the key logger, and then transmitted over the public internet to someone outside the military chain of command."


TRMG observes that this report, if accurate, highlights the Achilles heel of robotics, both military and civilian - communications network interdiction and infection.  With the Pentagon reportedly setting targets to have robotic vehicles undertake 25% of missions within 20 years, the issue of cyber security and the entanglement of public and private infrastructure will become ever more critical.


Today's key logging infection is a precursor to tomorrow's potential Stuxnet attack.

Malware Attacks via Social Media are on the Rise

08 October 2011

Malware Attacks via Social Media are on the Rise

An international survey conducted by Websense claims that a significant increase in Malware attacks is being driven by rising social media usage.

Some key findings of the report are that:

• The rapid spread of social media may have caught many organizations off guard. 63 percent agree that employee use of social media puts their organizations’ security at risk. In contrast, only 29 percent say that they have the necessary security controls — such as secure web gateways — in place to mitigate or reduce the risk posed by social media. 
• Malware attacks have increased because of social media usage, and it’s growing. 52 percent of organizations experienced an increase in malware attacks as a direct result of employee use of social media, and 27 percent say that these attacks recently increased more than 51 percent. 
• The United States, United Kingdom, Brazil, Germany, and Singapore report the highest increases.
• Even if they have a policy that addresses the acceptable use of social media in the workplace, 65 percent say that their organizations do not enforce it or they are unsure.
• The top three reasons for not enforcing these policies are: lack of governance and oversight (44 percent); other security issues are a priority (43 percent); and insufficient resources to monitor policy compliance (41 percent). 
• Organizations believe that IT bandwidth has been diminished as a result of social media use. The top two negative consequences of an increase in social media use were diminished productivity (89 percent) and reduced IT bandwidth (77 percent), which increase costs. 
• Just under half (47 percent) believe exposure to inappropriate content is another negative consequence. 
• 60 percent of employees use social media for at least 30 minutes per day for personal reasons. 
• The United States, United Kingdom, France, Italy and Mexico have the highest use of social media for non-business reasons. 
• Organizations in Germany have the highest use of social media for business purposes. 
• Regional variations are often compounded by higher local bandwidth costs, which shifts the priority of this concern throughout the globe. 
• Countries most likely to see social media as important to meeting business objectives are the United Kingdom, Germany, Hong Kong, India, and Mexico. 
• The countries with organizations that are less likely to see the importance of social media are: Australia, Brazil, and Italy. 
• Countries most likely to see social media as a serious threat to their organizations are Canada, Hong Kong, and Mexico. 
• Countries least likely to see social media as a threat are France and Italy. 
• Organizations in Germany have the most confidence in their ability to address the social media threats.

TRMG recommends that all organisations and individuals regularly review their social media policies and codes of practice, with particular attention being paid to the balance between social media needs and social media risks.

A summary list of social media risks

Here is a summary list of social media considerations and risk factors that every business should evaluate when devising a social media strategy:

·         Information risks

o    Data theft

o   Data disclosure

o   Social engineering

·         People risks

o   Harassment, bullying and trolling

o   Identity theft

o   Personal security

o   Child exploitation

·         Brand and reputation risks

o   Corporate brand damage

o   Corporate reputational harm

o   Senior management reputational harm

o   Shareholder value

o   Interception of confidential communications

·         Audit-ability

o   Reputation management audits

o   Appropriate usage audits

o   Messaging standards audits

o   Quality of customer contact audits and assessments

o   Hostile mentions analysis

·         The HR angle

o   Movers and leavers awareness and guidance

o   Induction training

o   Code of conduct

o   Acceptable use policies

o   Reasonable monitoring policies

o   Mitigation of risk in relation to unfair dismissals

·         Technological risks

o   Malware

o   Intrusions and password exposure

o   Mobility and WiFi

o   Use of personal equipment