Facebook, Google, and Cybersecurity Awareness Month
Two tech titans, Facebook and Google, recently disclosed cybersecurity mishaps. These revelations serve as a sobering reminder of the formidable challenges that safeguarding systems and data pose. Below, we summarize the incidents and how they affect Stanford and you personally.
Cybersecurity Awareness Month
October is cybersecurity awareness month. Phishing remains the single greatest threat to our privacy and security, and accordingly Stanford operates an ongoing phishing awareness program (https://phishing.stanford.edu) as a key component of our protection strategy.
In light of the recent social media cybersecurity announcements, this year we are also highlighting the plight of personally identifiable information (i.e., names, addresses, phone numbers, Social Security Numbers, etc). Over many years and for multiple reasons, this information for nearly everyone has become readily available to anyone who seeks it. Among other things, this has contributed to a dramatic increase in scam phone calls (“vishing”), forecasted to exceed 50% of all phone calls next year.
Related Security Tips
- If you receive a phone call and are unsure who is calling, don’t answer. If it’s important, they will leave a voicemail message. Be vigilant for common scams like the IRS impersonation one.
- Data have the propensity to spread and persist, so refrain from sharing sensitive personal information online, especially via social media.
- Proactively freeze your credit and monitor for identity theft. See https://uit.stanford.edu/security/identity-theft for more information.
- Forward any suspicious emails to firstname.lastname@example.org, where the information security team can analyze them and protect us against similar messages.
Facebook announced that hackers accessed private information across approximately 30 million accounts. Facebook has corrected the vulnerability and forced re-logins for all users who may have been affected. For more information, see https://www.facebook.com/help/securitynotice.
Google recently announced a vulnerability in its Google+ service, which was quietly corrected in March 2018. Google is currently unaware of any unauthorized information access associated with this vulnerability.
Google+ is not enabled through Stanford’s Google service, but many may have used it through their personal Google accounts. Citing low usage, Google is discontinuing the Google+ service for consumers. For more information, see https://www.blog.google/technology/safety-security/project-strobe/.