The Turkish protest #hashtags have been translated into English to get a better understanding of social media events in Turkey and the potential political ramifications of Twitter on eDiplomacy and real-time Politics in the Middle East.

Social media ensured that the voices from the Turkish protesters had been heard. The international media was very slow to cover demonstrations held in Turkey despite the uproar on Twitter and the violent scenes filmed and distributed across social media sites. On Friday, May 31, 2013 the #hashtag  #DirenGeziParkı (which translates to ‘stand strong those protesting in Gezi Park’) became the top tweeted hashtag across the globe as the violence intensified. Other hashtags also filled the top spots during the course of the day. However it didn’t make the national TV news within the UK until the continued protesting on Saturday and today.

Turkish protest hashtags translated into English.

• #TAYYİPSANAGÜLEGÜLE - ” Goodbye Tayyip” (statement to indicate that Tayyip Erdogan the current prime minister is going to be forced out of power soon)
• #cnnntvhabertürküBOYKOTEDİYORUZ -” We boycott CNNTV and Haber Turk” (CNN in Turkey and Haber Turk TV Station are state controlled. This hashtag is used to raise the awareness that the reporting by the state media is not subjective. A petition about CNN needing to re-claim the TV station has now been launched.
• #DictatorErdogan “Dictator Erdogan” (Recep Tayyip Erdoğan’s is the Prime Minister in Turkey. His leadership is being compared to that of a Dictator)
• StopLie AboutTurkey ”Stop Lying about Turkey”  (Directed to the government who are reporting a very different story to that told by the protesters).
• #occupygezi ”Occupy Gezi” – (Occupy Gezi Park, the place where the protests started. Gezi Park is one of the last green areas in central Istanbul. It is due to be developed into a shopping mall despite the wishes of many).
• #direngeziparki “Stand Strong Gezi Park” (Stand Strong those protesting in Gezi Park)
• #taksim - “Taksim” – Taksim is a popular area to visit and socialise in within Istanbul. It is near Gezi Park. Taksim Square is one of the areas in Turkey where a large protest is taking place.
• #direnankara “Stay Strong Ankara”. Ankara is the capital of Turkey and an area where a lot of protests are currently taking place against the government. It is also the location of the Prime Ministers office.
• NEW #1MİLLETUYANIYOR “I nation awakening” (The Turkish people uniting under this hashtag. This is currently the most tweeted hashtag across the Globe)
• NEW #ÜlkenİçinSağduyuluOl “For your country have common sense” (statement directed to the ruling party & the Turkish police)
• NEW #24saatiçindeistifaet ”Resign in 24 Hours” (statement directed at Recep Tayyip Erdoğan’s is the Prime Minister in Turkey)
• NEW #BuVatanHepimizinSahipÇık “This country is ours, own it”

“Part of the reason for the extraordinary number of tweets is related to a phenomenon that is emerging in response to a perceived lack of media coverage in the Turkish media. Dissatisfied with the mainstream media’s coverage of the event, which has been almost non-existent within Turkey, Turkish protestors have begun live-tweeting the protests as well as using smart-phones to live stream video of the protests”

The following post is provide based on research conducted in the past 24 hours by NYU’s Social Media and Political Participation (SMaPP) laboratory.  It is written by lab members and NYU Politics Ph.D. candidates Pablo Barberá and Megan Metzger.

*****

Over the past several years the role of social media in promoting, organizing, and responding to protest and revolution has been a hot topic of conversation. From Occupy Wall Street to the Arab Spring Revolutions, social media has been at the center of many of the largest, most popular demonstrations of political involvement. The protests taking place in Turkey add to this growing trend, and are already beginning to add new layers to our understanding of how social media can contribute to public participation.

Protests have been ongoing since early this week in Istanbul’s Taksim Square. Organized in response to government plans to tear down the green space in the center of the square and replace it with a shopping center, the protests have morphed into a more visceral expression of the general discontent with the government’s policies over the last several years In response, the police fired massive amounts of tear gas and pepper spray into the crowd and set fire to tents set up for protesters to sleep in, leaving several people injured.  Protesters have begun wearing homemade gas masks while continuing to protest on the street. As of 2 AM Turkish time on Saturday, the protests are still in progress and some protestors have reportedly breached the barrier and entered the park.

The social media response to and the role of social media in the protests has been phenomenal. Since 4pm local time yesterday, at least 2 million tweets mentioning hashtags related to the protest, such as #direngeziparkı (950,000 tweets), #occupygezi (170,000 tweets) or #geziparki (50,000 tweets) have been sent. As we show in the plot below, the activity on Twitter was constant throughout the day (Friday, May 31). Even after midnight local time last night more than 3,000 tweets about the protest were published every minute.

What is unique about this particular case is how Twitter is being used to spread information about the demonstrations from the ground. Unlike some other recent uprisings, around 90% of all geolocated tweets are coming from within Turkey, and 50% from within Istanbul (see map below). In comparison, Starbird (2012) estimated that only 30% of those tweeting during the Egyptian revolution were actually in the country. Additionally, approximately 88% of the tweets are in Turkish, which suggests the audience of the tweets is other Turkish citizens and not so much the international community.

These numbers are in spite of the fact that there are reports that the 3G network is down in much of the area that is affected. Some local shops have removed security from their WiFi networks to allow internet access, but almost certainly the reduced signal will have impacted the tweeting behavior of those on the ground.

Part of the reason for the extraordinary number of tweets is related to a phenomenon that is emerging in response to a perceived lack of media coverage in the Turkish media. Dissatisfied with the mainstream media’s coverage of the event, which has been almost non-existent within Turkey, Turkish protestors have begun live-tweeting the protests as well as using smart-phones to live stream video of the protests. This, along with recent articles in the Western news media, has become a major source of information about this week’s events. Protesters have encouraged Turks to turn off their televisions today in protest over the lack of coverage of the mainstream media by promoting the hashtag #BugünTelevizyonlarıKapat (literally, “turn off the TVs today”), which has been used in more than 50,000 tweets so far.

What this trend suggests is that Turkish protesters are replacing the traditional reporting with crowd-sourced accounts of the protest expressed through social media. Where traditional forms of news have failed to fully capture the intensity of the protests, or to elucidate the grievances that protesters are expressing, social media has provided those participating with a mechanism through which not only to communicate and exchange information with each other, but essentially to take the place of more traditional forms of media. Further, this documentation through multiple sources in public forums serves to provide a more accurate description of events as they unfold. The coming days in Turkey will give us more insight into the processes by which this takes place, but it is certainly an impressive realization of the potential for social media to be used in overcoming barriers to diffusion of information regarding and motivation for protests.

******

Update: we also wish to acknowledge the contributions of NYU Politics Ph.D. candidates Batuhan Gorgulu and Emine Deniz.

via Heather Kelly, CNN April 24, 2013

Stocks plunge, recover after bogus tweet

Misinformation can spread quickly on Twitter, each retweet exposing it to wider audiences and even resulting in real world impacts.

Hackers took over the AP Twitter account and falsely claimed that there had been explosions at the White House and that the president was hurt. The tweet was up for a few minutes and retweeted more than 3,000 times before Twitter took the account offline.

The AP confirmed the news was not true, but the tweet was up long enough to send a shudder through the stock market, which plunged 143 points before recovering.

Real tweets have the power to end careers, cause diplomatic tensions, fuel a revolution and find a kidney. Fake tweets can have the same ripple effects, and damage control is difficult. There is no way to edit or append a correction to a tweet, and once it has been retweeted, those 140 characters take on a life of their own. A follow-up tweet with the correct information might not be seen by the same people.

Tracking tragedy on Twitter

Social media during a disaster

“You want to respond as quickly as possible. Deleting the tweet is a good approach, but even if you delete it it’s obviously already out there,” said social media expert Krista Neher.

The AP incident is not the first time a tweet has influenced markets. In August 2012, an Italian journalist set up a fake twitter account for a member of Russia’s government and tweeted that the president of Syria had been killed, causing brief fluctuations in the oil markets. The journalist was an experienced Twitter hoaxer, having previously posted fake tweets about the death of the pope and Fidel Castro and established a number fake accounts for world leaders. He claimed he did it to prove how unreliable social media is for getting accurate news.

A tweet doesn’t just trigger financial panic, it can also strain diplomatic relations, as the U.S. Embassy in Cairo found out in April when the official Twitter account posted a link to a Daily Show segment critical of Egyptian President Mohammed Morsi.

In March 2013, someone posing as the U.S. ambassador to Moscow tweeted a criticism of the Russian presidential election process, which was picked up by the news media in Russia before it was revealed as a hoax. The U.S. government responded with official statements in both incidents.”The speed at which information spreads is so much quicker than it used to be, and Twitter is such a big part of that,” said Neher.

That was painfully evident on a late night during the manhunt in Boston. A tweet mistakenly named a missing Brown University student as one of the suspects. Twitter latched on to the name and many users assumed it was true even though it hadn’t been confirmed by authorities.

A faulty tweet also can have a negative impact on community or a family. Late last year a New Jersey Teenager tweeted saying there was an intruder in her house and asking people to call 911. The tweet went viral as friends and strangers expressed genuine concern for her safety (though no one on Twitter actually called 911). It was quickly discovered that there was no home invasion. The teen had run away from home and was later spotted on security cameras buying a train ticket to New York City.

The fast-moving, viral nature of Twitter has its perils, but it can also be used for good! Relative to the proportional needs of it’s users.

Social Media Starter Tips

Be Present, But Have a Plan, Create Solutions

Social media is a reality that exists out there, and millions of people already use it to communicate. If you’re not on it, you’re already behind the curve. Fortunately, it’s easy, widely accessible and, best of all, free. That being said, it’s easy to get lost in all the noise; without a proper plan of how to use tools as diverse as Twitter and Facebook to Pinterest and Tumblr, your message will not only be forgotten — it could never be noticed at all. Jump into social media, but know what you want to achieve with it.

Be Creative, Funny, Risky

Given the high noise-to-content ratio in much of the social media world, you’ll have to be creative in how you communicate, engage, and get your point across. Use Tumblr and Pinterest for more visually compelling content, and use Twitter and Facebook to decipher some of the traditional codes and conceptions surrounding diplomacy. If an ambassador or senior embassy official is on Twitter, they should liberally mix in personal observations with professional obligations. Social media can be risky, but risks pay handsome rewards.

Speak With People, Not At Them

Social media tools enable conversations. Use them as such. While it could be easy to simply tweet out rehearsed talking points or post embassy press releases on a Facebook page, social media tools should be used to engage people who are already out there. That doesn’t mean you have to avoid making a point, but you should be willing to go back and forth with people — respectfully — when they engage. Additionally, listen to what people are saying and what they might want and respond in kind.

Via Martin Austermuhle is a contributing writer for The Washington Diplomat and editor in chief of DCist.com.

In a new era of social media tools that allow individuals and organizations to communicate and interact directly with online “friends,” “followers,” “fans” and “supporters,” foreign embassies based in Washington, D.C., have started expanding the means by which they tell their side of the story. No longer do embassies have to rely only on letters to the editor that appear days later or press releases that are easy to ignore, but as the Israeli Embassy did, they can now submit instantaneous responses and engage more easily in conversations — all for free, with unlimited audiences and with the potential that their message could go viral.

These new tools — Twitter, Facebook, Tumblr, Pinterest and others — have changed how the world communicates, whether it’s a head of state making a headline-grabbing declaration, rebels trying to foment a revolution, or just old friends living continents apart reconnecting. But these tools have also changed the language of local diplomacy, allowing embassies to be more relaxed and approachable than what traditional diplomatic protocol often requires.

  Just a few years ago, only a handful of embassies and ambassadors had a presence on social media. Today, Washington-based embassies from across the globe have jumped with gusto into this emerging realm of digital diplomacy.

The British Embassy has close to 20,000 followers on Twitter and over 5,400 “likes” on its official Facebook page, while Israel’s combined reach with both popular services exceeds 100,000. The Embassy of Canada tweets to over 6,500 followers and regularly posts photographs on its Flickr page. The Polish Embassy is on YouTube. The United Arab Emirates not only employs Facebook and Twitter, but also created its own iPhone and iPad app, the only embassy to do so. The European Union Delegation just launched a new website in part to better showcase its Twitter efforts, interactive maps and photo galleries. And the Dutch Embassy recently took to Storify, using the service to aggregate tweets and Facebook postings to create minute-by-minute summaries of events it hosts.

The move toward social media is in many ways motivated by necessity more than desire. According to a December 2012 report by the Pew Research Center’s Internet and American Life Project, 67 percent of all Internet users in the United States regularly turn to social media. Of that number, 67 percent use Facebook, 16 percent use Twitter, 15 percent use Pinterest, 13 percent use Instagram, and 6 percent use Tumblr. Globally, it is estimated that there are more than 1.5 billion social media users, with close to 1 billion people using Facebook alone. Communications professionals say that entire conversations and interactions — especially among the critical 18-29 demographic — take place via social media, making it a tool of incomparable importance and reach for institutions seeking to spread their message.

At a recent discussion on social media at the Meridian International Center, Bob Boorstin, public policy director of Google, pointed out that digital diplomacy is still in its infancy, with only one-third of the world’s population having access to the Internet. He also said that while social media can supplement traditional diplomacy, it cannot replace face-to-face encounters and a diplomat’s social skills.

But it does open up a direct line of access to the public in a way old-fashioned diplomacy never could.

“You want to be there. You want to be where the conversation is taking place, and for any company, for any embassy, for any country — no matter the entity — the conversation is taking place out there whether you like it or not, and you need to engage in that conversation. [Y]ou need to be represented across many social media platforms to make sure that if the conversation is there, they have someone to turn to,” said Peter LaMotte, senior vice president at Levick, a Washington-based PR firm that has worked with embassies on using social media tools to further their political and communications strategies in Washington.

The conversation can take many forms and include a diversity of content. While some countries rely on social media as another outlet to express political viewpoints, many use it to promote culture, tourism and elements of public diplomacy that expose their audiences to aspects of the country that may not be well known (and that sidestep touchy political issues).

The British Embassy’s most popular social media tool is its visually rich Tumblr page, which it uses for cultural promotions, while the British Council used Facebook to share a Halloween picture of its staff dressed up like the characters from “Downton Abbey.” Given the popularity of the TV show, the images were quickly and widely shared among thousands of people — a boon in the promotion of British heritage. Likewise, the British Embassy’s Flickr page features photos of “Downton” cast members hanging out at Ambassador Peter Westmacott’s residence during a December reception. The Flickr photos offer a glimpse inside exclusive parties with Washington VIPs such as White House Advisor Valerie Jarrett and Arianna Huffington, while others show a more down-to-earth side of diplomacy, like embassy staff training for a bike ride they’ll do with U.S. wounded war veterans from Paris to London.

For the United Arab Emirates, social media tools offer the embassy an opportunity to communicate a variety of messages, from the political to the cultural to the economic.

“We absolutely mix it up as much as we can. We try not to make it about politics all the time, because there’s more to the United Arab Emirates than just that,” said Haitham Al Mussawi, the embassy’s digital diplomacy editor. “So we try to inform and educate as much as we can about the U.S.-UAE relationship, about women’s rights, about education, about culture and heritage, and about the philanthropy between United Arab Emirates and the U.S.”

  He noted that the embassy was recently able to use social media to correct an assumption that the United States buys oil from the UAE; it doesn’t, said Al Mussawi, but the UAE does do roughly $20 billion of annual business with the United States.

For the Greek Embassy, Facebook and Twitter are avenues to inculcate positive sentiments in an era of difficult political and economic news for the country. “Our main objective is to create a positive sentiment around Greece. So we focus on culture, travel and good news about Greece. Especially now with the crisis, we want to promote — in an interactive way — good stories that do exist back home,” said Maria Galanou, the embassy’s press officer.

This, said LaMotte, is one of the core benefits of social media. “Every country has a positive message, every country has something that they can share about their country of what they’re doing on education, what they’re doing on diplomacy. All of them have those stories. Those are the stories that you want to engage in. Because people can be turned around,” said LaMotte, whose PR firm recently hosted the EU Delegation and embassy representatives from Austria, Peru, Sweden the UAE and others during a Digital Diplomacy Open House as part of Social Media Week, a worldwide event exploring the social, cultural and economic impact of social media.

In addition to amplifying cultural or political messages, social media is also used to convey more basic information, communicating with local diasporas, for example, or providing timely information to nationals traveling in the United States should events warrant it. During Hurricane Sandy, said Al Mussawi, the embassy was able to use Twitter and Facebook to get in touch with UAE tourists visiting the United States, as did the Italian Embassy.

“We assign great importance to social media — for example, broadcasting information on Hurricane Sandy last fall, providing updates on the situation, and a list of emergency numbers of our diplomatic network for Italian tourists in the U.S. and any nationals needing assistance,” said Italian Ambassador Claudio Bisogniero.

Various embassies have divided up their social media presence into institutional and personal — both the embassy and the ambassador can maintain individual Twitter accounts, for example. Indonesian Ambassador Dino Patti Djalal and former Mexican Ambassador Arturo Sarukhan — both of whom embraced Twitter early on — each boast more than 100,000 followers. Israeli Ambassador Michael Oren has his own Twitter account with 10,000 followers, while Ecuadorean Ambassador Nathalie Cely Suárez has 31,500 followers of her own.

Cely spoke at the Meridian International Center on Feb. 21 for another Social Media Week discussion, “Power to the Tweeple: Best Practices in Digital Diplomacy,” co-hosted by Google. The Ecuadorian envoy agreed with panelists such as Google’s Bob Boorstin and Facebook’s Katie Harbath that social media is more effective when engaging an audience with a “persona,” rather than as a faceless mouthpiece dictating reworked press releases and official statements. For example, by tweeting informally and often in Spanish, Cely puts a personal touch on her professional observations.

While some ambassadors clearly do their own tweeting, not everyone will admit as to whether the chiefs of mission are the real voices behind the tweets, though envoys who are hands-on see social media as a means to break down the walls of protocol that tend to surround embassies.

“Sometimes I make personal comments about the weather or how I feel or how happy or unhappy I was with something. I make my own my own personal appreciations,” said EU Ambassador João Vale de Almeida, who recently took on his own Twitter account (and provided live tweets during the U.S. presidential inauguration). “One-third of it is of a more personal nature, two-thirds of it are more professional. I think Twitter has to be personal, otherwise there’s no interest.”

Of course, social media can’t merely be another way for institutions to talk at people, but rather has to be a means of talking with them, and therein lies a fundamental challenge. An interactive dialogue takes manpower, and not every embassy has the resources to constantly maintain websites, let alone multiple social media sites. And not every comment merits a response.

On that note, many embassies admit they have to balance when and how to respond to the public. As much as Twitter or Facebook are useful soapboxes, they also offer critics a chance to comment — and often abrasively. The more controversial the topic or country, the more difficult that balance can be to achieve.

“Israel is sometimes perceived as a controversial topic, so there’s a lot of back and forth between people who love Israel and are very in favor of it and a few people that are against it. You have to have a balance between the people you’re going to respond to and the people that you won’t,” said Jed Shein, who directs social media efforts for the Israeli Embassy. “I think what we really look at are what are the main issues, what do people want to hear? We’re willing to react and respond to people.”

But maybe the biggest challenge faced by embassies isn’t so much what they can say — but rather what they can’t. Social media tools are freewheeling and often anonymous; conversations and comments can move much faster than what traditional institutions, especially embassies, are able to respond to. Embassies are still bound by the political imperatives and messages of the ministries or cabinet secretaries they answer to, and sensitive diplomatic topics often have to be left off of social media. One badly worded tweet can easily create a diplomatic firestorm. In a sense, this leaves embassies at a disadvantage, especially when dealing with hot-button political issues: Users of social media can easily tell when they’re being fed canned responses, and don’t often take kindly to them.

Yet finding a voice — even in the midst of crisis — is important. For Shein and the Israeli Embassy, being a focus of controversy can often help. “We’re not afraid to be a little edgy. That’s what we’re really proud of. We get a lot of front-page headlines — some of them in favor, some of them not in favor — but it’s how we’re going to grab the attention of people and kind of break through the filter of the media that won’t write everything that you might be interested in,” he said.

For LaMotte, the benefits of using social media far outweigh some of the drawbacks in navigating what can be said, how it can said, and when it can be said. “The fact of the matter is that whether it’s a corporation or a country, their hesitancy comes from pretty much the same place, which is, this is an incredibly powerful tool that we’re not sure we fully understand, and if things go poorly, we can control,” he said. “We educate them first that getting engaged is the most important piece.”

*Article via @DipAtState

The Office of eDiplomacy began with six staff and remained near this staffing level until 2009 (p. 10). Since then it has grown sharply in size to 80 personnel, half of whom work on ediplomacy (the other half being staff from the Customer Liaison Division).

The Office’s core knowledge management work centers around several platforms it has created and operates. These include:

• Corridor: an internal professional networking site that is a hybrid of LinkedIn and Facebook, but with a stronger resemblance to the Facebook interface.
• Diplopedia: an internal Wiki, with the same look and feel as Wikipedia.

• Communities@State: an internal multi-author blogging platform.
• Enterprise Search: a search tool covering State’s unclassified intranet and some State internet websites.
• The Innovation Fund: a $2 million fund that aims to crowd source innovations from staff.

• The Virtual Student Foreign Service: a microtasking platform that taps into specialized external knowledge among university students.

In addition to these principal platforms, it also offers consultative knowledge management services via Idea Exchanges. These are described on the State Department website as follows:

eDiplomacy provides advice and support to Department organizations (domestic and abroad) to create Idea Exchanges. These online forums enable domestic and overseas employees to share and evaluate ideas for innovation and reform. The Idea Exchange program builds on the experience of The Sounding Board, an initiative launched by Secretary Clinton that encourages employees to contribute their ideas and suggestions for how to make the Department work in new, smarter, and more effective ways to advance our nation’s foreign policy goals.

The Office of eDiplomacy is also working on a range of other ways to address the knowledge management challenge at State. It is actively looking to include digital tags on all written documents that would allow officers to immediately draw together all related documents on their desktop. It is also looking at ways to identify knowledge nodes or centers of expertise. Presented visually, this would allow officers to quickly identify key internal authorities on a subject.

The Sounding Board is an attempt to source ideas and innovation directly from State Department employees. It started as a blog, but now uses ideation software (Bright Idea). It is the first thing all staff see upon logging on to State’s intranet.

The Social Media Hub, one of the Communities@State multi-author blogs, provides a range of knowledge management services, primarily to overseas posts. It runs and operates the Social Media Hub web portal, which contains detailed information for posts on best-practice use of social media, advice on the most suitable social media platforms for each market, and examples of successful applications and innovative uses by posts.

The Hub also fields specific social media queries such as on relevant State Department policies, troubleshoots social media problems such as hacked accounts, assists with compliance with legal obligations, running educational webinars and app development.

CO.NX, running on Adobe Connect, has a strong knowledge management component. It is used for training purposes, resulting in considerable savings (by eliminating airline costs or video teleconferencing fees) and internal discussions. This year the CO.NX team ran approximately 1,500 programs (up from 1,000 the year before), with the virtual speaker program now matching the in-country speaker program.

CO.NX studio, U.S. Department of State

CO.NX started with an average audience size of 30-50 people for public events. Now, for some larger ones like the Rio+20 conference it can hit close to 70,000 in a week. It has also moved from broadcasting solely from its D.C. studio to content produced by U.S. missions abroad. Around 30 missions now have their own CO.NX channels (see conx.state.gov) with most coming from Latin America.

“… ediplomacy is the talk of foreign ministries the world over…”
—Nick Bryant, BBC, July 2012

Many foreign policy mandarins might not like or understand it, but the foreign policy operating environment is changing quickly.

When in 2011 the Swedish Foreign Minister, Carl Bildt, was unable to get in touch with his Bahraini counterpart during the heat of the protest movement there, he opted to publically shame him via Twitter.

When General Electric was selecting topics for a summit of its most senior government relations executives, it chose Google….and the U.S. State Department’s ediplomacy.

When on July 12, 2010, Terry Jones, a fundamentalist reverend from Florida, wrote a series of tweets attacking Islam, one of which read: “9/11/2010 Int Burn a Koran Day” news of his proposal spread virally resulting in a wave of global protests, some of them deadly.

The adaptation to this new environment and integration of new technologies into diplomacy is one of the biggest challenges foreign ministries—and corporations—have faced in many years.  And it has led to a string of attempts to describe the change afoot. The State Department calls it 21st Century Statecraft; the UK Foreign Office uses the term Digital Diplomacy; while the Canadians refer to it as Open Policy.

This paper refers to it as “ediplomacy” and uses a slightly amended definition previously proposed by the author. It defines ediplomacy as: the use of the internet and new Information Communications Technologies to help carry out diplomatic objectives.

At the vanguard of this adaptation is the U.S. State Department. The first paper in this series, Revolution@State, found over 150 people employed in 25 separate ediplomacy nodes covering eight different work areas. At U.S. missions abroad, another 900 staff used ediplomacy tools to some extent.

This paper is focused on just three of those eight areas where State is currently allocating the bulk of its ediplomacy resources: public diplomacy, internet freedom and knowledge management.

Its starting point comes from this video extract: as the Godmother of 21st Century Statecraft, Hillary Clinton, steps down as Secretary of State, is ediplomacy now baked into the Department?

eDiplomacy Staffing at State

The above chart takes some liberty as several ediplomacy units cut across multiple thematic areas, but serves to illustrate the broad allocation of ediplomacy resources. It also helps explain why this paper focuses in on just three of the eight areas that are to the greatest extent “baked in.”

Be open to open source

This is the first of a series of blog posts from the first ONA class of AP-Google Journalism and Technology Scholars describing their experiences, projects and sharing their knowledge with the ONA community.

Kevin Schaul is Data/Web Dev Intern at @StarTribune and is joining @nytgraphics for the summer.

The Chicago Tribune News Apps team open-sourced Boundary Service, which has been modified and extended by other news organizations.”

There hasn’t been such an exciting time for aspiring journalists since the advent of radio or television. With the proliferation of data and the computing power to mass process it, compelling stories lay in 1′s and 0′s just waiting to be told. Through these difficult times for the field, a new sub area has shown us hope: computational journalism. And, thanks to the open source movement of leading news organizations, it’s as simple as ever to get your foot in the door of truly great journalistic enterprises.

What is open source?
Journalism and open source software were made for each other. The open source movement shares key values with traditional journalism, where the hours are long and the paychecks small, but the do-good spirit (hopefully) prevails.

Open source, in terms of software, is based on the idea that information should be free –- a milestone of the Hacker Ethic. Systems are better built through communal collaboration than individual efforts. The movement began when computers were fledgling mammoths, and the field of computer science didn’t yet exist. By working together, the world’s earliest hackers built the foundations of the systems so essential to today’s environment. The individual was subordinate to the sum of the communal efforts. There were legendary hackers, of course, but largely it wasn’t about the ego race; it was the best way to move the world toward a better position.

Journalism needs open source
Traditional open source software shops build systems for whatever needs arise and publish code for others to download, modify and contribute to. Systems continue to be supported through fixes and new features submitted by the community as well as the original team. It may seem counterintuitive to give your hard work away for free, but in many situations, the benefits far outweigh the concern.

As the sizes of newsrooms dwindle, open source development is becoming a necessity to continue competing with startups for consumers’ attention. Instead of each news organization building a JavaScript mapping library, developers from across the world instead can work on a great implementation, for use by all. Such tools make election night data visualization possible for smaller news organizations, and they continue to push the limits for larger efforts.

You need open source, too
Open source is great for beginning computational journalists, too, because it lowers the barrier of entry. A few examples:

• A journalist looking to build an advanced map plotting population density has to look no further than the great Chicago Tribune News Apps Team’s blog. (Understandably, their motto is “Show Your Work.”)
• Curious about how the the L.A. Times builds its interactive news projects? A ton of their code is posted on GitHub.
• Want to run through the code of a production-ready elections app? NPR published its whole codebase.

There are many other news apps teams sprouting up, publishing code and tutorials in the name of open source. On an individual basis, the folks who hang out on the NICAR-L mailing list are a wonderful resource, as well as the data journalists I’ve identified in this Twitter list.

The open source nature of this emerging field makes in easier to get involved, and the jobs are out there for people working on the skills of data journalism. Now, go out there, learn and collaborate.

How to Attract New Customers/ Marketing for Business and Non-Profits 101

(Via defensecontractormarketing.com)

Demand generation is the focus of targeted marketing programs to drive awareness and interest in a company’s products and/or services. Commonly used in business to business, business to government, or longer business to consumer sales cycles, demand generation involves multiple areas of marketing and is really the marriage of marketing programs coupled with a structured sales process. WIKIPEDIA

Demand generation as a marketing approach is becoming more popular because of the changing nature of the buying and decision-making process.

In the past, prospects relied heavily on salespeople for information. Sellers would provide the salespeople with marketing “air cover” like advertising, trade shows, brochures, direct mail, etc.

However, with the emergence of broadband and the easy availability of information online, prospects now do research on their own and contact a salesperson much later in the process. This diminished the power of the sales person and put the buyer more firmly in control.

Today, buyers find sellers. In a MarketingSherpa study where the question was asked, “In the most recent purchase, who found whom?”  in 80% of deals, the buyer found the seller. Only 20% had salespeople find the deal.

This seismic change to the buying process has resulted in a new approach – demand generation.

In a whitepaper, Jeff Ogden, President of The Fearless Competitor, describes demand generation this way:

The process of creating and nurturing (Generating) interest (Demand) in the products and services that your company offers.

Does demand generation work? In a recent study of B2B marketers, Rubicon Marketing Group found that marketers using demand generation best practices had:

• 18% higher revenue.
• 9.3% higher sales quota achievement.
• 7% higher win rates.
• 100% increase in deal size.

Ogden summarizes how defense contractors can get an effective demand generation program underway in 6 steps:

• Turn your website into an educational hub.
• Put great content everywhere prospects might look.
• Stay in touch with those not yet ready to buy.
• Personalize the content and react to their online behavior.
• Use objective criteria to determine who is ready to buy and who is not.
• Develop metrics to measure our programs and prove their value.

Question: what demand generation tactics have you used?

Click here to download a copy of the 41-page whitepaper (including a Demand Generation Toolkit) “How to Find New Customers: The Definitive Guide to Driving Demand for your Company’s Products and Services.”

by  Douglas Burdett @DouglasBUrdett

Defense contractors who use content marketing are able to reduce the cost of leads, recruit top talent and position themselves as thought leaders.

Content marketing, as defined by the Content Marketing Institute, is

… a marketing technique of creating and distributing relevant and valuable content to attract, acquire, and engage a clearly defined and understood target audience – with the objective of driving profitable customer action.

In recent years, marketers have been forced to think differently about how they engage with potential customers, including defense contractors who are involved in a lengthy sales cycle.

Every year, customers have increasing control over what marketing messages they wish to consume.  Gone are the days when a business could bombard prospects with marketing messages. Now prospects must be attracted with useful content.

In a guide, “Content Marketing Playbook,” published by the Content Marketing Institute, 42 of the most heavily used tools for content marketing are described, from blogging and white papers to infographics and mobile apps.

Here’s a summary of the top 10 tactics as they relate to defense contractors:

1. Blogs – If you only do one thing on the list of 42, blog.  Blogging, in addition to being the best way to increase your website’s visibility with search engines, enables your firm to engage in a conversation with customers, end users, stakeholders and influencers.
2. Enewsletter – Permission-based email that is rich with useful, educational content is a great way to stay in touch with customers and nurture prospects.
3. White Paper – White papers are generally 8-12 pages and, when not overly self-promotional, are very effective at explaining technical topics, and are especially effective for defense contractors.
4. Article – An ongoing article publishing effort in targeted publications (print and electronic) has long been an effective means of establishing thought leadership and raising awareness.  If you can tie in an article writing program with speaking engagements, even better.
5. eBook – Generally 12-40 or more pages, these are like white papers on steroids.
6. Case Study – These can be one of the most persuasive tactics, and involve demonstrating in 1-2 pages how your product has solved a problem for an organization similar to the one you’re pitching.
7. Testimonials – When praise comes from a customer, it decreases skepticism and barriers to purchase.
8. Microblogging – Twitter, specifically.  The speed and reach of Twitter creates an almost real-time conversation with your followers.
9. Webinar/Webcast – Webinars are excellent call-to-actions or follow-up to other content. And they can be downloaded afterward.
10. Video – Videos are inexpensive to produce and easy to upload and share. In fact, the less “slick” the video, the higher the credibility.

Social networking has become a central method of both communication and promotion in the business world in the past several years. When someone seeks out information or expertise on the internet, one of the first places they look is a site such as Facebook, LinkedIn, Google+ or a number of other sites that bring massive amounts of people and information together in a single place.

This infographic gives some basic demographic information about four of the top social networking sites. Deciding your target audience and understanding which platform best reaches that demographic is the first step in deciding which social networking site or sites you may use in developing your brand as an expert. It also describes sites’ features, “secret weapons” for savvy users, the best information to share, and possible drawbacks.

Here you will find the basics for beginning to best put these popular tools to use in best showcasing your expertise to your target audience. The most successful companies and individuals in any field study and understand the importance of social media networking and use it to their advantage, helping them stand out in a crowded business environment. Finding the right social networking platform to reach, attract, and connect with your target audience can make the difference between disappearing in the crowd and achieving your goals.

The Long Reach of Security Breaches; Gold in the Cyberunderground.

The data security breach that recently impacted more than 450,000 Yahoo! users may have even greater consequences than experts previously believed. A recent USA Today report by Byron Acohido explained that the email addresses and passwords obtained in the incident are a clear indication that more email security attacks are on the horizon.

“Stolen email usernames and passwords have become like gold in the cyberunderground,” Acohido wrote. “That’s because access to online financial accounts, social networks and business networks often revolve around email logins.”

Industry experts have asserted that many people and businesses simply use weak passwords for their email and other accounts, making them even more vulnerable to attack.

WordPress Security Tips
# DRAFT VERSION – 17.07.2012
1. Keep your blog on a subdomain.
Although not a silver bullet, this will help in the effect of some Cross-Site Scripting (XSS) attacks as your blog will be affected by the browser’s Same Origin Policy (SOP). This may, however, affect your blog’s Google pagerank.
2. Move your wp-content directory.
Moving the wp-content directory will help in protecting your blog against some automated 0day attacks. “Since Version 2.6, you can move the wp-content directory, which holds your themes, plugins, and uploads, outside of the WordPress application directory.” http://codex.wordpress.org/Editing_wp-config.php#Moving_wp-content
3. Don’t use the ‘admin’ username.
WordPress used to set the ‘admin’ username by default on all installations. In recent versions the username can now be chosen on installation. Since it is widely known that a lot of WordPress blogs use the ‘admin’ username it is a prime target for brute force attacks.
4. Keep plugin installations to a minimum.
Through experience we’ve found that WordPress plugins are normally the weakest link in a WordPress blog’s security. Many plugins are susceptible to Cross-Site Scripting (XSS), SQL Injection and other attacks. By keeping plugin installations to a minimum you reduce the attack surface.
5. Move the wp-config.php file one directory up, outside of the web root directory.
WordPress will look inside the web root directory for the wp-config.php file as well as within the directory above it. This will help in minimising the file being exposed to the Internet.
6. Turn off directory listing on your web server.
WordPress suffers from many Full Path Disclosure (FPD) vulnerabilities which can be used to facilitate in further attacks such as Path Traversal. A bandaid for these bugs is to turn off directory listing in your web server’s configuration file.
7. Ensure any TimThumb files are up to date.
TimThumb is a small php script for cropping, zooming and resizing web images which many WordPress themes use. In 2011 a Remote Code Execution vulnerability was found to affect it and was actively exploited. This vulnerability has been fixed in recent versions of TimThumb. If your WordPress theme uses the TimThumb script ensure that it is the latest version.
8. Use a login lockdown plugin.
WordPress by default does not limit the number of unsuccessful login attempts which makes it susceptible to a password brute force attack. There are many plugins which introduce this functionality as well as other login security features.
9. Remove the readme.html file.
Every time WordPress is installed or updated a file called readme.html is included. This file may disclose your blog’s version number which could aid an attacker in exploitation.
10. Keep WordPress and its plugins updated.
WordPress and plugin authors are constantly fixing bugs and security issues within their code and releasing new versions. At the time of writing only 21.5% of WordPress blogs are running the latest version.
11. Administration over SSL.
The wp-login.php file is often accessed over un-encrypted channels such as HTTP. By ensuring the connection is encrypted when you submit your login credentials you reduce the risk of Man In The Middle (MITM) attacks. For further information see: http://codex.wordpress.org/Administration_Over_SSL
12. Use unprivileged database user for non-admin functionality. (needs some WP modification)
By default WordPress uses the same database user for all users, anonymous users through to authenticated admins. With some code tweaks it is possible to use a lower privileged database user for anonymous users, reducing the risk of database compromise.
13. Don’t use the default ‘wp_’ table prefix.
By default WordPress uses the ‘wp_’ database table prefix. This prefix makes it easy for attackers to guess table names. It is recommended that alternative prefixes be used.
14. Keep privileged users to a minimum.
The more privileged users there are the more chance that one of them has a weak password. By keeping privileged users to a minimum you reduce the risk of them being compromised.
15. Remove the version number from the generator tags (index page and RSS feed).
WordPress by default advertises its version in HTML generator meta tags both on the index page and within its RSS feed. By removing these it makes it more difficult for an attacker to find out the blog’s version.
16. Add a layer of protection to the wp-admin directory and the wp-login.php file with HTTP Basic Authentication.
17. Disable the theme and plugin editor.
Attackers whom have gained access to the theme/plugin editor could use them to execute their own malicious code. The theme and plugin editor can be disabled within the wp-config.php file.
18. Only use plugins from the official directory.
It is recommended that only plugins published on the official WordPress plugins website be installed. WordPress does some plugin vetting which should catch rouge plugins.
19. Don’t store backups on public directories.
Backup files should not be stored within a public web directory. The backup file names may be guessed via the use of brute force techniques.
20. Remove ‘Powered by WordPress’ from the blog’s footer.
Attackers may use search engines to find potential vulnerable victims. By removing the ‘powered by’ text it may help in preventing basic attacker enumeration.
21. Enable X-Frame-Options for unauthenticated users.
WordPress in recent versions uses the ‘X-Frame-Options’ HTTP header for privileged users to tell the browser where HTML frames are allowed to be loaded from. This isn’t however set for unauthenticated users, allowing for potential ClickJacking attacks.
22. IP whitelist the wp-login.php file.
Most administrative users login to their blog via the same IP address. By whitelisting access to the wp-login.php file you ensure that only specific IPs can access it.

Fog Computing; catching the insider the DARPA way
05 July 2012
Written by INFOsecurity Magazine.com

The insider threat is generally acknowledged to be a serious threat to data security. For companies it can lead to the loss of IP; for governments, the loss of state secrets. Fog Computing is a new approach to detecting and preventing that threat.
Insiders pose a major problem for the security industry. Since by definition they exist inside traditional perimeter security, most defenses are based on a form of behavioral analysis or anomaly detection on the network. Fog computing is an attempt to improve that behavioral analysis by enticement – an attempt to make malicious insiders show their presence. Developed for DARPA by Allure Security Technology, a Columbia University spinout company, it intersperses legitimate documents with enticing deceptive documents (DDs); and then watches who accesses them. 
The system knows the DDs. Detection of which employees are attracted to the DDs highlights those users who are a potential insider threat. In this sense fog computing turns an organization’s database into a honeypot trap for its own employees. “Two small problems,” notes a report published Tuesday in Wired’s Danger Room: “Some of the researchers’ techniques are barely distinguishable from spammers’ tricks. And they could wind up undermining trust among the nation’s secret-keepers, rather than restoring it.”
Wired is discussing a document issued by the U.S. Army Aviation and Missile Command, produced by Allure for DARPA and titled Final Report: Anomaly Detection At Multiple Scales. It is a high level design of the Allure Defender System – an implementation of fog computing. It shows, for example, how one potential weakness in the concept is handled. The system itself must be able to distinguish DDs from genuine documents. If an attacker (an insider or an external hacker who has gained access to the network) can also tell which is which, the whole process fails.
“One approach we use in creating decoys,” says the Allure document, “relies on a document marking scheme in which all documents contain embedded markings such that decoys are tagged with HMACs (i.e., a keyed cryptographic hash function) and non-decoys are tagged with indistinguishable randomness… and the only attacker capable of distinguishing them is one with the key, perhaps the highly privileged insider.” The integrity of the system is thus reduced to protection of the key that differentiates between genuine and decoy documents.
While this particular document discusses a system designed for military or government implementation, subsequent documents from Allure demonstrate a wider applicability for the concept. Commerce is moving into the cloud. In a cloud concept, everyone with access to the internet is effectively an ‘insider’. Fog Computing: Mitigating Insider Data Theft Attacks in the Cloud shows that Allure sees a general applicability for fog computing. It proposes the addition of decoy documents to a user’s cloud store. “Once unauthorized data access or exposure is suspected, and later verified, with challenge questions for instance,” it says, “we inundate the malicious insider with bogus information in order to dilute the user’s real data. Such preventive attacks that rely on disinformation technology, could provide unprecedented levels of security in the Cloud and in social networks.”
Cancel

The dark side of QR codes
by CNET staff
July 3, 2012

There’s a pretty good chance you’ve scanned a QR code with your smartphone. QR is short for “quick response.” Hidden in those lines are embedded code only your smartphone can read that points it to a new location on the Web. Online marketing gurus are singing the digital praises for the inexpensive cost with maximum return on investment.
The real estate industry is one example. Agents are able to market their hottest properties and themselves by embedding QR codes into their signs and brochures. QR design companies say they’re seeing exponential growth in their business over the past two years. But security experts say not so fast.
Taking your smartphone to a new site certainly can seem cool if you trust the source. But experts believe it’s just a matter of time before hackers are able to hijack this clever code, taking you someplace you didn’t plan on going. The results could be a nasty virus, botnet, or malicious code that records your personal information, your location, even your bank account numbers.
Your best defense, use common sense. Don’t scan QR codes randomly found on the street or buildings. If you have to ask yourself who might have made this code, it’s probably best to pass.

Article Sourced from Rick Tracy @rick_tracy.

Agency-owned PCs could soon be relics of a bygone era .

Veterans Affairs Department Chief Information Officer Roger Baker predicts that within five or six years VA will no longer furnish employees with computers. Instead, they will use the devices they own to connect to department networks.

He also believes the department has awarded its last desktop PC contract, a $476.6 million deal for up to 600,000 desktops awarded to Dell in April 2011. Baker made the remarks in a call with reporters Thursday.

He would like to see VA get out of the business of provisioning its roughly 300,00 employees with hardware to access VA networks and said he backed a departmentwide policy allowing employees to bring their own devices to the job.

Asked how the department would manage the financial aspect of a policy that would have employees buy their own hardware, Baker said, “That’s a [human resources] issue.”

Last October VA kicked off a test of 1,000 department-supplied Apple iPad tablet computers on its networks. Baker said security stands out as the key issue for the use of tablets and smartphones, whether they are supplied by the department or owned by employees.

IT will take a “massive investment” to ensure veteran data is protected before VA can proceed with a widespread BYOD plan, Baker said. He did not specify how much VA will need to spend on mobile device security.

VA and its employees also would have to ensure that personal applications are free of viruses and malware before they are connected to the department computer systems.

Baker also warned that any VA employee who uses Apple hardware that has been “jailbreaked” — modified so the user gains root access to the operating system — faces harsh consequences. Any such hardware connected to VA networks, would have its software completely and automatically wiped, Baker said.

Baker’s endorsement of a BYOD policy fits with a similar approach planned by the Defense Department in its mobile device strategy released last week. That strategy said, “DoD must continue to explore the efficiencies associated with the use of personally-owned mobile devices and potential security risks posed by such devices. “

The Defense Department “must define acceptable use of personally-owned mobile devices and acceptable personal use of DoD-owned devices where applicable,” the strategy said.

Baker said he would like to work with Defense CIO Teresa Takai on developing mobile strategies and policies.

State Sponsored IE Vulnerability and a Four Line MySQL Exploit

Some interesting news has come out in the last week about two serious Internet Explorer vulnerabilities and a MySql vulnerability that can be exploited by a four line script.

IE VULNERABILITIES

Of the two latest Microsoft IE vulnerabilities, CVE-2012-1889 and CVE-2012-1875, the first seems the most interesting. Rumored to be “State-Sponsored”, the vulnerability seems to focus on users using Gmail, MS Office and Internet Explorer. And as yet is still an active Zero Day exploit. Security software company Rapid 7 explains the vulnerability as follows:

“This is an uninitialized memory bug found in MSXML. According to Microsoft, such a component can be loaded from either Internet Explorer and Microsoft Office. This vulnerability is rumored to be “state-sponsored”, and what makes it really critical is it’s still an 0-day hijacking Gmail accounts. That’s right, that means if you’re using Gmail as well as Internet Explorer or Microsoft Office, you’re at risk. We expect this vulnerability to grow even more dangerous since there’s no patch, and it’s rather easy to trigger.”

The second IE exploit has been patched, but as yet there is no patch for CVE-2012-1889. Microsoft does offer a “FixIt” program as a work around until an official patch is released.

Rapid 7, the creative geniuses behind Metasploit, have already released exploit modules for both IE vulnerabilities so you can test your systems to see if they are vulnerable to the attack.

Read the Full Article at: http://www.infosecisland.com/blogview/21703-State-Sponsored-IE-Vulnerability-and-a-Four-Line-MySQL-Exploit.html?utm_source=BinusHackerInfosecIsland

P2P File Sharing “BitTorrent Networking”

June, 2012   Sourced From About.com;  Internet for Beginners

Question: What exactly is “bittorrent” sharing?

Answer: Bittorrent networking is the most popular form of modern P2P (peer-to-peer) file sharing. Since 2006, bittorrent sharing has been the primary means for users to trade software, music, movies, and digital books online. Torrents are very unpopular with the MPAA, the RIAA, and other copyright authorities, but are much beloved by millions of college and university students around the planet.

Bittorrents (also known as “torrents”) work by downloading small bits of files from many different web sources at the same time. Torrent downloading is extremely easy to use, and outside of a few torrent search providers, torrents themselves are free of user fees.

Torrent networking debuted in 2001. A Python-language programmer, Bram Cohen, created the technology with the intent to share it with everyone. And indeed, its popularity has taken off since 2005. The torrent community has now grown to millions of users worldwide in 2009. Because torrents strive to screen out dummy and corrupt files, are mostly free of adware/spyware, and achieve amazing download speeds, torrent popularity is still growing fast. By straight gigabytes of bandwidth used, bittorrent networking is the most popular activity on the Internet today.

How are torrents special? How is the torrent community different from Kazaa and other networks?

Answer: Like the other file-sharing networks (Kazaa, Limewire (now defunct), Gnutella, eDonkey, and Shareaza) Bittorrent’s primary purpose is to distribute large media files to private users. Unlike most P2P networks, however, torrents stand out for 5 major reasons:

1. Torrent networking is NOT a publish-subscribe model like Kazaa; instead, torrents are true Peer-to-Peer networking where the users themselves do the actual file serving.
   
2. Torrents enforce 99% quality control by filtering out corrupted and dummy files, ensuring that downloads contain only what they claim to contain. There is still some abuse of the system, but if you use a community torrent searcher like www.isohunt.com, users will warn you when a torrent is a fake or dummy file.
   
3. Torrents actively encourage users to share (“seed”) their complete files, while simultaneously penalizing users who “leech”.
   
4. Torrents can achieve download speeds over 1.5 megabits per second.
   
5. Torrent code is open-source, advertising-free, and adware/spyware-free. This means that no single person profits from torrent success.

Examples of some Download Sites Below.

(Provided as Info, Not Editor Endorsed)

Defense Industry Must Embrace Social Media

By David J. Albritton and Sourced from Douglas Burdett

By embracing social media, defense contractors can keep up with opinion leaders, learn how their company is perceived, gain valuable insights for company growth and tailor different messages to different audiences.

Many defense contractors have been reluctant to embrace social media.  Reasons for this reluctance include lack of management familiarity with social media, security concerns, and unease at the organizational change required to implement an effective management of this new medium.

In an article in National Defense, David J. Albritton, vice president of communications at ITT Defense Electronics & Services, outlined the benefits of embracing social media, and the perils of ignoring it.  Here’s Douglas Burdett’s summary of 5 key points from his article as it relates to marketing.

• Be Heard.  Social media enables you to engage with  increasingly tech-savvy journalists and bloggers.  This group prefers and is coming to expect their primary communication via social media.

• Free Marketing Research.  In certain ways, social media can provide even more candid and honest insights about your company and services than more formalized marketing research.  By listening in on the conversation, defense contractors can better understand how they are perceived by various groups.  Additionally, social media enables you to learn how your competitors are faring in the court of public opinion.

• Join the Conversation.  What many defense contractors may be uncomfortable with in social media is not being able to control the one-way conversation like in the past. But therein lies the opportunity.  Social media allows defense contractors to have a more open dialogue with various audiences, thus being able to convey accurate and timely information to groups with enormous influence.  Defense contractors who avoid social media’s ability to join the conversation may be held in greater suspicion, like the corporate monolith that says “no comment” at their own peril.

• Nature Abhors a Vacuum.  As the traditional news media goes through radical transformation and the occasional death throes, social media and bloggers are growing in influence and filling the void.  Defense contractors need to be prepared to respond to the ongoing conversation.

• Pinpoint Messaging.  Social media enables a defense contractor to communicate with a variety of smaller audiences.  And the technology is developing to deliver ever more specific messages to smaller groups.

Click on the following link to read the full article, Defense Industry Must Embrace Social Media.

David J. Albritton is vice president of communications at ITT Defense Electronics & Services. Douglas Burdett operates www.FireSupport.com

Top Five Fundamentals of Network Security
Friday, June 15, 2012
Contributed By:
Megan Berry

There are many factors that can bring down your computer networks and compromise data, including cyber criminals, carelessness and disgruntled employees.

The hardware, software, policies and procedures that make up the many layers of network security are designed to defend your company’s systems from these threats.

What are the most common threats?

Viruses, worms, Trojan horses, spyware, malware, adware, botnets etc.
Zero-day and zero-hour attacksHacker attacks
Data theft
These threats look to exploit:

Unsecured wireless networks
Unpatched software and hardwareUnsecured websites
Potentially unwanted applications (PUAs)Weak passwordsLost devicesUnwitting usersTop 5 fundamentals of network security

Following these five fundamentals will help protect your reputation and reduce liability:
1. Keep patches and updates current

When administrators are lax about applying patches and updates, cyber criminals exploit all possible vulnerabilities. In particular, verify that office computers are running current versions of these much used programs:

Adobe Acrobat and Reader
Adobe Flash
Oracle Java
Microsoft Internet Explorer
Microsoft Office Suite
Make sure you keep an inventory to make sure ALL your devices are updated regularly.

2. Use strong passwords

Your password should be comprised of at least 6 characters, preferably more, and uses a combination of upper- and lower-case letters, numbers and symbols. This should go without saying: they should be kept out of sight and only shared with trusted employees who need them.

If you want some more tips, check out what Symantec has to say.

It is not uncommon for hackers to impersonate tech support to get people to give out their password, so train users to recognize these social engineering techniques and avoid danger.

The SANS Institute also recommends that passwords be changed every few months at least, without duplicates. They also suggest that users be locked out of their accounts after multiple failed long-on attempts within a short time period.

3. Secure your VPN

Reviewing the documentation for your server and VPN software is a must. You want the strongest possible protocols for encryption and authentication to protect your network/data from hackers while your information is traveling over the Internet.

The most secure identity authentication method is multi-factor authentication. Including extra steps to prove a user’s identity, like a PIN, makes it more difficult for unwanted users to enter your network.

Here’s an idea: use a firewall to separate the VPN network from the rest of the network. Want more? Other tips include:

Create and enforce user-access policies. Be stingy when granting access to employees, contractors and business partners.
Make sure employees know how to secure their home wireless networks. Malicious software that infects their devices at home can infect the company network via an open VPN connection, and
Before granting mobile devices full access to the network, check them for up-to-date anti-virus software, firewalls and spam filters.4. Actively manage user access privileges

According to a recent survey of 5,500 companies by HP and the Ponemon Institute, more than half said that their employs have access to “sensitive, confidential data outside the scope of their job requirements.”

Inappropriate user-access privileges are a security threat and should not be overlooked. When an employee’s job changes, make sure the IT department is notified so their access privileges can be modified to fit the duties of the new position.

5. Clean up inactive accounts

Hackers often use inactive accounts that were once assigned to employees in order to gain access and disguise their activity. Software is available for cleaning up inactive accounts over large networks with many users.

If you would like more information and bonus network security tips, check out our original story.
Cross-posted from Network Fundamentals.