Managing Records: Services for State Agencies: Newsletters

Newsletter: May 2009

Welcome to the May 2009 State Agency RMO newsletter!

In this issue:

• State Agency RMO Meeting
• Security Tips: Social Networking Sites
• State Agency Workshop Training Schedule
• Other Training Opportunities

Don’t Forget to Register: Annual State Agency RMO Meeting

Registration for the 2009 Annual State Agency Records Management Officer Meeting is now open. The meeting will be held from 9:30 am until 12:30 pm on Wednesday, May 27th at the Huxley (Museum) Theater at the Cultural Education Center and it features an overview of and updates to the Freedom of Information Law as well as a presentation on upcoming initiatives from the State Archives. All agency Records Management Officers, as well as agency counsel, information technology, and other interested staff members are welcome to attend.

Additional information and registration is available online at http://www.archives.nysed.gov/a/records/mr_state_rmomtg.shtml. If you have any questions, please contact Sarah Durling at (518) 473-6803 or sdurling@mail.nysed.gov. Please register by May 25, 2009.

 

Security Tips: Social Networking Sites

The popularity of social networking sites--such as MySpace, Facebook, Twitter and others--has exploded in recent years, with usage in the United States increasing 93% since 2006, according to Netpop Research. The sites are popular not only with teenagers, but with adults as well: the number of adult Internet users having a social networking profile has more than quadrupled in the past four years, according the Pew Internet & American Life Project.

While there are many positive aspects of using social networking sites, it is also important to understand the potential security risks and know what precautions to take to protect yourself and your information.

What are social networking sites?

Social networking sites are online communities of Internet users who want to communicate with other users about areas of mutual interest, whether from a personal, business or academic perspective. The specific functionality of the various sites may differ, but in general, the sites allow you to provide information about yourself and communicate with others through email, chat rooms and other forums.

What are the security concerns of social networking sites?

Social network sites are growing in popularity as attack vectors because of the volume of users and the amount of personal information that is posted. The nature of social networking sites encourages you to post personal information. Because of the perceived anonymity and false sense of security of the Internet, users may provide more information about themselves and their life online than they would to a stranger in person.

The information you post online could be used by those with malicious intent to conduct social engineering scams and attempt to steal your identity or access your financial data. In addition, the sites are increasingly sources of worms, viruses and other malicious code. You may be prompted to click on a video on someone's page, which could bring you to a malicious website, for example. If you are accessing a site that has malicious code your machine could become infected. For examples of some common social networking scams, visit the Council of Better Business Bureaus.

It's also important to realize that information you post can be viewed by a broad audience, and could have lasting implications. College admissions officers and school administrators, for example, do visit these sites and in some cases, admissions have been denied to applicants, or disciplinary actions have been taken because of information or photos posted online. Employers also review these sites for information about potential job applicants.

What can you do to protect yourself?

Make sure your computer is protected before visiting sites - make sure you have a firewall and anti-virus
software on your computer and that it is up-to-date. Keep your operating system up-to-date as well.

Do not assume you are in a trusted environment - just because you are on someone's page you know, it is still prudent to use caution when navigating pages and clicking on links or photos, because links, images or other content contained on the pages may include malicious code.

Be cautious in how much personal information you provide - remember that the more information you post, the easier it may be for an attacker to use that information to steal your identity or access your data.

Use common sense when communicating with users you DO know - confirm electronic requests for loans
or donations from your social networking friends and associates. The communications could be from someone
who has stolen the credentials of the person you know with the intent of scamming as many people as possible.

Use common sense when communicating with users you DON'T know - be cautious about whom you allow to contact you or how much and what type of information you share with strangers online.

Understand what information is collected and shared - pay attention to the policies and terms of the sites; they may be sharing your email address or other details with other companies.

 

State Archives Workshop Schedule

Developing Records Management Policies and Procedures
Date: 05/21/2009
Location: New York State Archives - 11th floor, Cultural Education Center

Using the State Records Center
Date: 06/02/2009
Location: State Records Center - Bldg. 21, State Office Campus

To register for any of the workshops offered by State Agency Services, please visit:  http://iarchives.nysed.gov/WorkShops/workshopsServlet?owner=REG&cat=2. All workshops are free and open to anyone who is interested in attending. We look forward to seeing you there!

 

Other Training Opportunities

12th Annual New York State Cyber Security Conference - Cyber Security on the Move
Date: June 3-4, 2009
Locations: Empire State Plaza Convention Center - Albany, NY

The 12th Annual NYS Cyber Security Conference & Annual Symposium on Information Assurance presented by the NYS Office of Cyber Security & Critical Infrastructure Coordination and the University at Albany School of Business and College of Computing and Information has been scheduled for June 3rd and 4th, 2009, at the Empire State Plaza.

This two-day conference offers a variety of sessions and valuable information, including the following:

• Keynotes each morning
• A new hacking demo
• CyberCiege and other cyber security exercises - take the challenge
• Earn CLE and CPE credits
• Visit the Exhibitor Hall

This event is free for public sector employees. 

http://www.cscic.state.ny.us/security/conferences/security/2009/index.cfm

 

CSCIC: Information Classification Training for Business Managers
Date: June 12
Location: State University at Albany

The Office of Cyber Security & Critical Infrastructure Coordination's (CSCIC) free, non-technical Information Classification Training class will introduce supervisors, administrators, directors, coordinators and other managers to the concepts of information classification. This class will outline roles and responsibilities for State employees to protect agency information assets. In-class exercises, using tools developed by CSCIC, will allow attendees to gain experience in identifying their information assets, determining the proper classification and applying the appropriate security controls. After completing this course, attendees will be able to classify their information assets according to the Statewide Standard.

http://www.cscic.state.ny.us/security/training/

 

That’s it for this month! Remember that we want to hear from you. State Agency Services is here to help make your job easier by answering questions, doing site visits, and providing training.

Jennifer O’Neill
joneill@mail.nysed.gov
(518) 473-2112

Sarah Durling
sdurling@mail.nysed.gov
(518) 473-6803