My friend, voiceover actor Gregory Houser has just posted a brilliant article “Are you a social networking butterfly..? Just watch out for the spider’s web”, and has given me permission to repost here. You may wish to check out Greg’s blog
Are you a social networking butterfly..? Just watch out for the spider’s web
There have been a LOT of blog posts this past year about social networking, particularly of the online sort (while it’s not social networking per se, Dave Courvosier just posted a nice blog article of a similar nature regarding Google Is Your Resume). It’s an important tool that people use within many industries, including the Voice Over community. Even I have references to my profiles on several online networking sites in the links section of my Website. In the “Age of Information”, social networking sites have become a valuable resource for those who can’t always be where the action is.
That’s a good thing.
Unfortunately, there’s a flip side to that equation, and it’s one that most voice over professionals don’t think about too often. Social networking is definitely a potent tool when used responsibly. However, it’s also very easy to put yourself in a position where you’re giving out too much information about yourself.
Since we’re talking about the information which you put out there, let me take a second to explain a bit more about myself and why I’ve got the point of view that I do. You see, I’ve worked as an information security professional for well over a decade, specializing in finding new and unique ways to get past those things which other people feel are secure. While I am also a professional voice actor, the experience, training, and mindset which you develop over the years doing a job like like mine give you a bit of a different viewpoint on things.
So while I hate to be “that guy”, I’ve made more than a decent living in my life by looking for vulnerabilities in systems, showing proof-of-concept on how to exploit those vulnerabilities, and using techniques (often refered to as “social engineering”) to get information from the least secure items within any organization’s security architecture (i.e., people) so that organizations and individuals can better protect those items which they consider to be most valuable (FWIW: check out the term “White Hat“, for those who’ve gotten nervous at this point, lol).
Think about it. Most voice over professionals I know have at least a LinkedIn and a Facebook account. A lot of us also have Twitter accounts. So I want you to put on your “black hat” for a second and think like an attacker or a scam artist. I’m not going to name names, but I’m using a well-known voice actor in Philadelphia as my target (with their permission, of course). I used Google to check out my target and learned that not only did they have a Website, but also accounts on Facebook, LiveJournal, LinkedIn, and Twitter. Not surprisingly, all of the pages with these services (save for LinkedIn) gave me enough info to know the stuff you’d normally find out about a voice talent:
Now here’s the stuff I was able to aggregate:
LiveJournal account match Google Street images of address from domain listing) .
…and a lot more (via Flickr, MySpace, and Xanga).
…needless to say, my “target” was more than a little shocked at all the data that was freely available.
If you’ve ever been toGearslutz (which I feel is one of the top sites for those who are interested in the art and science of recording), you already know of the several cases where studios have been robbed, and in the investigation afterward it was learned that social media played a large role in the intruder’s recon of the studio.
Now, I’m not trying to scare the bejesus out of anyone, but too often we don’t think about the potential consequences when we put our information online (for those who want to know just how far down the rabbit hole you can go, I recommend a bootcamp with SANS; it’s a good portion of their Incident Handling and Security Essentials courses). These unintended consequences can have major ramifications upon both our personal, and professional lifes.
Social networking is a powerful and useful tool, but like most tools it can be misused. The thing to remember is that even as a voice over business, you have to watch what you are doing online. Here are a few tips which I recommend you use to better ensure your privacy:
- Watch what you share: It’s too easy to give away personal information that can be used or aggregated into a format which enables others to learn more about you than you might be comfortable with. Never put your personal address, or home phone number (mobile phones are a little harder to trace back) on any social networking site. It’s a piece of cake to cross-reference information and identify more information about your life than you might be comfortable with.
- Assume that once you’ve put the information online, that anyone can see it: Most people don’t realize that you need to restrict access to your profile if you don’t want random strangers to see it. The more information you put out there, the more chance there is that something’s out there which you didn’t want getting out for public consumption. This is also a good reason for those of us who are doing a lot of bookings out of our house to use a mailbox other than our residental mailing address (for billings and also for those social networks and phone directories where your address is collected).
- Be Skeptical: The point of social networking is to find people who share your interests and establish a network of friends and business contacts, but don’t let your defenses down too easily. These new “friends” are virtual and faceless and you can’t completely trust that they are what/who they say they are. In short, on the Internet, nobody knows that you’re a dog, and just because someone says they’re into the same things you are, doesn’t mean it’s true (I’ve read and investigated too many scams where the victim’s interest turned out to be the angle used to gain the victim’s confidence).
- Be Diligent: Knowing that the potential exists for scam artists or other baddies is a real one, keep an eye on your profile and be diligent about who you allow to connect with your profile. For photo sharing sites like Flickr, check out the users who are marking your photos as their Favorites. If some stranger is marking all of the pictures of your 7-year old son as their Favorites, it seems a little creepy and may be cause for concern.
Report Suspicious Behavior. If you have reason to believe that someone is scam artist or has malicious intent, report it to the site. The adage “where there’s smoke, there’s usually fire” is very true. Above all, don’t be afraid to communicate about something which raises a red flag. It’s better to have a “false positive” (where we think there’s a problem and there really isn’t), than to have a “false negative” (where we don’t think there’s a problem when in fact there is). You never find out about the false negatives until it’s too late… so keep your “spidey sense” tuned. Bruce Schneier often discusses the concept of personal “threat perception” and it’s development with humanity’s evolution (trust me, security geeks eat this stuff up). He’s right, and when your “gut” is telling you that something’s not right, you ought to trust it (while you don’t have a “spider sense” per se, your “gut” is usually very accurate at picking up stuff that your conscious mind does not).
I apologize for turning my voice over blog into an post regarding operational security, but with all those who are gung-ho about social networking, it’s valuable to recognize the flip side of that coin. The bottom line is that social networking is hugely popular and it is big business. It can be a very lucrative tool for the voice actor, but like all things it requires a bit of common sense and awareness. Like most everything else in life, the more you know, the better prepared you are to handle whatever comes your way.
-Gregory Houser, CISSP, GCIP, etc.