Facebook, Youtube, Twitter, LinkedIn, Flickr, Myspace, Squidoo, Orkut, Slashdot, Del.icio.us, Digg, Reddit, StumbleUpon… The list goes on, and on, and on.
What is this alphabet soup you ask?
It’s just a small sampling of the hundreds of websites that fall under the loose definition of the “social Web,” sometimes referred to as Web 2.0 or social networking. Social websites provide a place for individuals to connect and share ideas, photos, opinions, and other information regarding a current event or mutual interest ranging from art to cars, food, dating, fashion, family, health, shopping, music, news, religion, technology, sports… Social networks exist for nearly every conceivable topic.
These websites are typically fun, engaging, attractive, colorful, and easy to use. They also share another common trait. Social networking sites represent a significant and growing challenge for the IT consultants who are responsible for keeping people and systems safe. As the sites grow rapidly in popularity, they become an increasingly attractive target for cyber-criminals, predators, and others who operate with malicious intent. The bad guys are out there, their numbers are on the rise, and they get better at their game every year. Security experts at Websense Security Labs now report the emergence of a new kind of “blended threat” phishing attack that blends Web and email channels to fool the unwary (and unsecured).
The problem stems from the fact that users often let down their guard when posting a personal update on Twitter (tweeting), entering personal information on Facebook, or participating in any of the online surveys or games that requires a user to enter information about their location, hobbies, friends, pets, interests, etc. News headlines are replete with stories of people in high places that mistakenly include embarrassing images or life details in public posts on some social networking site. We all know that a momentary lack of judgment doesn’t just happen to people in high places. It’s happening all around us. Employees put their personal reputation at risk, as well as that of their organization. And let’s not diminish the possibility, however small, that trade secrets or confidential company plans may be inadvertently exposed while someone casually broadcasts where they plan to go for lunch, and with whom.
“Loose lips sink ships” was a popular slogan in 1942 when the US War Department issued instructions to GIs on what not to say when writing home. The directive was designed to help prevent the inadvertent disclosure of any information that may be of value to the enemy. To help combat today’s threat, the Department of Homeland Security has given us a similar code-of-conduct through their National Cyber Alert System. Although the advisory doesn’t have a memorable slogan, it does provide some solid advice on how to protect yourself online. The highlights include:
- Limit the amount of personal information you post
- Remember that the Internet is a public resource
- Be wary of strangers
- Be skeptical
- Evaluate your PC and social network profile’s security settings
- Be wary of third-party applications
- Use strong passwords
- Check privacy policies
- Keep software, particularly your web browser, up to date
- Use and maintain anti-virus software
Another real threat to organizations of all sizes is the productivity loss associated with employees Facebooking, Blogging, or Tweeting when they should be Working. One solution that business managers adopt is to restrict or block access to these sites with web content filtering technology. Other options include limiting use through corporate policy and oversight, or perhaps a combination of the two techniques. On the other hand, Facebook, LinkedIn, and Twitter, have all become very popular business communication and marketing tools, so you’ll need to strike a balance between what is allowed and what is restricted.
Providence believes that by far the most effective way to deal with this and other security threats in the workplace is through targeted employee education and ongoing reinforcement, with an emphasis on ongoing. The Internet is a very dangerous place today! The threat landscape is constantly changing and malicious attackers are operating with increasing boldness and impunity. Our best defense is knowledge, vigilance, and extreme caution. Be Safe!
For further reading on this subject, Bing or Google “social network security.” Or contact Providence for help with finding the optimal solution for your business.
Jeff Dettloff is President and Chief Problem Solver at Providence, a Lansing IT Consulting firm.