Social Security

Posted on 14. Oct, 2011 by in Thoughts

It’s sad to say, but I’m losing count of the number of times I’ve missed a night out with friends because I was up a hill somewhere without a signal and missed the short notice conversation stream on Facebook. Many of my acquaintances are purely social media contacts, and often a conversation will begin online to be finished later in-person.

Picture by KitAy

We are all-over social media, we have to be online almost constantly for fear of missing out – especially when we have an hour to kill at lunch time. A recent survey found that 52% of companies experienced an increase in malware attacks – programmes that collect sensitive information – as a result of employees using social media.

Of 4,600 IT and IT security practitioners polled in 12 countries around the world, 63% agreed that employees using social media presented a security risk, but only 29% said that they had the necessary security in place to deal with it.

Year-on-year growth of employees using Facebook has increased by 41% and Twitter has rocketed up by 85% – but this is only based upon employees logging on to social networks for an average of half-an-hour per day. What about companies actively using these platforms as part of their day-to-day business, doing the equivalent donning a blind fold and running across a busy motorway? The stats must be somewhere between here and the moon.

The trick to keeping safe is knowing the risks and properly understanding how social media works. By the end of 2011 an estimated 69% of UK businesses will have employed a dedicated social media manager, and a further 41% will hire someone within the next twelve months.

It’s a fact that social media helps. Two thirds of people are more likely make a purchase based on a positive Facebook referral. As well as in Germany, Hong Kong, India and Mexico, companies in the UK were most likely to see social media as vital to business objectives.

43% of companies are using social media to conduct customer research, to engage directly with consumers, therefore retaining customers.

Businesses can use the platform to gather information about how people are reacting to their products and services, but at the same time it gives hackers an ample feeding ground for stealing privileged information.

Social engineering is a subtle and unforced way of getting people to unwittingly reveal information, which sometimes may seem harmless, but can cause substantial financial harm to themselves or their employer.

Social networks are perfect for wholesale information grazing, where people volunteer a plethora of personal details for the world to see. The types of innocent information people upload about themselves is more than enough for social engineers to pretend that they are you, and use your stolen identity to fool others into giving up more sensitive details about your business or employer.

Some real life examples include the Facebook page belonging to the employee of a financial institution is hacked; then posing as a workmate the hacker then sends a message to another employee – i.e. a link to Christmas party photos – which is clicked on, downloading a hacking device stealing the second employees access details, granting access to company accounts subsequently allowing the hacker to transfer money from the accounts.

Another example is an employee tweeting his boss, telling him to enjoy his holiday. A savvy hacker trawling through a variety of sources sees this and sees an opportunity. The hacker can email the employee, posing as his boss’s stand-in, claiming that his user name and password are yet to be activated. Having no reason to suspect any malice, he passes over his own login details, granting the hacker access to sensitive company files and accounts.

You’ll still find hackers trying to access company files directly, however, you can get some pretty bullet proof firewalls against attacks, but even the best defences are useless if an employee is suckered into handing over passwords or sensitive information. Stop and think about what you’re going to publish on a public forum.

Social media is a hugely efficient tool for promoting a business to a target consumer group and boosting revenue, but it can also leave the gate wide open for anybody to walk in and help themselves.

Here are some tips for keeping safe:

-          Have an Acceptable Use Policy (AUP) – by monitoring what employees are doing online, especially those who may not be web savvy, you can pre-emptively stop malware attack. However, whilst many companies have an AUP, 65% said that they don’t enforce it, citing other more pressing security concern and insufficient resources as some of the reasons for not enforcing it.

-          Train your staff – highlighting the consequences of openly posting information will make them think before they “speak.” It might sound patronising, but it’s amazing the level of detail people reveal online without thinking about it – as little a name and date-of-birth can open a lot of doors.

-          Limit access – this might make you unpopular among the masses, but if access to personal social media is restricted you’ll greatly reduce the chances of being hacked.

-          Passwords – it’s simple, but you’d be surprised how many people stick to the same password for years.  Change it every couple of months and make it something complicated – don’t include your cat’s name, you’ve probably tagged a few pics of Buster.

Do you have any advice for keeping your social media safe? Please add them to our comments section!

Tags: , , ,