No announcement yet.

Social Networking - Mitigations

  • Time
  • Show
Clear All
new posts

  • Social Networking - Mitigations

    The use of social networking has exploded in popularity as quickly as it has, companies and individuals have not had much time to deal with the problems this technology has shown to bring. Surveys taken in recent years have found that many companies either do not have a policy in place regarding social networking, or are unaware of the risks social networking brings. Recently, however, users are slowly starting to become aware of the risks associated with social networking and that they need to take steps to protect themselves. Company policies should touch on appropriate usage of social media and networking sites as well as the kind of conduct and language an employee is allowed to use on these sites.
    About 40 percent of companies have implemented a social networking policy; the rest have either suggested doing so or are not planning on doing anything. A lot of people and companies have been burned or heard about someone else getting burned and have decided to address the issue.
    Social networking can be used relatively safely as long as it is approached with care and thought. Exercising basic safety measures can substantially reduce the risk of using these sites and services.

    Consider recommending and training users on the following practices
    • Discourage the practice of mixing personal and professional information in social networking situations. Although you may not be able to eliminate the company information that is shared, it should be kept to a bare minimum.
    • Always verify contacts, and don't connect to just anyone online. This is a huge problem on many social media networks; users frequently accept invitations from individuals they don't actually know.
    • Avoid reusing passwords across multiple social networking sites to avoid mass compromise.
    • Don't post just anything online; remember that anything you post can be found, sometimes years later. Basically, if you wouldn't say it n a crowded room, don't post it online.
    • Avoid posting personal information that can be used to determine more about you, impersonate you, or coax someone to reveal additional information about you.

    To avoid the majority of problems with social networking, a company should exercise many different countermeasures.

    Consider recommending the following techniques as ways to mitigate the threat of social networking issues
    • Educate employees against publishing any identifying personal information online, including phone numbers; pictures of home, work, or family members; or anything that may be used to determine their identity.
    • Encourage or mandate the use of non-work accounts for use with social media and any other site or service. Personal accounts and free-mailers such as Gmail and Yahoo! should be used in order to prevent compromise later on.
    • Educate employees on the use of strong passwords like the ones they use, or should be using, at work.
    • Avoid the use of public profiles that anyone can view. Such profiles can provide a wealth of information for someone doing research or analysis of a target.
    • Remind users of such systems that anything published online will stay online, even if it is removed by the publisher. In essence, once something has been posted online, it never goes away.
    • Educate employees on the use of privacy features on sites such as Facebook, and take the initiative in sending out e-mails when such features change.
    • Instruct employees on the presence of phishing scams on social networks and how to avoid and report them.

    It is always better to be safe than sorry when it comes to deciding what information you feel comfortable sharing with others. There are loopholes and drawbacks to every system, and even though you employ strong security and limit access to your profiles, someone may still gain access to that information. Never include any contact information in a profile. If you are using social media for business purposes, make sure the contact information consists of addresses and phone numbers that are generic for the company, and use extreme caution when distributing a direct connection to people with whom you have not yet developed a personal relationship. Hackers and identity thieves are skulled at what they do, and it is your responsibility to defend against them.
    Certified Security Geek