Social Networking Security
This article will look at how best to manage the security issues social networking brings to business and if a company decides to stop staff using social networking how can it monitor this and avoid security breaches from threats left behind by computers that have been used to access social networks.
"Social Networking brings with it an extensive variety of risks ranging from identity theft and malware infections to the potential for letting careless employees damage corporate reputation and messaging.”
- Simon Morris
It seems hard to justify the use of social networking in business as the sites are more focused on keeping in touch with friends, sharing photos, video and chatting; however businesses should not prevent employees from catching up with colleagues and talking with friends while in the office, on their tea break or having a cigarette. Staff morale is important and it would be viewed as draconian to block reasonable use of social networking sites at work. Many businesses are now embracing benefits in social networking to bring them closer to their customers and improve brand experience. The uses of social media seem endless, but what are the security issues that businesses need to consider before embarking on a new marketing campaign or allowing staff the luxury of keeping in touch with friends and family at their desks?
One of the largest security risks for businesses permitting access to social networking is the fact sites like Facebook offer thousands of integrated applications that its users can install and run. These applications include calendars that allow friends to be reminded when it's your birthday, tools to send friends online greeting cards, quizzes on myriad topics etc. Many have been designed by users and hosted externally which means that there is little regulation or standards to adhere to. In this case one primary security issue is the ability of the application in question to extract profile information which would then be stored at a third party location with obvious security implications.
Another risk for business environments involves the shortening of URLs on sites such as Facebook, LinkedIn and Twitter. While this is not a specific issue of social networking sites it is an effective phishing medium. Users of these sites let down their guard down so easily and this is a huge concern for businesses. Shortening URLs has been born out of a characteristic of social networking type sites because users are limited to the number of characters for messages and posts. To get around this, third-party services such as tinyurl.com can encode the URL into a much shorter version but there is a clear security risk associated with this. The shortened URL does not tell the user the real destination of the link they are clicking on and they only find out once they are there, which may be too late if the site happens to contain drive-by malware.