Social Networking Security

Social networks can simply be described as people having conversations online using a range of communication tools such as Facebook, LinkedIn, Bebo and Twitter. A social network is exactly what it says on the tin, it's a communication network of social contacts and seems to have become the most popular way to stay in touch. Forrester Research stated that the number of people using the web will increase by 45% to 2.2 billion by 2013, the total global internet audience is currently 625M and two thirds of these internet users have now joined a social networking site (417M). This is a huge number of people and consequently the security risks are equally substantial. Businesses must address these risks.

It seems hard to justify the use of social networking in business as the sites are more focused on keeping in touch with friends, sharing photos, video and chatting; however businesses should not prevent employees from catching up with colleagues and talking with friends while in the office, on their tea break or having a cigarette. Staff morale is important and it would be viewed as draconian to block reasonable use of social networking sites at work. Many businesses are now embracing benefits in social networking to bring them closer to their customers and improve brand experience. The uses of social media seem endless, but what are the security issues that businesses need to consider before embarking on a new marketing campaign or allowing staff the luxury of keeping in touch with friends and family at their desks?

The Risks

Social Networking brings with it an extensive variety of risks ranging from identity theft and malware infections to the potential for letting careless employees damage corporate reputation and messaging. Social networking uses diverse integrated functionality to convey information as well as feature rich functionality including web, chat, audio, video, pictures and integrated applications. As the use of these social networking tools increases in the corporate environment, so too does the inherent information security risks. Many of the applications available for download on these websites can propagate malicious code from third parties, which can include viruses or Trojans and signing up to these could involve consenting to the deployment of spyware. These also pose data leakage and malware risks to any business that allows access to social networking sites.

One of the largest security risks for businesses permitting access to social networking is the fact sites like Facebook offer thousands of integrated applications that its users can install and run. These applications include calendars that allow friends to be reminded when it's your birthday, tools to send friends online greeting cards, quizzes on myriad topics etc. Many have been designed by users and hosted externally which means that there is little regulation or standards to adhere to. In this case one primary security issue is the ability of the application in question to extract profile information which would then be stored at a third party location with obvious security implications.

Another risk for business environments involves the shortening of URLs on sites such as Facebook, LinkedIn and Twitter. While this is not a specific issue of social networking sites it is an effective phishing medium. Users of these sites let down their guard down so easily and this is a huge concern for businesses. Shortening URLs has been born out of a characteristic of social networking type sites because users are limited to the number of characters for messages and posts. To get around this, third-party services such as tinyurl.com can encode the URL into a much shorter version but there is a clear security risk associated with this. The shortened URL does not tell the user the real destination of the link they are clicking on and they only find out once they are there, which may be too late if the site happens to contain drive-by malware.