MT Expert - IT: the perils of social networking

Social networks can bring risks as well as rewards. Is your business clued up?

Last Updated: 31 Aug 2010

Social networks are becoming more popular by the day, with more than 400 million people on Facebook and hundreds of thousands of people following each other on Twitter.

The huge popularity of such sites continues to ring alarm bells inside some companies not just for productivity reasons, but also because of security and privacy issues.

So, what are some of the top threats on social networks – and how can businesses best protect against them?

1. Spear-phishing – Sites such as LinkedIn provide an easy way for anybody to gather a corporate directory of your business. It's possible to find out people's names and responsibilities and who works in which department, even the newest recruits. This opens the door for targeted attacks against your company. A cybercriminal can forge an email pretending to come from a firm's head of personnel and send it to new employees asking them to review their benefits by clicking on a link to access the company's intranet site, log in with their corporate username and password. Before you know it, your network usernames and passwords are in the hands of cybercriminals.

2. Information overload – Social networks have an endless hunger for personal information and users can't seem to stop themselves from keeping it fed. Pictures and data from inside your company might be being carelessly shared by users on sites like Twitter and Facebook, without your users properly considering the consequences of who might get to see it.

This can be worse than just embarrassing photographs from the office party – this can mean details of confidential projects or views on customers that should really have been kept private leaking out into the public domain. The problem isn't helped by some of the social networks' less-than-admirable attitudes to privacy, with a few of them failing to treat customer privacy as sacrosanct.

3. Malware and spam. Hackers are increasingly taking advantage of social networks to spread spam, distribute viruses and launch phishing attacks. By stealing the login details of social networking users cybercriminals are able to use genuine accounts as a launch pad to spread their attacks further and harvest profile information for the purposes of identity theft.

Hackers have even created malware such as the Koobface worm, which can work via a wide variety of social networks, creating fake identities and befriending strangers in the hope of spreading malicious links designed to infect the PCs of unsuspecting users in the workplace.

And as some 30% of computer users admit to using the same password on every single website they access, the potential for a stolen Twitter password also being used to protect your company assets is considerable.

These and other threats might make some companies reconsider whether it's time to block Facebook and other social networking sites in the workplace. But I believe that it would be a mistake to shut yourself off from the Web 2.0 world.

Social networks are here to stay and bring new ways of communicating with both your existing and potential new customers. A blanket ban is not going to stop your users visiting the sites – it will simply encourage them to find a way to circumvent your security policies.

A unified approach providing sensible, granular access control, secure encryption and data monitoring, and comprehensive malware protection is mandatory for businesses to operate flexibly in the modern socially networked world.

Graham Cluley is senior technology consultant at Sophos

Find this article useful?

Get more great articles like this in your inbox every lunchtime