Espion highlights social networking security risks as Facebook marks 6th birthday
As Facebook celebrates its 6th birthday on 4th February, Irish information security company Espion urges people to be aware of the security risks associated with all social networking sites.
The Facebook Phenomenon
Facebook has become part of daily life for 350 millions users. If Facebook was a country (based on users being citizens), it would be the fourth largest country in the world. The rate of adoption has been staggering – within 9 months of launching, Facebook had 100 million active accounts. There are numerous other sites that can boast equally impressive numbers including MySpace, Bebo and professional networking sites such as LinkedIn which has over 55 million users in 200 countries.
Social Networking Security risks
Social networking sites are regular targets for virus and worm attacks. The majority of malware is introduced using applications that users create and upload onto sites and share with other users. As these rarely undergo any verification processes, they can be used to conceal malware designed to compromise systems and allow access to user information. Given the large user base, malware can spread extremely quickly and do a huge amount of damage if users are not careful what they click on.
Identity Theft –
Social networking sites require users to divulge a certain amount of personal information to activate an account. Once an account it set up, it is at the user’s discretion as to how much information they reveal about themselves. Users of social networking sites do not exercise the same caution when it comes to disclosing details about themselves or their friends as they would do in a face to face situation. Users need to understand that information they post is permanently stored and traceable, which over time creates a Digital Footprint. Individuals with a large digital footprint can be targets for identity theft, as cyber criminals are able to piece together enough details to masquerade as someone they are not.
Privacy issues –
Aside from the risk of identity theft, social networking has raised general privacy concerns. In December 2009, Facebook very publicly updated its privacy settings, aimed at giving users more control over the information they shared. However, where users ignored the details of this change and accepted the default setting they have essentially allowed all account information to be viewed by any person through third party websites including internet search engines like Google, Bing, etc.
Corporate network breaches –
Any employees accessing their social networking sites from work may be compromising corporate systems. Companies need to consider the risk this poses to them and enforce the necessary policies required to protect their own information and that of their clients.
Top Tips for safe Social Networking
1. Manage your personal information – As a user you need to be aware of how social network sites work; how the information about you is managed, whether it is posted by you or someone else. You need to know who can see your information and how you can keep it private.
– Educate yourself about the site before becoming an active user
– Ensure you are aware of the privacy settings and continuously check for updates, securing your options and preferences provide the highest levels of protection possible
– Frequently change your password and ensure that you have different passwords for different sites
– Be aware that some sites may share your account information including email addresses or account preferences with third parties, without consulting you
– Remember, even if your profile is private, information about you and photos of you can also be accessed by third parties through your friends’ pages if they do not secure their settings, or through networks or applications you join.
2. Manage your network – The same rules apply online as in real life. Apply common sense and have a general awareness of ways in which cyber criminals can target victims on social networking sites.
-The internet makes it easy for people to misrepresent their identities and motives.
-Consider limiting the people who are allowed to contact you
-Control the amount of information you disclose about yourself
-Criminals scan social networking sites in search of potential victims to defraud
3. Manage your content – Exercise good judgment when posting any content about yourself or anyone else on to a social networking site. Consider that you have no control over who will see it and how it might be used.
-Be discreet; never type anything into an online electronic forum that would make you a target for identity theft; personal and business names and addresses, phone numbers, job titles, birthdays etc.
-Only post information you would be happy for the whole world to see – this applies to your profile, your page, comments on other peoples’ pages, blogs and other online media. Assume that anything you put online could end up on the front page of a newspaper.
-Assume anything that you publish on a social networking site is permanent. Removing content from social networking sites is extremely difficult, if not impossible. Even if you do manage to delete content, it may remain saved or cached on other people\’s computers.
-Regardless of your privacy settings, you should never assume that content posted online is completely private.
4. Manage your Corporate Network
– Manage access to and use of applications within social networking sites.
i. Implement acceptable use policies and technical controls to enforce these policies, including web filtering, anti virus software, firewalls etc.
ii. Establish a balance between employee needs and productivity or security
iii.Ensure compliance by way of logging and archival
– Ensure optimal protection by continually updating policies in line with new social networking sites and applications hosted by those sites
Espion is an advisory practice specialising in information security. We work with companies to ensure that the critical information essential to their success is secure. Espion’s comprehensive approach is unique and highly effective and includes services to address information assurance, governance, risk and compliance, IT audit, forensic investigation and IT security training. Utilising a collaborative approach, our team of highly experienced consultants, look to fully understand the clients business first and from there determine the risks and exposures that they may have, and help the client understand, manage and mitigate those threats to information security.
Espion Ltd., The Penthouse, Block 2, Deansgrange Business Park, Deansgrange, Co. Dublin
Ph: +353-1-2101711 www.espion.ie
For more information, please contact:
Colman Morrissey Espion 01 210 1711
Colm Murphy Espion Forensics 01 2101711
Jillian Godsil Practice PR & Events 053 94 296 76