Social Networking-A Boon and a Conundrum
Cyber criminals are finding ways to use social networking to their advantage. The best company policy is to provision comprehensive, mandatory training that can effectively reach everyone in your valuable group of employees. For se
Cyber criminals are finding ways to use social networking to their advantage. The best company policy is to provision comprehensive, mandatory training that can effectively reach everyone in your valuable group of employees. For security awareness training that is uniquely memorable, positive and thorough, visit www.CipherEx.com to learn more.
Businesses, large and small, are recognizing the value of having a presence on social media. Making a human connection with potential customers, vendors and investors in a social environment like Facebook is an asset to any enterprise. For some, social media may be the best way to cultivate ongoing business relationships. It is not uncommon to hear managers talk of finding the perfect candidate for an unfilled position in the company by using sites like Facebook and LinkedIn. Unfortunately, cyber criminals are also finding ways to use social networking to their advantage.
Going public with a company profile on a social networking site can be tricky business. First and foremost, one needs a dedicated IT person who knows the safety ropes to create and manage it. Tight security settings and monitoring of daily activities on a corporate social media page is an absolute must. Most businesses choose to limit activities on the company page to team members who have considerable expertise in IT security.
A more daunting problem can be introduced through the personal use of social media by employees. While it may seem counter-intuitive that personal activity, like communicating with friends on Facebook, could wreak havoc on your company's network, studies show that the most efficient means of warding off malware and cyber-crime on company networks is to educate the entire staff about the hazards that exist in social networking, how to recognize them and how to avoid them.
What are the risks?
Countless varieties of malware, including Trojans and phishing devices, weave their way through social media systems every day. Anyone can post a link on Facebook or Twitter. Links that lead to fraudulent URLs, worms, botnets and other attack devices are often cloaked in attractive invitations to click on or like a link. "Friend" requests from scammers are common, and are frequently offered to a user whose employer is being targeted. Malware is designed to steal private information that can lead to valuable data and a lucrative payoff.
How can an employee's personal use of social media affect the enterprise?
There is a world of complexity behind criminal activities on the Internet. Data leaks are common and, of course, not all of them lead to malware attacks. Perhaps the most common means of entry into a company's network occurs when an employee uses the same device for conducting business and personal activities on social media. If an employee has access to the company network through a mobile device, and also uses it for social communications, a conduit is opened that could result in disaster for the company. Other threats may not be so obvious:
∞ Posting the name of one's employer on Facebook is common practice. However, if a crook is looking for channels into a company's data, communications among friends or colleagues about events at work can provide too much information for someone with ill intentions. Situations at work, including a company's stock status, an upcoming marketing campaign, pay raises, policy changes and complaints, should never be a topic of discussion on an individual's social network page.
∞ Security settings can be regularly changed by social networks. Users should check settings regularly to be sure that a new point of entry has not been opened without their knowledge. An email address is required in order to set up a social profile. If security settings are compromised, a string of data can be obtained simply from a private email address falling into the wrong hands.
The points presented here encompass only a fraction of what social network users need to know. Proper training can help alleviate the conundrum of unknowns facing your enterprise when it comes to social networking. The best company policy is to provision comprehensive, mandatory training that can effectively reach everyone in your valuable group of employees. For security awareness training that is uniquely memorable, positive and thorough, visit http://www.CipherEx.com to learn more.
Since 2003, the people at CipherEx have been serving major global corporations with network and network security consulting, improving productivity and ROI in a more secure environment. The company's user awareness training covers key areas such as security in the office, password security, social engineering, securing data, sharing info/social networks, internet file sharing services, mobile data storage devices, data destruction and phishing/spear phishing in easy-to-understand video presentations that are a cost effective way to educate employees about cyber risks. To learn more, visit http://www.CipherEx.com.