Facebook and Other Social Media
Facebook, MySpace, LinkedIn and other forms of social media provide people around the world with an easy way to talk about the things that interest them, share their thoughts, and connect with friends and other people with similar interests. Business use Facebook as a means of advertising their goods and services.
Often users post information about where they live, who they work for, and the things that they like to do. In many cases, they post things on Facebook that they would never tell another person in a face to face setting. Facebook does provide a level of privacy control but many users do not take advantage.
Facebook privacy issues have recently come under pressure not only as a risk to personal information leakage, but also because a number of applications hosted on the site have been known to propagate malware or phish for personal information for malicious intent.
Facebook as a Source of Data Leakage
Unless Facebook is blocked by a corporate firewall or web filtering appliance, employees often use the social media website during working hours. When not posting tidbits about themselves, they are playing mini-games such as Farmville, Mafia Wars, or other such applications. While this is disastrous for productivity, when it comes to businesses and privacy, the problem becomes one of what employees are posting about the work they do, the customers they are talking to, and possibly issues they are having with their bosses.
This information becomes a potential source of information for competitors to use against a business, or as a means of gaining leverage over a company. At the same time, customers may become upset that their names are associated with potentially negative publicity.
Malware and Phishing on Facebook
Malicious users have been known to create applications on Facebook that install malware, keyboard loggers and viruses when clicked. When the employee does this from a home computer, the risk to the business is mitigated. However, when the user clicks on these links at work, the malware, virus or logger bypasses any of the traditional network security protections like firewalls, intrusion detection and vulnerability scanners.
For this reason, nearly 60% of businesses reported in a survey by security vendor Sophos that the usage of Facebook by their employees represents a direct threat to their business. MySpace, LinkedIn and other social media websites are also considered threats but due to the size of Facebook it remains at the top of the list of threats.
Social Media and Workplace Policies
To minimize the risks employees pose when using social media websites such as Facebook, organizations should establish policies around the acceptable use of the website. Define what the employee can post about the work they do and the customers they deal with. Establish consequences for failures to abide by these policies.
Human resources must be prepared to deal with angry employees who post private information about conflicts with the organization or their managers.
Data security practices must be beefed up at the desktop level to ensure that malware, viruses, and other unauthorized software is not introduced into the network through Facebook or other website.
Facebook and Privacy Breaches
The very definition of Facebook is its ability to allow users to publish any kind of information about themselves. The social media site does allow users to control to some degree who can see their pages and photos and other tidbits of personal information but the proliferation of malware and viruses allows hackers to get access to that data and essentially know where someone lives, where they work and the things they like to do. In at least one case, criminals used their knowledge of someone gained through Facebook to burglarize their home when they were out.
Users must control access to their pages much more carefully. Set their privacy settings to friends only and carefully vet those they do friend. Avoid clicking on unknown links and change passwords at least every 90 days using a mixture of upper case letters, lower case letters and numbers.
Clueley, Graham, “Revealed: Which Social Networks Pose the Biggest Risk?", https://nakedsecurity.sophos.com/2010/02/01/revealed-social-networks-pose-biggest-risk/
Kristof, Kathy, “Biggest Security Threat: Facebook & You”, https://moneywatch.bnet.com/saving-money/blog/devil-details/biggest-security-threat-facebook-you/4079/
Leggio, Jennifer, “Social Network Security Threats: How to avoid becoming a victim”, https://www.zdnet.com/blog/feeds/social-network-security-threats-how-to-avoid-becoming-a-victim/288
Image credit: jscreationzs / FreeDigitalPhotos.net