Social Media Security in a Corporate Setting
Robert Siciliano Identity Theft Expert
The load isn’t getting any lighter for the IT manager. While corporations are still trying to figure out the long term marketing benefits of social media, the security issues faced are a right now a problem.
Many companies restrict internal access. Others prevent employees from discussing or mentioning the company in social media during private time.
All of a sudden we’ve gone from print media, radio, television, Internet and now social media. This isn’t a fad or craze that will go away like Beanie Babies or talking Elmo. Social media is the 5th media that encompasses all forms of media and it can all be accessed on a mobile phone. The interconnectedness is in everything and deserves the marketing department’s attention and freaks out IT.
Part of the issue is social medias allure. We’ve been hearing more and more about internet addictions. Well, social media is part of that. Then there’s the disconnect between generations. Baby-boomers see the 9-5 day as work, work, work and there shouldn’t be any distractions i.e. fun. Younger generations are connected and don’t know how not to be.
Companies who eliminate access to social media open themselves up to other security issues. Employees who are bent on getting access, often skirt security making the network vulnerable.
Computerworld reports “Part of the problem is that people’s comfort level with Facebook, Twitter and MySpace makes them easy marks for cybercriminals, who are jumping on social networking sites with gusto, dumping spam, launching phishing attacks, stealing identities and installing malware. The same people who have learned to be very wary of phishing attacks, enticing links and sales pitches for cheap Viagra in their inboxes allow themselves to be seduced on Facebook and Twitter.”
There is a serious disconnect between secure online behaviors and the playfulness of social media. Facebook is the adult version of Chuck E Cheeses, and who doesn’t lose their mind at Chucks? The problem is Timmy is five and likes to eat at Chuck E. Cheese. George is thirty-five and likes to eat there too. But George is a freak.
Bad guys are in social media and you CANNOT let your guard down.
Implement policies. Social media is a great platform for connecting with existing and potential clients. However, without some type of policy in place that regulates employee access and guidelines for appropriate behavior, social media may eventually be completely banned from every corporate network. Teach effective use by provide training on proper use and especially what not do too.
Encourage URL decoding. Before clicking on shortened URLs, find out where they lead by pasting them into a URL lengthening service like TinyURL Decoder or Untiny.
Limit social networks. In my own research, I’ve found 300-400 operable social networks serving numerous uses from music to movies, from friending to fornicating. Some are more or less appropriate and others even less secure. Knowem has a mind blowing list of 4600 as of this writing.
Train IT personnel. Effective policies begin from the top down. Those responsible for managing technology need to be fully up to speed.
Maintain updated security. Whether hardware or software, anti-virus or critical security patches, make sure you are up to date.
Lock down settings. Most social networks have privacy settings that need to be administered to the highest level. Default settings generally leave the networks wide open for attack.
Register company name and all your officers at every social media site. You can do this manually or by using a very cost effective service called Knowem.com.
Protect your identity.
1. Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.
2. Invest in anti-virus and keep it auto-updated and check out my spyware killer IDTheftSecurty HERE
4. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)
Robert Siciliano Identity Theft Speaker discussing Social Media on Fox Boston.