Do you think there are seven deadly sins of social networking security? You should admit that you are currently addicted to social networking. Your drug of choice might be Facebook or Twitter, or maybe Myspace or LinkedIn. Some of you are using all of the above, and using them hard, even IT security practitioners who know better.
Although it's impossible to escape every social networking threat out there, there are steps to reduce the risks. CSO online recently checked in with dozens of IT security professionals (ironically, using more than one social networking platform to do so) to pinpoint seven typical security mistakes people make; and how to avoid them.
1. Over-sharing company activities 
This is a sin of pride, when someone gets excited about something their company is working on and simply must tell everyone about it. Maybe you work for a drug company that is on the verge of developing the cure for cancer. By sharing too much about your employer's intellectual property, you threaten to put it out of business by tipping off a competitor who could then find a way to duplicate the effort or find a way to spoil what they can't have by hiring a hacker to penetrate the network or by sneaking a spy into the building. "Sharing this kind of information could lead to targeted attacks on specific technology-producing enterprises," says Souheil Mouhammad, a senior security expert at Altran Technologies. To reign in the urge to share too much, it might be useful to repeat this saying, which has started to appear in the public domain: " Loose Tweets Sink Fleets."
2. Mixing personal with professional
Someone uses a social network for both business and pleasure, most commonly on Facebook, where one's friends include business associates, family members and friends. The problem is that the language and images one share with friends and family may be entirely inappropriate on the professional side. In sharing such things, you also stand a good chance of making the company you represent look bad. "In my view one of the major rules when engaging in social networking is to be aware that your words belong in the public domain," says Paul V. de Souza, chief security engineer at AT&T. "You may be quoted all over the Internet, so make sure to choose your words carefully. Be diplomatic and extremely professional." You have to understand very clearly what the objective of your presence on any given social network is. If it is for work, keep it for work only. If it is for personal/fun use, keep it for personal use only.
3. Engaging in Tweet (or Facebook/LinkedIn/Myspace) rage
For the person who has just been laid off or had their professional integrity called into question online, the urge to fire back with a stream of vitriol can be irresistible. Call this a sin of wrath. No one want to get into a flame war, so you should be mindful of what you say and imagine you are at a party where everyone is listening, including your boss, spouse or future employer. Posting any content when angry is about as dangerous as sending flaming emails, if not more so. Think twice about clicking 'submit' because the world may be looking at your angry, immature rant for years.
4. Believing who dies with the most connections wins
For some social networkers, it's all about accumulating as many connections as possible. This may seem harmless enough or, at the worst, just annoying. But when the name of the game is quantity over quality, it's easy to link or "friend" a scam artist, terrorist or identity thief. You should verify the person who wants to get in contact with you, check if the profile of the person is secured. “You'd rather have 50 relevant contacts than 500 unknowns.”
5. Password sloth
Another common sin is one of laziness, in this case picking passwords for your social networks that you're least likely to forget. In many cases, that means using the same password for social network sites that you're using for your online bank account or work machine. If someone with malicious intent figures out the password for one social network, that person can now go and access everything else. You should use the same password on several sites is like trusting the weakest link in a chain to carry the same weight. Every site has vulnerabilities, plan for them to be exploited.
6. Trigger finger (clicking everything, especially on Facebook)
Facebook in particular is notorious as a place where inboxes are stuffed with everything from drink requests to cause requests. For some social networkers, clicking on such requests is as natural as breathing. Unfortunately, the bad guys know this and will send you links that appear to be from legitimate friends. Open the link and you're inviting a piece of malware to infect your machine. It calls "click-happy" and warns. Please do not click unless you're ready to deal with drive-by downloads and zero-day attacks.
7. Endangering yourself and others
The most serious sin, reckless social networking can literally put someone's life in danger. It could be a relative or co-worker. Or it could be yourself. Security experts advise extreme caution when posting birthday information, too much detail on your spouse and children, etc. Otherwise, they could become the target of an identity thief or even a kidnapper. Don't be a twit, don’t divulge every detail about your location and what you're doing.
Source: CSO (US) http://www.cw.com.hk/content/seven-deadly-sins-social-networking-security?page=0%2C0
No comments:
Post a Comment