There are hundreds, or maybe even thousands of social media sites worldwide such as Facebook, MySpace, Twitter, and YouTube. Social media networks are quickly becoming the bane of the IT Manager. Twitter phishing and Facebook jacking are growing rapidly.
Social media is still in its infancy and its security has been an issue since its inception. Facebook has been perceived as an ongoing privacy and security issue and Twitter has increasingly become a big target for attacks. Users are tricked into clicking links. Viruses enter the network as a result of employees downloading or simply visiting an infected page.Computerworld reports that "Twitter is dead." Twitter is dead because it is now so popular that the spammers and the scammers have arrived in force, and history tells us that once they sink their teeth into something, they do not let go. Ever.
- Implement policies: Social media is a great platform for connecting with existing and potential clients. However, without some type of policy in place that regulates employee access and guidelines for appropriate behavior, social media may eventually be completely banned from every corporate network.
- Teach effective use: Provide training on proper use and especially what not do to.
- Encourage URL decoding: Before clicking on shortened URLs, find out where they lead by pasting them into a URL lengthening service like TinyURL Decoder or Untiny.
- Limit social networks: In my own research I've found 300-400 operable social networks serving numerous uses from music to movies, from friending to fornicating. Some are less than appropriate and others even less secure.
- Train IT personnel: Effective policies begin from the top down. Those responsible for managing technology need to be fully up to speed.
- Maintain updated security: Whether hardware or software, anti-virus or critical security patches, make sure you are up to date.
- Lock down settings: Most social networks have privacy settings that need to be administered to the highest level. Default settings generally leave the networks wide open for attack.
- Prevent social media identity theft: Register all your officers, company names and branded products on every social media site you can find to prevent twittersquatting and cybersquatting. You can do this manually or by using a very cost effective service called Knowem.com.
Robert Siciliano Identity Theft Speaker with ID Analytics discussing Social Media Identity Theft on Fox Boston