When Social Media Security Becomes Business Security
I remember when the fax machine was the cool new technology. Suddenly, communication channels opened up and we could send documents. I also remember how often I would pass by the fax machine at the office and see something sitting there. I would have to pick it up and read it to see who it was for. Over time it gave me a lot of insight into the operations of the office. It was the early-days version of social profiling.
With social media resources like Facebook, Instagram, SnapChat, Twitter and Google Circles, the good news is we can keep up with people. People can also keep up with us. Now add Yelp, TripAdvisor, or other social rating systems where you bookmark and contribute. Our data is in a lot of places. Social profiling just became much easier. With employees’ personal lives and work lives becoming increasingly enmeshed—especially in the world of social media—businesses need to put protections in place to keep corporate assets secure.
The value of social media to business is obvious—employees use their corporate and personal social media accounts to build awareness of products, ideas, and brands while engaging with customers and prospects. But without proper training and education and network security measures in place, the risk of data theft for both individuals and their workplaces can be huge. All it takes is one phishing expedition where a person pretends to be a coworker reaching out to get information. If the employee is duped, he or she could end up providing sensitive information, or downloading malware that opens the door to cyberattack. This is not just kids pulling pranks—it is serious big business to steal confidential information or stop business or critical infrastructures in their tracks. If you think this can’t happen to you, consider that Iranian hackers were able to attack the state department via officials’ social media accounts.
If this can happen with the State Department of the United States, clearly there’s some degree of sophistication going on, not to mention a masterful understanding of human psychology. To that point, Christopher Mims of the Wall Street Journal just wrote a great article focused on that, exactly. One quote that popped out for me, specifically: “Whenever someone has information about us, we are more likely to trust them.” That says it all.
In addition, he goes on to report that phishing attacks remain the second-most-common point of entry into an IT system, according to a report from Verizon.
So what can we do to keep things in check?
Regardless of your organization’s size, smart security means:
1. Insisting that employees engage in social media only when on a secure connection.
2. Help employees understand phishing scams and how to recognize them.
3. Set policy that restricts what information can be given out and which sites can be visited; specify codes of conduct.
4. Test your network regularly to make sure you are not vulnerable. Ixia has a number of solutions that can help.
5. Subscribe to a threat intelligence service.
Being social is important to any business. Protecting your social media should be treated just like protecting your personal laptop. That data is very valuable so do not treat it lightly.