Companies should educate both employees and IT managers on effective social networking use rather than simply blocking it.
Writing on the Finextra website, identity theft consultant Robert Siciliano claimed that with ‘hundreds, or maybe even thousands of social media sites worldwide', their use are becoming the bane of the IT manager. He further detailed eight key areas for businesses to use to protect themselves against social networking generated attacks.
Siciliano said: “Social media is still in its infancy and its security has been an issue since its inception. Facebook has been perceived as an ongoing privacy and security issue and Twitter has become a big target. Users are tricked into clicking links. Viruses enter the network as a result of employees downloading or simply visiting an infected page.”
Siciliano recommended implementing policies that regulate employee access and provide guidelines for appropriate behaviour. He also recommended providing training on proper use and especially what not do to and use of URL lengthening services before clicking on shortened URLs.
He also advised limiting social networks, training IT personnel, keeping security hardware and software up-to-date and locking down privacy settings.
Finally, Siciliano said: “Register all your officers, company names and branded products on every social media site you can find to prevent twittersquatting and cybersquatting.”
Speaking at an event hosted by BT and Skybox Security last week, BT global head of security and business continuity Ray Stanton asked delegates who had blocked access to Facebook and why. Was it a question of productivity?
Stanton said: “When was Twitter a security problem? It is a productivity issue that you manage like any other application. Technology controls exist whether you use it like any other application but you can secure them. The point is the challenges, they are pushing us down and we need to manage risk and need to be smart to enable them.
“It is about being able to keep an open mind; we don't have to update our technology but be security professionals and do the right thing for the company. Be risk resilient.”
Commenting on education, Ed Rowley claimed that security education and training should be a ‘fundamental aspect of the business'. He also claimed that staff ‘cannot be just trained once as threats are evolving and the training should not be just a one-off'.