"Social media has great power, but, like any Spider Man fan can tell you, with great power comes great responsibility," said Jonathan Sander, director of IAM at Quest Software. "Part of that responsibility falls to the IT security folks, and part of that responsibility falls to the users themselves. Facebook, Twitter, and other tools are like windows into your organization that walk around with every user. The IT professional's responsibility is to ensure the safety and security of that organization--limiting views, setting permissions, and monitoring activity."
Here's what IT should teach.
1. Understand company policy.
IT pros should not only work with business leaders to craft social media policy but also ensure that end users are made aware of and have easy access to the policy. Social media policy tells users exactly what they should and should not be doing, but it's effective only if users have read and understood it.
2. If you wouldn't say it to your mother …
This is a lesson as old as online communications itself, but it's one that requires extra attention in the social age. "If you would only discuss it in whispers, then it's never something you should post," said Sander. "That may seem obvious, but many feel safer online than they do in an open hallway. It's easy to imagine that the person over that cube wall in your office may want to hear what you're saying. It's harder to keep the abstract threat of an outsider in mind. But make no mistake, they are out there."
3. Manage your reputation, and by extension your company's.
IT pros should work with users to help them understand the importance of managing how they come across to others on social networks. They should emphasize that, even if they are not posting on behalf of their organizations on their own personal accounts, they are representatives by association. "When you engage in social media you are still representing the company," said Cesar Vallejo, VP of Strategic Alliances. "Mobile phones and email made the line between work and personal time somehow blurry. Social media can [kick] this up a notch. Do not think that your public profile is just a reflection of yourself--as long as you can be connected to a company, it could and will be used as a reflection of your employer."
4. Beware of social engineering schemes.
Social hacks are not unique to social media, but social media has given hackers much more ammunition to work with. "Social engineering has become another common threat," said Fred Touchette, senior security analyst at AppRiver. "[Social networks] abound with scams that are posted en masse which may lead to survey-style scams or phishing attacks. In addition, social networks can be leveraged to create an identity that may be 'known' to the victim, which then can be used to siphon valuable personal or company information that the victim likely wouldn't have given up in a different situation."
5. There are no do-overs.
"Assume everything you post will be there for everyone to see--forever," said Vallejo. "Once you post a picture, statement and, in some platforms, even when you like or unlike something, the record has been set and you have no control over it and no way to change it. What seems cute or funny today may be a complete embarrassment tomorrow. Think before you post or engage in social media."
6. Location, location, location.
There are many benefits to location-based social networking apps, but there is some inherent danger in broadcasting where you are at any time. This, of course, includes travel for business. "Your location matters when you're on the job," said Sander. "If your social media trail tells where you are, then that may reveal things an attacker can use. Just like there are concerns about advertising that you're not home to people who may want to break into your house, if an attacker knows that you're not in the office, then they know they may have a chance to fool a help desk worker into getting them into your systems by pretending they need help for a worker "on the road."
7. Indeed, any info you provide can and will be used against you.
"Phishers can be looking for any kind of login details--not just those that are directly connected to your finances, including banking and shopping," said Richard Wang, manager of SophosLabs US. "Social media accounts, email accounts and others can all be used against you, especially if you use the same password on multiple sites."
8. Be smart about passwords.
Especially because Facebook and Twitter are so often used as login mechanisms for other sites, it's important to make sure that your social media passwords are strong. Also, make sure to use unique passwords. "Use a hard-to-guess password that you don't use anywhere else," said Wang. "This way, even if you do get scammed, [hackers] can't access your email account or bank accounts."
9. Use care with shortened URLs.
Shortened URLs are commonly used but should always be approached with caution. "After you click on a shortened URL, do not download anything or accept to run any program loaded by said page," said Vallejo. "You really do not know where you are going when you click on a shortened URL, and, hence, you should assume the intent of that page to be malicious even if it looks benign."
10. Don't get sucked into sensationalism.
After hacking into social media accounts, the bad guys will often try to trick the victim's friends and followers into clicking through to malicious sites and content with sensationalistic videos and news stories. "Sensationalist news links are also lures the bad guys use," said Wang. "Before clicking on 'So and so is dead--view this video of how,' or, 'Guess what this guy did when he saw her (fill in blank),' check reputable news sources or fact checking sites to check validity. Also, watch for links that are spoofing their destination, such as when 'Youtube' is rendered as 'Y0utube.com.'"
What are some other lessons that IT pros should be teaching end users? Follow Deb Donston-Miller on Twitter at @debdonston.
Social media make the customer more powerful than ever. Here's how to listen and react. Also in the new, all-digital The Customer Really Comes First issue of The BrainYard: The right tools can help smooth over the rough edges in your social business architecture. (Free registration required.)