Link sharing: One of the biggest risks to corporate systems is malware, which can be easily spread when a user clicks a link sent by someone with nefarious intentions. While users have been pretty well-trained at this point not to even open an email from someone they don't know, users' behavior on social networking platforms such as Facebook is another story. "Link sharing from unknown/little-known senders is pretty much a cornerstone of social networking--Twitter is almost entirely oriented around this sort of practice," said Brian Vosburgh, a senior solutions architect and network security expert at network security firm Stonesoft. "The concern is where those included links connect to, the ubiquity of URL shortening and the difficulty in figuring out what the actual/final link connects to. Viruses, trojans, and phishing are all threats here."
The good news, said Jim Tiller, global security practice head for professional services at British Telecom, is that if companies employ good security practices, users have to work pretty hard to get malware on their systems. "When it comes to malware and other kinds of things, we're finding that an increase in the security of browsers out there combined in an enterprise environment with good patch management, good policy management, and existing anti-virus and anti-malware at the perimeter means that the user almost has to fight through these controls to get to the malware."
Social engineering: In some ways, social networks are almost toolkits for social hacks. The more information you put out there--in the form of personal information in your profile, photos, likes, and so on--the easier it is for hackers to get you to trust them. "The more someone knows about you, the easier it is to for them to fool you, and cyber criminals have gotten very, very good at using social media to fool people into inappropriate disclosures on everything from passwords to bank accounts," said Tim Keanini, CTO of nCircle, a provider of vulnerability management and compliance auditing solutions. "Even seemingly innocuous disclosures about pets may give hackers info they need to hack passwords."
Here, experts say, education is key. Companies need to drill into their users the dangers of social networking the same way that they did with email. This involves teaching users how the different social networking platforms work and the ways that users connect and can share information on them, according to Andy Hayter, anti-malcode program manager at ICSA Labs. IT departments will also need to ensure that privacy is as tightly secured as possible on all of the social networks sanctioned for employee use.
Information leaks: Social networking is designed for easily sharing information among a circle of friends, followers and the like. And those friends and followers can just as easily share what you've shared with their own friends and followers. It's the old "and they told two friends" on steroids. All of this is great when the right information is shared, but it can be a nightmare when a misguided or malicious person shares the wrong information. The nature of social networks also makes it easy for, say, a competitor to connect dots and glean information that your company would rather remain proprietary. "Employees' corporate and personal identities are spread out over a range of social networks like LinkedIn, which is primarily professionally oriented, or Facebook," said Vosburgh. "Most social network sites provide fairly easy access to grouping searches, where it's easy to pull together a list of all employees on the site that work for a certain company or have some other industry affiliation. Looking at posts, profile information, and job description information across such a collection of users like this could yield a lot of intelligence and potentially give away critical information."
Risk by association: You may have the most buttoned-down, secure social networking environment around, but your company can get burned if close partners and associates are not as careful. Tiller said diligence is key here, in terms of understanding how closely your brand is associated with your close partners and having some visibility into how they are acting on social media platforms. Tiller noted that companies should not be afraid to leverage social networking, but need to do so with a healthy dose of caution. "You want to embrace the use of social media," he said, "but you want to make sure that everything is in alignment with your companies' goals."
Attend Enterprise 2.0 Santa Clara, Nov. 14-17, 2011, and learn how to drive business value with collaboration, with an emphasis on how real customers are using social software to enable more productive workforces and to be more responsive and engaged with customers and business partners. Register today and save 30% off conference passes, or get a free expo pass with priority code CPHCES02. Find out more and register.