We are all familiar with how social media has been inducted into the business world as a relevant and valuable tool. With over 400 million users on Facebook alone, it is no wonder that businesses are now using social media sites to launch their content, promote their products and services and interact with clients and prospects. But businesses are not the only parties aware of the ever increasing popularity of social media sites. Cybercriminals have also taken notice, and as more and more potential targets are on these sites so too are more and more site pages infected with malware and targeted in phishing schemes.
This presents enterprises with a real challenge. On the one hand, social media is a must: for cutting-edge marketing initiatives, modern communicative prowess and enhanced networking reach. On the other hand, social media is a potential security risk: exposing your network to hacks, malicious code and data theft. The bottom line is that you will need to engage in social media to optimize your success in the ever changing business climate but you will need to proceed with caution.
A recent article by Websense, an information security leader specializing in web threat protection, discussed three measures that are absolutely essential to securing your business from the dangers of social media. These were 1) acceptable use policy control, 2) malware protection and 3) data loss prevention. While we completely agreed with the list, we have expanded on these three steps as well as added two of our own that we believe are just as important, creating a checklist of the top five security tips for safe social networking.
Five tips for safe social networking
1. Enhanced network policy
Your business should already have network policy in place: information access lists and limitations based on employee functionality, mandated password strength and changes, URL restrictions, et cetera. But now that your employees need to use sites such as Facebook and Twitter for marketing and communication, you will need to update your network policy to include acceptable social media use. (According to Websense, 31% of Facebook applications contain mature content and 25% are games).
Your updated network policy should allow employees to access social networking URLs while simultaneously banning all gambling, pornography and gaming materials located on social media sites and limit personal use of such sites to lunch hours and breaks.
2. Web content blocking
Taking tip 1 a step further, your business should incorporate web content blocking software into your security strategy. (Websense refers to web content blocking in their article as real-time content classification, a technology that can decipher upon access whether or not content on a site should be blocked).
Far more sophisticated than traditional URL blockers, real-time content classification allows employees to access sites such as Facebook while preventing them from accessing inappropriate content and applications. According to Websense, real-time content classification must be done at the Internet gateway for both HTTP and HTTPS protocols. This is due to the fact that many of the social media sites support SSL.
3. Updated malware protection
Just as businesses are utilizing social media in full force, so too are cybercriminals. This means an increase in malware attacks on these sites designed to infiltrate your network, corrupt your workstations and steal your valuable data, and as social media sites and the latest forms of malware are both script-based and dynamic, businesses will now need updated, real-time malware protection with code scanning to ensure online security.
Traditional reputation-based malware scanning solutions are now all but obsolete since social media sites are reputable and according to Websense 80% of websites infected with malware in 2010 were legitimate sites that had been compromised. You will need updated protection that is familiar with new threats, has continuous updates, and modernized scanning that can scan the code of each page in real-time at the Internet gateway for both HTTP and HTTPS protocols for any malicious code, regardless of the site’s reputability.
4. Employee training
Employee training on appropriate social media use is very important. Although this tip might seem redundant – after new policy creation and content blocking – it is still an important step in protecting your network and data from social media threats. After all, it is important to cover all possible ground when delineating security measures.
Employee training should cover everything: from how to use social media effectively - for marketing, advertising, interactivity and networking -, to how to use social media responsibly - avoiding all potential security risks -, to recognizing phishing scams, to what to do in the instance of a security breach. (Phishing scams generally prompt you to insert your personal information for one claimed reason or another). Employees should be able to recognize the difference between a legitimate social media site request and an unexpected, suspicious one. All suspicious site behavior and requests should be reported both to the site’s administrators as well as to your IT team.
5. Data theft prevention
According to Websense, 39% of social media attacks include code created for the purposes of data theft. And since social media’s primary purpose is information sharing, it is all the easier for such malware to spread through social networking, increasing the likelihood of data theft on such sites. According to Websense, data loss is four times more likely to occur in social media than in email.
To combat these odds, you will need a superior data loss prevention strategy, one with accurate data detection and contextually aware controls for DLP. Using traditional data protection solutions that utilize basic keywords and regular expression-based detection can often lead to false positives and negatives and may lack the necessary workflow and reporting to effectively manage incidents. You need controls that can categorize all user, data and context combinations as either appropriate or hazardous.
Conclusion
While social media is a very beneficial business tool, it is now more important than ever to secure yourself from all of the new threats lurking about on Facebook, Twitter and LinkedIn. By adhering to these 5 measures you can ensure the security of your business while utilizing all of the great benefits of social media.
References
Facebook. www.facebook.com
Three must-have’s to securing the social Web: how to embrace the social Web without putting your company at risk. Websense. www.websense.com/SocialWeb
Subscribe
Business Technology Solutions Since 1987