Cyber Security News

Censoring Social Media to Reduce Risk

With the advent of social media, personal and professional identities are beginning to blend together. I am linked, I tweet and am face booked. I have my own space; I can Skype and even FaceTime. By accessing all these sites, my professional and personal lives seem to be getting in the way of each other. In fact, my personal and professional identities are melding. My friends know what I am doing at work, and my work associates can view my personal life. LinkedIn associates can find me on Facebook, and my Facebook friend reach out to me in LinkedIn. My social friends now know what organizations I belong to professionally and vice versa. Pictures of social events can be seen by work associates, and my Tweets appear on my Facebook and LinkedIn pages.

As a security professional, the blending of personal and professional identities is a concern. It creates new risks for both the individual and corporation identities. The combined social networks expose our personal lives to our corporate regulators, and our personal contacts and associations expose corporate entities to virtual risks related to passwords, proprietary information and network attacks. 

The merger of an individual’s personal life and professional life exposes character information to the corporate entity more than ever before. Individuals do not always realize the impact of their social postings and how it can affect their job search or continued employment. Today, an employer can see who the applicant’s friends are, his/her personal interests, how much they party and with whom. HR can determine political persuasion from Tweets and get a very clear employment history from LinkedIn.

Access control is another concern when entwined within the social network scene. The merger of social and professional associations increases the potential for hackers to infiltrate corporate networks. All of us struggle with creating and remembering passwords for all of the sites, plus work systems. Often people use the same password for their social and professional logons. Hackers now target social networks to obtain passwords for bank accounts and other systems. And it is not uncommon for a hacker to sell stolen passwords for fraudulent purposes.

Additionally, there are persons out there who are interested in gaining access into corporations to hear about new products and obtain information on client lists. In today’s competitive marketplace, it is safe to assume that there is always someone looking to obtain information to give them a competitive edge. Hackers scan social networking sites to see the activity of employees that work in a targeted company. This new form of industrial espionage has allowed wrongdoers to easily collect information that in the past required theft or other crimes. Hackers are successful because social networkers, in an effort to impress or provide daily content, find themselves accidentally disclosing information about a product or customer. 

Lastly, corporate IT departments have struggled with allowing employees to access social media sites during work hours and on corporate devices because of the chance of an employee downloading a virus or malware. Many people had clicked on an ad or notification that transmits a virus throughout the network or device. Some of these corporate attacks have intentionally targeted employees who work in specific corporations.

So how can we prevent identity compromise and unauthorized access into corporate networks? We all can help protect our personal and corporate identities by first looking at the passwords we use. In order to protect both our corporate and personal devices, network passwords should be different. For example, I have a separate single password for all of my social networks, one for my personal banking, etc. and one for my corporate systems.

For my Facebook and LinkedIn accounts I have reviewed and understand all of the security settings. Only my friends and personal contacts can see my entire profile. I never reference what I am doing at work, and I make sure that when I travel for work I do not “Check In” at any restaurant or place, except on social occasions. When I post, I do so to reference a particular article, or comment on an existing post.

I never, ever open a site or download from any social network, even if it is from a friend. If I am interested in it, I go to the website and check it out first, or I ask my friend about any problems with it. These few simple tricks can mean the difference between getting hacked, getting hired, promoting a virus and letting your competition know the next best thing your company is promoting.   

Did you enjoy this article? Click here to subscribe to Security Magazine. 

Recent Articles by Bernard Scaglione

You must login or register in order to post a comment.

Multimedia

Videos

Image Galleries

ASIS 2013 Product Preview

ASIS International 59th Annual Seminar and Exhibits, September 24-27 in Chicago, Illinois, will include an exhibit hall packed with innovative security solutions. Here are some of the products that will be shown at ASIS this year.

Podcasts

Virtualization and Data Center Security: What You Need to Know for 2014

Data centers are increasingly becoming the center of the enterprise, and data center and cyber security is following the same path for security departments. According to Justin Flynn, a consultant at the Burwood Group, the virtualization of data centers allows enterprises to scale more easily and faster, with a smaller footprint.

However, hosting enterprise data in the cloud can make intrusion detection more difficult – how can enterprise security leaders team up with other departments to keep aware of cyber risks and traffic, and physical and data compliance during the virtual transition? How can CISOs and CSOs discuss cyber threats with the C-Suite to get the resources they need? And how can the proper infrastructure test and verify possible malicious attacks? 

More Podcasts

Security Magazine

August 2014

2014 August

In the August issue of Security Magazine, read about the public-private partnerships and the future of DHS with Frank Taylor, sneak a peek at the ASIS 2014 security products, and read a special report on cyber risk and security. Also in this issue find out why America is in desperate need of a CSO and the most common mistakes in Cyber incident response. The security game has dramatically changed since September 11th, read about what enterprises are doing to keep Americans safe and sound.

Table Of Contents Subscribe

Adopting New Technology

How long do you wait before adopting a new technology?
View Results Poll Archive

THE SECURITY STORE

comptiahighriseproductphoto
CompTIA Security+ Certification Study Guide
CompTIA's Security+ certification is a globally-recognized, vendor neutral exam that has helped over 60,000 IT professionals reach further and higher in their careers. The current Security+ exam (SY0-201) focuses more on being able to deal with security issues rather than just identifying them.
More Products

Clear Seas Research

Clear Seas ResearchWith access to over one million professionals and more than 60 industry-specific publications,Clear Seas Research offers relevant insights from those who know your industry best. Let us customize a market research solution that exceeds your marketing goals.

Vertical Sector Focus: Critical Infrastructures

criticalhomepagethumbFrom terrorism to vandalism, it’s preparedness, response, training and partnerships. Learn about some of the critical security issues facing this sector.

Visit the Critical Infrastructure page to read more.  

STAY CONNECTED

Facebook 40px 2-12-13 Twitter logo 40px 2-12-13  YouTube  LinkedIn logo 40px 2-12-13Google+