Facebook now has 1.15 billion users who share 4.75 billion content items such as comments, photos and status updates and send more than 10 billion messages each day. When added to other social media platforms such as Twitter, LinkedIn and Google+, the number of users is staggering. With so many people disclosing personal details and often unknowingly leaking confidential organizational information, social media has become the main platform for hackers to execute social media engineering attacks, phishing attacks and identity theft; social networking is now the main vehicle for spreading malware.
Here’s how a social media user can compromise an organization’s information security: Let’s say a health care professional accesses Twitter via a mobile device and clicks on a malicious link in a tweet, which installs malware on his smartphone. The malware opens up his phone to external access, enabling a hacker to access a secured hospital website via the cached information on the smartphone and tap into confidential patient health care information.
These dangers shouldn’t stop social e-interaction. Here are some social security tips:
Organizations also must take care that their employees don’t inadvertently allow access to corporate information when using social networks.
Social media has captured an enormous audience and will continue to play a large role in our lives, which makes it an increasingly attractive target for cyber criminals. With the current proliferation rate, it will continue to directly influence the future of the Web. Sites and apps are relying more and more on single sign-on through social media, which can be convenient but may increase the risk of private information falling into the wrong hands. It is crucial that information security professionals as well as users familiarize themselves with the risks involved in social networking and are prepared to defend their personal and their organizations’confidential information to prevent potentially devastating security breaches.
Scott A. Wells, Ph.D. teaches the AFCEA Professional Development course “Social Media Management and Governance.” He is the co-founder and chief architect of the Social Media Security Professional (SMSP) certification powered by CompTIA, Ultimate Knowledge Institute (UKI). He has worked and consulted for corporations such as Microsoft, Digital and Cisco as well many other Fortune 100 companies. In addition, Dr. Wells has developed and taught hundreds of information technology and cybersecurity training programs for the U.S. Defense Department, federal agencies and Fortune 500 enterprises.
Twitter: @UKI_SM https://twitter.com/uki_sm