siliconindia

What is Social Media Insecurity?

Author: Gary Bahadur
CEO, KRAA Security
What is Social Media Insecurity? -By-Gary Bahadur
One of the greatest challenges to privacy and security in the next several years is Social Networks and Social Media. Sites like Facebook, Twitter, LinkedIn, MySpace, and others can spell the downfall of valuing information. The ability to share and provide information is completely opposite to network security requirements. This is really encouraging people to do things that are not security conscious activities.

Millions of people have multiple accounts in Facebook, Twitter, Myspace, and Linkedin, just to name a few. But sharing of information has moved beyond your personal circle of friends and family. Social media is becoming less social and more… well, more corporate. You can equate it to many people shouting in a bar, you are all in close proximity, but you can’t distinguish the individual conversations, you can’t make out who the people really are, or who is a potential quality relationship. Someone you do not want contacting you in that bar can easily find you if they want to, because you have put yourself out there.

How many random friend requests do you get now from Facebook, Friendster, MySpace, LinkedIn, and so on? Too many is the case with most people. Twitter is a bit different obviously, but that is a whole other security nightmare waiting to happen. People are also getting bombarded with corporate Fanpages, Groups, and other means of luring you to their sites, brands, and social following. This is the erosion of your true social circle. You have basically joined a public forum rather than a social network.

Social Media Security is really more about ’insecurity’. The distribution of your information across multiple platforms used to be in a restricted circle. Now it’s pretty much everywhere. You can find a person’s LinkedIn profile with a generic Google search. This should be restricted to the LinkedIn environment, but it’s not. You can then find their Facebook page, get to know all their family, and compile a pretty extensive list about that person. A new site www.gist.com does basically that. It can be a great sales tool to find out everything about a prospect, or it can be a great tool to stalk someone.

With the advent of location based services, we will see physical insecurity based on social media usage on the rise rather quickly. A recently popular site Please Rob Me (http://pleaserobme.com) has already begun taking advantage of the Twitter location feature. Imagine what can be done by a stalker following someone on Twitter or a deranged ex-boyfriend following the girl based on the events she is attending on Facebook and LinkedIn? It’s easy to see how you can give away all your personal information without even thinking of it.

Trends towards making information available will lead to insecurity. Insecurity will lead to data breaches and compromise. Compromise will lead to lots of crying, money lost, and probably lawsuits and other painful results. How do we get past this Social Media Insecurity?

What Can You Do to Protect Yourself in Social Media?

So what are the challenges of social media? Social media encourages:
*Lack of privacy and delineation between personal and business
*Encouraging information sharing beyond what is necessary
*Giving away answers to security questions that help identify you in the financial world
*Social engineering by using your personal information for nefarious purposes
With these sites, people install applications without knowing what goes on in the background, and it’s easy to download malicious code to your computer. There are no external third party audits of these applications before they make it to your Facebook application. Your computer can be easily infected by a virus or spyware.

What Should the Social Media Users Do to Protect Their Information?

1. No Personal information: This is anti-social networking, but there are things you can limit about what you post. Don’t post your Birthday, or your address, your mother’s middle name, or any really personal data. Think before you post that profile.
2. Limit who can view and contact you: Don’t let your profile be truly public, restrict to people you know for requested users. Remember that you can’t retract information you put out there; so be careful who can see that personal data.
3. Don’t trust strangers: Your mother was right, don’t open the door to strangers. Limit who you accept to chat or friend requests as well as even those you communicate with. This is obviously even more important for children.
4. Trust no profile: People lie, it’s sad but true. So profiles lie, they might say they went to your college or high school. They might be interested in your group, so don’t take anyone at their word. Vet anyone who contacts you with others in your social network.
5. Restrict your privacy: There are some configuration settings in all the social media applications that allow you to turn on some restrictions on your privacy. Take a minute to actually look at them. One easy example is in Facebook where you can create groups that you can place friends in; you don’t have to let your business contacts see what your friends are posting.
6. Password management: An oldie but a goodie; always use a strong password and don’t share it. And change it periodically. And do not make it anything related to your personal information such as your wife’s name or child’s name.
7. Layers of protection: You should be running a personal firewall and antivirus software on the machine you are viewing social networks in. This will help if a malicious piece of software tries to download something to your machine. Keep your protection software up-to-date as well and run the patch management software on your machine, this is especially important for you the Windows users.
8. Child protection software: You should have some kind of child protection software running on machines, which children under 13 are using. This will help with all that shady software that are out there. More importantly, educate your children about the dangers of social networking and who could be stalking them on the Internet.
9. Restrict your email: Avoid posting your email in your profiles for everyone to see. It’s a very easy way to get on a spam list and once that happens you will never get off the list.
Next article
 
Write your comment now

Email    Password: 
Don't have SiliconIndia account? Sign up    Forgot your password? Reset
  Cancel
Reader's comments(3)
1: Gary, beautiful article. I share the same sentiment. Today's social networking is insecure and too much noise. I don't think the focus exists, every bit of information is like a widespread virus and not targeted. I suggest you try Antezen - www.antezen.com - a social networking site designed for professionals. It is unlike LinkedIn and FaceBook but has most of the strengths, although lot more controlled. This is a place where like-minded professionals come together. Companies can find these like-minded people (candidates that match their existing employees) - in short...an automated employee referral system. Let me know what you think...I am already registered with them and I think it is a great service
Posted by: Shiv Akumala - Wednesday 28th, March 2012
2: From: Mrs. Mary David

This mail may be a surprise to you because you did not give me the permission to do so and neither do you know me but before I tell you about myself I want you to please forgive me for sending this mail without your permission. I am writing this letter in confidence believing that if it is the will of God for you to help me and my family, God almighty will bless and reward you abundantly. I need an honest and trust worthy person like you to entrust this huge transfer project unto.

My name is Mrs. Mary David, The Branch Manager of a Financial Institution. I am a Ghanaian married with 3 kids. I am writing to solicit your assistance in the transfer of US$7,500,000.00 Dollars. This fund is the excess of what my branch in which I am the manager made as profit last year (i.e. 2010 financial year). I have already submitted an annual report for that year to my head office in Accra-Ghana as I have watched with keen interest as they will never know of this excess. I have since, placed this amount of US$7,500,000.00 Dollars on an Escrow Coded account without a beneficiary (Anonymous) to avoid trace.

As an officer of the bank, I cannot be directly connected to this money thus I am impelled to request for your assistance to receive this money into your bank account on my behalf. I agree that 40% of this money will be for you as a foreign partner, in respect to the provision of a foreign account, and 60% would be for me. I do need to stress that there are practically no risk involved in this. It's going to be a bank-to-bank transfer. All I need from you is to stand as the original depositor of this fund so that the fund can be transferred to your account.

If you accept this offer, I will appreciate your timely response to me. This is why and only reason why I contacted you, I am willing to go into partnership investment with you owing to your wealth of experience, So please if you are interested to assist on this venture kindly contact me back for a brief discussion on how to proceed.

All correspondence must be via my private E-mail (dmary4love1@yahoo.fr) for obvious security reasons.

Best regards,
Mrs. Mary David.
Posted by: mary lovely david - Monday 26th, September 2011
3: Hi my dear,
My name is Mounace, i would like to establish a true relationship with you in one love. please send email to me at (mounace43@yahoo.com) i will reply to you with my picture and tell you more about myself. thanks and remain blessed for me,
Your new friend Mounace
Posted by: mounace love love - Thursday 09th, June 2011
More articles
The retail industry is witnessing an increased migration of customers ... -By-Kaushal Mehta
by Kaushal Mehta - Founder & CEO, Motif Inc..
The retail industry is witnessing an increased migration of customers from traditional brick and mortar retail to E-commerce (online retail)...more>>
Its 1 AM. Do You Know What Your Offshore Team Is Doing? -By-Samir Shah
by Samir Shah - CEO, Zephyr .
You probably do because you are on the phone with them! For all of you working in some technical management capacity here in Silicon Valley,...more>>
Disconnect: The Root Of All Execution Evils -By-Raj Karamchedu
by Raj Karamchedu - Chief Operating Officer, Legend Silicon .
These days are a mixed bag for me. Of late I have been considering "doing something bigger and better," in my life, perhaps seriously though...more>>
IT Services Rise Of Tier II Companies -By-Madhavi Vuppalapati
by Madhavi Vuppalapati - CEO of Prithvi Information Solutions .
IT Services Rise of Tier II companies The Indian IT outsourcing industry is going through very exciting phase in its business life...more>>
DLP, Prevention Is Better Than A Cure -By-Bhaskar Bakthavatsalu
by Bhaskar Bakthavatsalu- Country Manager, India and SAARC of Check Point Software Technologies.
Data loss occurs every day through corporate email. In fact, given the sheer number of emails an organization sends every day, data loss inc...more>>