What is Social Media Insecurity? Date:   Monday , May 03, 2010 One of the greatest challenges to privacy and security in the next several years is Social Networks and Social Media. Sites like Facebook, Twitter, LinkedIn, MySpace, and others can spell the downfall of valuing information. The ability to share and provide information is completely opposite to network security requirements. This is really encouraging people to do things that are not security conscious activities. Millions of people have multiple accounts in Facebook, Twitter, Myspace, and Linkedin, just to name a few. But sharing of information has moved beyond your personal circle of friends and family. Social media is becoming less social and more… well, more corporate. You can equate it to many people shouting in a bar, you are all in close proximity, but you can’t distinguish the individual conversations, you can’t make out who the people really are, or who is a potential quality relationship. Someone you do not want contacting you in that bar can easily find you if they want to, because you have put yourself out there. How many random friend requests do you get now from Facebook, Friendster, MySpace, LinkedIn, and so on? Too many is the case with most people. Twitter is a bit different obviously, but that is a whole other security nightmare waiting to happen. People are also getting bombarded with corporate Fanpages, Groups, and other means of luring you to their sites, brands, and social following. This is the erosion of your true social circle. You have basically joined a public forum rather than a social network. Social Media Security is really more about ’insecurity’. The distribution of your information across multiple platforms used to be in a restricted circle. Now it’s pretty much everywhere. You can find a person’s LinkedIn profile with a generic Google search. This should be restricted to the LinkedIn environment, but it’s not. You can then find their Facebook page, get to know all their family, and compile a pretty extensive list about that person. A new site www.gist.com does basically that. It can be a great sales tool to find out everything about a prospect, or it can be a great tool to stalk someone. With the advent of location based services, we will see physical insecurity based on social media usage on the rise rather quickly. A recently popular site Please Rob Me (http://pleaserobme.com) has already begun taking advantage of the Twitter location feature. Imagine what can be done by a stalker following someone on Twitter or a deranged ex-boyfriend following the girl based on the events she is attending on Facebook and LinkedIn? It’s easy to see how you can give away all your personal information without even thinking of it. Trends towards making information available will lead to insecurity. Insecurity will lead to data breaches and compromise. Compromise will lead to lots of crying, money lost, and probably lawsuits and other painful results. How do we get past this Social Media Insecurity? What Can You Do to Protect Yourself in Social Media? So what are the challenges of social media? Social media encourages: •Lack of privacy and delineation between personal and business •Encouraging information sharing beyond what is necessary •Giving away answers to security questions that help identify you in the financial world •Social engineering by using your personal information for nefarious purposes With these sites, people install applications without knowing what goes on in the background, and it’s easy to download malicious code to your computer. There are no external third party audits of these applications before they make it to your Facebook application. Your computer can be easily infected by a virus or spyware. What Should the Social Media Users Do to Protect Their Information? 1. No Personal information: This is anti-social networking, but there are things you can limit about what you post. Don’t post your Birthday, or your address, your mother’s middle name, or any really personal data. Think before you post that profile. 2. Limit who can view and contact you: Don’t let your profile be truly public, restrict to people you know for requested users. Remember that you can’t retract information you put out there; so be careful who can see that personal data. 3. Don’t trust strangers: Your mother was right, don’t open the door to strangers. Limit who you accept to chat or friend requests as well as even those you communicate with. This is obviously even more important for children. 4. Trust no profile: People lie, it’s sad but true. So profiles lie, they might say they went to your college or high school. They might be interested in your group, so don’t take anyone at their word. Vet anyone who contacts you with others in your social network. 5. Restrict your privacy: There are some configuration settings in all the social media applications that allow you to turn on some restrictions on your privacy. Take a minute to actually look at them. One easy example is in Facebook where you can create groups that you can place friends in; you don’t have to let your business contacts see what your friends are posting. 6. Password management: An oldie but a goodie; always use a strong password and don’t share it. And change it periodically. And do not make it anything related to your personal information such as your wife’s name or child’s name. 7. Layers of protection: You should be running a personal firewall and antivirus software on the machine you are viewing social networks in. This will help if a malicious piece of software tries to download something to your machine. Keep your protection software up-to-date as well and run the patch management software on your machine, this is especially important for you the Windows users. 8. Child protection software: You should have some kind of child protection software running on machines, which children under 13 are using. This will help with all that shady software that are out there. More importantly, educate your children about the dangers of social networking and who could be stalking them on the Internet. 9. Restrict your email: Avoid posting your email in your profiles for everyone to see. It’s a very easy way to get on a spam list and once that happens you will never get off the list. The author is Gary Bahadur, CEO of KRAA Security, which provides Managed Security Services and Consulting Services. KRAA Security protects organizations from threats through a combination of preventative services in Application Security, Network Security, Operating System Security, and Compliance measures. Website: http://www.kraasecurity.com