Social Media Policy

Social Media Policy Infrastructure

 2) Information Classification – You have to explicitly define what information can be shared and what information should not be Tweeted, FaceBooked, BlibbedBlabbaded (I made that up)about. If your employees do not know how valuable information is that you cannot blame them for inadvertently being sucked into the blogosphere. (I am not sure blogosphere is yet a word, but who cares)3) Keep It professional – If you allow your employees to Socialize (that a word with any meaning here?) information about your company, you have to give them standards to follow. Things like cursing, grammar mistakes, casual conversation style discussions might not be the image you want to portray when discussing anything related to your company.

4) Tracking and Monitoring – If you are going to have a policy for anything, you have to have a mechanism for tracking compliance, reporting on activity and have consequences for breaking that policy. How much tweets that are over the line makes you bring an employee before HR? What is a firing Facebook picture offense?

This is a very abbreviated start. In later posts I will define more aspects of a social media policy. But let’s get the conversation started about the necessity for this as a standard policy in every organization, both large and small.

Related articles by Zemanta

• HOW TO: Pick the Right Social Media Engagement Style (mashable.com)
• Social Media Strategy Lessons From Pepsi (businessinsider.com)
• Social Media Costs UK Economy $22 Billion a Year (penn-olson.com)

One of the greatest challenges to privacy and security in the next several years is Social Networks and Social Media. Sites like Facebook, Twitter, LinkedIn, MySpace and others can be the downfall of valuing information. The ability to share and provide information is completely the opposite of network security requirements.  This is really encouraging people to do things that are not security conscious activities. Social media encourages:

• Lack of privacy
• Encouraging information sharing
• Giving away answers to security questions
• Social engineering

As we have seen recently, a lot of spam, spyware and malware is attacking social network. Just in the past week I have probably recieved a 100 requests to be my friend on Facebook from people who I do not know and funny enough, all the message have the exact same personal message. Malicious people are attracted to social networks because of the ease of gaining trust and availability of data for social engineering.  Relationship building is easier through social media which can easily lead to phishing attacks.

With these sites, people install applications without knowing what goes on in the background, and its easy to download malicious code to your computer. There are no external third party audits of these applications before the make it to your Facebook application. Your computer can be easily infected by a virus or spyware.

What does the Social Media user to protect their information?
No Personal information – This is anti-social network, but there are things you can limit about what you post. Don’t post your Birthday! Or your address or your mothers middle name or any really personal data.

Limit who can view and contact you – Don’t let your profile be truly public, restrict to people you know for requested users.  Remember you can’t retract information you put out there. 

Don’t trust strangers – Your mother was right, don’t open the door to strangers. Limit who you accept chat or friend requests from and well as even communicate with.

Trust no Profile – People lie, it’s sad but true. So profiles lie, they might say they went to your college or high school.  They might be interested in your groups, so don’t take anyone at their word.

Restrict your privacy – There are some configuration setting in all the social media applications that can allow you to turn on some restrictions on your privacy. Take a minute to actually look at them. One easy example is in Facebook you can create groups that you can place friend in; you don’t want business people seeing what your friends are posting.

Password management – An oldie but a goodie, always use a strong password and don’t share it. And change it periodically.

Layers of protection – You should be running a personal firewall and antivirus software on the machine you are viewing social networks. This will help if a malicious piece of software tries to download something to your machine. Keep your protection software up to date as well and run the patch management software on your machine, this is especially important for you Windows users.

Child protection software – You should have some kind of child protection software running on machines where children under 13 are using. This will help with all that shady software that is out there.

Gary Bahadur

http://www.kraasecurity.com

http://blog.kraasecurity.com

http://twitter.com/kraasecurity

Address: 200 Se 1st St #601 Miami FL 33131

*Managed Security Services

*Vulnerability Management

*Compliance & Policy Development

*PGP Security

*FREE Website Security Test 

Related articles by Zemanta

• Half of Online Adults Use Social Networks at Least Monthly (seekingalpha.com)
• Firms worry about social networks, but don’t block access (arstechnica.com)
• Google Buzz proves problems with single online identities (thewayoftheweb.net)
• Are Consumers Becoming More Suspicious of Social Networks? (marketingvox.com)
• Seven Steps to Safe Social Networking (dominica-weekly.com)
• 13 Essential Social Media Lessons for B2B Marketers from the Masters (mashable.com)
• Social Media for CEOs (slideshare.net)

Information Devaluation Through Phishing

The value of information has been decreasing over time. How do you see this isn the real world? There are two ways, one can be seen from the user perspective and the other from the attacker/bad guy perspective.

From a user point of view, the most obvious method to see information devaluation is Facebook, Twitter, MySpace, Linkedin etc. These may be seen as good ways to keep in contact, but look at all the personal data stored in these sites. Enough to authenticate to your bank account with such pieces of data as Name of Dog, Elementary School, Parents Lastname. Everything for secret question authentication. There was just a theft from a bank (http://www.networkworld.com/news/2009/092409-construction-firm-sues-after-588000.html) where the challenge questions were successfully answered.There are many Network security assessment tools to prevent such  phishing ways to get the answer to these challenge questions.

The attackers are focusing Phishing efforts on Twitter and Facebook much more these days. Its pretty obvious why, so much information is available here. KRAA Security a Network security audit tool provider twitters, but we try to keep personal things off there. But many people lives their lives on twitter so much, its a mind boggling concept.

The Washington post just had an article where the list Facebook as the top phished site (http://voices.washingtonpost.com/securityfix/2009/04/facebook_among_top_phished_web.html). Part of this is the information people post and the Applications developed for it have many ways of phishing your information. Thus a Information security risk assessment is a necessity.

So is there is a solution the phishing problem in Social Media? Probably a security penetration test for such websites. Even though the phishing problem will probably get such more extensive as Social Media expands, takes over more aspects of our lives and invades every information dissemination media. Doomed I say.

This was a cheerful post.

Gary Bahadur

baha@kraasecurity.com

http://www.kraasecurity.com

http://blog.kraasecurity.com

http://twitter.com/kraasecurity

*Managed Security Services

*Vulnerability Management

*PGP Security

*FREE Website Security Test