SOCIAL NETWORKING AND THE OVERLOOKED ISSUE OF SECURITY



Similar documents
Is There Such a Thing as Internet Privacy?

Top Attacks in Social Media

Know how to publish, integrate and share using social media

CYBER SECURITY Cyber Security for Canadian Directors in the Wake of Ashley Madison

SAMPLE DOCUMENT Social Media Policy

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft

Data Security. The dominant business communication tool

A Small Business Approach to Big Business Cyber Security. Brent Bettis, CISSP 23 September, 2014

1. For each of the 25 questions, multiply each question response risk value (1-5) by the number of times it was chosen by the survey takers.

October 24, Mitigating Legal and Business Risks of Cyber Breaches

2015 Benchmark Survey State of Association Data Breach Preparedness Report

Financial Implications of Cybercrime Meeting the Information Security Management Challenge in the Cyber-Age

Proactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation. By Marc Ostryniec, vice president, CSID

Policy for Social Media Usage in Catawba County

Security tips for the use of social media websites

Facebook and Social Networking Security

North Carolina Office of the Governor North Carolina Office of Information Technology Services North Carolina Department of Cultural Resources

The Cyber Attack and Hacking Epidemic A Legal and Business Survival Guide

Authenticating and policing the internet for consumer confidence and security

Social Media: What It Means to Corporate s Risk Profile

USE AND ABUSE OF SOCIAL MEDIA IN THE WORKPLACE. Presented by Total Compliance Connection, LLC Vicki Worster Human Resource Consultant

WHITE PAPER. PCI Basics: What it Takes to Be Compliant

White Paper #6. Privacy and Security

North Carolina Office of the Governor North Carolina Office of Information Technology Services North Carolina Department of Cultural Resources

White paper. Phishing, Vishing and Smishing: Old Threats Present New Risks

Cyber Security, Fraud and Corporate Account Takeovers LBA Bank Counsel Conference December 2014

Security Practices for Online Collaboration and Social Media

ERM Symposium April Moderator Nancy Bennett

CSIS Security Research and Intelligence Research paper: Threats when using Online Social Networks Date: 16/

Managing Cyber Risk through Insurance

WRITTEN TESTIMONY OF

Global IT Security Risks

Policy Considerations for Securing Electronic Data

Malware & Botnets. Botnets

Impact of Data Breaches

Anatomy of a Hotel Breach

Who Controls Your Information in the Cloud?

2012 NCSA / McAfee Online Safety Survey

Cyber Threats: Exposures and Breach Costs

Patrick Gray Principal Security Strategist DATA SECURITY CHALLENGES IN THE ALL TOO PUBLIC AND NOT SO PRIVATE SECTORS

New York State Department of Financial Services. Report on Cyber Security in the Insurance Sector

Breaching Bad: New Cyber Security Risks & Regulations Affecting Suppliers At All Tiers

Introduction to Computer Security

STOP.THINK.CONNECT NATIONAL CYBERSECURITY AWARENESS CAMPAIGN UNDERGRADUATE STUDENT PRESENTATION

SOCIAL MEDIA POLICY. Introduction

Network Security & Privacy Landscape

Guidance on the Use of Social Networking

Beyond Data Breach: Cyber Trends and Exposures

Cyber Security Breakout Session. Ed Rosenberg, Vice President & Chief Security Officer, BMO Financial Group Legal, Corporate & Compliance Group

What are the common online dangers?

Cisco on Cisco Best Practice Security Practices for Online Collaboration and Social Media

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training - Session One

How-To Guide: Cyber Security. Content Provided by

Applying the 80/20 approach for Operational Excellence. How to combat new age threats, optimize investments and increase security.

Cyber Security Awareness. Internet Safety Intro.

SOMEBODY'S WATCHING YOU! Maritime Cyber Security White Paper. Safeguarding data through increased awareness

TOP 10 TIPS FOR EDUCATING EMPLOYEES ABOUT CYBERSECURITY

Cyber Security 2014 SECURE BANKING SOLUTIONS, LLC

DISTRICT COUNCIL OF LOXTON WAIKERIE. Social Media Policy

Presentation for : The New England Board of Higher Education. Hot Topics in IT Security and Data Privacy

privacy and security training that makes people remember and care

Your Personal Information: Protecting it from Exploitation

Whitepaper MODERN THREATS DRIVE DEMAND FOR NEW GENERATION TWO-FACTOR AUTHENTICATION

PCI Security Compliance in KANA Solutions How KANA Applications Helps Companies Comply with PCI Security Standards

Rushern L. Baker, III County Executive. Presented By: Eben Smith, Contract Compliance Officer Minority Business Development Division

2012 Bit9 Cyber Security Research Report

MODERN THREATS DRIVE DEMAND FOR NEW GENERATION MULTI-FACTOR AUTHENTICATION

Cybersecurity: Protecting Your Business. March 11, 2015

2012 NCSA / Symantec. National Small Business Study

Medical Information Breaches: Are Your Records Safe?

Data breach, cyber and privacy risks. Brian Wright Lloyd Wright Consultants Ltd

Mitigating and managing cyber risk: ten issues to consider

Auditing emerging cyber threats and IT controls

AN INFORMATION GOVERNANCE BEST

Is your Organization SAFE?

In an age where so many businesses and systems are reliant on computer systems,

Cybercrime Prevention and Awareness

CYBERSECURITY HOT TOPICS

Android Developer Applications

Cyber Security Management

BLACKPOOL COUNCIL Topic Social Media Policy

current and previous addresses name/ssn Medical Insurance info UNCLASSIFIED credit info family info phone & fax #

Privacy Policy. If you have questions or complaints regarding our Privacy Policy or practices, please see Contact Us. Introduction

NEW JERSEY STATE POLICE EXAMPLES OF CRIMINAL INTENT

THE STOP.THINK.CONNECT. CAMPAIGN: GEORGE MASON UNIVERSITY CYBERSECURITY AWARENESS EVENT

CANADIAN PRIVACY AND DATA RESIDENCY REQUIREMENTS. White Paper

Cyber Security. An Executive Imperative for Business Owners. 77 Westport Plaza, St. Louis, MO p f


2010 AICPA Top Technology Initiatives. About the Presenter. Agenda. Presenter: Dan Schroeder, CPA/CITP Habif, Arogeti, & Wynne, LLP

Cyber-Security Risk- IP Theft and Data Breaches Protecting your Crown Jewels Internally and with Your Key Third Parties

Course 4202: Fraud Awareness and Cyber Security Workshop (3 days)

BIG DATA AND INSURANCE SYMPOSIUM

Cyber Risks Connect With Directors and Officers

Is your data secure?

Preempting Business Risk with RSA SIEM and CORE Security Predictive Security Intelligence Solutions

I ve been breached! Now what?

Data Security Breaches: Learn more about two new regulations and how to help reduce your risks

Top 10 Tips to Keep Your Small Business Safe

Cyber Security. Securing Your Mobile and Online Banking Transactions

Transcription:

SOCIAL NETWORKING AND THE OVERLOOKED ISSUE OF SECURITY Social networking by definition focuses on building and reflecting personal and social relations among people who share common interests, causes or goals. A social networking site is a on-line service that attracts a community of users and provides such users with a variety of tools for posting personal data and creating user-generated content directed to a given user s interest and personal life, and provides a means for users to socially interact over the internet, through e-mail, instant messaging or otherwise. In so doing, social networking sites allow users to share ideas, activities, recommendations, personal information and interests within their individual networks, as opposed to an online community that is group rather than individual-focused. As of June 2010, twenty-two percent of all time spent on-line is social, i.e., messaging, commenting, blogging and sharing. 1 For the first time ever, social network or blog sites are visited by three quarters of global consumers who go on-line. 2 In the U.S. alone, the total minutes spent on social networking sites has increased eighty-three percent year-over-year. 3 These results are astounding for such a new media: e.g., Mark Zuckerberg launched Facebook, currently the most popular social networking site worldwide, only in February 2004. Upward trends in user membership, corporate marketing and other metrics with respect to social networking sites are expected to continue. 4 The issue of information security on social networks is paramount, but has largely been tabled by social networking sites in favor of emphasizing user growth and brand marketing. Achieving information security within the Web 2.0 arena of social networking, though, is difficult and complicated, as users tend to overlook security risks, businesses downplay the gravity of the security issues, and owners of social networking sites are somewhat conflicted by financial incentives that run contrary to privacy and security concerns. A. The Overlooked Issue of Security 1 http://blog.nielsen.com/nielsenwire/online_mobile/social-media-accounts-for-22-percent-of-time-online/ 2 Id. 3 http://www.nielsen-online.com/pr/pr_090602.pdf 4 http://www.professionalexperts.net/articles.php?article_id=49; http://www.pcworld.com/businesscenter/ article/202333/take_advantage_of_increased_time_spent_on_social_networking.html 1

By definition, social networks regardless of whether they are informal networks (e.g., Facebook or Twitter) or professional networks (e.g., LinkedIn or Martindale- Hubbell Connected) are community-based forums where the free trade of ideas and information is encouraged. From an informational security standpoint, therefore, the pivotal weakness with social networking sites is conversely their strength: social networks encourage open interaction among both known users and loosely-connected users and, as a result, the normal social barriers against interacting with near strangers are lowered. Juxtapose this openness against the rampant increase in cyber crime and identity theft worldwide, 5 and therein lies a potential privacy epidemic. Unsurprisingly, there have been countless reports of cyber criminals phishing for personal information on social networking sites. 6 In fact, data suggest that an increasing volume of cyber crime is being directed to internet users on social networking sites. 7 At risk is not only the personal information of the user, but presumably also that of the user s employer. The tools of the trade for cyber criminals are clever and devious, such as (i) creating fake profiles of friends, which is known as social engineering, (ii) hacking into friends profiles and sending messages that look-and-feel to be from a friend, and (iii) emailing hostile computer code known as malware, usually from an account of a friend that becomes activated when unwitting recipients click on the infected, internet links. Unsuspecting users on these sites run the risk of compromising sensitive information, including bank and financial data, highly personal information such as relationship, health and well-being and employment information, and similar sensitive information of family and/or friends. Up to this point, social networking sites, at least informal sites, have been somewhat obtuse to the issue of information security: In January 2010, Mark Zuckerberg, the CEO of Facebook, stated at a technology conference that privacy is no longer a social norm, as users have adapted to sharing information online over blogs and other social media and, in turn, the 5 http://www.aim.org/guest-column/threat-of-cyber-crime-continues-to-increase/; http://gigaom.com/2010/ 02/10/identity-theft-on-the-rise-survey/ 6 http://www.time.com/time/business/article/0,8599,1895740,00.html; http://www.informationweek.com/ news/security/cybercrime/showarticle.jhtml?articleid=227701164; http://community.norton.com/t5/ask -Marian/Social-Network-Members-Increasingly-Vulnerable-to-Phishing/ba-p/162749 7 http://www.networkworld.com/news/2009/012309-social-networking-sites-a-hotbed.html; http://www.esecurityplanet.com/features/print.php/3874206 2

company has structured its privacy settings accordingly. 8 Roughly six months later, a hacker has created a program that has legally harvested and published highly-personal data from over 100 million Facebook users who failed to change their privacy settings to make their profile pages unavailable to search engines. 9 In February 2010, Google, shortly upon the release of its own social networking site, Google Buzz, was slapped with a class-action lawsuit in a federal court in California and at the Federal Trade Commission based on claims that Google automatically activated and generated publically accessible lists of followers gleaned from users Gmail accounts and Gtalk conversations. 10 In June 2010, Twitter, the other major operator as of now in the social media landscape, agreed to settle charges by the U.S. Federal Trade Commission that it deceived consumers and put their privacy at risk by failing to safeguard their personal information. 11 B. Managing Security Risks At this time, information security on social networks is fundamentally a behavioral issue, not a technology issue. Because of this, users as opposed to the sites themselves appear best suited to manage security risks, as it is the users who have full control and discretion as to what is published, posted, tweeted or otherwise disclosed over the sites and who are invited into circles of friends. Simple measures such as refraining from publishing financial and sensitive information, using strong and unique passwords, not assuming privacy on a social networking sites and selecting social media friends with caution greatly contribute to information security over social networking sites. For businesses, managing security risks via its employees can be more challenging, but is necessary, as potential risks include inadvertent disclosure of sensitive enterprise information such as financial data, corporate intellectual property and IT infrastructures. At a minimum, businesses should implement policies to ensure that employees are made aware of the threats online to themselves and the enterprise through the disclosure of 8 http://www.reuters.com/article/idus174222527820100112 9 http://www.net-security.org/secworld.php?id=9652 10 http://www.pcworld.com/article/189712/google_hit_with_lawsuit_over_google_buzz.html 11 http://www.ftc.gov/opa/2010/06/twitter.shtm 3

sensitive information and establish a security policy including the use of social networking sites. Even though social networking sites have deemphasized informational security in the past, social networking sites are not totally apathetic to users security and privacy concerns. Social networking sites, for example, have privacy and security safeguards on their respective sites, including procedures to permit users to adjust how others access their personal information. 12 The default settings for these functions though as discussed above in the case of Facebook tend to be quite permissive and users must configure the settings to take the advantage of the potential protections available, and to control the searchability of the posted information. Recently, there also has been increased intensity relating to information security by both public agencies and private watchdogs, 13 such as the Electronic Privacy Information Center, the entity that filed the complaint against Google in February 2010 relating to Google Buzz. Collectively, these entities have scrutinized the social networking sites policies relating to, among other things, information security on their respective sites. In response, the sites have reassessed security measures in the face of potential legal calamity, monetary damages and loss of user membership. At this time, however, information security on social networking sites remains fundamentally a behavioral issue, not a technology issue. In turn, therefore, it is naive for users and businesses to disregard security risks and outsource security to social networking sites, where there is no uniformity with respect to security safeguards at each site, there are constant reports of security leaks and breaches of users profiles (e.g., President Obama s Twitter account) 14 and where the relevant legal landscape is in its infancy. 12 http://www.sophos.com/sophos/docs/eng/papers/sophos-security-threat-report-jan-2010-wpna.pdf; http://www.examiner.com/technology-in-san-francisco/privacy-settings-and-social-networking 13 http://www.informationweek.com/news/government/security/showarticle.jhtml?articleid=224600656; http://epic.org/2010/10/new-social-networking-privacy.html 14 http://www.informationshield.com/securitypolicynews.html; http://www.ftc.gov/opa/2010/06/twitter. Shtm; Gina Stevens, Federal Information Security and Data Breach Notification Laws, Congressional Research Service, January 28, 2010 ***The sources for much of the information in this article are electronic equivalent of news articles, i.e., websites and blogs, because of the current dearth of reported cases and scholarly works with respect to security and social media issues. Such resources and jurisprudence can be expected to become available 4

C. Conclusion Social networking has become fully engrained in our societal fabric in a very short time span. This new media is in its infancy and, many questions such as legal issues regarding informational security, remain largely unsettled. Indeed, uniform legal standards for security on these sites whether case driven or by statute are non-existent as of today. Government action is on the horizon and is inevitable in response to a growing public awareness of the security risks, but no one can accurately predict what, when and to what degree such action will be. At this time, therefore, the burden of security will be carried more by the users. Prudent behavioral choices by users, and the businesses that employ them, offer the best safeguards against cyber crime and disclosures of sensitive information. over the ensuing years during the continued expansion of social networking sites and the onset of governmental legislation addressing privacy and informational security safeguards for these sites. 5

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information