Developing a Social Media Security Strategy
The current mantra from most business experts seems to be that your organization has to have a social media strategy. They say you must have a regularly maintained Facebook Page, you must Twitter regularly and you should be using as many social media tools to reach your audience as possible. If you Google the phrase “social media strategy” you’ll return more than 8.5 million hits. What no one talks about is the necessary steps to ensure the security of your social media presence.
It is not enough to have a social media strategy, you must also have a social media security strategy, and that security must be interwoven into every aspect of your organization’s social media presence.
The fact is, the more social media exposure your organization has the more your security risk increases. Social media sites are a prime research vehicle and target for today’s attackers, and the more your organization engages in social media the easier it is for those attackers to find a human weakness within your organization.
So, how do you compromise between the need for a social media presence and being able to secure that presence? As security practitioners, it is important to take an early leadership role in developing your organization’s social media strategy and add a security component to it. A social media security strategy should start by understanding your organization’s goals for social media. If the primary goal is to use social media as a broadcast marketing tool then it is much easier to secure your social media presence, via common web protections, compared to a strategy of genuine interaction with your customers or as a platform to share information and collaborate with employees.
Start by working with other departments within your organization to determine who will be responsible for content on that department’s social media site. Once those employees have been identified as social media authors for their department you can increase the level of security at their endpoint. For example, if you are running Symantec Endpoint Protection with just the Antivirus enabled for most of your users you can add the IDS/IPS, Firewall and, most importantly, Application Control components. Ideally, you would also create a group within your Endpoint management console that would allow you to maintain special security controls over these privileged users.
In addition to protecting the endpoint, you should also secure the transport path. Create a rule on your proxy server that blocks access to these sites over port 80. Most social media sites allow users to connect over more secure SSL (port 443), and company policy should enforce that connection. An SSL connection makes it much harder to fall victim to social media oriented phishing attacks.
Monitor threat intelligence for exploits against social media sites and applications that facilitate connections to those sites. Symantec’s DeepSight Early Warning service has dozens of vulnerabilities listed regarding Twitter and Facebook and is adding new alerts all the time.
Consider creating special mail accounts for users that will be customer facing as part of the social media strategy and give those accounts closer scrutiny through a cloud-based mail hygiene provider. This allows you to take advantage of the threat intelligence of these providers and also keeps the potential threat separate from your network.
Finally, consider using a Managed Security Services Provider. Symantec’s MSS has a great asset tagging feature that allows you to identify important hosts within your network. Just as with the endpoint, you can create a group for social media users and assign a higher level of security to that group, so that incidents which would normally be considered a warning level incident now get raised in importance and you have the opportunity to address them faster.
The advantage of using Symantec’s MSS doesn’t stop with asset tagging. We also incorporate intelligence from our Global Intelligence Network, a vast Internet threat and vulnerability detection network, and use that intelligence to help monitor your network. As new threats are released and vulnerabilities exposed we get that information and apply it to our security analysis of client’s networks in real time. In addition, as a leading provider of security software and protection products, Symantec has a lot of experience finding, isolating and remediating malcode and exploits that impact social media users. We can put that expertise to use on your network and help you implement the suggestions included in this post.
Social media is an important part of marketing and communications within a growing number of organizations, but there is no reason that social media interaction should not be secure. As social media continues to grow in popularity its appeal as an attack vector will continue to grow. Watch this space for more ideas about how Symantec can help protect your organization from threats originating through social media sites.