In the new hit movie The Social Network, Jesse Eisenberg plays Facebook founder Mark Zuckerberg, a Harvard student who will stop at nothing to create the first comprehensive, global online social network. Ironically, in the process of making 500 million “friends,” Zuckerberg loses those who are closest to him, sacrificing them to ambition, greed and runaway ego. The moral of the story? When it comes to social networking, know who your true friends really are — or risk paying a terrible price.
At Symantec, we recognize the growing power and utility of social media such as Facebook, LinkedIn, Plaxo and others for both personal and business use. We also understand the risks associated with careless participation, and ask that all employees engage in best practices to enable us to sidestep fraud, identity theft, malware and computer viruses.
While some of the challenges that social media, networking and collaboration sites present are more complex, they are ultimately no different than any other communication channel in that we must always protect our sensitive data regardless of medium in which we are communicating.
“It doesn’t matter if you are tweeting, blogging, or posting status updates on Facebook. You must protect sensitive data in every medium in which you share information. Sensitive data includes source code*, employee personal identifying information (PII), customer data, and Symantec Internal Use Only and Highly Confidential data,” said Justin Somaini, Symantec’s chief information security officer, who recently participated in a social media webinar hosted by the Information Risk Executive Council (see sidebar for more details).
Several of the principal risks can be avoided if we all stay alert.
Did You Know?
- Even if you don’t click on anything, just visiting a website can infect your computer. Drive-by downloads are the most frequent way that malware is spread with 40,000 individual malicious programs detected in our environment every single week.
- Installing unauthorized software can lead to widespread infections and data leakage. All software applications have bugs. When you install software that has not undergone a risk assessment, it exposes your system and Symantec to a higher likelihood of attack.
- Never install a video player or video program, even when a website asks you to install one unless they are from the Symantec IT Software Download site or directly from the vendor’s website.
- You must protect our sensitive data, particularly source code. Never:
--Paste source code snippets or other sensitive data on an external site (including blogs and tweets).
--Transfer source code or other sensitive data to your home email account, web server, PDA, thumb drive or external device to work outside of a lab or secured environment after hours.
--Include source code statements in email exchanges with external parties, including customers.
- Depending on your privacy settings and how you post, if you share vacation plans on Facebook, LinkedIn or Twitter you could be advertising to thieves that your house will be empty on specific dates and ripe for burglary.
- Many links to videos or requests for money, including many that appear to come from friends, are fraudulent.
Symantec Is Security… Symantec Is You… You Secure Symantec.