The world of social media has taken off at a breath-taking pace. Yes, it‘s gone ‘viral’ – and yet the current rate of usage may just be the beginning. With millions of people having fought tooth and nail to get their hands on the latest smart phones – just look around at how many are proudly brandishing them in your workplace – the sheer scale of this phenomenon has started to reveal itself.
Everywhere you go, the evidence is increasingly in front of you: people in cafes on their laptops; on trains, using their smartphones; at home, on their PCs/laptops/smartphones; and at work, using everything and anything, both standalone AND connected to the Internet! The upshot is that security is now being compromised as never before.
No wonder so many IT departments are running scared of the social media bombardment, as they try to manage this seemingly unstoppable flood and keep their business data secure at the same time. What are we talking about here? Well, for starters, physical or connected threats, phishing attacks, malware (malicious software), privacy settings left open to all and sundry, and intellectual property leakage.
Not surprisingly, most social media infections come from the web. It only takes one visit to an ill-chosen website and your device can be exposed to malware – even if you don’t actually download a file or program. Legitimate sites may be unknowingly infected, too: websites with information on popular celebrities or hot-off-the-press sensational news items are often hijacked by criminals.
Alternatively, criminals may well create their own ‘celeb-fixated’ websites to lure victims in. The majority of recent major sporting events, for instance, saw cybercriminals offering tickets for sale on-line or sending phishing emails, claiming the recipients had won tickets to see the matches.
Too good to be true? Maybe, but there is no shortage of people all too ready to believe and respond to such scams. Indeed, according to the 2012 Symantec Norton Security Cybercrime Report*, one in five online adults has been a victim of either social or mobile cybercrime. Examples of this appear as theft of information, fraudulent text messages, fake hyperlinks, and account hacking.
The report also states that global consumer cybercrime over the past year has accounted for approximately $388 billion dollars. This year alone, there have been approximately 556 million people who have been victims of cybercrime, it says, costing these unsuspecting victims more than $274 billion in total.
The ultimate prize for the cyber criminals, of course, is getting their hands on your data, which can have dire consequences: financial losses (to your business, employees, customers, self); breaches of confidentiality; non-compliance penalties; industrial espionage; and compromised reputation.
So what can you do to help ensure this doesn’t happen to you? Here are a few pointers:
- Do not store any information you want to protect on any device that connects to the Internet, unless it is password protected.
- Use strong passwords, consisting of a combination of uppercase and lowercase letters, numbers, and special characters
- Always use high security settings on social networking sites and restrict the personal information you share to a minimum
- Install a comprehensive suite of internet security software and check for the padlock symbol and https in the URL of the site you are visiting in your browser before entering personal information on websites
- Verify those you correspond with. It is easy for people to fake identities over the Internet
- Do not automatically download, or respond to, content on a website or in an email. Do not click on links in email messages claiming to be from a social networking site. Instead, go to the site directly to retrieve messages
- Only install applications or software that come from trusted, well-known sites. ‘Free’ software may come with malware.
- Establish and enforce policies about what company information can be shared on blogs or personal social web pages
- Use multiple layers of security throughout the computer network, including an SSL certificate to protect sensitive information
- Educate your employees about social media threats and how to prevent future loss
- Establish policies and procedures for intrusion detection systems on company networks
- Alert employees as to how their own on-line behaviour could impact the business
- Provide regular security training to employees
- Have employees report suspicious incidents immediately
Get theses basics right and your organisation will be a far safer one.
For more information on website security download the Symantec website security threat report