Don't Friend Your Enemies: The Insecurity of Social Media
March 11, 2011 12:00 AM
<p><b>Exercise Vigilance</b></p>
Social networks and mobile platforms have made the software you use more vulnerable. Attackers have nearly unlimited time, skills and resources to exploit the vulnerabilities. Keep on top of what threats are developing. To monitor for unknown threats, develop heuristics that can detect unusual code or activity. Develop baseline metrics; monitor for unusual spikes in network activity or traffic destinations.
<p><b>Clarity in the Cloud</b></p>
Be careful about what data collected from social media is put in the cloud. Know where the data will be housed. Assign responsibility for security. Set security priorities. Review policies and performance regularly.
<p><b>Leave it Home</b></p>
Particularly when traveling abroad, leave the smartphone at home. Do not take it with you. Arrange to have a temporary replacement that you can afford to lose and which contains no personally identifiable information or sensitive company documents, spreadsheets or the like.
<p><b>Lock it Down</b></p>
Many types of smartphones (and now, tablets) can be configured to lock down browser access, limit downloading of outside applications and keep control over other functions. Create and maintain white lists of approved applications. Configure devices to block scanning, sniffing and tampering.
<p><b>The Problem with iPads & iPhones</b></p>
Mobile devices and smartphones are relatively easy, low-risk points of entry for attackers. They can be remotely monitored for passwords, account numbers and personal identification data.
<p><b>Beware of Your Background</b></p>
Adversaries can use data extracted or derived from social media sites and public sites on the Web to figure out the affinities of executives and board members, past career moves and anything that might give a hint to passwords or other means of getting through authentication systems. The information gleaned from your executives digital exhaust can be used for attacks or identity theft. At stake: Account access.
<p><b>Meet the Spear Fisher</b></p>
Hackers are now specifically targeting high-level executives and board members to gain control of corporate information systems and resources, according to Deloitte & Touche principal Edward Powers. The practice is called spear-fishing.
<b>Don't Friend Your Enemies: The Insecurity of Social Media</b>
Financial firms are still trying to develop coherent social media strategies. But dont race into it: the risks are not well understood. And you may already be giving out too much information about the most important people in your organization: top executives and members of your board. This presentation is gleaned from The Future of Security: Evolve or Die, produced by Edward Powers, a principal and security specialist at Deloitte & Touche LLP. This slideshow was reposted with permission from Financial Planning.