Computer Weekly Security Think Tank — social networking

Social networking sites: what are the associated risks at a corporate and at an individual level?

Gartner: at-a-glance guide to social networking risks
Multiple worms and viruses have been introduced to various social network environments. Content distribution within a social network parallels peer-to-peer environments and can support rapid distribution of malware embedded in applications and graphics read full article

BCS: Individual risks become corporate risks
As a result of the strong human desire to connect, social networking websites have encouraged online behaviour where security and privacy are not always the first priority. The key cause for concern is the late realisation of the open nature of the web and thus how much personal information has been left exposed to any passing stranger read full article

Tif: Limit your liability from social networking
The main risk of social networking comes from the blurring of a participant’s professional and personal profile. Very often, social networkers align themselves with professional networking groups that indicate clearly who employs them and what their job function is. Potentially, this can make it very easy for criminals to harvest information that can be used against them or their companies – so called “social engineering” read full article

NCC: Social networking security is a people issue
It is an enticing technology but few of the associated risks are really technology problems. It is no different from that old managerial adage of “less gob, more job”. And heavy handed bans are unlikely to mitigate the risks. You may curtail the workplace access, but you cannot control the cybercafe or home PC without instilling staff with a risk-literate attitude read full article

ISSA: Would you shout your details in the street?
The danger of giving too much information away on social networking sites is of significant concern. Even information that seems innocuous, such as date of birth and postcode can be used for nefarious motives. How many times is this sort of information used as a challenge when speaking to a call centre operative to prove your identity? read full article

ISF: A greater social networking threat on the horizon
Last year, Facebook purchased Parakey, a start-up from two of the creators of Firefox that promises a web-based operating system designed to bridge the gap between desktop and web and make it easier to move content between the two. How long will it be before one of these sites gives simple remote access from PC to PC? read full article

(ISC)2: Policies hold key to social networking security threat
The rapid take up of social networking sites offer cyber criminals and mischief makers a new large target. Remind colleagues not to use any workplace e-mail addresses or passwords on these websites. Many of these websites do not encrypt user log-on details. Passwords and user IDs transmitted in clear text across the public internet are subject to possible interception or compromise read full article