A recent Sophos poll revealed that 63 per cent of system administrators worry that employees share too much personal information via their social networking profiles, putting their corporate infrastructure – and the sensitive data stored on it – at risk. The findings also indicate that a quarter of businesses have been the victim of spam, phishing or malware attacks via sites like Twitter, Facebook, LinkedIn and MySpace.
With social networking now part of many computer users' daily routine – from finding out what friends are up to, to viewing photos or simply updating their online status – Sophos experts note that unprecedented amounts of information is updated every minute. Frequent use of social networking sites makes them a prime target for cybercriminals intent on stealing identities, spreading malware or bombarding users with spam.
Sophos research confirms that although one third of organizations still consider productivity issues to be the major reason for controlling employee access to social networking sites, the threat from both malware and data leakage is becoming more apparent with one in five citing these as their top concerns.
Cyber attacks: a new frontier
Sophos experts note that four of the most popular social networking sites – Facebook, MySpace, LinkedIn and Twitter – have all experienced their fair share of spam and malware attacks during 2009, all designed to compromise PCs, or steal sensitive information. From traditional 419 scams that aim to fool users into sending money to foreign destinations under the ruse that a friend is in trouble, to malware disguised as Facebook error messages, cybercriminals are using the same old techniques, but pushing them out via social media.
A typical method of attack is for hackers to compromise accounts by stealing usernames and passwords – often using phishing or spyware – and then, use this profile to send spam or malicious links to the victims' online friends and colleagues. Sophos research reveals that one third of respondents have been spammed on social networking sites, while almost one quarter (21 percent) have been the victim of targeted phishing or malware attacks.
Total lockdown is not necessarily the answer
With social networking behavior firmly ingrained in many employees' daily routines, Sophos experts predict that users will continue to share information inappropriately, putting their identities – and potentially the organisation they work for – at risk. Similarly, as long as users keep falling for social media scams, the fraudsters will continue to exploit social networks, commandeering identities to steal information and spread more attacks. However, banning social networking in the workplace outright may be a rash move – one that could cause more harm than good.
Top 5 tips to combat social networking perils
In order to help business and users stay safe in the face of social networking, Sophos has put together the following advice:
1. Educate your workforce about online risks – make sure all employees are aware of the impact that their actions could have on the corporate network.
2. Consider filtering access to certain social networking sites at specific times – this can be easily set by user groups or time periods for example.
3. Check the information that your organization and staff share online – if sensitive business data is being shared, evaluate the situation and act as appropriate.
4. Review your Web 2.0 security settings regularly – users should only be sharing work-related information with trusted parties.
5. Ensure that you have a solution in place that can proactively scan all websites for malware, spam and phishing content.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.