Risk of Social Networking
Friday, July 30, 2010 20:49
As part of your business, do you use any of the typical social networking sites such as Facebook, Twitter, and LinkedIn? If you do use these or other social networking sites, should you be concerned?Maybe!
Recently a security researcher, Thomas Ryan, set up accounts on these three main social networking sites using a fake person’s profile and purposely set out to “friend” the security, intelligence, government and military communities to see if they would fall for the scheme and to show the risks of social networking sites. Mr. Ryan made parts of the profile obviously fictitious. For example, he gave the fake 25 year-old female ten years work experience and other obvious clues. In the end, he still had over 200 friends on each one of the sites in a period of a month.
Having “friends” is not a big thing, but having people share personal information, photos, documents and other related information with someone they never met is risky. In this case, a number of people from security and intelligence communities, who should know the risk of sharing this kind of information, freely shared personal information with a total stranger. According to Mr. Ryan, through this fake female profile, he was able to have access to documents, email and even bank accounts. Also, LinkedIn profiles would show patterns of new business relationships and other similar types of “innocent” information.
There are a few take-aways I would glean from this security researcher’s experiment:
- Look at your use of social networking sites. If it does not benefit your business by driving traffic or sales, I would not use the site(s) for business purposes.
- Information that does not promote your business should not be shared with others outside your business. Make sure information is protected and cannot be shared with anyone you don’t really know.
- Make sure any personal information that you share is not a risk to you or your family.
- Be careful who you allow as friends! If you really don’t know the person, don’t make them a friend.
There is no perfect way to protect you and your business information, but a little caution goes a long way. I think in the case of this security researcher’s experiment, it helped that the fake profile was of a young attractive female, but I also think that even those in an intelligence or security profession who know better can get complacent. Don’t get complacent; stay on guard to protect yourself and your business.
Related posts: