A new phishing attack has hit Twitter, causing some users to unwittingly expose sensitive data to malicious hackers. It’s causing some people to question how they use social networks. And it might be forcing many companies to second guess their support for such services.
The threat of outbreaks coming from social networks is real. Without some sort of corporate policy and safeguards in place, sensitive data can leak out through social networks. For that reason, the enterprise needs to ensure that it’s taking the proper steps to maintain security while still giving employees the opportunity to access social networks.
1. Establish a corporate social-media policy
Step one of any initiative on social networking should start with a social-media policy. How will employees be allowed to access their social networks? What can they say to followers while they’re working? Is there a limit to what they can access? All these questions need to be answered by the company. Stated policies keep employees on track and, if necessary, provide a resource when rules are broken.
2. Encourage social-networking use
Although there are rules that need to be set in place, one of the most important considerations when trying to ensure social-media security is to encourage its use. Yes, eliminating access to such sites would, at first glance, seem to limit security outbreaks, but the opposite is quite true. Employees would try to find ways to circumvent a company’s blocking measures, access social networks anyway, and do so without the proper guidance they need. Encouraging the use of social networks keeps everything above board. And it gives companies the opportunity to guide that use.
3. Training is key
After encouraging the use of social networks, companies must train employees. IT managers can examine best practices and guide employees on what they should and should not do. A first step is to inform employees that they shouldn’t be clicking on links that they don’t know. It’s also a good time to give them a refresher on not clicking on links in phishing e-mails claiming to come from a social network. It seems rather simplistic, but with those simple lessons, the vast majority of security issues impacting companies through social networks will be eliminated.
4. Break out the tools
If a company is going to allow the use of social networks, one of the most important tools it should be using is TinyURL Preview. The simple tool allows employees to view the real destination of a disguised TinyURL link before they get to the site.
Education Remains an Essential Factor
Companies should also consider using similar tools from other link-shortening services that provide the same function. Simple tools like those, along with training, can go a long way in reducing security issues.
5. Limit allowed social networks
Although it might sound counter-intuitive for a company that is encouraging the use of social media to limit the number of networks employees are using, it’s a necessity. Employees don’t need to update their friends on Identi.ca, an open source Twitter clone. They don’t have to work with FriendBinder, a FriendFeed competitor. Keep it simple and only allow access to major social networks such as Facebook, Twitter and MySpace. If employees want to access other networks, they can do so at home. Such a policy makes social networks much simpler to police.
6. Educate IT staff
One of the most important things any company can do is ensure that its IT staff is up on all the issues that might be impacting social networks. Someone at the company should spend some time to know the news surrounding major social networks each week to ensure that if and when security issues arise, the company knows about them and can alert employees of their impact.
7. Keep computers patched
A recent study found that users patch potential security issues in software about half as quickly as operating-system patches. That’s something that companies cannot afford to do. By ensuring that both the operating system and software is patched at all times, the impact some of the security outbreaks that occur on sites like Twitter and Facebook can be contained.
8. Share best privacy practices
One big way to ensure a social-network user is staying safer is to change privacy settings. Twitter, for example, allows users to block others that are sending out tweets with spam. By reminding employees of that option, companies can go a long way in limiting the number of malicious users that can exploit others on the corporate network.
9. Open the lines of communication
The worst thing a company can do is to ignore questions or issues employees might have about a social network. When an employee contacts their manager or IT staff about something they’re concerned about, the issue should be addressed as quickly and efficiently as possible. Listen to the issue, address it and move on. It’s safer.
10. Don’t fear it
Although the security issues are alarming, companies cannot start fearing social networks. There’s no reason for it. Social networks are great marketing tools for companies, even with the security problems. If an employee is happy with their workplace, they will tell their friends. And in the end, the company might reap some of the benefits of that.
Remember: Social networks do more good than harm.