People get really worked up when discussing the dangers of social media and social networking. There are reasons to be concerned, but no need to panic.
Novel ways of interacting on-line are new to everyone, including security professionals and risk managers. I’ve been thinking about the various risks for enterprises associated with social media and social networking. In my mind, the risks fall into two categories in a business setting:
- Risks to organizations who use social media platforms for marketing campaigns. In this scenario, the organization interacts with consumers on social networking sites, such as Facebook and Twitter, rather than focusing on bringing consumers to the websites under the organization’s direct control. The battle is fought on untrusted turf, if you will. This exposes the organization to several risks, including brand tarnishing, impersonation attacks, and the use of vulnerable IT infrastructure. For my overview of supporting social media marketing campaigns from a security perspective, see my earlier post on this topic.
- Risks to organizations whose employees make use of social networking sites. In this scenario, the users of social networks are at risks due to the link-sharing culture of such sites, whereby they may be targeted by malicious websites and may be social engineered into installing malware or into giving up sensitive data. The organizations are also at risk when the employees inadvertently leak proprietary, regulated or otherwise sensitive information. Related risks are situations where employees reveal personal data that can be used to attack the individuals or their employers.
There are good reasons for enterprises to be concerned about the risk associated with social media and social networking. To understand what can be done about them, it’s important to understand not only the role that social networking plays in business and personal lives, but also how the associated risks can be classified. If you’re interested in my thoughts on the topic, please see my earlier social networking posts.