Seven Deadly Sins of Social Networking Security

Admit it: You are currently addicted to social networking. Your drug of choice might be Facebook or Twitter, or maybe Myspace or LinkedIn. Some of you are using all of the above, and using them hard, even IT security practitioners who know better.

By Bill Brenner
Tue, June 30, 2009

CSO — Admit it: You are currently addicted to social networking. Your drug of choice might be Facebook or Twitter, or maybe Myspace or LinkedIn. Some of you are using all of the above, and using them hard, even IT security practitioners who know better.

Social Networking Websites from A to Z
LinkedI n Bible: Everything You Need to Know About the Social Network for Professionals

While it's impossible to escape every social networking threat out there, there are steps one can take to significantly reduce the risks. CSOonline recently checked in with dozens of IT security professionals (ironically, using more than one social networking platform to do so) to pinpoint seven typical security mistakes people make; and how to avoid them.

Over-sharing company activitiesThis is a sin of pride, when someone gets excited about something their company is working on and simply must tell everyone about it. Maybe you work for a drug company that is on the verge of developing the cure for cancer. Maybe the company is developing a new car that runs on curbside trash -- in other words, something everyone will want. (See also: Intellectual Property Security: Don't Lose Your Head)

By sharing too much about your employer's intellectual property, you threaten to put it out of business by tipping off a competitor who could then find a way to duplicate the effort or find a way to spoil what they can't have by hiring a hacker to penetrate the network or by sneaking a spy into the building.

Then there are hackers controlling legions of botnets that could be programmed to scour a company's defenses and, upon finding a weakness, exploit it to access data on the intellectual property. With the data in hand, the hacker can then sell what they have to the highest bidder, which just might be your biggest competitor.

"Sharing this kind of information could lead to targeted attacks on specific technology-producing enterprises," says Souheil Mouhammad, a senior security expert at Altran Technologies.

This sin has sparked a debate in the security industry about whether companies need to revise their employee computer use policies with more specific language on what is/isn't allowed in the social networking arena (see also: Debate: Does Social Networking Require User Policy Changes?).

To reign in the urge to share too much, it might be useful to repeat this saying, which has started to appear in the public domain: " Loose Tweets Sink Fleets."

Mixing personal with professionalThis sin is closely related to the first, but extends beyond the mere disclosure of company data. This is the case where someone uses a social network for both business and pleasure, most commonly on Facebook, where one's friends include business associates, family members and friends (see also: Slapped in the Facebook: Social Networking Dangers Exposed).

Continue Reading

White Papers »
Architecting the Security of the Next-Generation Data Center
This document is aimed at those looking at data center builds, upgrades, or consolidation. It provides an introduction to some of the new security challenges of such environments and provides recommendations for implementing security in next-generation data centers.
Who Owns Security in the Data Center?
This editorial brief addresses the disconnect between security and operations teams and the need for IT operations teams to address security and risk management.
Virtual Patching with Network Security
The McAfee virtual patching solution provides a layered approach to security risk management, while adding the ability to apply a virtual patching strategy to your existing change-management process.
Gartner Next Generation Network IPS Research Note
Learn more about Gartner's evaluation of network IPS that places McAfee in the leaders' quadrant. Deep inspection network-based intrusion prevention continues to be a due-diligence security control.
Top Ten Security Topics
The topics span attack categories, trends and priorities, with a short synopsis of the topics, various use cases, key concepts, and providing references to our Security Connected Reference Architecture.
The New Reality of Stealth Crimeware (McAfee Labs)
With cybercrime on the rise, McAfee and Intel researchers believe that we need to re-envision how to detect and block stealthy malware.
Webcasts »
Gartner Next Generation Network IPS Webcast
Learn how Gartner's criteria for next generation IPS helps organizations achieve effective threat prevention despite changes in network communications, new applications, and changes in the threat landscape.
McAfee Continuous Compliance
3 minute Flash video - overview of the need for and value of Configuration Control.
Taming the Wild West: How to build a strong cloud security strategy
Cloud deployments are playing a critical role in propelling innovation for many companies. At the same time security has become the #1 one of the top concerns for IT and business leaders as they migrate into the cloud. In this webinar, learn from Accenture discusses how to recast the cloud as a "fresh chance to rethink your approach to security."
How Klout Combines Big Data with Microsoft Business Intelligence to Measure Influence
Big Data-it has the potential of transforming a business. In the case of Klout, a social networking analytics site, big data is the heart of the business. Klout processes and analyzes billions of user data signals every day-from Facebook, Twitter, LinkedIn, blogs and more. How do they do it? Gain valuable insights from David Mariani, vice president of engineering for Klout.
Oracle Database Appliance - Simplifying your High Availability Database
Date: February 29, 2012
Time: 1:00 PM EST

Seasoned IT managers know from experience that in many cases the bulk of the cost of an IT solution is incurred after the sale. Issues can range from sizing and skill development, to committing significant resources installing, deploying, managing, and supporting a complex assortment of hardware, software, and networking.

With the Oracle Database Appliance, you can eliminate the time, risk, and costs often associated with building, implementing, and maintaining a high-availability solution for your users and customers. Plus it's based on Intel Xeon processors to ensure a high level of performance and scalability.

Attend this Webcast to discover how the Oracle Database Appliance can help you increase your ROI by:
* Reducing deployment time from weeks to hours
* Simplifying ongoing maintenance and support
* Benefitting from the highest levels of availability
Successful Mobility: Access and Performance Anywhere
Today's workforce is truly mobile. At the office, from customer sites, even at home or in a hotel - their connectivity and application performance needs remain the same. But even though their requirements don't change, the challenges in meeting their expectations do.
Newsletter Sign-Up »

Receive the latest news test, reviews and trends on your favorite technology topics

Choose a newsletter
  11. View all Newsletters | Privacy Policy
White Papers » All White Papers

Architecting the Security of the Next-Generation Data Center

Who Owns Security in the Data Center?

Virtual Patching with Network Security

Gartner Next Generation Network IPS Research Note

Top Ten Security Topics

The New Reality of Stealth Crimeware (McAfee Labs)

2012 Threat Predictions Report (McAfee Labs)

McAfee Security Connected - Mitigates Risk, Maximizes Business Efficiency

Think Your AntiVirus Software is Working? Think Again

Reducing Local Admin Exposure Through Application Whitelisting

Unruly USB Devices Expose Networks to Malware

The CISOs Guide to Measuring IT Security

Why Free Patch Management Tools Could Cost You More

From the Frontline - Preventing APT

Protecting Point of Sale Systems from Targeted Attack

Stop Hackers Before They Attack

A Proactive Approach to Server Security

Protection Against Modern Cybersecurity Threats

Challenges of Database Patching in Production Environments

The Case for Continuous Compliance
Resource Center
buy a link »
Ads by TechWords