More and more businesses use social media as one of the key metrics for expanding their presence in the market. In New Zealand, social networking sites have become an increasingly distinct contributor to boost sales and marketing efforts. Although the use is on the rise, many organisations have a lack of understanding of the potential risks and threats that social media can cause, let alone have comprehensive governance policies to regulate their employees. As a result, the cost of security breaches posed by using social networking platforms might be far greater than their benefits.
According to the Nielsen Asia Pacific Social Report, 74 percent of the world’s internet population visits a social networking/blogging site and across Asia Pacific, the most common access location for engaging with social media is in the workplace.
Social media usage in the workplace has grown enormously with about a half of workers surveyed claiming to have a social media presence and 18.5 per cent claiming to be personally knowledgeable about or responsible for planning, evaluation or selection of social media within their organisations.
As social media gains in business popularity, companies are increasingly using virtual networking sites as marketing and advertising tools to gain a competitive advantage and keep current in their fields. However, many of the companies are neglecting security risks when accessing these social networking sites.
With more than 500 million active users, Facebook is regarded as the most popular social networking site; in New Zealand it is ranked the second most visited international website, with Twitter and YouTube following in the top ten.
However, public interest in social media is a powerful instrument that cybercriminals have repeatedly used to their benefit to spread malware or instigate attacks.
Sending spammed messages purportedly from a legitimate social media site is a common social engineering tactic. For instance, spammers have taken to Facebook to spread malicious links that often lead to the download of malware which puts users in the unenviable position of enticing others to fall for the same ruse. Trend Micro has included Facebook in its top 10 “most dangerous” list in the light of frequently reported attacks associated with Facebook.
Like search engines, Twitter has also become a common source of poisoned links. Cybercriminals have made it a habit to keep tabs on so-called trending topics to target those on the lookout for information. Twitter users who click unsafe or risky links are then led to malware-hosting pages.
The pitfalls of carelessly accessing social networking sites range from simple redirections to complicated system infections. In addition to viruses and malware, corporations could face high risks if their employees post or upload incorrect or inappropriate information revealing office location, in-office politics, confidential projects and strategies to name a few.
To block threats derived from employee use of social networking sites, there are a few principles that businesses should adopt.
First, create social media guidelines for employees’ behaviour and advise employees to be mindful of what they publish online; second, deploy and update multilayered protection regularly; third, monitor all social media assets and log all communications; fourth, have a communication and action plan in place in the event of the intentional or unintentional disclosure of confidential company information.
Lastly, organise user security awareness campaigns to help employees understand and appreciate the value of the company's information assets and the consequences of these assets being compromised.
Glynn Stokes is the ANZ senior product marketing manager for enterprise security at Trend Micro. He has worked across the IT sector including sales, engineering, mainframe, networking and security.
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.