| |
|
|
|
Spotlight On:
|
February 4, 2010 | Volume 4, Issue 2 | www.sdchamber.org | contact us Social Networking for Business
In a very short time, Internet-based social networks have exploded. Many businesses are struggling with the desire to exploit their commercial potential while security experts are trying to limit the damage. Social networking sites, such as Linked In, MySpace, and Facebook are truly a double-edged sword. While these networks allow you to reach potentially large audiences, they pose significant risks. The “friends” you or your employees list may give competitors insight into your client base or give criminals valuable information they can use for targeted attacks. One has to bear in mind that there is no perfect security; what you are after is managing your risk. It may well be that the risk of a targeted attack is offset by the professional gains of using the social networking sites. The decision must be made from a knowledge standpoint. One risk that is likely not worth taking is the use of “apps,” or applications on social networking sites. It is quite common to be invited to share or use an application, but use can come with severe risks. Often you agree to let the application access your contacts and send whatever they choose to those contacts. In some cases the apps will ask for a password. However, it is not the social networking site asking for your password. These applications are developed by third parties, who often know little about security. In December, it was revealed that RockYou.com had been hacked and gave access to a database of 32 million users’ email addresses and passwords. RockYou.com makes a number of applications for social networking sites (which they refer to as “widgets”) such as Slideshow, Uploadphoto, Photofx, Glittertext, Funnotes, Superpets, Superhug, MySpace Layouts, Stickers, Superwall, Speedracing, Hugme, etc. In this case, more than 32 million usernames and passwords were given away, and there’s no apparent accountability. In short, use social networks to promote your business, but steer clear of the applications, widgets and other software on these sites. The social networking sites themselves almost never write the software, and you don’t know anything about who wrote the application or what their security expertise is. And as always, be sure to change your password frequently (especially if you haven’t done so recently). For general security questions or topics you would like to see covered, email Randy Abrams, Director of Technical Education, at askeset@eset.com. Learn more about ESET at www.eset.com.
|
        |
