Social networks are all-pervasive, but aren't always safe. I have been reading what Candid Wueest, a Senior Security Researcher at Symantec, has to say and I have summarised some of his top tips for keeping yourself safe online here.
Candid Wueest makes some strong points:
Businesses are certainly becoming well versed in the advantages of integrating social networking into the workplace - especially as younger digital natives or Gen Y are starting employment.
However, web-based attacks are now the primary vector for malicious activity over the internet, and many of these are increasingly coming from social networks such as Facebook, Twitter, and YouTube.
By hiding behind the reputation and brand trust built by legitimate social networks, spammers are able to distribute an increasing number of malicious and phishing emails, something that recent research shows is only set to grow over time.
With employees increasingly accessing social networking sites on their business PCs and laptops, any attack via social networking platforms can place company data directly at risk.
Here are some of the simple acts that businesses can share with their employees to ensure they are protected from common social network attacks:
1. Don’t click on unknown links.
Sharing links via Facebook or Twitter is a common act, but avoid clicking on blind links where the destination website cannot be seen in the URL (as is increasingly common with URL-shortening applications such as bit.ly). These links can open you up to malicious attacks and place sensitive company data in a vulnerable position
2. Don’t share personal information.
Avoid including personally identifiable information when communicating online, such as date of birth, postal address, and certainly not bank details. Savvy online criminals can piece together information from different sites in order to steal individual identities and run up massive bills on company credit cards, or even create a fake passport in an employee’s name.
3. Set strong passwords.
Simple acts, such as developing strong passwords that are changed at least every 45-60 days, can dramatically improve IT security with minimal intrusion on time. Encourage employees not to save passwords on default settings when using the internet, as anyone who misplaces their laptop can make it very easy for the unscrupulous to access sensitive data.
4. Beware fake friends.
A common phishing attack that users are seeing occurs when criminals hijack social networking accounts and distribute messages to all the contacts in that individual’s contact book. Clicking on a message from a ‘fake friend’ such as this can lead to an external site that allows malicious code to enter your computer system. If you receive a message that seems out of character, always confirm who the sender is before opening.
5. Invest in security software.
Don’t cut corners when it comes to anti-virus software. You might think you’re being economical in the short term by simply downloading some free software online but once a malicious piece of software manages to enter your computer, it can cost a fortune to fix, and that £60 can start to feel like a bargain.
BCS, the Chartered Institute for IT, has recently launched a campaign to raise awareness of the importance of safe and secure internet usage. Are you a savvy citizen? Find out at http://savvycitizens.bcs.org.