As Companies Relax on Social Media, Threats Increase
Even as social media has grown to be a much more widely accepted form of communication among businesses over the years, there is still plenty of data out there depicting the flaws and setbacks that can occur when social networks are used in the business environment. Just as with email or web surfing in general, there are security concerns, and a new report (pdf) from security firm Sophos claims that malware and spam have increased by as much as 70% on social networks from a year ago.
How big of a security concern do you find social media to be? Discuss here.
The firm surveyed over 500 organizations and found that 36% of users claim to have been sent malware via social networking sites, which is an increase of 69% from last year.
"Computer users are spending more time on social networks, sharing sensitive and valuable personal information, and hackers have sniffed out where the money is to be made," said Graham Cluley, senior technology consultant for Sophos. "The dramatic rise in attacks in the last year tells us that social networks and their millions of users have to do more to protect themselves from organized cybercrime, or risk falling prey to identity theft schemes, scams, and malware attacks."
Of course front and center of everybody’s attention is Facebook, the world’s most popular social network. Sophos found that out of those surveyed, 60% believe Facebook poses the biggest security threat out of social networks, compared to just 18% naming MySpace, 17% naming Twitter, and 4% naming LinkedIn.
"We shouldn’t forget that Facebook is by far the largest social network – and you’ll find more bad apples in the biggest orchard," says Cluley. "The truth is that the security team at Facebook works hard to counter threats on their site – it’s just that policing 350 million users can’t be an easy job for anyone. But there is no doubt that simple changes could make Facebook users safer. For instance, when Facebook rolled-out its new recommended privacy settings late last year, it was a backwards step, encouraging many users to share their information with everybody on the Internet."
Although LinkedIn was cited as the network among the top four that sparks the least amount of concern from survey participants, Cluley notes that it has its own significant risk factors, which should not be overlooked.
"Targeted attacks against companies are in the news at the moment, and the more information a criminal can get about your organization’s structure, the easier for them to send a poisoned attachment to precisely the person whose computer they want to break into," he explains. "Sites like LinkedIn provide hackers with what is effectively a corporate directory, listing your staff’s names and positions. This makes it child’s play to reverse-engineer the email addresses of potential victims."
According to Sophos’ findings, 49% of firms allow all their staff unfettered access to Facebook, a stat that is up 13% from last year.
"The grim irony is that just as companies are loosening their attitude to staff activity on social networks, the threat of malware, spam, phishing and identity theft on Facebook is increasing," says Cluley. "However, social networks can be an essential part of the business mix today, and the answer is not to bar staff from participating in them, but to apply some ‘social security’ instead."
As Cluely suggests, social networks have simply become part of the way we do business. At this point for a lot of companies, shutting down access in not an option. The reality is that no matter which way you communicate online, there are going to be threats. This is true not only in the corporate world, but in general life. As social networking becomes more location-oriented, you have to wonder if cyber crime might lead to an increase in physical world crime. That’s a scary thought.
Is social media worth the security risks to your company? Share your thoughts.