April 19, 2013

Part II: Five Best Practices When Facebook Liking

Bob Hansmann

FacebookToday the Facebook Like button turns three years old. It’s the perfect time to remind employees how to safely surf Facebook, specify when “liking” content. 

Below I’ve detailed five best practices that you can share to mitigate the risk of using the Like button. Ultimately, to minimize risk, you want to remove opportunities for compromise. This means using real-time security technology that can examine the ever-changing content on social media pages.

Five tips for safe Facebook liking:

1. Raise the bar for Liking content. If you are a frequent “Liker,” break the habit of clicking the Like button on anything and everything.

2. If it sounds too good to be true, it probably is. Many Likejacking scams start on Facebook as a “Win a free iPad” lure.

3. Avoid voyeuristic lures such as “The Sexiest Facebook post.” This includes unlikely viral videos, like videos that claim to be of the Boston Marathon attack “AS IT HAPPENS!,” when no news sites have the content.

4. Avoid offers and surveys that mandate you like something in order to view content.

5. If you are suspicious, go to ACEInsight.com. Right click on a Like and select ‘Copy Shortcut’ to capture the link. Then paste that link into http://csi.websense.com/ for free real-time analysis. It will detail potential threats.

Abuse of the Like button is just one of the many flavors of today’s complex attacks. If an intended victim doesn’t click on the Like button lure, perhaps the criminal element can tempt the target to activate code that exploits a Java vulnerability or other holes in your defense. Social networks are just one of the avenues for complex attacks. Blocking access to Facebook is not going to stop the ingress of threats which may appear in other social networks, websites and emails.

The complexity of these attacks contributes to the ongoing decline of traditional signature-based defenses. Dynamic defenses, that analyze content, scripts, files, connections and other factors to make real-time decisions, are the only way to protect against the many stages of an attack. With the right security intelligence, you can even mitigate zero-day threats.

How? Click on over to our Websense ACE (Advanced Classification Engine) page and see how we approach proactive defenses and use threat intelligence to secure web, email, mobile and data.

Heck, if you are feeling like clicking, head on over to Facebook and give us a Like there:www.facebook.com/websense

About Forcepoint

Forcepoint is the leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.