Social Media for Businesses: Toe in the Water or Dive In?
Last month, we took a deep dive into the risks of data loss in businesses:
- Implementing DLP: Purchase with Caution?
- Top 3 Steps to Simplify DLP Without Compromise by Rich Mogull, Securosis L.L.C.
- Websense Introduces “DLP for Download” – the Fastest and Easiest Way to Deploy Enterprise-Class Data Loss Prevention
- Microsoft and Websense Team Up to Protect Data and Expand Solution Coverage
- Websense Continues to Revolutionize DLP with New Technologies and an Unprecedented Deployment Model
This month, we are focusing on social media.
More often, we’re seeing businesses leverage social networking sites like Twitter, Facebook, and LinkedIn to connect with their customers and fans – and this list continues to increase.
The demand for Web 2.0 access is on the rise as companies and their employees' leverage social networking sites for marketing and recruiting efforts and well as keeping customers informed through frequent interaction. In order to be effective, the exchange between a business and its audiences must take place in the form of a conversation. It’s important to remember that social media is a two-way street. In order to work well, it must allow a dialogue to occur between companies or celebrities and their fans. This dialogue takes the form of user-generated-content (UGC).
The unfortunate truth about UGC is that while it allows a Lady Gaga fan to publish what they thought of her latest single, it also provides them with an opportunity to post other, more nefarious elements on her page. From spyware, rogue AV, malicious drive-by attacks and data stealing Trojans, we’ve seen an unfortunate number of fans duped by the bad guys through UGC on social media sites. Fan pages can quickly become a victim to exploits like these, like the recent exploit code posted on Justin Timberlake’s page and more than 250,000 other pages. What if the Los Angeles Lakers 3.6 million fans on Twitter and Facebook were exposed to a malicious link?
In addition, we’ve seen malware posted on Barack Obama’s official campaign blog, Twitter accounts hacked of major celebrity like Britney Spears and Ellen DeGeneres and Guy Kawasaki’s Twitter account hijacked and used to send out a malicious link to his 140,000 followers. We’ve also seen major Twitter and Facebook malicious campaigns (“Most Hilarious Video” attack on Facebook) that have spread like wildfire throughout social media sites.
What would you do if your business’ Facebook page had malicious links posted on it? How do you think your fans would feel if they found out that the virus that has been troubling them on their computer was caught by clicking a link from your blog?
These are the types of issues we are going to explore this month as we discuss social media. Unfortunately, with the rise of social media, there has also been an influx of new threats, which take advantage of the trust your fans have in you and your company.
We’ll start this month off with two recent articles featuring our researchers on this very topic. In the first article, “Right to reply: Facebook 500 million user milestone great news for enterprises – but vigilance still needed”, Carl Leonard, Security Research Manager EMEA, Websense, explains why an increasingly connected world should be greeted with caution.
In the second article, “Real-Time Searches Lead to Real-Time Malware” from the Technology Review, Websense CTO Dan Hubbard is excerpted from his recent BlackHat presentation describing how search engines can be duped by botnets and UGC to poison search results and users in real-time. Google and Bing have already been victims to this sort of malicious use. Can Facebook streams and Foursquare be far behind?
Companies and high-profile individuals need to be vigilant with their social media properties if they want to continue maintaining the trust and bond they have built with their users. Stay tuned to hear more about social media throughout the month…
To protect your blog and Facebook page immediately from malicious links and inappropriate comments, visit http://defensio.com/.