What Would You Do Differently? Securing the Social Web
Recently more than 150 IT security professionals joined a panel of experts for our first-ever live interactive SpeakUp debate in London. The debate focused on social media, covering the legal and security issues as well as the psychology of falling for Internet scams. What struck me the most was the final audience poll: “From what you’ve heard today, would you do something differently?” More than half the audience replied yes.
Interestingly, 21% of the audience allow company-wide access to social media and don’t monitor employee content. Seemingly, around the same number (19%), have suffered a social media related security incident. Just over half (54%) have not had an incident and over a quarter (27%) answered ‘don’t know’.
It’s still a subject that confuses and divides security professionals, so we used Facebook to demonstrate just how prolific malicious applications are. Without the right protection in place, users could happily click on a link exposing your organization to malware.
My colleague Carl Leonard, senior security researcher from the Websense Security Labs, demonstrated how easily a hacker could get started. Before a live audience and in just ten minutes, he built a malicious application using a kit bought online for just $25. He even created bogus security features to make the application look click-worthy. Of course we didn’t launch the app, but thousands do – every single day.
The psychological reasons people fall for scams were brought to life by David Modic, an internet security psychology expert at Exeter University. Unsurprisingly, the bad guys seem to know what makes people tick and how to get them to click. Following a presentation on the legal implications of social media, the debate swung heavily into the arena of policy.
The audience rated top concerns for social media : malware infection (21%), legal liability (18%) and productivity loss (17%). Addressing these concerns requires a combination of technology and user education.
You can view the slides and audio recordings for the event here. We’ve also created a kit to help you develop your own acceptable use policy for social media.
Listen to the event and then let us know if you also would do something differently.