In recent blog posts, we've discussed the key social media security issues that create challenges for BYOD organizations. Problems like viruses and malware or social engineering can turn into massive security headaches, but only if they're allowed to. VARs can play a critical role in solving these social media security issues by bringing both technology expertise and user education to the table. Here's how.
Issue #1: Viruses and malware spread through social networking sites
Social networking sites like Facebook and LinkedIn are fertile breeding grounds for viruses and malware, thanks to the ease with which malicious links can be shared and spread. Malware is one of the most serious social media security issues, with the potential to infiltrate the largest corporate systems and exfiltrate massive amounts of data, as happened to Target.
Robust, up-to-date antivirus and malware protection software should always be the front-line defense against viruses and malware. Unfortunately, most endpoint security solutions can only go so far: they tend to focus on stopping attacks that are already known but remain vulnerable to zero-day exploits. Newer technologies can be of greater help. Technologies such as sandboxing can execute unknown payloads in a safe and containerized space, either in the cloud or on the endpoint, enabling the identification, analysis, and remediation of threats without risk to the endpoint's integrity.
User education is also paramount to stopping social media security issues caused by viruses and malware. Employees at BYOD organizations must be taught how to spot suspicious links shared on their social networks. For example, does the type of link shared seem out of character for the person sharing it? Many viruses are hidden in the guise of scandalous or titillating images or videos, which not every person is comfortable sharing on social media.
Issue #2: Social engineering
Another of the major social media security issues is social engineering, in which scammers directly target individuals and attempt to trick them into divulging confidential or personal information that can be used to guess their login credentials.
Social engineering is a security issue that can only be addressed through user education. There are several common "worst practices" that make the social engineering scammer's job easier. Employees must be warned not to use the same logins and passwords for multiple accounts or websites and must be taught not to use easily guessed words or phrases (such as birthdays, hometowns, ZIP codes, and the like) for passwords. Additionally, end users should be taught how to spot suspicious behavior from "friends" and potential "friends" in social media.
When it comes to the technological defenses against social engineering, strong user identity and authentication management policies will be most helpful. Counsel your customers to implement policies requiring employees to change their passwords periodically—every 90 days is a common and workable goal—and that prevent them from re-using old passwords. The stronger the password required, the better, so think beyond alphanumeric characters to include special characters and a mix of upper and lower case letters.
Social media security issues can be serious, but don't have to spell the ruin of a BYOD organization. With some precautions on both the human and technology sides of the equation, even BYOD businesses can remain secure.
What social media security issues do you think are the most serious? Tell us your thoughts in the comments.