Social media security is a hot topic in enterprise information security, particularly at BYOD organizations, where IT has little to no control over end users' social media apps and activities, even on devices used for corporate business. And social media security is serious business. A breach can mean disaster for an organization. Here are two reasons why.
1. Stolen or guessed credentials can lead to data theft and leakage
In previous blog posts, we've discussed the dangers of social engineering. Social engineering is a particularly insidious type of attack that involves a victim being tricked into divulging information such as login credentials or information that could be used to guess those credentials. Compounding the social media security threat of social engineering is the fact that many end users prefer to use the same logins and passwords across many different sites, including corporate intranets and other company resources. If an attacker learns or guesses an employee's corporate login and password, that attacker will be able to access the same data and resources as the employee himself. Attackers can use that information to steal or leak confidential or regulated data.
Such a data breach can have a massive impact on a company. If you're not convinced, just look at the impact last holiday season's data breach had—and continues to have—on retail giant Target. No social media security strategy is complete without employee training in how to avoid becoming the victim of a social engineering attack.
2. Malicious software can cause outages and data breaches
We've previously also discussed how easily malware and viruses can spread across social media. On most social networks, users see only the posts and links that other members of their social network or friends list have shared. This creates an atmosphere of trust and expectation of security within the social network. Then, when one user's account is compromised and used to share links to malware, others in that user's network are easily tricked into clicking the links and downloading the malware.
Malware and viruses can be mildly inconvenient to end users and may, in the worst case, result in identity theft. For the enterprise, however, the consequences can be much more severe. Some kinds of malicious software can infect network infrastructure, causing failures and outages that lead to a loss of data, productivity, and revenue. Others can hijack corporate compute resources and use them to continue generating and spreading malware. Still others are designed to infiltrate data environments and sniff out ways to steal data, leading to data breaches that can, as with social engineering attacks, result in massive impact to the company's brand and bottom line. Social media security in enterprise environments demands strong endpoint protection against viruses and malware.
As you can see, social media security is no joke. If not taken seriously enough, it can create endless headaches for the security-conscious corporation. Social media security doesn't have to be a major challenge, however. With the combination of end user education, endpoint and network protection, and up-to-date expertise and guidance from a trusted VAR, even BYOD organizations can help mitigate the risks that come with social media.
What social media security issues are you most worried about? Tell us your thoughts in the comments.