This page contains a Flash digital edition of a book.
you want to use social media and then embrace it with policies in place.” He believes just initiating some user training isn’t going to do much. “Sure, people will take the training and sign off,” he says. “It’s funny, there prob- ably isn’t a person on the planet who doesn’t know what spam is but that hasn’t changed behaviour. What really works with users is to sit people down and show them how easy it is to mine their data.” The onus is on the users, he adds, be- cause protection is getting more difficult as some of the social media tools we see as innocuous are actually helping create a rich database for cyber-crooks. “With GPS turned on you go on to


Bing’s Twitter map and see where people are and where they’re Twittering from,” he says. “At sites like trendistic.com you can track which words are being tweeted the most.”


seeking to build communities around their brands, products and services. As a test, Cosoi’s people set up a phoney account for a “cute blonde” on Facebook and then invited strangers as friends.


“There was about a 93 per cent ac- ceptance rate among men and women,” he says noting it probably wasn’t just be- cause she was attractive since women also confirmed friendship. Conversations on line then started driving at extracting information, he adds.


“Pretty soon we knew where they were working, what they did and in some cases what projects they were working on and when their deadlines were,” he explains, adding that slipping spam into a flurry of postings or e-mails is another technique. “In Europe, May 1 is Labour Day and usu- ally people and families go out and maybe have a picnic. And then the next day or so they start posting pictures and sharing.” Last spring that flurry of e-mails and postings on social network sites included links to a virus called Bolero, which prompted users to click on it thinking they were downloading pictures when in fact


18 SECURITY MATTERS • NOVEMBER/DECEMBER 2010


they were being infected. It’s not just Facebook that is a threat. MySpace, LinkedIn, Twitter and virtually any site that allows users to post messages and links about common topics is a potential threat.


Of course, the easy answer is to lock the network down, as many companies do, blocking Internet access or severely limiting it and restricting sites like Face- book, specifically. Unfortunately, that creates two prob- lems. One, it takes some of the fun out of the workplace especially since the younger, up-and-coming employees see socializing online as part of their work cycle. Still, that’s what 33 per cent of Canadian business respondents said they do in the McAfee survey: lock the system down. That’s probably the worst move, says Dave Marcus, director of security at McAfee Labs.


“It’ll just drive it underground and people will set up proxy servers or other backdoors,” he says, suggesting that com- panies should embrace the concept with eyes wide open. “You have to decide how


Armed with the knowledge that a cluster of Twitterites are madly chatting about Mad Men on Monday morning after the season finale, a hacker could easily slip in a Tweet with a malicious link, per- haps offering gossip about next season’s opener. It’s that easy.


That said, no one is advocating aban- doning traditional and prudent network protection. Defensio, for example, part- nering with Websense, offers software that automatically scans a social networking page to seek out malware. At $299 a year for up to 250 users, it might be money well spent, given what a breach could cost. Others have similar responses. But as Marcus notes, all the hardware and software in the world isn’t going to cover it all. Web IP, intrusion detection sys- tems and the like need to be continuously updated and scans run daily.


All of which means it still comes down the weakest link: as always, the wetware, that is the human being in front of a screen or on his or her mobile device.


Ian Harvey is a freelance writer in T oronto, Ont.


SOURCES BitDefender • www.bitdefender.com McAfee • www.mcafee.com Websense • www.websense.com


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32