Social Networking by Employees Put Corporate Security at Risk

Security company Sophos has recently conducted a survey, according to which, system administrators (66%) are concerned about employees in their companies sharing more than the required information on social networking websites. This practice puts corporate security at risk.

Furthermore, the results indicate that 25% of business organizations have been victimized by spam, malware or phishing attacks launched from websites like Facebook, MySpace, LinkedIn and Twitter. All these social networking websites have already encountered substantial amounts of malware and spam attacks during 2009 that aimed at hacking computers, or capturing users' details.

Graham Cluley, Senior Technology Consultant at Sophos, says that cyber criminals continue to employ the same conventional methods of attacks. This is irrespective of whether they launch the typical '419 scams' in which users are duped into wiring money offshore to help someone supposedly in trouble, or attack with malicious codes posing as error messages on Facebook. Cluley notes, in all these attacks, the crooks like always use social media especially these four sites, as reported by Sophos on April 28, 2009.

Moreover, cyber criminals with nefarious intentions select the particular social networking sites for exploitation, leading to the victimization of both companies and individuals. Meanwhile, if companies restrict their employees to access the latter's chosen social networks, then it could drive the staff to discover other means that could be even more dangerous for corporate security.

Furthermore, Cluley indicated that if employees, for instance, utilize the company contact addresses stored on LinkedIn, then it might be easy to launch a phishing assault and harvest user account or Intranet log-in particulars from new recruits.

Cluley added that if companies allow their members to distribute too much information online, the result could be that clues regarding not only personal details but also corporate information could be given away.

According to Cluley, although some social networking sites such as Facebook are educating users about security risks, they could further act by improving on their members' protection against malicious attacks.

Ultimately, security professionals stated, since social sites are not to go away, companies should find out a feasible approach that would deal 'with' these websites rather than 'against' them.

Related article: SoCal Computer Hack Traces to Watsonville

» SPAMfighter News - 5/4/2009