Social Media Security Needs to Evolve
Facebook, Twitter, LinkedIn all need secured just like any other corporate communications channel, writes eSecurityPlanetguest columnist Sarah Carter of Actiance.
Today, that has all changed.
Facebook, LinkedIn and Twitter, to name a few, are being used in ways that their original founders couldnt have imagined. Organizations ranging from financial institutions, airline carriers, consumer electronics retailers, and even small businesses now leverage these networks to speak with customers, connect with new clients and spread the good news about their companies.
This shift in how social networks are used and the increased popularity of them -- as seen with LinkedIns recent IPO and Facebooks valuation -- bring to light new concerns that otherwise would have remain buried.
Social media security now
Hackers seek vulnerabilities and attack at will, and for the most part, nothing is safe. Even large, well-known brands such as Sony can fall victim, as seen with the recent Sony PlayStation attack. Facebook and LinkedIn arent any safer either.
With the sophistication and dedication of hackers, the need for airtight security is top-of-mind for business and individual users of social networks. In most cases, social networks face complex security challenges where security has failed to keep pace with that evolution.
The inherent trust that social networks engender bring new challenges as we fallible human beings trust the content sent to us by our friends. The increased use of social media at work increases chances of security breaches because many of these social media sites arent blessed by IT. Confidential corporate information can also get inadvertently leaked; Scott McClellan will go down in infamy as the HP exec who leaked the organizations cloud computing plans on his public LinkedIn profile.
To best address these challenges, a variety of social networks, in addition to technology vendors and legislation from the government and regulatory bodies, have placed an emphasis on security. LinkedIn, for example, has opened up its APIs to a select group of vendors to help them develop best-of-breed offerings that can more easily keep pace with changes and provide the flexibility needed to ensure the highest levels of security required by businesses and individuals. The business-focused social network has also reduced the persistence of the authentication cookie from one year to three months and is expanding plans to support SSL across the site, rather than just in its login page.
Another new concern revolves around legislation and regulations.
Specific regulatory guidelines issued recently provide direction on security measures that businesses in highly regulated markets, such as financial services, must adhere to. A couple of examples are the Investment Industry Regulatory Organization of Canada (IIROC) and the Financial Industry Regulatory Authority (FINRA). Portions of these guidelines deal specifically with activity and security on social networks, and most of these sections have recently been added or updated.
As a result of the popularity of these sites, the changes had to be made to accommodate these new channels through which individuals and businesses are communicating. A prime example of this is FINRA Regulatory Notice 10-06, which gives guidance on blog and social networking website activities. One stipulation states that online changes to LinkedIn profiles need to be approved prior to posting. Such changes with monitoring and use of social networks directly effects the security protocols businesses and the social networks themselves have to implement.
In the wake of hacker attacks and amplified use of social networking sites, security pressure has intensified. New concerns and benchmarks are shaping policies and procedures that organizations, employees, and even consumers are required to comply with. If they dont, there can be serious consequences.
Sarah Carter is the VP of Marketing at security firm Actiance.