Social Media Security Needs to Evolve

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  
Less than three years ago, social networks were only used for a single purpose – social interaction. Facebook connected college students to one another, allowing them to keep pace with gossip and the social lives of friends. LinkedIn was a professional network, geared towards keeping in touch with co-workers and acquaintances online. Twitter was an open communication vehicle; 140 characters or less.

Today, that has all changed.

Facebook, LinkedIn and Twitter, to name a few, are being used in ways that their original founders couldn’t have imagined. Organizations ranging from financial institutions, airline carriers, consumer electronics retailers, and even small businesses now leverage these networks to speak with customers, connect with new clients and spread the good news about their companies.

It’s no secret that the emergence of social media has changed the way people communicate with each other and interact with clients, customers and colleagues.

This shift in how social networks are used and the increased popularity of them -- as seen with LinkedIn’s recent IPO and Facebook’s valuation -- bring to light new concerns that otherwise would have remain buried.

Social media security now

Hackers seek vulnerabilities and attack at will, and for the most part, nothing is safe. Even large, well-known brands such as Sony can fall victim, as seen with the recent Sony PlayStation attack. Facebook and LinkedIn aren’t any safer either.

Security researcher Rishi Narang recently discovered a security flaw with LinkedIn’s use of cookies and, as a result, the site reduced the persistence of cookies it uses to identify users. Patches and updates from the social networks themselves occur on a daily basis in an effort to combat crucial security flaws. As of the writing of this article, in 2011, Facebook, LinkedIn, and Twitter have undergone updates 528 times, with over 50 updates occurring on Facebook alone.

With the sophistication and dedication of hackers, the need for airtight security is top-of-mind for business and individual users of social networks. In most cases, social networks face complex security challenges where security has failed to keep pace with that evolution.

The inherent trust that social networks engender bring new challenges as we fallible human beings trust the content sent to us by our friends. The increased use of social media at work increases chances of security breaches because many of these social media sites aren’t blessed by IT. Confidential corporate information can also get inadvertently leaked; Scott McClellan will go down in infamy as the HP exec who leaked the organizations cloud computing plans … on his public LinkedIn profile.

To best address these challenges, a variety of social networks, in addition to technology vendors and legislation from the government and regulatory bodies, have placed an emphasis on security. LinkedIn, for example, has opened up its APIs to a select group of vendors to help them develop best-of-breed offerings that can more easily keep pace with changes and provide the flexibility needed to ensure the highest levels of security required by businesses and individuals. The business-focused social network has also reduced the persistence of the authentication cookie from one year to three months and is expanding plans to support SSL across the site, rather than just in its login page.

Another new concern revolves around legislation and regulations.

Specific regulatory guidelines issued recently provide direction on security measures that businesses in highly regulated markets, such as financial services, must adhere to. A couple of examples are the Investment Industry Regulatory Organization of Canada (IIROC) and the Financial Industry Regulatory Authority (FINRA). Portions of these guidelines deal specifically with activity and security on social networks, and most of these sections have recently been added or updated.

As a result of the popularity of these sites, the changes had to be made to accommodate these new channels through which individuals and businesses are communicating. A prime example of this is FINRA Regulatory Notice 10-06, which gives guidance on blog and social networking website activities. One stipulation states that online changes to LinkedIn profiles need to be approved prior to posting. Such changes with monitoring and use of social networks directly effects the security protocols businesses and the social networks themselves have to implement.

In the wake of hacker attacks and amplified use of social networking sites, security pressure has intensified. New concerns and benchmarks are shaping policies and procedures that organizations, employees, and even consumers are required to comply with. If they don’t, there can be serious consequences.

Sarah Carter is the VP of Marketing at security firm Actiance.