15 Small-Business Social Network Nightmares

You may think you’ve guarded your company, but are your social media outlets unprotected? Look at these 15 potential weaknesses in your defense.

11DCan you think of five social network nightmares you hope never happen to your business? How about 10?

Well, I can top that, because there are at least 15 social network mishaps that can haunt a business owner. Here’s a closer look at 15 types of trouble you can encounter on Facebook, Twitter and other popular social media platforms. Once you’re aware of all these potential dangers, you should take the necessary steps to prevent them from damaging your company.

1. Posting about illegal or questionable activities. Can you think of an illegal activity your employees might engage in that could get your company into trouble if they posted it on Facebook? How about underage drinking? If you employ teens under the age of 18 and any of them posted a photo of themselves drinking at your place of business, you could be in trouble with the law. And even if all your employees are adults, they can still post something unflattering (though not illegal) that could smear your reputation.

2. Account hijacking. Remember when the Dow dropped 150 points last April after someone hacked the Associated Press’ Twitter account and sent out a tweet that fraudulently claimed the White House had been attacked and President Obama had been injured? Don’t shrug it off—account hijacking can happen closer to home. Fraudsters may send your employees Twitter messages on their workplace computers that are designed to fake the recipients into thinking they’re receiving authentic messages when, in fact, the fraudster’s motive is to get money or sensitive data.

3. Bullying on Facebook. Bullying doesn’t just happen among kids; workplace bullying also exists, and what better place than on social media? Sometimes employees who manage a company’s social media get frustrated with the public’s comments and fight back with below-the-belt comments.

4. Online reputation management. Make sure you and your employees never post anything on Facebook that you wouldn’t show your grandmother or wouldn’t want going viral and damaging your brand.

5. Social media identity theft. Ever considered the possibility that someone could take your business’s name and use it for nefarious purposes? Someone could crack your password, take over an account and cause a trail of destruction. Or they could create a new account using your business’s name and post all sorts of alarming, but false, things about your company. Make sure your business name is protected by constantly navigating the Web, seeking out spoofed sites and your likeness or logo.

6. Financial identity theft. Does your company’s Facebook page include personal information about employees, such as the names of their pets or children? What about their birthdays? Hackers can take this information and use it to crack passwords to online business accounts. Be sure to use privacy settings, and make sure your company’s Facebook page isn’t full of personal details.

7. Burglaries. Never post information about vacation or travel dates on your social pages. Do you want the whole world (which includes crafty burglars) to know when you’ll be away?

8. Geo-stalking. Don’t use location-based GPS technology unless you absolutely need to (for instance, if you and your employees are on a “team building” trek in the wilderness and get lost). While search-and-rescue teams need to find you, stalkers who want your identity do not.

9. Corporate spying. Yes, it’s possible: A crook could pose as one of your employees, set up a Facebook group and invite all your employees to join. This enables the bad guy to gather sensitive data from your business and use it against you.

10. Harassment. Someone who’s disgruntled could stalk your brand and make false accusations. They could set up blogs and social sites, post videos and continually tweet their angry thoughts.

11. Government spying. It’s 10 p.m.: Do you know who it is you just friended on your Facebook page? The Associated Press says, “U.S. law enforcement agents are following the rest of the Internet world into popular social networking services, going undercover with false online profiles to communicate with suspects. Just don’t be a ‘suspect.’”

12. Sex offenders. Sex offenders have been known to pose as someone other than themselves—younger, a different sex, etc.—so they can gain the trust of their victims. You might connect with them online as a business only to discover down the road that they’re a predator.

13. Scams. A bad guy could set up a phony Facebook page and then create phony contests to slurp sensitive customer data such as names, addresses, emails, phones, account numbers and credit card numbers.

14. Legal liabilities. Privacy settings on Facebook can hide posts, but that doesn’t matter to a judge in New York who recently ruled that items posted on Facebook (as well as other social networking sites) can be used as evidence in court—even if the posts were concealed by the privacy settings.

15. Zero privacy. And speaking of privacy, don’t assume you actually have any, because thieves have already figured out how to yank data from the innards of Facebook that’s supposedly just for you and your closest colleagues to see. So be very careful what you put up on Facebook, privacy settings or not.

Robert Siciliano is the author of four books, including The 99 Things You Wish You Knew Before Your Identity Was Stolen. He is also a corporate media consultant and speaker on personal security and identity theft. Find out more at www.RobertSiciliano.com.

7 Social Media Security Tips To Protect Your Business

Your employee’s online life could open your business to some serious dangers.

1SMany small businesses recognize the benefits of having a social media presence for customer service and long-term marketing purposes. However, many are slow to recognize social media’s security issues and how employees’ own social presence can add to the company’s security issues.

Some companies restrict internal access. Others may prevent employees from having any corporate association outside of work on their own social platforms. This is due to the fact that whatever an employee says outside of work publicly can have a significant impact on the organization.

Turns out the robbers scanned the teller’s social media sites based on searching the name of the bank as employer.

Last year I presented a robbery response program to a credit union. My presentation came after a mock robbery was staged, using real cops acting as masked robbers with guns. The robbers came in, guns blazing and screaming profanities, and, quite frankly, were very disturbing in their delivery. Some tellers cried, others cowered. Pregnant women were not allowed to participate and for good reason: Cops make great robbers!

At the end of the robbery, we all circled and discussed what happened. The teller who received the robbery note read it aloud, stating: “Your husband works at the Main Street Garage. We intercepted him when he was opening this morning. He is in a trunk at an undisclosed location. If you hit the silent alarm and the police come, we will kill him.”

Turns out the robbers scanned the teller’s social media sites based on searching the name of the bank as employer. Once done, they looked up her spouse’s place of employment. They were able to learn what time he opened and closed the shop. Scary.

Follow these social media security tips for small business to prevent security issues just as scary:

Institute a policy. Social media policies must be in place to regulate employee access and establish guidelines for appropriate behavior. Policies must specifically state what can and cannot be said, referring to slang, abusive language, etc. Employers should train their employees on proper use, as well. At this point, many of the mistakes have already been made; a quick search for “social media policy” will return lots of great ideas.

Consider a no-employment disclosure. Request employees leave their employment status blank when setting up a social site profile. Employees represent their employer 24/7/365, so what an employee says on or off the job and online directly reflects on his or her employer and, as stated in my credit union story, can be used against the organization.

Limit access to social networks. There are numerous social networks serving different uses, from wine and recreation to music to movies, used for everything from friending to finding a job. Some are more or less appropriate, and others are less than secure. Employee association with a social network that is considered off-color in any way will come back and haunt the company.

Train IT personnel. Policies and procedures begin from the top down. Managers and IT personnel responsible for managing technology need to be fully up to speed with social media security risks and set leadership examples.

Maintain ongoing monitoring and security. Once a policy is in place, it needs to be updated and enforced, and employees’ online lives must constantly be scrutinized. Invest in consulting, hardware, software and anti-virus protection, and update critical security patches for your operating system to make sure your business network is up to date.

Lock down social settings. Require employees to learn about and incorporate maximum privacy settings. Most social networks have privacy settings that need to be administered to the highest level. Default settings generally leave the networks wide open for attack.

Don’t completely eliminate social media. Eliminating access to social media opens an organization up to other business security issues. Employees who want access will get it—and when this happens, they sometimes go around firewalls, making the network vulnerable.

How do you ensure social media security in your business? Share your experiences in the comments.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

The Definitive Guide to Facebook Security

Facebook Security

Social media is permeating every facet of our lives. It is extremely important to understand security and privacy settings with so much personal information becoming so accessible. Here is the definitive guide to security on Facebook:

Step One

Logging In

Social Authentication: Facebook uses social authentication to verify your account. This system asks you to identify your friends based on pictures. This is information that makes it incredibly hard for a hacker to hack and gain access to your account. It also helps you access your account  more easily without having to remember, yet another, password.

ID Verification: Every new user must create a security question and answer for their account. For added security, users can add their mobile number to enable them to verify their identity through a text message.

One Time Passwords: You can opt to receive a one time password by sending a text to 22605

Tip: Did you know that Facebook employs 300 full-time staff solely focused on security and safety?

Login Approvals: If a user logs onto your account using a new or unrecognized device,  a required code will be sent to your mobile device. The user will then be prompted to verify the login on their next attempt.

Tip: Did you know that all logins on Facebook are done through a secure connection? You can enable HTTPS for your entire Facebook experience from the Account Settings page.

Session Classifier: This system uses location, device, and other account details to verify every login (e.g. a Wyoming user suddenly accessing their account from Jamaica)

Fun Fact: Facebook has dedicated millions-of-dollars to build a supreme security infrastructure.

Step Two

Online

User Action Classifier: The user action classifier identifies when users are acting maliciously or spammy.

Link Scanner: All links are compared against Facebook’s and other internet security company’s databases of known spammy and malicious links. Facebook scans over 1 trillion links per day.

Photo DNA: Facebook maintains a blacklist database from federal, state and international law enforcement agencies of explicative images. Each one of the 300 million photos uploaded to the site each day is checked against this list.

Clickjacking Domain Reputation System: You see a link to an “outrageous video” off-site, but once you click it, it automatically publishes the fake link to your wall. This behavior is a result of a browser bug, but Facebook is doing more to prevent this from occurring by taking steps to verify suspected bad links before they’re posted.

Application Classifier: The application classifier analyzes application behavior and tries to decide if they are acting maliciously.

Step Three

Log Out

Suspected Hacking: Users can manually shut down Facebook sessions and reset their passwords if an unauthorized login is detected.

Remote Logout: User who have forgotten to log out can check their login status and log themselves out remotely.

Guardian Angels: If you lose access to your account or have problems logging in, a code can be sent to your friends to help you get back into your account. You can pre-select these friends from the account settings page.

Login Notifications: Users get to approve the devices from which they log in. As an added measure of security a notification can be sent if they have logged in from an unapproved device.

Roadblock: If your account is compromised by malicious software, Facebook will temporarily lock your profile and scan it with security software until your account is certified to be clean.

Some important things to know:

  • 89% of email is spam and less than 4% of content shared on Facebook is spam.
  • Ony .06% of over 1 billion logins per day are compromised.
  • Less than .5% of Facebook users experience spam on any given day.
  • People spend over 700 billion minutes per month on Facebook.
  • The average user has 130 friends.

Sources: Facebook.com

7 Small Business Social Media Risks

Many executives are concerned about social media related risks (e.g., data security and ID theft), but far fewer actually have any social media training.

4DA recent survey of executives puts the concerns into four categories: disclosure of confidential information; damaged brand reputation; ID theft; and legal and compliance violations.

Another feature that the survey unveiled was that 71 percent of the participants believed that their company was worried about potential risks, but they also thought these risks could be avoided or resolved.

Over half the respondents said that their company lacked any social media risk assessment strategy.

Here’s another striking finding: 33 percent of businesses had a social media policy; 27 percent of participants reported no such policy; and the remaining 40 percent consisted of an even split: those who said their company was planning on creating such a policy, and those who said their organization had some other related policy.

Solutions

While social media can bring benefits to businesses, namely in the realm of marketing exposure, they can also bring in lots of trouble as far as security issues.

How can companies find the right balance in between the two extremes of either banning social media altogether and allowing free reign of social media? Below are some solutions.

#1. Ban the ban. First of all, don’t outright ban access to social media. Otherwise, this can lead to other security issues. Furthermore, an employee who really wants to gain access to social media will dodge security, making the organization more susceptible.

#2. Execute policies. Do implement some kind of structure that regulates employee activity regarding social media. Employees need guidelines for proper use, which would also include what not to do.

#3. Social networks should be limited. There are hundreds of social networks—many uses are served, ranging from movies to music. But there are other uses that are not so innocent and less secure. Learn about these and make sure employees know not to go near them.

#4. No default settings. Default settings typically leave networks very vulnerable to attack. Settings should be locked down; most social networks do provide privacy settings and these must be managed at the highest level.

#5. URL lengthening service. Employees should never click on a shortened URL without first decoding it to see where it leads to. Shortened URLs can be pasted into an URL lengthening service.

#6. Train IT personnel. Don’t effectuate policies from the bottom up, but rather, from the top on down. Those in charge of managing technology need to be fully geared up with the risks of social media.

#7. Keep security updated. A business network always needs to be up to date with its security.

Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

IT Guys get duped Pretty Girl on Social Media

Defenses of a U.S. government agency were duped by an experimental scam created by security experts.

9DThe “scam” involved Emily Williams, a fictitious attractive woman with a credible online identity (including a real photo that was allowed by a real woman), posing as a new hire at the targeted agency.

Within 15 hours, the fake Emily had 55 LinkedIn connections and 60 for Facebook, with the targeted agency’s employees and contractors. Job offers came, along with offers from men at the agency to assist her with her new job.

Around Christmastime the security experts placed a link on Emily’s social media profiles linking to a Christmas card site they created.

Visitations to this site led to a chain of events culminating in the security team stealing highly sensitive information from the agency. Partner companies with the agency were also compromised.

The experimenters got what they sought within one week. The penetration scam was then done on credit card companies, banks and healthcare organizations with very similar results.

An authentic attacker could have easily compromised any of the partner companies, then attacked the agency through them, making the assault more difficult to detect.

Recap: The scam began from the ground up, inflating Emily’s social network till it enabled the attack team to suck in security personnel and executives. Most of the people who assisted Emily were men. A similar experiment using a fake male profile had no success.

Preventing getting suckered into Social Media Scams

  • For agencies and other organizations, social engineering awareness training is crucial, and must be done constantly, not the typical annually.
  • Suspicious behavior should always be questioned.
  • Suspicious behavior should be reported to the human relations department instead of shared on social networks.
  • Work devices should not be used for personal activities.
  • Access to various types of data should be protected with separate and strong passwords.
  • The network should be segmented to guard against scammers infiltrating a network segment simply because an employee with access to another segment was compromised.
  • Learn from this. Reverse engineer this same scenario in your own life or organization to see how this might happen to you.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

7 Tips to avoid ‘deadly’ social media

The vacant 5,000 square foot house next door to this kicking victim was on sale, and he had agreed with the realtor to keep an eye on it. Some kids got wind of this vacancy and put out a Facebook invitation to a Halloween rave party there.

1DHe called 9-1-1 and the police broke up the party. However, kids kept arriving because the Facebook notice was still up. A mob of perhaps 60 kids was brewing at the end of the street.

The victim-to-be began chatting with the realtor’s partner—in front of the rave house. The realtor then approached a kid and was assaulted. Our victim intervened without much thought, got blindsided by one thug, then kicked by several kids to the ground.

Hindsight is 20/20

The victim, only after the beating, realized that he should have:

  • Fled to his house and called the police.
  • Remained outside and called the police (not as safe as above, but a lot better than jumping into a fight)

However, these weren’t the best options. The best option would have been this victim calling the police to come back when the mob was forming.

  • The victim could have taken pictures of these kids (with his Nokia 1020) before any of the rumbling began.

Conclusion

  1. Avoid mobs at all costs.
  2. If someone is attacked, call the police and take pictures.
  3. Do not jump in to break up a fight. Three scrawny but very angry punks can take down a much bigger well-meaning solitary person.
  4. If you do get attacked, go ballistic—and target the gang’s leader.
  5. Sprint to safety first chance you get.
  6. Warn your kids about the dangers of raves.
  7. Check out the “crime radar” of your neighborhood with this new tool.

 

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Americans Waking Up to Social Media Privacy

There have been thousands of privacy related news reports over the past year depicting social networks, Google, marketers and advertisers as evil privacy violators who are slowly sucking dry whatever privacy we have left. Facebook has been raked over the coals by advocates and watchdogs who say their tactics violate their own policies. In response, numerous lawsuits have been filed and government agencies have put the pressure on everyone involved to come up with a serious solution.

It is evident that without some type of government oversight that the “self policing” done by all those who stand to gain financially by selling our data will continue to spin out of control to the point where privacy will be something of the past.

My stance as a security professional has always been on the “privacy is dead, get over it” side of the fence. I’ve always been of the belief that the data out there is as a result of the public’s own doing and if they don’t want the world to know their private thoughts they shouldn’t post it.  As they say, “the cat is out of the bag”.

However, my concern is not that the self exposed private data is out for the world to see is a violation of a person’s privacy, but what can be done with the data to affect ones security position.

Now as a result of all this attention to privacy, in a recent study published in the Wall Street Journal, about 36% of American adults said they were “very concerned” about their privacy on social-networking sites in 2010, compared with 30% who felt that way last year. The shift was particularly noticeable among people over age 44; 50% of people age 54 to 64 described themselves as “very concerned,” compared with 32% who said that in 2009.

In response, the WSJ further reports The Obama administration is preparing a stepped-up approach to policing Internet privacy that calls for new laws and the creation of a new position to oversee the effort, according to people familiar with the situation.

This is definitely a good thing as the US significantly lags behind Canada and Europe among others in regards to privacy.

Certainly I care about privacy and wish there was more. But the fact remains that the fundamental issue that affects ones well being is security. Too much information leaked may damage ones social standing in some ways and if you don’t want it out there then don’t put it out there. And considering marketers and advertisers have taken it up a notch, they definitely need to be watched by the watchdogs. But in the end, what’s most important is how that data can be used to hurt or harm you.

Home Security Source

Robert Siciliano personal security expert to Home Security Source discussing Facebook Apps leaking data on Fox News.