Social networks today, such as Facebook, MySpace, and LinkedIn, have been growing at a tremendous rate. It has recently become the target of IT professionals as a security threats on company networks. Not only is it seen as a contributor to productivity loss, but it is also a security threat for data loss and data compromise. It is a great tool for hackers to use to gain entry to corporate networks where these social networks are used. These networks have built up trust with their users and these users take them into the corporate networks with that same level of trust. So those applications that can pose a security risk at home will pose an even greater threat in the office.
So IT professionals are taking a much deeper look into social network security and their corporate networks. They are finding that not only does the issue come from the 20-somethings in their network, but a growing population of older individuals are venturing into social networking. The problem is that many of the older individuals may not be as savvy as the younger generation when it comes to network security common sense.
An ethical hacking firm, Netragard, claims that they can gain access to any data at any corporate network very quickly. They claim to be able to do this through social networking sites. They offer their services for a fee to prove this claim and offer ways to help improve social network security and how to curb its threat on your corporate environment. Regardless at legitimate their claim may be, it is still an alarming statement that should be taken seriously.
Social network sites are great for helping people with similiar backgrounds meet and stay in touch. The problem for corporate users is that inside large enterprises where no one person knows everyone in the company, it is easy for someone with a fake ID to establish trust with individuals in a company due to the basic fact that they claim to be a colleague. From there it is a simple matter of setting up a phishing scheme. The problem with this form of attack is that there is no evidence of a breach and not log of what data was even stolen.
With these new methods of data breach that social network security brings to the table, it is imperative to take a new approach to network security than was taken in the past. IT professionals can no longer look at networks in a segregated way. There is no longer a boundary between the corporate network and the internet. They must be treated as one and have a policy that encompasses them both. Also, when introducing new technology into a network environment, you must look at where that technology stands from a security stand point and in what ways it increases your security risks. Create a security policy that includes social network sites. Prevent the access to these sites from inside the corporate network and also have a company policy about what employees are allowed to say about the company whether they are currently on duty or not. Finally, be sure to run penetration tests from both inside and outside the network and be sure that the tests included some form of social engineering. Hackers don’t have any boundaries, so chances are that if a tool that follows rules is able to break into your network, it will be even easier for a hacker to do so.