How To
How to Use Social Networking Safely: Tips From Security Pros
The business advantages of sites such as LinkedIn and Facebook are starting to outweigh the security and privacy risks, say Bill Boni and Howard Schmidt--but only if you follow a few rules
By Katherine Walsh
connected to or "friends" with.
You can also control various aspects of your profile on each site. Facebook, for instance, allows you to control who can contact you, who can find you in a search and what information they will find. You can also set up a limited profile for when you want to connect with someone but not share everything. On LinkedIn, where there’s less information that may be of privacy concern, you still can decide whether or not people are notified when you make changes to your profile and whether people whose profile you visit will know that you (or someone at your company) has been there.
3. Be Careful Who You Link To.
The implicit risk in a sharing site is that it’s open to anyone who follows the terms of use, says Boni. "That means [in addition to all the good people]," he says, "there could be members of organized crime, criminal undergrounds, or people with malicious intent lurking on there." That’s why it’s crucial to control who you allow into your network.
If you receive a link request from someone on claiming to know you through another connection or "friend," check with that connection to make sure the request is legitimate. Don’t accept someone who you don’t know or haven’t checked out. "This is a tool that can make people more productive and effective," Boni says, but only "if it’s balanced with common sense and a healthy skepticism about unsolicited communication received from unknown parties."
4. Avoid the TMI Trap.
As pro-social networking as Boni and Schmidt are, both say that you are your own worst enemy online, and the risk is always there that you will disclose too much information. "Some people aren’t fully cognizant of the fact that what they put up there is going to be exposed to all kinds of people," says Schmidt.
Adds Boni, "People need to be skeptical and cautious when leveraging these networks. There are lots of things people shouldn’t tell others, but they do anyway." And that, he says, can lead to social engineering and elicitation--when someone uses what they know about you to try to learn something about you or your company that’s better not disclosed.
That’s why Boni says he won’t disclose anything of real concern to him. "It’s my responsibility to exercise reasonable judgment when I decide what information I want to disclose," he says. Boni sees his account on
$firstKeyword
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
- Practical Approaches for Securing Web Applications across the Software Delivery Lifecycle
- Managing A Growing Threat: An Executive's Guide to Web Application Security
- FISMA Prescriptive Guide
- The Tripwire HIPAA Solution: Meeting the Security Standards Set Forth in Section 164
- Beyond PCI Checklists: Securing Cardholder Data with Tripwire's Enhanced File Integrity Monitoring
- IDC White Paper: CCM for IT Compliance and Risk Management
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
