In Depth
Seven Deadly Sins of Social Networking Security
To users of LinkedIn, Facebook, Myspace, Twitter or all of the above: Are you guilty of one of these security oversights?
By Bill Brenner, Senior Editor
The problem is that the language and images one shares with friends and family may be entirely inappropriate on the professional side. A prospective employer may choose to skip to the next candidate after seeing pictures of you drunk or showing off a little too much leg at someone's birthday party. In sharing such things, you also stand a good chance of making the company you represent look bad.
"In my view one of the major rules when engaging in social networking is to be aware that your words belong in the public domain," says Paul V. de Souza, chief security engineer at AT&T. "You may be quoted all over the Internet, so make sure to choose your words carefully. Be diplomatic and extremely professional."
In some cases, it's nearly impossible to separate business from the personal on a social networking site. Those who work for media companies, for example, are sometimes required to use all their social networking portals to proliferate content in an effort to boost page views which, in turn, attract potential advertisers. But wherever and whenever possible, security practitioners work to keep each locked in their respective boxes.
"You have to understand very clearly what the objective of your presence on any given social network is. If it is for work, keep it for work only. If it is for personal/fun use, keep it for personal use only," says Benjamin Fellows, a senior IT security and risk consultant at Ernst & Young. "I can't tell you how many times I have been invited to Facebook by a work colleague only to find things on their wall or profile that are definitely not politically correct or are downright offensive. I keep all my work friends in LinkedIn and my personal friends in Facebook. Even then, I am very careful what I say on either site. I guess you could also put this under the heading of know your audience."
Engaging in Tweet (or Facebook/LinkedIn/Myspace) rage
For the person who has just been laid off or had their professional integrity called into question online, the urge to fire back with a stream of vitriol can be irresistible. Call this a sin of wrath.
"You don't want to get into a flame war," says John Bruggeman, a Cincinnati-based IT director. "Be mindful of what you say and imagine you are at a party where everyone is listening, including your boss, spouse or future employer."
Scott Hayes, president and CEO of Database-Brothers Inc., agrees, saying, "Posting any content when angry is about as dangerous as sending flaming emails, if not more so. Think twice about clicking 'submit' because the world may be looking at your angry, immature rant for years."
Seven Deadly Sins
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
