Social Media Risks: The Basics
Social media sites unfortunately pose many security risks for the unwary. Here's a guide to avoiding scams of all sorts.
By Joan Goodchild, Senior Editor
3. Use social media access to raise security's positive profile within the organization
While the initial security reaction to new media is often to block, Phillips said most organization now need to consider that not only may allowing access be necessary, but also useful from an info sec perspective.
4. Be prepared for the next phase
As social media platforms come and go, some will ultimately become commonplace and integral to an enterprise. While creating entire new policies around social media doesn't make sense right now, at some point, said Phillips, it will become necessary for policies to be more specific.
New scams pop up all the time. How can employees stay on top of these new threats?
The threats posed by social media and social networks are ever evolving, so it's important to keep users up to date on what the latest and greatest "come-ons" might be as part of a solid security awareness program. In 9 Dirty Tricks: Social Engineers Favorite Pick Up Lines we lay out some of the underlying tactics seen on social networks. And, to help users identify what THEY might be doing wrong, mistakes folks make using social networks are outlined in Seven Deadly Sins of Social Networking Security.
As with many security slip-ups, the mistake, and the lesson that needs to be learned, often goes back to the individual. As Peter Soderling points out in Why a Twitter Hack is NOT a Cloud Security Wake-up Call, many of the hacks that take place on these sites are the result of weak passwords. Check out these tips for How to Write Great Passwords for great advice to give users when it comes to creating secure log-in credentials.
Read more about data protection in CSOonline's Data Protection section.
Other stories by Joan Goodchild
The challenge of true data protection spans databases, internal and external networks, physical and offsite storage, business partners and more. These resources offer expert perspective from the basics through specific key elements of data protection strategies.
Network security basics
Protection, detection, and reaction—those are the three underlying principles your security program must embody
Computer incident detection, response, forensics
Richard Bejtlich shows how to measure and improve the maturity of your incident response
A few good IT security metrics
Stop counting blocked malware attachments and measure things that can contribute to meaningful change
5 key cloud security trends
Cloud security is evolving rapidly—stay on top of it
IT risk assessment frameworks
How to do end-to-end encryption
How to compare and use enterprise antivirus
Also find sample data protection policies in CSO's tools, templates and policies library
- The CISO's Survival Guide to Securing Data
- Data Privacy and Protection in Production Environments: New Research from Ponemon Institute
- FireEye Advanced Threat Protection KnowledgeVault
- Five Tips to Consider in a Data Security Strategy for Smartphones and Tablets
- Moving Your Email to the Trusted Cloud
- New PCI Tokenization Guidelines with QSA Expert
- Step right up and listen to the security barker
I've gotten some interesting feedback to yesterday's post about the security evangelist title, especially from a guy who gave himself the perfect title in an industry that often feels like a circus. Sean Jackson (@shunkydave on Twitter) sent me the following tweet: "Re: Evangelist, I'm now calling myself the Security Barker to my family and friends." - Is the title 'security evangelist' really that bad?
- Teenage hackers could be our last, best hope
More Salted Hash with Bill Brenner
