Social Networking A Gateway For Criminals, Says Expert
0Overall Score

LinkedIn, Facebook, Twitter and social networking in general are proving to be a gateway for criminals trawling the internet for information that can be exploited to do harm to both businesses and consumers, according to security analysts.

Lloyd Borett, security expert at AVG (AU/NZ), which specialises in security software solutions, says: “Online social networks have sprung up for business, hobbies, schools and religious groups. Used properly, they are a unique communications tool to keep in touch with friends and colleagues. But like any online tools, social networking sites can be abused by hackers and cyber criminals.”
While social networking has been argued to provide tangible benefits for business, a survey by Manpower claimed only 20 per cent of companies worldwide have a social networking policy in place. 
Leading research and advisory company, Gartner, predicts that social networking will overtake email by 2014, and according to a new survey by Regus, 40 per cent of businesses have used social networking successfully for business development. 
Meanwhile, in the first six months of this year, LinkedIn‘s members grew by 40 per cent to 70 million, and Twitter grew to 190 million users. Around 250 million people log into Facebook everyday. 
Borrett warns that both casual and business users should be careful about what they post online, so as not to provide ‘gateway data’ to criminals.  He advises companies to get acquainted with the privacy settings and tools on the social networks that are used. “The bottom line is – all employees should be aware of which social sites they are allowed to use during working hours,” he said.
 

The term “gateway data’ was coined by Herbert ‘Hugh’ Thompson, a professor in the Computer Science department at Columbia University in New York, to refer to the confidential information harvested from social networking sites.

“Criminals have got to be able to leverage the information that people are sharing to do harm at some point,” he said. The gateway data identified by Thompson can be used in a variety of ways. 
For example, discovering someone’s mother’s maiden name from Facebook could, in turn, be used to answer a password prompt question on an email account. Even if that account is a personal account, the user will have been compromised and the hacker is one step closer to all the business information they want.
Hackers look for lots of fragments of data to reveal a larger piece of confidential information. So the separation between personal and business data is not as distinct as people think. In fact there could be no boundaries between them at all, says Borett.
Borrett also warns about the popularity of shortened URLs on sites such as Twitter. “The problem with shortened links is that they usually don’t bear any resemblance to the original URLs, which means that users don’t know what they’re clicking. People click with the intention of going to a specific site, but the link can be easily hacked to send them to a site containing Trojans, spyware, rootkits and other malware instead.” 
 

The danger of an unguarded approach to social networking is not just about risks to physical property on a personal or corporate level. Identity theft is also a serious concern. The Australian Government web site Stay Smart Online contains useful advice on using social networking sites safely at www.staysmartonline.gov.au.

The shift in attitudes about personal information sharing among its user base caused Facebook to change its privacy rules in late 2009 with some of its 350 million worldwide users concerned that the company was out of step with identity theft and online security.
Industry opinion suggests that while businesses have adopted Facebook (and perhaps even more prevalently LinkedIn and Twitter) as a networking tool, the privacy improvements that the social networking giant brought to bear were not commensurate to the risks that now exist at a corporate networking level. 
A central part of how social networking sites engage their audience, is getting users to post more personal content. This builds up profile and identity. “Within the business environment this identity becomes intellectual property – and this needs to be locked down,” says Borett.
Some advice on how to manage information briefs include restricting information detailing which companies you are meeting to avoid highlighting your business partners and prospects to competitors, not revealing your product innovations prior to their official launch so not to weaken their impact, and not pumping out details of which companies you can’t stand dealing with, or whose products you hate, which might just be one step away from a defamatory court case.