Gallery

The hidden dangers of social networking

Posted on 28 Apr 2009 at 12:08

This month, Davey Winder ponders social networking security and mobile botnets.

If any proof were needed of this strange "gotta get 'em all" mentality then look no further than the infamous Freddi Staur Facebook experiment conducted by Sophos.

Freddi Staur, which is an anagram of ID Fraudster in case you were wondering, sent out 200 random friend requests on Facebook to which 87 responded and 82 divulged personal information.

Freddi didn't divulge any real personal info in his own profile, which isn't surprising since he was a green plastic frog, as viewing his profile photo would have revealed.

Despite this, 41% of those strangers approached were happy to add him to their network of friends, and of those who did 72% gave up at least one active email address, 84% their date of birth, 78% a real-world address and 23% a phone number.

Social media best practice

I'd suggest that the average SME needs to get to grips with this social networking problem, but I don't adopt the popular "ban it from your business" approach that others may recommend.

That's not least because social media are increasingly becoming useful business tools. Instead of banning them, just absorb them into your existing security infrastructure (you do have one, don't you?), making it very clear within your company's Acceptable Use Policy just what is and what isn't regarded as acceptable conduct in the realm of social networks.

Just as importantly, make sure your staff are educated in the social safety basics, such as understanding that the medium shouldn't be treated like confidential gossip around the coffee machine, that malware does exist within social networks, and that real trust has to be earned and not thrown around like confetti in exchange for mere "more friends than you" kudos.

Download a year of Davey Winder's Online Security columns by heading to our Free Downloads site