How to limit Twitter risks

04 February 2010
Twitter is now used by over 350 million people worldwide. However, Twitter is also gaining a reputation as security risk for individuals and organisations.

The Threats

Cybercriminals follow social networking sites with a passion because they see in Twitter and other social networking sites a huge opportunity to make money and commit fraud. Although spammers, scammers and malware creators are the root of the problem, end-users of the service are equally dangerous because, ultimately, it is what they do with Twitter that counts.

If Tweeters paid attention to what they are doing, listened carefully to warnings from security experts (their IT team at work) and did not trust every follower who sent them a message, there would be no reason to be concerned.

Unfortunately, humans are the weakest link in the security chain. Add to that a lack of education and little or no awareness of security and you have the right combination for something to go wrong.

So what are the risks and what can organisations and users do to limit such risk?

The Risks

Data leaks of confidential or proprietary information: Corporate organisations are constantly trying to reduce the channels through which information could be leaked. There are numerous ways to update your Twitter account so it is impossible to block access all the time. The information that could be leaked includes identity theft, credit card fraud, business plans, confidential data, information about facilities, availability of personnel or their schedules.

Malware and viruses: Malware creators see Twitter an as excellent opportunity to spread malware. The use of abbreviated URLs makes it easy for the bad guys to mask links to infected sites and to redirect users to websites that they would think twice about visiting. The setting up of fake services could be used to collect credentials and information from that user.

Applications: Users put too much trust in both the people following them and the applications that are easily distributed. These applications, which may be insecure, could be used to steal accounts.

Improper use: Twitter makes it so easy for people to inform their friends and extended network of contacts about what they are doing, where they are and so on. Impulse messaging can be dangerous especially if the user is irate and doesn’t stop to think about the repercussions of his or her tweet. Sending inappropriate tweets is not recommended. From a corporate perspective, employees can be a threat if they post information that could impact negatively on the business and hurt its integrity. A wrong post picked up by such a wide audience could become a PR nightmare for that business.

Customer care: As more and more organisations set up their own accounts and encourage customers to keep in touch, businesses need to be careful how they deal with disgruntled customers who may use Twitter to discuss a negative experience they had. With only 140 characters at its disposal, a business should avoid getting into a slanging match with an unhappy customer on Twitter and encourage the client to use traditional customer care channels. Take the conversation offline.

How to counter the risks?

Every business or organisation which uses Twitter (or any other social media or networking site) should have a strong policy in place (and enforced) that clearly states how it should be used by employees.

They need to be aware of the consequences of sending out seemingly innocent tweets which could still get them into deep trouble. In December 2009, a Vodafone employee was fired after his post was deemed by the company to go against fair competition. Drastic? Maybe, but it showed that even a humorous post could backfire.

Some basic rules include:

1. Think twice before posting. Employees need to think compliance, integrity, security... then post.

2. Access URLs in tweets with care. If there is no real need to check out the site, leave it.

3. Show employees what to look out for. How to notice when someone is stalking or attempting to social engineer information.

4. Avoid confrontation on Twitter. It is a great tool for customer feedback but a disaster in resolving issues.

5. Create a policy in a language that is understood by employees. Have them sign it. There should be no excuses that they did not know what they could or could not say.

 

Latest public sector security articles

 Passwords are past their sell-by-date

 Misconfigured networks are the easiest IT resource hackers exploit

 The Return of Ransomware and Do-it-Yourself Botnets

 Hikvision mobile surveillance solution deployed on 3,600 buses in Ningbo, China

 Hikvision cameras keep watch on World Expo 2010 in Shanghai

 Data protection laws are too relaxed and require revision

 Northshore Utility District deploys IndigoVision's IP Video surveillance system to prevent terrorism and improve public and staff safety

 The challenge of protecting multiple and increasingly disparate end user environments

 The USA continues to be the number one spam polluter whle Europe becomes the most prolific continent for spamming

 New Mobile CCTV service for Northern Ireland

...[view more articles on public sector security]...

 

Other security websites:

Bank and financial security - Corporate security - School and education security - Sport event and live venue security - Healthcare and hospital security - Hotel restaurant and casino security - Industrial and manufacturing security - Infrastructure and Utilities security - Home and personal security - Public sector security - Retail security - Small Business security - Transport security

Breaking news Public Sector security news Security tradeshows and conferences Public security books and guides Trade bodies and Associations

About us Editorial policy Advertise Newsletter registration Free newsfeed for your site
Public Sector security links

Public sector banks need to hire more: BCG A report by The Boston Consulting Group notes the human resource challenge for public sector banks due to large-scale retirement.

Unions suspend public sector strike South African public sector workers suspended a pay strike yesterday as it entered its fourth week. The strike by 1.3 million workers has hit schools, state hospitals and the judiciary. Strikers have demanded a pay rise of 8.6 per cent, twice the inflation rate, and a R1,000 (£90) a month housing allowance.

South African public workers suspend 20-day strike South African public sector unions announced the suspension Monday of a three-week-old strike that has crippled the health service and forced widespread school closures.

S.African public sector strike suspended -unions S.African public sector strike suspended -unions

Labour focus shifts from private to public sector While the private sector bore the brunt of the economic downturn, union leaders are turning their attention to the public sector this Labour Day as deficit-obsessed governments put the squeeze on their workers.

Survey: IT job opportunities slump in UK public sector LONDON: Public sector job opportunities in IT in Britain have fallen markedly since the start of the year, a survey showed today, in a sign that the government's austerity drive is already affecting the labour market. Only four in every hundred new IT jobs are being created in the public sector, down from about 30 out of 100 at the start of the year, according to research by business and ...

Public workers given mental health training in Austin Public workers given mental health training in Austin



Copyright © Public Security Portal

Terms & conditions
Privacy policy
CMS and Web design by www.areza.com
directory of Public Sector security suppliers
Search directory Register your company
Public Sector Security books:

SEARCH NEWS
DIRECTORY
Google