ENISA report points out the risks and threats of mobile social networking services

08 February 2010

Online Social Networking Sites (SNSs) have had an exceptional growth trend on Internet. 211Mn users (out of 283 Mn) in Europe use SNS, and, primarily, Facebook in 11/17 countries studied. The modern way of staying in touch with business or personal contacts is through SNS and other digital tools. Consequently, the ways people meet, share opinions, communicate information and ideas is changing.

The EU ‘cyber security’ Agency - ENISA (the European Network and Information Security Agency) has presented a new report on accessing social networks over mobile phones 'Online as soon as it happens'. The report points out the risks and threats of mobile social networking services, e.g. identity theft, corporate data leakage and reputation risks of mobile social networks. The report also gives 17 ‘golden rules’ on how to combat these threats.

With growing popularity of SNS, the demand for instant, continuous access over the mobile phone has increased-i.e. mobile social networks (MSN). More than 65 Mn users now access the social network Facebook over their mobile device. MSN users are 50% more active than non-mobile users, and are estimated to be 134 Mn in Europe by 2012.

Many MSN users also use their phone as a backup device for business mails, personal data, contacts, pictures, and access codes. As a consequence, a lost mobile phone can cause serious damage, e.g. when illegitimately used to access MSNs. Many mobile phones come pre-packaged at purchase, with built in MSN applications i.e. ‘on-deck’ services.

Several stories from Italy, France, Spain, Greece, UK, witness that many SNS/MSN users are largely unaware of security risks, privacy issues and threats related to misuse of the information put online in an SNS and of proper online privacy protection.

A number of unique MSN risks/threats are identified in the report. The ENISA report gives an overview of the situation and underlines that in particular MSN users need awareness on how to safer use social networks on a mobile phone to avoid unexpected and damaging consequences. Risks include identity theft, and serious damage to personal or corporate reputation, or data leakage.

Two samples case studies:
• Fake profile on Facebook. A professor at Turin University discovered someone else had created a profile for him at Facebook with offensive features, affecting his reputation.
• Data leakage/corporate reputation. After a 2008 incident, Virgin Atlantic airlines later dismissed 13 staff members who had posted comments on Facebook which e.g. criticised the cleanliness of the company’s fleet and of its passengers. Similarly, British Airlines check-in staff at Gatwick posted messages on Facebook saying e.g. travellers were ‘smelly’ and criticised the chaotic operations at Heathrow.

The paper also gives a comprehensive view of the SNS world under the lens of the European directive on data protection (Dir. 95/46/EC). The Executive Director of ENISA comments: “This report provides practical, hands-on advice to the users of how to more safely be online, anywhere and anytime, when enjoying mobile social networks.”

The paper includes 17 practical ‘golden rules’. Samples include:
- Remember to log out from the social network once your navigation is over.
- Do not to allow the social network to remember your password (this function is called ‘Auto-complete’).
- Do not mix your business contacts with your friend contacts.
- Report immediately stolen/lost mobile phone with contacts, pictures, or personal data in its memory
- Set the profile privacy level properly.