Tweeting officials warned about security risks

Saturday, 31 July 2010

Security

By Robin Hicks | 5 February 2010

Tweeting government officials with Facebook pages and LinkedIn accounts beware. The volume of spam and malware sent via social networking sites increased by 70 per cent last year, with MySpace, LinkedIn, Facebook and Twitter all falling victim to rising levels of malicious activity in 2009. Of them all, Facebook poses the biggest risk to security, according to a survey by cyber security firm Sophos.

Photos

View photos

Related Categories

From this Section

NEWS

Paul Ducklin, Head of Technology for Sophos Asia Pacific warned FutureGov readers that even well meaning civil servants are prone to making mistakes which can lead to the government of the day “getting egg on its face”.

“Organisations are worried about what about might go wrong for them even when employees are talking about their own interests with their own friends in their own time,” said Ducklin. “Our work and home lives are increasingly intertwined, so there is always the risk that individuals might - with the best intentions - leak nuggets of information about their work and their workplace which social engineers could pounce upon and abuse.”

Ducklin pointed to last year’s revelation that the head of the British Secret Intelligence Service had personal information about himself and his family exposed via his wife’s Facebook account as an example of how social media can leave government departments open to cyber attack.

“One of the biggest risks is from insiders,” said Ducklin. “I’m not talking about ‘the enemy within’ (that’s another issue altogether), but about the inadvertent mistakes of well-meaning insiders who give away what they see as harmless information which nevertheless gives cybercriminals an attacking wedge into the organisation.”

So how to tackle the problem? Ducklin noted that a blanket block on civil servants using social media networks at work would not be an effective first measure. “Staff will continue to use social networking sites at home, and are likely to discuss work-related matters anyway, simply because they are telling part of their life story online,” he said.

“Much better is to prevent staff using potentially risky sites from high-security parts of the network, while allowing ‘reasonable’ use of social media sites elsewhere - with guidelines which clearly explain what you mean by reasonable.” He suggested that the approach of the US Marines, which banned the use of social media on critical parts of the network which represents an “unreasonable risk” last year, was a good way of finding “sensible middle ground”.

Governments and public services should make the issue of data security part of their staff induction programme, so that no-one is in any doubt about what is safe and what is not, he added. “Consider making the practise of IT security an HR function, so that everyone is involved. Regularly re-brief your staff on good behaviours - which will help protect them at home, too.”

Rate this article

1 Comments

On 25 May 2010 Kelly Monroe wrote:

IT management is struggling with whether social media is productive or obstructive for companies and their employees. Software is being developed and policy and restrictions are being decided everyday by IT managers. The security of company networks are at stake but the potential for innovation using social media is a large enough carrot for the discussion of how to properly utilize the medium continues. Palo Alto networks came up with an webinar, http://bit.l…, that should be interesting exploring the issues surrounding social media in the workplace. It is important to not only understand the immediate benefits of doing business how one lives, but the threat it presents to a company's greater ROI and productivity when it comes to the server's safety and security.