Social Engineering & Social Networking - Your Users are a Target

Social engineering is a collection of techniques used to manipulate people into performing actions or divulging confidential information. In many instances unauthorized individuals use social engineering to target your users into clicking on links in e-mail messages, visiting fake websites, downloading and installing software, and divulging sensitive or personally identifiable information.

In a business environment, social networks can share information with customers, staff, suppliers, business contacts, investors, etc. Sales and marketing personnel can use social networks to engage in communications with customers and prospects and become a resource. Since communication is performed electronically, hackers can pose as an imposter on a social network to entice users to perform actions, disclose trade secrets, click on links to sites with Malware, etc.

Social Engineering

Users have a responsibility to help protect sensitive and proprietary information. With sufficient security education and awareness training, they are your front line of defense. Security mechanisms can include:

• Security training - users should receive periodic security education about the types of risks they face and the impact on the organization.
• Spam filters - filters can ensure fake messages never even reach the user.
• Firewalls - firewalls can limit and restrict user access to websites.
• Protection software - anti-malware software helps protect users from known viruses, worms, Trojan Horse programs, spyware, and other related threats.

Social Networking

Social network policies and procedures should require settings that protect users and the organization from Internet threats. The examples listed below show how to protect users from social networking related threats.

• Visibility - change the default setting to restrict access to a user's profile. Change access to just friends.
• Contacts - configure the settings to ensure that friends are not shown on the user profile page.
• Applications - uncheck enable public search results. This helps ensure that search engines don't have access to postings.
• Photos - without the proper restrictions, tagged photos can be seen by others. Configure the privacy settings to restrict access to photos.
• Postings - develop a procedure to monitor staff postings to ensure organization sensitive information is not disclosed on social networking sites. Tools can collect and analyze information found on thousands of social networking pages.

Network security audits help ensure the organization's assets have the proper security controls in place. Social engineering security assessments help protect your sensitive data and intellectual property by evaluating and testing the effectiveness of your employee security education and awareness training. Formal and documented policies ensure a top down approach to managing security risks.