- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
Network World - This is one in a collection of seven pieces on Burning Security Questions. Read the rest here.
Social networking — whether it be Facebook, MySpace, LinkedIn, YouTube, Twitter or something else — is fast becoming a way of life for millions of people to share information about themselves for personal or business reasons. But it comes with huge risks that range from identity theft to malware infections to the potential for letting reckless remarks damage corporate and personal reputations.
Both IT managers and security experts remain wary of social networking, with many seeing few defenses for its traps besides plain old common sense and some form of antimalware protection. Most say their efforts involve simply educating those about the risks of hanging out on the social networking scene.
"Social networking in itself is a really great thing," says Jamie Gesswein, MIS network engineer at Children's Hospital of the King's Daughters in Norfolk, Va. While impressed with how online is now bringing people together, he still favors blocking general access to social-networking sites unless that access is really needed.
"Be careful of what you post," Gesswein says. "I know users who post anything on everything on these sites. It is at times almost a contest to see who can outdo whom."
He thinks social-networking enthusiasts may be missing the point that this posted information stays around for many years and could come back to haunt them if a job recruiter tries to find out about their digital past.
Gesswein also believes people can end up in "the world for the forces of evil to exploit."
Gaby Dowling, manager for IT manager for international law firm Proskauer Rose, says there's a sound business argument for using social networking sites such as LinkedIn, but she worries about the potential for malware being spread by exploiting trust.
"The Koobface worm spread on Facebook was tricking you because you were receiving that from a trusted party," she points out.
"Social networking sites carry high risks of infecting systems with malware," says SystemExperts analyst Jonathan Gossels, who adds, "At a policy level, employees should not be visiting social-networking sites from production systems."
Social networking is basically a "digital version of a relationship," says Greg Hoglund, CEO of firm HBGary, and the security expert who co-authored "Exploiting Online Games," the book revealing how cheaters can manipulate online games such as World of Warcraft.
Thousands of third-party applications are being developed for social-networking sites and essentially it all exposes "vulnerability surfaces to potentially crafted attack data," Hoglund says. "Furthermore, the potential attack data is piggybacked on a digital version of a human relationship — somebody you know and talk to every day."
That means the "digital version of that person could easily be impersonated or exploited" and Hoglund doesn't see a simple way out of this dilemma. "In a nutshell, don't trust a digital identity like you trust a human relationship."