Countermeasures for Social Networking: Because social networking exploded in popularity so quickly, companies and individuals had little time to deal with the problems the technology brought to bear.
Surveys taken a few years ago found that many companies either did not have policy in place regarding social networking or were unaware of the risks. Recently, however, people are slowly starting to become aware of how big the danger is and that they need to take steps to protect themselves.
Company policies should touch on appropriate use of social media and networking sites at work as well as the kind of conduct and language an employee is allowed to use on the sites.
Currently about 75 percent of the companies have implemented a social-networking policy; the rest have either suggested doing so or are not doing anything.
Many individuals and companies have been burned or heard about someone else getting burned and have decided to do something about the issue.
Social networking can be used relatively safety and securely as long as if it used carefully.
Exercising some basic safety measures can substantially reduce the risk of using these services.
As an ethical hacker and security professional, consider recommending and training users on the following practices:
- Discourage the practice of mixing personal and professional information in social-networking situations. Although you may not be able to eliminate the company information that is shared, it should be kept to a bare minimum.
- Always verify contacts, and don’t connect to just anyone online. This is a huge problem on many social media networks; users frequently accept invitations from individuals they don’t know.
- Avoid reusing passwords across multiple social-networking sites or locations to avoid mass compromise.
- Don’t post just anything online; remember that anything you post can be found, sometimes year later. Basically, if you wouldn’t say it in a crowded room, don’t put it online.
- Avoid posting personal information that can be used to determine more about you, impersonate you, or coax someone to reveal additional information about you.
NOTE: Once very effective way that I found to illustrate just how dangerous social media can be and the role it could play in successful social engineering attacks is Echosec.
This service (located at www.echosec.net) draws information from several social networking sites and cross-references them with geographic information to place social media posts in a specific location.
Querying a location on the map with this service (or querying by keyword or other criteria) will reveal a tremendous amount of information.
In many cases those see how easy this information is to access with this tool are dumbstruck at the volume and detail it reveals.