The world of social media is often a double edged sword: It can be tremendously powerful tool for business but also a very risky and dangerous place in terms of information security. According to security firm Sophos malware and spam rose 70 percent on social networks in the last 12 months and 57 percent of users report they have been spammed via social networking sites. While it is clear that cybercriminals have long known and exploited the world of social networking to propagate their crimeware, gather competitive intelligence, and even conduct espionage – it doesn’t have to be this way. Truth be told; your organization doesn’t have to be easy pray. Fundamentally, I see it as all about planning and implementing solutions on multiple fronts – technology, end user and management training, policies & procedures to name a few. Of these I see social media security training to be the most lacking. Users simply don’t understand the risks and harms that could befall your company or enterprise as a result of their actions. It is up to us as Information Security professionals to change this.
Of all the remediation efforts I’ve seen in social media security space, I am surprised to see how few medium to large business have made any effort to address end users/management training in Social Media Security. Technology is no band-aid or panacea but only part of the larger security picture. Your users can be the weakest link, unless they know better. This can only happen with proper training. What does your social media security plan look like?