Slideshow Don't Friend Your Enemies: The Insecurity of Social Media

  • March 23 2011, 12:00am EDT
8 Images Total

Don't Friend Your Enemies: The Insecurity of Social Media

Financial firms are still trying to develop coherent social media strategies. But don’t race into it: the risks are not well understood. And you may already be giving out too much information about the most important people in your organization: top executives and members of your board.

This presentation is gleaned from “The Future of Security: Evolve or Die,’’ produced by Edward Powers, a principal and security specialist at Deloitte & Touche LLP.

Exercise Vigilance

Social networks and mobile platforms have made the software you use more vulnerable. Attackers have nearly unlimited time, sills and resources to exploit the vulnerabilities. Keep on top of what threats are developing. To monitor for unknown threats, develop heuristics that can detect unusual code or activity. Develop baseline metrics; monitor for unusual spikes in network activity or traffic destinations.

Content Continues Below

Clarity in the Cloud.

Be careful about what data to put in the cloud. Know where the data will be housed. Assign responsibility for security. Set security priorities. Review policies and performance regularly.

Leave It Home

Particularly when traveling abroad, leave the mobile phone at home. Do not take it with you. Arrange to have a temporary replacement that you can afford to lose and which contains no personally identifiable information or sensitive company documents, spreadsheets or the like.

Content Continues Below

Lock It Down

Many types of smartphones (and, now, tablets) can be configured to lock down browser access, limit downloading of outside applications and keep control over other functions. Create and maintain “white lists” of approved applications. Configure devices to block scanning, sniffing and tampering.

The Problem with iPads & iPhones.

Mobile devices are relatively easy, low-risk points of entry for attackers. They can be remotely monitored for passwords, account numbers and personal identification data.

Content Continues Below

Beware of Your Background..

Adversaries can use data extracted or derived from social media sites and public sites on the Web to figure out the affinities of executives and board members, past career moves and anything that might give a hint to passwords or other means of getting through authentication systems. The information gleaned from your executives’ “digital exhaust” can be used for attacks or identity theft. At stake: Account access.

Meet the Spear Fisher

Hackers are now specifically targeting high-level executives and board members to gain control of corporate information systems and resources, according to Deloitte & Touche principal Edward Powers. The practice is called “spear-fishing.”