Imposters


Having a social media presence has been a rather divided topic between those who insist that an organization must have a social presence on the Internet, and those who believe that any effort spent in social media products like Facebook, Linkedin, or Twitter is just an excuse to waste time during corporate work hours.  The problem is that if you do not establish a social presence on these social media sites of the Internet for your organization, someone else might.

Remember that social media sites are designed around the ease of communication between the people who establish the site and their ‘audience’.  Most of these sites have no real security.  If a specific site name is not already in use, anyone can ‘adopt’ that name and create their own site and can begin posting information, blogs, tweets, etc as if they were the other organization they are impersonating.  There is no requirement to prove who you are when you establish the site.  It can take weeks and even months to ‘discover’ that someone has created a social media site and is using it to post information that to the average Internet user appears to be coming from you.

Impersonating another organization on a social media site is just one part of the problem.  Another problem occurs when they post information that can be damaging to the organization.  It is often difficult to track down who really runs the site although most of these social media hosts will quickly take down a site if you can prove to them that your organization did not actually create the site they host.  However, more damaging is the potential to post files containing viruses, Trojans, or key capture utilities in the guise of information about the organization.  (Do you remember the Koobface virus that hit Facebook back in 2008?)

There are some tools like LinkExtend that can help users determine what site a link will take them to and whether it is save, but this is only available for FireFox browsers and it is a manual process.  It is not automatic security.

The problem is that tools to hack into websites are too easy to find.  For example, Firesheep is a FireFox extension that uses packet sniffing to intercept unencrypted cookies from many social media sites such as Facebook and Twitter.  These cookies can be used to discover the identities of the site owners and then the user can take on the log-in credentials of the site user.  While using this type of software is legitimate if you want to assess your own site’s vulnerability, it is illegal to use this type of software on someone else’s site which falls under the wire-tapping laws in this country.   To counter ‘tools’ like Firesheep are products like BlackSheep from Zscaler which reportedly can identify networks where someone is using Firesheep.

The point is, whether you establish your own social media presence or try to hide your head in the sand and hope that social media will just go away, the problem is Pandora’s box has been opened and social media genie is here to stay.  Your job is trying to keep everything inside from escaping.  One way you can do that is to establish your own social media presence for your organization and then monitor and vigorously defend it if necessary.

C’ya next time.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s