Social Network Security

it-sec_91919858

By Philip Brookes.

Just a few short years ago, social media was only used by early adopters and kids but now roughly half the Australian population has a Facebook account and social media participation is considered mainstream. In fact, if you did a quick online search about any individual, the odds are you will be able to find information about them via social media.

The dilemma for users, and perhaps most especially teachers, is: What information about you is available online? Can you control access to it? Will it get into the wrong hands? Do you want this information to be accessible?

Australian users have created almost 11 million Facebook accounts, 2.1 million LinkedIn accounts, 1.8 million Twitter accounts and 920,000 Flickr accounts, and there are almost 1.1 million active Google+ accounts on our continent alone. Each one of these social networks vehemently denies that they will abuse or misuse your information and promise to always do the right thing by you. However, with (virtual) reams of fine print in their terms and conditions and privacy policies, very few people actually take the time to read and understand what will happen to their personal data.

As a general rule, the social networks do give you a lot of control over which of your information is available to other people. Most often, privacy issues arise out of a lack of awareness of the controls that are available. ‘Human error’ is the most common cause of security breaches in most environments and online/social media is no exception. The fact that security controls exist is no guarantee that people will not make mistakes and inadvertently allow access to information they had not anticipated.

So what are you revealing about yourself if you engage in social media, who can get their hands on it, and what are the risks?

Information You Choose To Reveal But May Not Realise How Far It Travels
When you use social networks such as Facebook, Google+ or Twitter, they frequently ask to use your location information (this is particularly powerful when you are using a smartphone). This information is often visible to the public, but you can usually control who sees it. Telling people where you are can reveal your workplace, children’s school, home address and favourite haunts, and it can tell them where you are NOT which is very useful information for a burglar who would like you to be away from home when they strike.

Additionally, the very fact that you connect with other people identifies your acquaintances and friends. For example, on LinkedIn you may be telling your former students who all your friends and colleagues are.

Often, when participating on social networks, people are invited by their friends to respond to a simple questionnaire about them (e.g. “Ten Things You Didn’t Know About Me) and pass it on to the rest of their friends who, in turn, may do the same thing. A lot of the questions seem pretty innocuous but they are often the same type of questions and answers that are used as challenge/response questions for online banking, eBay, or any of a number of online transactional systems. For example: What was the first school you attended? What was the name of your first pet? What was your first teacher’s name? Putting this information in the public domain may leave you exposed to identity theft or hacking.

Another example of personal information which can be misused is, of course, your date of birth. Many Facebook users will publish, at the very least, their day and month (although they may omit to display the year). However, your friends will probably make a big deal and congratulate you on the occasion of your 21st, 40th, 50th or any other milestone birthday. Combining the two sources of information can make it a breeze for people to obtain your entire date of birth.

Information You Are Deceived Into Revealing
The information you inadvertently share with the world is not the only concern users may have about participating in social media. The very fact that you are participating on Facebook, LinkedIn or Twitter, makes you more susceptible to old-fashioned ‘phishing’ scams in which genuine-looking invitations, apparently from a trusted source, dupe you into clicking a bogus link or even providing your login credentials when you believe you are logging into the genuine site.

Similarly, social media such as Twitter, has ramped up the adoption of ‘URL shortening’ services which take a long website address and substitute a shorter alias for convenience. The difficulty with this is that you are clicking on links without knowing where they will actually take you and, while many of them are genuine, users are lowering their guard and also visiting unintended destinations.

But in social media, they can go much further than that. Scammers can don an assumed identity and look like the world’s greatest boyfriend, winning your trust and then separating you from your hard-earned cash or, perhaps, confidential trade secrets from the company you work for. This could be described as ‘social engineering’ which is a very real threat when people start to get involved with ‘real’ people online. Once someone is a ‘friend’ on Facebook, Twitter, or LinkedIn, there is a dangerous increase in the level of assumed trust.

Data That You Do Not Realise Is Being Compiled About You
Perhaps the biggest concern many internet users (again, educators in particular) have is how their personal activities are being secretly monitored and analysed, and whether or not they are being profiled without their knowledge.

If you read the fine print, you will discover that virtually every social media system collects voluminous information about your online behaviours which is purportedly to help ‘improve the quality of their services’. This includes more directly targeting you with advertising you will be receptive to, recommending people you might want to connect with/follow and, in other ways, trying to predict your behaviours, desires and wants before you even know them yourself.

Facebook is well known for doing this, but did you know that Facebook knows when you visit somebody else’s website which incorporates Facebook tools such as the ‘Like’ or ‘Share’ buttons? Likewise, if there is a ‘Tweet this’ button on any website around the world, then Twitter records your visit against your unique profile record. They claim to use this information to improve the quality of their recommendations of topics you may be interested in, and similar ‘quality improvements’.

Of course, many people are concerned that ‘with great power comes great responsibility’, and corporations are not famed for living up to their responsibilities. What are the potential risks if an organisation knows so much about you?

Realistically, there are a number of commercial realities to discourage most corporations from pursuing any underhand exploitation of your personal information – the most significant of these being that any organisation discovered to have condoned gross abuses of your personal data would likely lose their customer base rapidly and be bankrupted. However, concerns of abuse by rogue staff and lone rangers, or students, are realistic and a serious consideration both for users and for providers of services in the social media space. For this reason, the security conscious are best to limit themselves to only the largest and most reputable social networks with headquarters in countries with strong law and order.

Beyond the risk of the major social media companies misusing the information they glean about you, there is also a growing phenomenon that has been fuelled by social media – the download and installation of numerous ‘apps’ to computers and mobile devices. Many of these integrate with the major platforms, but are produced by third-party developers and pose a significant risk because, as well as obtaining information from you, they have been known to secretly install spyware and viruses. In fact, for many education IT departments, the proliferation of user-installed apps is one of the greatest risks they face and it is challenging the tightly-controlled IT regimes that, historically, were the norm in education computing environments.

From an education perspective, another social media concern is the rapid propagation of damaging or confidential information. In 2010, two Domino’s Pizza employees thought it would be amusing to video themselves engaging in a variety of health and safety breaches and then post the videos on YouTube. Domino’s was not well equipped to respond to this new threat to their brand and their stock price dropped 10 per cent within a week. In a similar incident, in March 2011, an employee of a marketing agency that provided social media services to Chrysler accidentally tweeted from the Chrysler Twitter account rather than his own personal account, lambasting the poor driving of the Detroit populace.

Can you imagine a situation where students post videos of themselves doing stupid things in uniform on school grounds and the fall-out it might have for the school? Alternatively, imagine a teacher berating and possibly losing his or her cool with a student, only to have the whole thing filmed on a camera phone and uploaded to a social media site.

However, a blanket ban on social media is not necessarily a great solution. A survey in Canada by security and risk consulting firm, TELUS, discovered that “companies that ban employees from using social media are 30 per cent more likely to suffer computer security breaches than firms that are more lenient on the issue of workers tweeting and checking Facebook posts in the office”. In essence, the data suggests that employees who are given some flexibility in their use of social media are unlikely to bypass their approved devices and internet access channels, whereas those in strictly-controlled environments have a higher propensity to use non-trusted sites and devices to get around company security.

So what are we to make of these threats? It is clear that social media is now ubiquitous and education institutions, as well as individuals, can present a strong case for participation. The most revealing and confidential information about ourselves need not be shared if we are concerned about it, and the majority of risks can be adequately managed if we are appropriately educated. From a professional perspective, there should, therefore, be a strong commitment to continual education and intentional review of social media participation. However, a certain degree of caution is not a bad thing and, particularly when it comes to using lesser known tools and social media companies, companies need to wrangle with ways to educate and guide acceptable practice by their own users.

Philip Brookes is Director of Aktiv Digital, a business strategy and marketing consultancy that works with businesses and not-for-profit organisations in Australia and South-East Asia. He has a particular interest in poverty relief, and using social media and viral marketing techniques to effect social change. You can follow his personal blog at brookes.com.au. For more information, visit aktiv.digital, follow him on Twitter, or phone 03 9017 2996.

The following two tabs change content below.
Education Technology Solutions
Education Technology Solutions has been created to inspire and encourage the use of technology in education. Through its content, Education Technology Solutions seeks to showcase cutting edge products and practices with a view to expanding the boundaries and raising the standards of education curricula. It introduces teachers and IT staff to the latest products, services and developments in education technology with a view to providing practical how-to guidance designed to facilitate the integration of those products and services into the school environment in the most productive and beneficial manner possible.

There are no comments

Add yours