Social Media Safety

a. Debit Card Cash Back Offers - The virus entices Facebook users by promising 20 per cent cash back if they link their Visa or MasterCard debit cards to their Facebook account. The offers appear to come from trusted friends. On Facebook, scammers hijack an account by getting the user to click on a post and accept their application. This gives scammers access to all the user's account information and allows them to make posts in the user's name.
• Never install a game or application that you are not sure is legitimate
• Be wary of posts from friends that use overtly promotional language
• Never click on Facebook posts or install applications that claim they will tell you which of your friends viewed your profile. It's impossible to find out who is viewing your profile.
• If you mistakenly install an application on Facebook, click on the Home icon on the top right hand corner, go to account settings, click on Apps and uninstall the suspect application.

b. Facebook - Have you received an e-mail asking you to confirm that you wish to cancel your account? There is malware sending out this e-mail: "We are sending you this email to inform you that we have received an account cancellation request from you. Please follow the link below to confirm or cancel this request. Thanks, the Facebook Team. To confirm or cancel this request, follow the link below: Of course, the link doesn't point to an official Facebook page, but a third-party application running on the Facebook platform. So, the link does go to a Facebook.com address, which asks you if you will allow the Java applet to run on your computer. And no matter what button you push, it insists. Not wanting to lose their Facebook account, victims agree to what the computer is telling them to do. It tells you then that Abobe Flash needs to be updated and to click Run. The code that is downloaded is not Adobe Flash, but instead drops additional files into your /WIN/32 folder, which have the intention of allowing remote hackers to spy on your activities and take control of your computer. How to stop it? Use Sophos or other security products to keep your malware up to date.

c. Phishing with Google Docs - Confirm your e-mail account please enter your Mailbox Details by clicking the link below: Failure to provide details correctly will result in immediate closure of your mailbox account from our database. The link points to a page on Google Docs. That gives the false aura of legitimacy. But what the link can't do is tell you whether the Google account holder is legitimate. In this case, if you click on the link, it's an attempt to phish information. The page falsely claims you can resolve the situation by entering your username and password. Before you know it, your e-mail account has been compromised. If if that username/password combination is being used elsewhere on the web...
----------------------------

Digital Monitoring

Monitoring employee behavior in digital environments is on the rise, with 60 percent of corporations expected to implement formal programs for monitoring external social media for security breaches and incidents by 2015, according to Gartner, Inc. Many organizations already engage in social media monitoring as part of brand management and marketing, but less than 10 percent of organizations currently use these same techniques as part of their security monitoring program.

"The growth in monitoring employee behavior in digital environments is increasingly enabled by new technology and services," said Andrew Walls, research vice president of Gartner. "Surveillance of individuals, however, can both mitigate and create risk, which must be managed carefully to comply with ethical and legal standards."

To prevent, detect and remediate security incidents, IT security organizations have traditionally focused attention on the monitoring of internal infrastructure. The impact of IT consumerization, cloud services and social media renders this traditional approach inadequate for guiding decisions regarding the security of enterprise information and work processes.

"Security monitoring and surveillance must follow enterprise information assets and work processes into whichever technical environments are used by employees to execute work," said Mr. Walls. "Given that employees with legitimate access to enterprise information assets are involved in most security violations, security monitoring must focus on employee actions and behavior wherever the employees pursue business-related interactions on digital systems. In other words, the development of effective security intelligence and control depends on the ability to capture and analyze user actions that take place inside and outside of the enterprise IT environment."

The popularity of consumer cloud services, such as Facebook, YouTube and LinkedIn, provides new targets for security monitoring, but surveillance of user activity in these services generates additional ethical and legal risks. There are times when the information available can assist in risk mitigation for an organization, such as employees posting videos of inappropriate activities within corporate facilities. However, there are other times when accessing the information can generate serious liabilities, such as a manager reviewing an employee's Facebook profile to determine the employee's religion or sexual orientation in violation of equal employment opportunity and privacy regulations.

"The conflicts involved were highlighted through recent examples of a small number of organizations requesting Facebook login information from job candidates," said Mr. Walls. "Although that particular practice will gradually fade, employers will continue to pursue greater visibility of social media conversations held by employees, customers and the general public when the topics are of interest to the corporation."

A wide range of products and services have emerged to support these actions and many public relations firms provide social media monitoring as a standard client service. Security organizations are beginning to see value in the capture and analysis of social media content, not just for internal security surveillance, but also to enable detection of shifting threats that impinge on the organization. This might be physical threats to facilities and personnel revealed through postings concerning civil unrest or it may be threats of logical attacks by hacktivists. Early detection of shifting risks enables the organization to vary its security posture to match and minimize negative impacts.

"The problem lies in the ability of surveillance tools and methods to produce large volumes of irrelevant information," said Mr. Walls. "This personal information can be exposed accidentally or become the target of voyeuristic behavior by security staff."

There are a number of important issues that also need to be considered. While automated, covert monitoring of computer use by staff suspected of serious policy violations can produce hard evidence of inappropriate or illegal behaviors, and guide management response, it might also violate privacy laws. In addition, user awareness of focused monitoring can be a deterrent for illicit behavior, but surveillance activities may be seen as a violation of legislation, regulations, policies or cultural expectations. There are also various laws in multiple countries that restrict the legality of interception of communications or covert monitoring of human activity.

Additional information is available in the report: "Conduct Digital Surveillance Ethically and Legally: 2012 Update," which is available on Gartner's website at www.gartner.com/resId=1965315

Courtesy: Better Business Bureau