Viewpoints on Social Networking Websites from Security Risks Standpoint

Social Networking Websites (SNWs) such as Facebook, Twitter, and LinkedIn, have become integral parts of daily online ecosystem. They are crucially instrumental in personal and professional networking, invaluable as sales and marketing tools,  and in keeping society informed of daily incidents in several walks of life. SNWs are interesting for at least two key features: huge number of users and high-degree of trust among users.

However, apart from vulnerabilities arising from SNWs like any other software, personal details exposed on these sites and lack of secure defaults coupled with exploitative misuses of miscreants pose a huge security threat on users of SNWs. In fact, there is no single countermeasure that fits all to protect innocent users from such security risks when using SNWs. In blend with mainstream security gadgets, such as Anti-viruses, Firewalls, Intrusion Detection Systems, and organizational policies and procedures, it is worth-noting and asking ourselves the following seemingly simple but critical questions before we render ourselves digitally-naked on the online stage, where anyone can 'see' us from anywhere, anytime. 

Do you really know who you are going to be friends with?

For some people, amazingly though, being on a SNW means just swelling the number of friends, especially on professional SNWs like LinkedIn where more connections is mistakenly taken as an indicator of shiny professional profile. When the only variable is just the number of friends, we obviously risk connecting to fake identities, real kidnappers, real identity thieves, or even terrorists. A useful piece of advice in this regard is to think a bit before deciding to confirm a friend request. Do you know that person? Why you have to confirm that friend request? Just to add one more 'person' to your network? Would't it make sense to have 100 friends -that you know and trust well  than 1000 friends -you neither know well nor trust much?

Do you know how others may use what you post?

Imagine that you are on Facebook and you update your status. Most people just breath-out their emotions without double-thinking the implications and consequences. One may claim that "whatever my status update says, I am sharing it with my friends". Unfortunately, a significant number of users on SNWs have friends they don't know at all or have never met in person (Ask yourself "Do I really know all my friends?" I am sure you will find a couple of them you never knew or met at all). Given this situation, a status update like "Going for summer vacation to Miami Beach for 3 weeks from tomorrow" could mean "please go and rob my house before i come back" to one of your friends on Facebook whom you never knew/met but is actually a Burglar. Of course, I am deliberately exaggerating the scenario here as more information is needed to go to your house (like your address), which is not that difficult to find from profile information or prior information you posted somewhere in this small digital world.

So you think everything a friend shares(recommends) is safe?

A friend may, out of good will, share with you a web link to something (news, picture, video) that he stumbled up on or got it from other friends. Imagine a current topic that is likely to catch your (and your friends') attention. The moment you login to your Facebook account, you see a link to a video of that current topic and you can't wait to click on the link and watch the video. Unfortunately, the moment you click the link, a malware  downloads to your computer(phone) and this malware steals your login information (such as your online banking credential).  Just to be specific here, on your Facebook wall, if you end up with something like "OMG! Did you see this picture of you?", "Secret details about XYZ's death!", "I am trapped in Heaven. Please send me money", "Are you brilliant than Albert Einestein? Test your IQ", it is an indication of spam. So, ask yourself "Do I really have to click on this?". If you do, the most likely consequence is that your device is infected with a malware or your account is hijacked to impersonate you and infect your friends the same way. In a different occasion, you may end up with recommendations from a friend to add another friend, invitations to join a group or to like some website. As there are legitimate and honest recommendations and invitations, there are also illegitimate and totally fake ones crafted by cyber-criminals that exploit the prior trust built between you and your friends. This gets terrible especially when the recommending friend is someone who you know little about. In some cases, your friend's account might be compromised and the cyber-criminal may impersonate and share/recommend/invite you on behalf of your friend(s). 

You still think applications or games are benign?

It is a common fact that there are useful and harmless applications on SNWs (e.g., birthday reminders, games, card sending apps). But, what is overlooked by most users and is well exploited by cyber-criminals is the rich set of permissions granted by innocent users to such applications. In most cases, users do not notice the kind of personal details they are giving away when installing such applications. To say the least, giving away your birth date, relationship status, email, phone, and the like will be a gold mine for targeted spam campaigns and identity theft. The risk is not only limited to harvesting private information which could be sold to other cyber-criminals. Often times, the applications are packaged with malware that steals your credentials for email, banks, and other critical online services. Even worse, if a malicious app/game is installed on your mobile phone, it may erase your data or impersonate you. Therefore, the general advice in this context is to keep an open eye on the permissions asked by these applications and to refrain from installing them when too much of your personal detail is asked in exchange.

Do you really separate personal life from professional life?

The people, the content, the rules, and the norms are different by design when you communicate and share with your family(and friends) and colleagues. It is important to cluster your community so that you can customize what you share to the appropriate profile of the community. Or even better, you may have separate accounts (although not that easy when there is an overlap of people from different groups in your network). Needless to mention, you don't want to share with your boss a half-naked and terribly drunk photo of you. Some companies checkout your social network profile before they decide to offer you a position and some have even asked the credentials of job candidates to check their details on SNWs (although this is now protected by law in some countries as it is clearly against privacy).

Do you really control your share-meter?

It is okay to once in a while get wild and share success (excitement) stories of yourself and your company. But, in doing so, if you leak private and/or confidential information that may wet the appetite of cyber-criminals, you obviously are suffering from hyper-sharing syndrome. Some companies have enforced policies on what their employees can share publicly (including on SNWs) of the company. If your company has such policies, get the policies right before you find yourself in a court hearing.