Social networking: would you shout your details in the street?

Do we really care what bands you like? Or what the name of your dog is? Well evidently yes, this is demonstrated by the enormous popularity andinterest generated by social networking sites. But by being a user, are you not providing potential attackers with a virtual Post-it note to your information, and ultimately your identity, writes Raj Samani, vice-president of communications at theISSA UK Chapter.

The risks in the use of these sites affect not only individuals, but also the organisations they work in. A survey by the National Cyber Security Alliance (NCSA) demonstrated the lack of due care users' display when using such sites. For example, almost 33% of adults who use social networking sites admitted to responding to potentially fraudulent e-mails.

With the plethora of information available on profiles, creating targeted e-mails to individuals has become easier. The same survey found that 83% of respondents downloaded unknown files from other people's profiles.

These examples clearly demonstrate the risk to the individual user, but such practices also have the potential to introduce malicious code into the enterprise. In addition, many popular social networking sites have reported significant vulnerabilities capable, in many cases, of hijacking the user's PC.

Of course, the danger of giving too much information away on social networking sites is of significant concern. Even information that seems innocuous, such as date of birth and postcode can be used for nefarious motives. How many times is this sort of information used as a challenge when speaking to a call centre operative to prove your identity?

This is a serious concern, considering that identity theft is the fastest growth of fraud today, costing the UK an estimated £1.7bn every year.

Implementing policies and procedures that define the boundaries to social networking sites is the first step, but with any policy this must be communicated and, more importantly, enforced. Scouring sites for keywords that include the organisation's name to ensure that the policy is not being breached is an equally essential approach.

All users, whether working within the boundaries of the enterprise, or on their personal computers from home should be in no doubt that while social networking can bring many benefits, there are serious security implications when not exercising caution.

After all, would you stand in the street and shout out your biography, about your family, and where you work? Of course you wouldn't, but this is exactly what people are doing on such sites, which allow people to broadcast the full "circle of life", ranging from ancestry, virtual worlds, education and your career, to anyone with a web browser.