I had a little chuckle to myself when I read the quote from the BCS in the Computer Weekly Security Think Tank on Social Networking.
As a result of the strong human desire to connect, social networking websites have encouraged online behaviour where security and privacy are not always the first priority.
One should note that the author of that quote (Andrea Simmons) has 41 letters after her name, as well as a degree in Philosophy/Music and a diploma in Hypnotherapy and Psychotherapy. Certainly an individual to be respected for her qualifications but her opinion on social networking is a bit far removed from reality. Is there any online consumer activity where security and privacy are the first priority?
If you answered “online shopping”, then I’ll beg to differ. When my wife shops online her first priority is the bargain and her second is to make the purchase and get the goods before I find out about it. At no point in the transaction does she think “hmm, I wonder if my online behaviour means that security and privacy are in danger of being compromised.”
In fact, I made some of the same points that Andrea makes in the rest of her article some time ago. For instance, in this piece, published in Computer Weekly last September, where I commented that “Social networking is changing the way we interact. The catch is that there are presently no rules, and that makes it a dangerous environment.” And then on this very blog, last December, where I posed the question: Why do we feel the need to put so much information about ourselves online anyway?
I think the best comment on the aforementioned Think Tank is that from Danny Dresner of the National Computing Center who says “It is an enticing technology but few of the associated risks are really technology problems” although I disagree when he goes on to say “If it is not your job to update a social networking site, you are stealing from your employer if you do it during working hours.” I’d qualify that by adding: if there is a policy that you shouldn’t. And, anyway, if you don’t want your employees to use social networking sites, block access to them.
Patrick Tarpay from (ISC)2 discusses fair usage, but more importantly from my perspective, makes the comment about evidence of unwanted software making its way into social networking. Here’s the number one reason why we need to be cautious about allowing access to it from the corporate network. It’s going to become a minefield of malware.
I’m sure the debate will go on.