Think Tank on Social Networking

I had a little chuckle to myself when I read the quote from the BCS in the Computer Weekly Security Think Tank on Social Networking.

As a result of the strong human desire to connect, social networking websites have encouraged online behaviour where security and privacy are not always the first priority.

One should note that the author of that quote (Andrea Simmons) has 41 letters after her name, as well as a degree in Philosophy/Music and a diploma in Hypnotherapy and Psychotherapy. Certainly an individual to be respected for her qualifications but her opinion on social networking is a bit far removed from reality. Is there any online consumer activity where security and privacy are the first priority?

If you answered “online shopping”, then I’ll beg to differ. When my wife shops online her first priority is the bargain and her second is to make the purchase and get the goods before I find out about it. At no point in the transaction does she think “hmm, I wonder if my online behaviour means that security and privacy are in danger of being compromised.”

In fact, I made some of the same points that Andrea makes in the rest of her article some time ago. For instance, in this piece, published in Computer Weekly last September, where I commented that “Social networking is changing the way we interact. The catch is that there are presently no rules, and that makes it a dangerous environment.” And then on this very blog, last December, where I posed the question: Why do we feel the need to put so much information about ourselves online anyway?

I think the best comment on the aforementioned Think Tank is that from Danny Dresner of the National Computing Center who says “It is an enticing technology but few of the associated risks are really technology problems” although I disagree when he goes on to say “If it is not your job to update a social networking site, you are stealing from your employer if you do it during working hours.” I’d qualify that by adding: if there is a policy that you shouldn’t. And, anyway, if you don’t want your employees to use social networking sites, block access to them.

Patrick Tarpay from (ISC)2 discusses fair usage, but more importantly from my perspective, makes the comment about evidence of unwanted software making its way into social networking. Here’s the number one reason why we need to be cautious about allowing access to it from the corporate network. It’s going to become a minefield of malware.

I’m sure the debate will go on.

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Can you give an example of where accessing social networks from the corporate network risks it becomes a minefield of malware so that I am better educated on this issue please?
Hi Stuart - my blog states my opinion that social networking sites will pose that risk and there is plenty of documented evidence to suggest that this is going to be the case. For instance, going back to 2006 and The Register ( reported that "Social networking sites are behind a surge in viruses, spyware and other "nasty stuff", according to web security firm ScanSafe's monthly report." MySpace fell victim to well publicised hack as reported at this link, and yet another attack described by Symantec here With Facebook and MySpace platforms open for developers to build their own widgets onto, the hackers and phishers have more opportunity than ever. I think it's a minefield - but I'll gladly be proved wrong.
I entirely admit to being regularly removed from reality - it's the way I keep sane!! In answer to the question "Is there any online consumer activity where security and privacy are the first priority?" presumably when the majority of the public switch gear from their social networking habits and expect that their interactions with government entities should remain so.... - paying your Council Tax bill perhaps?? Or perhaps if you were to respond to one of those entreaties to purchase certain types of medication that might help a certain part of your anatomy - I bet you'd want that transaction to remain secure and private.... :) Hey ho, different perspectives.
Stuart, Complacency in personal security on Web2 is a fascinating subject as work / life identities fuse and personal association and commentary can (albeit implicitly) become linked to a professional presence. In an article "Addressing the Social Engineering Foe" I recently discussed the challenges facing businesses in terms of personnel training, security awareness, policies and their enforcement as well as using web intelligence tools to filter ‘chatter’. In a separate article "Digital Litter and the Prediction of the Web Reformation" I explore some of the pitfalls of Web2 detritus, particularly when indexed and out of control of the originator.
That's an interesting and thought provoking article Steve, and I concur with your suggested areas for consideration. I don't think you're being at all alarmist: bottom line is that the old rules of business should still apply - however, I'm seeing lots of work being done without there being any planning or risk assessment. Dipping ones toe in the ocean to see if it's cold is one thing, but putting ones hand into a pot of boiling water to test the temperature is another....