Gartner’s at-a-glance guide to social networking risks

Gartner research director Andrew Walls sets out the security risks in using social networks.

Gartner research director Andrew Walls sets out the security risks in using social networks.

Risks to the individual

Most social networking sites incorporate a personal profile as the fundamental expression of a person's or organisation's presence. Profiles typically include personal data such as name, gender, location, employer, photographs, names of friends, personal interests and affiliations. Exposure of personal data in a public forum can enable identity fraud and personal attacks. These risks manifest within a social network as fraudulent profile pages and messages, defamation, and theft of artwork or intellectual property.

Risks to the corporation

Organisations that maintain a profile in a social network can expose internal or proprietary information to the public. Because it is usually protected with only a user ID and password, the corporate profile page also can become an object for attack.

As with individuals, corporations may also be subject to defamation and identity fraud, which can lead to serious damage to the corporate image and reputation. Corporations that produce software or that advertise within a social network are exposed to risks associated with faulty code, Trojan-infected malware masquerading as corporate content and abuses of advertising content.

Risks to infrastructure

Multiple worms and viruses have been introduced to various social network environments. Content distribution within a social network parallels peer-to-peer environments and can support rapid distribution of malware embedded in applications and graphics.

The risk presented to infrastructure is exacerbated by the integration of mobile devices (for example, phones and PDAs) into social network environments through SMS, Multimedia Messaging Services, mobile browsers and other mechanisms that enable exchange of rich-media content as well as text messages. Because social networks are hosted externally by relatively new companies, there are inherent risks to mission-critical applications if the site is attacked or is otherwise rendered unavailable.

Risks to intellectual property

Distribution of copyrighted media content within a social network is difficult to oversee, and corporations struggle to enforce copyright and distribution controls. Legal frameworks for management of intellectual property within social network environments are still developing, and the internal rules for each social network vary in the level of protection provided to content uploaded to the social network.

Read more expert advice from the Computer Weekly Security Think Tank >>

Read more on IT risk management