The explosive growth of social networks like Facebook, Twitter, LinkedIn and YouTube continued in 2011, and with it comes malware, spam and the continuing erosion in privacy. Employers are beginning to rethink bans and relax restrictions on employee access to social networks. And social media is now an integral part of the communication strategy for most corporations, leaving them susceptible to brand-damaging attacks from hacktivists and other cybercriminals.
Relaxed restrictions and risk to brands
Social networking’s growth has driven many companies to adopt social media strategies for marketing and corporate communications. Companies have Facebook pages, LinkedIn and YouTube profiles and Twitter accounts.
Companies are seeing the potential to tap new prospects via social networking, even in the highly regulated financial services industry. In a survey by Socialware, 84% of financial advisers said they use social networks for business purposes, up from 60% in 2010. The public sector, too, is lifting restrictions on access to social media. According to a Market Connections poll of federal, state and local government employees, just 19% said their agencies ban some or all social media websites, down from 55% in 2010.
But social networking accounts can be hacked. In 2011, hackers compromised Microsoft’s YouTube channel, defaced Pfizer’s Facebook page, and replaced the content on Sesame Street's YouTube channel with hardcore pornographic movies.
Hackers also took over the Twitter accounts of both USA Today and NBC News. In the NBC case, the hackers sent out fake tweets about an attack on Ground Zero on the anniversary weekend of 9/11. It appears that a spyware Trojan could have compromised the computer of NBC News’ director of social media to steal passwords.
Sloppy password security is one reason brands are susceptible to hacking on social networks. Social networks themselves also need to be built with businesses in mind and offer a higher level of security for accounts which represent brand names. We’re seeing some of these features in the Google Plus social network, which Google introduced in 2011. The network gained 25 million global unique visitors in less than a month, faster than any other social network in history.
The erosion of privacy policies
People and businesses frequently share too much information and aren’t doing enough to protect their accounts. It’s important to remember that social networking sites like Facebook are in business to support advertising. This means they’re more concerned with increasing users than putting sensible security defaults in place.
In 2011, Sophos published an open letter to Facebook. It includes three steps we believe Facebook should take to better protect its users, including privacy by default, vetting of app developers and HTTPS for everything.