Social media sites such as Facebook, LinkedIn, Twitter and others have become parts of our everyday lives. People announce their engagements on Facebook and network without ever leaving the house. They play games and discuss political arguments right on the "wall" of their personal profile pages. According to a study done by The Nielsen Company back in December 2009, consumers around the world spend an average of 5 hours and 35 minutes during the month on social media sites.
This translates into billions of hours logged onto social networks. With so many people spending so much time on social media sites, these sites have become the most dangerous part of the Internet. Or at least that is what many security bloggers or reporters would have you believe. We read stories about Facebook users being targeted with spam and Social Media as a tool for Phishers and that most breaches now originate from social media. We are also told that we need new methods for combating this problem.
But I ask why? While social media has made it possible to easily connect with and follow the daily actions of your best friend from kindergarten, it has also made us complacent. We assume that because a link was posted by a "friend" that the link must be safe. We assume everyone on Twitter has good intentions and that the information we post online won't be used against us. Of course, none of this is true. But this does not mean we need new technologies or new tactics for keeping our computers and networks safe from malicious content on social networks.
What we need to do is treat social media like email, albeit very public email. Almost everyone with an email address knows not to click on the link sent by a Nigerian prince. They know not to open files that are sent from people you don't know, and they know they should not use 123456 as their email password. People, of course, still do. But at least most people are aware they should not. Yet somehow, when they log onto Facebook all this common sense disappears.
The person who wouldn't dream of opening an attachment in an email from an unknown source is suddenly downloading games off of Facebook. Bill Brenner of CSO wrote some great tips to "Smarten Up" about social network sites. While the tips about not posting when you are going on vacation are unique to social networking, they are also unrelated to network security and focus on personal security.
However, there are some great tips for avoiding a security breach as well so it is worth posting here. When it comes to network security the best way to stay safe is to treat social media sites like they are your email accounts. It is estimated that somewhere between 80-90% of all email messages are spam, and we all know many spam messages can be dangerous. I would argue that many of the postings on social media sites are also spam. How else would you classify a complete itinerary of someone's day, or the lyrics to the song which best describes how sad a person is about a recent breakup?
While this isn't dangerous, it still falls in the bucket of spam. So when you see a message on a social media site about making $500 a week working from home assume it is spam. Even if your "friend" posted it. The threats and tactics aren't new, it is just the medium that is different. So if you continue to use the same common sense you use when opening emails, and the same content filtering you use to block sites with known malicious content, and you'll be fine on social media sites. So long as you don't post the times and dates of your next vacation.