It is not news that Facebook, the behemoth of social networking, isless than aggressive about protecting the personal privacy of its900 million users. But even relatively savvy users may not be awareof how much of their information is collected, how it is used andhow little control they may have over it. And with millions of workers now using social networking in theirprofessional as well as personal lives, those privacy risks extendin a very big way to the enterprise. Consumer Reports , which released its annual report on Internet privacy and security last week, devotes an entire section to "Facebook and yourprivacy." Its findings may not surprise most CISOs, but will likelybe unsettling all the same. |
More than 150 million Americans use the site, with that numberincreasing daily. And in exchange for helping people do things likestay in touch with family and friends, find old classmates, sharephotos, organize around interests and causes, promote theirbusinesses and learn about the tour schedule of their favoriteband, Facebook collects and distributes vast amounts of sensitivepersonal information. It is one very prominent example of Big Data. [See also: 4 tips for Facebook from security and privacy experts ] CR notes Facebook CEO Mark Zuckerberg's claim in a blog post last November that, "We do privacy access checks literally tens of billions oftimes each day to ensure we're enforcing that only the people youwant see your content." But CR does a reality check on the claim: "Facebook gets a report everytime you visit a site with a Facebook 'Like' button, even if younever click the button, are not a Facebook user, or are not loggedin." "Even if you have restricted your information to be seen by friendsonly, a friend who is using a Facebook app could allow your data tobe transferred to a third party without your knowledge," CR writes. That information includes visits to pages about health conditionsor treatments, which would interest insurers; announcements aboutattending an event, which would interest burglars; and informationabout sexual, religious and racial/ethnic affiliations, intimaterelationships and even drug use, which would interest potentialemployers.
ITWorld 's Dan Tynan reported last week on how many of the more than 500,000 games, puzzles and quizzes onFacebook exist mainly for the purpose of, "sucking data out of youraccount." Some of those apps violate Facebook policies, but Tynan notes thatthe enforcement of those policies can be lax, at best. And whilethere is now a Chrome plug-in called Privacy Score from Privacy Choice that rates how each app treats your data, that score is largelybased on the policies published by the apps and tracking companies,which can also have credibility problems. Rebecca Herold, an attorney, professor and consultant known as the"Privacy Professor," said the worst part of all this is that"Facebook changes their privacy settings and sharing algorithms sooften that it is hard for even privacy pros to keep up." "If you've allowed someone access to your data, there is nothing tostop them from copying and sharing it elsewhere -- there are waysin which their settings will override your settings," Herold said."Every person should post only information that they would not mindthe entire world seeing." Still, the connections Facebook brings to people also bringirresistible benefits to commerce. Those benefits -- such as 18million people "liking" a brand's page after learning their friendshad done so -- make it practically mandatory for enterprises to beon Facebook if they want to compete.
And security experts say it is useless to try to prevent employeesfrom being on Facebook anyway. Chester Wisniewski, asenior securityadviser at the security vendor Sophos, said public social networkslike Facebook are "not a good choice for online collaboration, asyou have no guarantees of privacy or how sensitive information willbe handled." But, he says if a company tries to block Facebook, Twitter or othersites, "employees will simply grab their iPhone, Android etc. anddo what they wish, where you don't have any oversight." [Joan Goodchild goes in-depth: Facebook may be scary, but we love it anyway ] So, is it possible for an enterprise to exploit the advantageswithout being damaged by the risks? No public site can be made airtight. But Wisniewski says it ispossible to minimize risks, by "educating employees on appropriateuse of social media and allowing it on your network where you havesome ability to monitor if sensitive company information is beingshared inappropriately." Herold agrees, saying that "with millions of apps being used by thepublic to stay in touch with companies, completely cutting offaccess is simply not an option." Given that reality, she said, "More companies are allowing certaingroups of workers, or all workers, access with mitigating controls-- tools such as data leak protection (DLP), encryption, heuristicmalware detection, intruder prevention and detection tools." But even that, Herold said, cannot address "the problematic andcomplex architecture within which Facebook is created and sharesdata.
Technology alone will not work." ' So companies needto update their information security and privacy policies to coversocial media, she said. Rafal Los, chief security evangelist at HP software worldwide,said: "Enterprises can reduce risks with a combination oftraditional security to combat known threats with an enterprisesecurity intelligence platform which integrates advancedcorrelation, deep application analysis and network-level defensemechanisms to detect malicious activities, misuse and accidentaldisclosure through the use of social media." Herold says she did a social networking privacy and securitytraining class to a large hospital system in January where shecovered the actions individuals should take when using the sites,to protect information. "By including how individuals are personally affected, and not justfocusing on the organization, those taking the training were ableto see why taking security and privacy steps online is important,"she said. Read more about social networking security in CSOonline's Social Networking Security section.
I am an expert from protectivephonecovers.com, while we provides the quality product, such as HTC Protective Case , Apple iPhone4 Bumper, iPhone 4 Protective Cases,and more.
Related Articles -
HTC Protective Case, Apple iPhone4 Bumper,