Think before you link. A look at social media and infosec

Once upon a time, a state agency wanted a more nimble way to communicate with the citizens of its fair land. The agency believed that directly engaging in dialog and discourse would help them meet citizens’ needs. A blog, they thought, would facilitate that goal.

But the Knights of the kingdom were cautious. They understood what strong tools blogs were. They used them frequently. They also knew that blogs could lead to invasion. An evil-doer, or perhaps just a careless soul, could infect their own computer, the computers in the castle, or even the computers across the land, by linking to malware, viruses or worms. A compromise must be found, they thought…

All kidding aside, there are real security challenges presented by social media use. Social media encourages real time conversation; it also creates real time social media threats. Social media has been connected to several security breaches around the world. Hyperlinked text in blog comments, shortened links on Twitter and worms embedded in Facebook images all create security risks.

Additionally, unlike email, which we host and monitor in-house, most social media tools are hosted by third parties. We get very little insight into their security practices and systems.

There have been many different responses to the information security threats posed by social media. We believe it is crucial to undertake some strategic steps to help mitigate these risks. Taking these steps helps us fulfill our very real responsibility for protecting computer systems both inside and outside our firewall.

Here are a few tips and resources to help reduce the likelihood of social media security threats:

  • Expanded links: Expanded links are those where you can see the website domain. For example, www.mass.gov/socialmedia is an expanded link. But sometimes even if you can see the domain, you may not know what is on the page you are linking to. To help you figure out whether a link connects to a virus, malware or other threat, please use these expanded link scanning tools.
  • Shortened links: Sure, those shortened links save space in Twitter. Bit.ly, tinyurl, ow.ly, is.gd. They are everywhere. But, they present an additional security risk because they hide destination URLs. To confuse matters even more, the link checking tools mentioned above only check the service that does the shortening, not the shortened link itself. To get around this problem, please use one of these shortened link scanners.
  • Think before you click: Just as with email, it is important to think before you click. We like to believe that everyone who engages in social media is interested in sharing valuable, helpful content. But, current statistics demonstrate that spammers, scammers and phishers are using social media to gain access to your valuable private information. Follow these cyber-security tips when using social media to help protect your online experience. And be sure to follow our Enterprise Security Office on Twitter!

We would love to hear your thoughts about how to balance security challenges with the openness of social media. Let us know!

Leave a Comment

Leave a comment

Leave a Reply