Cybersecurity Challenges in Social Media Erdal Ozkaya
Yüklə 1,17 Mb. Pdf görüntüsü
|
| 4.5
Proposed framework The threats in social media are many; the targets are weak and their vulnerabilities are many. This means that a lot needs to be done if all targets are to be secured from the risks they face. It is not an overnight transformation, but with time, measures can be put to secure humans from social media threats (Parker, 2002). This section discusses a framework that can be used to develop social media security for the benefit of individuals and the organizations they work for. i. Development of organizational social media security policy – Some organizations operate without a defined security policy applicable to social media platforms. They only concern themselves with threats and risks present on their ERP systems and forget about social media. This brings about a breeding ground for threats and risks that users are hardly aware of and the organization is ignorant about (Endicott- Popovsky, and Lockwood, 2006). Therefore, the step of the framework 69 is the creation of a practical social media security policy. Among other things, this policy should govern how social media is used in the organization. The policy must touch on security aspects such as password requirements and the information that one can give out on their profiles. ii. Creation of a multi-dimensional risk-based approach – Social media threats are to be taken with the same seriousness as other risks and threats to organizational systems. The threats target lack of information, lack of awareness, poor implementation of policies, and poor security concerns (Kerkstra, 2005). Therefore, organizations should take a risk-based approach when addressing social media threats. On other systems, infrastructure-based approach works best since everything is owned by the organization. However, social media networks are not owned by the organization and the information that users share is also theirs (Peltier, 2006). Therefore, the best way to boost security is by first informing the users about the risks they face and then giving them solutions to these risks. If this is not done, another approach will simply lead to rebellion from the users. iii. Network visibility – Other than asking users to give out some sensitive information, attackers mince out this type of information from users through malicious links leading to cloned or malicious websites. Therefore, organizations need to monitor the network activity of computers connected to social media sites (Gan and Jenkins, 2015). Hence, when a user clicks on a link to a malicious site, security systems will detect this and report it. Even if the systems do not detect 70 the malicious site, it will be easy to identify the sites that a user visited when a security incident happens, such as a malware attacking a workstation. Since users accessing social media from their workstations put the entire organization at risk, should they click on malicious links, all computers should have tools to prevent data loss, detect malware, and filter web content. iv. Classification of sensitive data – When coming up with the security policy mentioned in (i) above, it is good to classify the sensitivity of data. Not all data shared on social media is a security threat; some of it presents no risk to the organization or the individual user (Sisk, 2008). Therefore, an organization should classify the sensitivity of different types of data that users might share on social media. For example, giving out the roles that one play on social media might be a security concern. An attacker can easily use this information to plan an attack on the organization. On the other hand, posting a picture of a puppy is totally harmless. It might not be easy for novice users to determine the sensitivity of the data that they may share on social media and therefore, the social media security policy should do this for them. v. Protection of endpoints – As mentioned in (iii) above, when employees visit social media sites while in the workplace and also on their workstations, they inherently put the organization devices at risk. Therefore, if they were to click on a malicious link thus landing on malicious sites that infect the browser they are using, it is the organizational data that would be stolen. Sensitive login credentials to the organizational systems that would have been stored on the browser 71 would all be stolen by the hackers. Such type of data is expensive and can be used to tear apart the organization by the hackers (Sayers, 2005). Therefore, it is paramount that endpoints in an organization be secured. There are many endpoint security solutions that can offer protection from malware and others that come with an endpoint firewall. Therefore, if the worst happens, the organizational data on the browsers will at least be secure. vi. Educating employees – Last in this framework is the greatest tool that is effective against social media threats, educating users (Albrecht et al., 2011). Users fall victim simply because they are not aware of the risks they face. A user who does not know the existence of the Nigerian prince scam, for example, will give a listening ear to hackers that present their story to him or her. Similarly, a user who does not know the risks of clicking on links sent via social media is also not going to hesitate to click on them. Therefore, employees must be educated on how to detect scams on social media. They must be made aware of some of the scams that have been happening on social media. They must also be told the risks that they put organizational computers in when they open social media platforms and do prohibited actions, such as clicking on shortened links. Yüklə 1,17 Mb. Dostları ilə paylaş:
|