Cybersecurity Challenges in Social Media Erdal Ozkaya
Yüklə 1,17 Mb. Pdf görüntüsü
|
| 4.3
Reviewing existing security policies Quite a number of organizations have some security policies that are supposed to govern social media use. However, these policies are either weak, are not being followed, or do not encompass the threats that social media use introduces to the organization. Social media cannot be simply banned because the same organizations have marketing departments that utilize these platforms. Even though some organizations have resulted to a total ban of traffic headed to social media sites, others have simply been using some policies to control the use and promote the security of the organization. The following are some of the existing security policies in organizations: a) Social media hours – To prevent the overuse of social media platforms, some organizations have gone ahead to define the times within which users can or cannot use social media. The objective of reducing the time spent on social media while on the premises of an organization is aimed more at productivity than security. Due to the addictive nature of social media, if workers spend four hours each day in a 40-hour week, their productivity will have reduced by half. The security perspective of this policy is that if users have less time on social media while in the organization, they might be less tempted to post sensitive details about the organization. It is just a demotivation and nothing more. 61 b) Posts about an organization – There are organizations that restrict their users from posting any details about their roles or current undertakings on social media. This is a very effective policy when it comes to safeguarding the security of an organization. The reason why hackers have an easy time isolating their targets is because employees define the roles they play or the departments they work in on social media platforms. For example, if a user posts a picture in the accounting office complaining of how keeping accounts is tiring, a hacker might pick up this information. The hacker may then prepare an attack against this user. It, therefore, makes sense if an organization prohibits users from sharing on social media the intrinsic details about the functions they play in the organization. c) Authentication – Some organizations have taken upon themselves the burden of ensuring that their employees secure their individual social media accounts as well as those of the organization. Therefore, they have extended some authentication policies applied on organizational systems to the users. It is hard for the organization to enforce these obviously because they do not control the social media platforms and thus do not have the powers to tell who is obeying these policies and who is not. One of the authentication policies that organizations have been recommending their users to follow is that of multi-factor authentication. d) Two-factor authentication or multi-factor authentication - This is a secure login feature that ensures that a user has to authenticate himself or herself in at least two ways so as to log into a system. This means that simply knowing the account password is inadequate to get access to one's account. It is necessary for the person trying to log in to have another factor such as being in 62 possession of a mobile phone number or biometrics of the registrant of the account. Most, if not all, of the social media platforms, have an option for users to turn on two-factor authentication. This feature, however, comes deactivated by default. e) Password characteristics – Policies touching on password characteristics tend to get into the nerves of many users as they prohibit them from using their usual, easy-to-remember passwords. Since hackers know how to profile passwords that users may use, it is important for the users to avoid creating passwords with information that is easy to guess. A common password choice of employees is that of their birthdays, spouse's birthdays, pet names, a combination of one of their names and birth year, and so on. These are very insecure passwords, and there are many tools that can give hackers most of these combinations based on the known information about a user. With this in mind, organizations are encouraging users to adopt complex password character combinations. Password reuse is yet another problem facing users, whereby the same password used for emails is used on ten or so other platforms. If a hacker is able to find out the password for one of these platforms, then he inherently knows the passwords for many other platforms used by the same user. Organizations are therefore encouraging users to use different passwords for both their social media accounts and also for organizational accounts. f) Password age – Due to the increasing threat of theft of the login credentials stored on web browsers, organizations are urging their users to regularly change their passwords. There are many threats lurking around the Internet, and they have the capability to either steal the stored logins or implant 63 themselves onto browsers and continually send back the sensitive information they collect on a browser to hackers. The common 90-day password expiry period is, therefore, being extended to users on social media. When the password is regularly changed, the login credentials stolen by hackers becomes unusable. However, it is not irrelevant since hackers may use it to profile the passwords that a user creates and uses. g) Privacy settings – Social media platforms give users a number of privacy settings that they can use to make their accounts a bit more secure. However, many users are not keen enough to stay updated with the privacy settings at their disposal. Most platforms will keep on introducing new security settings to respond to the increasing number of threats. Therefore, if well used, these settings can help one eliminate some privacy and security concerns that linger on social media. There are settings that can limit the people that can see one’s posts. It is however not surprising that many users have left this setting at public meaning that just anyone on the Internet can see their posts. There are other posts that users can use to limit the people that can message them on some social media. There are many other helpful settings that users do not know or simply do not take time to view. Some organizations are therefore educating their users on the settings available for the social media platforms commonly used by employees. h) Restrictions on connections – Connections, which are mostly identified as friends or followers on social media, can be a burden for users. They may turn out to be liabilities for one’s personal and professional life. The number of connections that one has can directly impact his or her security on social media. There are simply too many malicious people on the Internet sending 64 friend requests, connection requests, or following other people just to keep tabs on them and harvest the sensitive information that one may reveal. There are others that simply establish these connections with users to be able to share malicious links or messages. It, therefore, makes total sense in a security perspective for one to either block, unfollow, or unfriend users that one is not familiar with. Organizations, therefore, put in place policies to help users curate their connections. Also, some organizations advise their users not to accept connection requests from random strangers on the Internet. It is hard to tell between a hacker and a genuine user on the Internet and therefore the best way to handle this issue is to be vigil with the type of information that one shares on the Internet. Yüklə 1,17 Mb. Dostları ilə paylaş:
|