Social networks, mobile devices threaten company data
A report published today by a European security agency warns that social networking on mobile devices poses a security threat to corporate data.
Those few moments of using Facebook on your mobile phone could pose a security risk according to a recent report released by the European Network and Information Security Agency. In “Online as soon as it happens,” ENISA claims that social networking sites are poised to become a breeding ground for malware on mobile phones.
ENISA states that there are no current threats but the growing connection between social networks make mobile devices an ideal platform for distributing viruses. A virus could spread when a user clicks a link posted to a profile by a trusted contact, unaware that his or her friend’s account may have been compromised. The link could point to a malicious site which would then compromise data stored on the phone, such as contacts, call logs, email messages, software, and more.
Security can also become an issue based on regular user activity. Aside from the corporate leaks that can occur from over-sharing on social networks, GPS data and stored communications on a phone can become a major problem if a device is lost, stolen, or infected.
Companies must stress the importance of securing data on social networks and mobile devices, according to ENISA. Here are a few important lessons to take from ENISA’s report, available to read in full here.
- Temper social networking – Don’t put information in your profile that is sensitive, false, or includes too many details that can reveal private information (or lead to someone gaining enough data to retrieve your password). Also be careful which friend requests and connections you accept; verify that people contacting you are not impostors or fake accounts fishing for data.
- Be watchful – Do not click on suspicious links posted on social networks or sent to you in emails. These links often are vague messages like, “LOL…is this you in this video?” or “Look at this crazy thing that happened to me earlier today.” If your device contains sensitive information, be careful what content you access.
- Separate work from home – ENISA encourages social networkers to use a pseudonym rather than their real name. If you have a Twitter account that is for personal use, register a nickname that doesn’t reveal your real name or ties to your company. This could decrease the likelihood of you becoming a target. Also avoid registering social networking accounts with your work-related email. If at all possible, separate work contacts from personal contacts.
- Protect yourself from lost or stolen items – Do not save passwords in your mobile phone. It may take longer to constantly enter the password, but it can at least protect your account in the event of the device being lost or stolen. Your company may also want to consider installing software that can remotely wipe information if that happens. Also take advantage of password and keypad locks installed on the phone.
Case in point using a Blackberry on Facebook, once one accepts the terms of agreement Facebook will read and upload the Contacts folder. Then Facebook will look for those who may be on Facebook and those who are not. This information then resides on their servers. All of a sudden, Facebook has my client list, not a chance in hades, encrypted files or not.
According to a new Canadian law they are not permitted to keep data once erased from the user account. Nor are they supposed to keep user data if that user closes the account. Call me cynical but.
Do I trust any application that is so overtly invasive, not a chance? Further more any employee found with social networking on their phone (company phone) will have it confiscated, investigated, wiped and if need be fired. We are very clear on this before hiring someone, so far so good.