Government // Enterprise Architecture
News
5/18/2012
03:23 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Oh, Facebook, Why Can't I Quit You?

Facebook sells your addiction to advertisers, hoping to make a buck off your personal information. Will you wake up in time to kick the habit, or do you "like" the security risks of blurring the line between personal and professional?

Apps present another security risk. "Both [tracking and apps] are big concerns. But I'd have to say that the app gap is a big problem," said Rebecca Jeschke, a PR rep from Electronic Frontier Foundation. "You shouldn't have to share your info with your friend's applications because you want to use just one application."

Facebook apps present other possible security problems. We've already seen issues with apps such as Path gaining access to contact data on phones. A similar thing could happen with poorly coded Facebook apps and malware. Apps can give hackers access to information they normally wouldn't have and act as windows into other websites. You never know who is writing an app. Some apps are written by big companies. Others are written by a random guy in his bedroom. Granting an app access to your friend list, gender, or info could compromise your privacy and even your company's secrets. "There have been multiple vectors, scams, malware, clickjacking scams, based on Facebook apps that were either written poorly or written to be intentionally malicious," Soltani said.

Then you have social engineering, which is designed to trick users into giving information so the hacker can gain access to Facebook. "The attacker knows information about the victim that they're able to exploit for a variety of purposes, including identify theft, revealing personal info, and attacks on password reset dialogues," Soltani said.

Think about it. If a hacker knows your hometown, favorite pet, or high school best friend, it allows him access to something he wouldn't normally have access to without that information. A number of celebrities had their email accounts accessed after an attacker used data that was classified as publicly available to guess their password reset secrets. Remember when Sarah Palin's email was hacked? "As we post more on social networks, we also reveal information that may be used in a way we didn't anticipate, including guessing our passwords," Soltani said.

Living your life out in public can not only give hackers too much information that compromise your privacy, but it can give your employers a window into your private life. An employer can tell if you are at home or at work by looking at what you are posting on Facebook--especially if you are surfing while on the company network. What's more, Facebook itself could track your whereabouts. "Facebook knows when you go to work and go home, which would be an interesting privacy leak," said Jeremiah Grossman, CTO at WhiteHat Security. Employees who use Facebook apps at work put their companies at additional risk, he added. "A work compromise might lead to intellectual property loss, fraud, and account compromise."

It's easy to understand what is private in real life. You wouldn't say out loud anything you didn't want your co-workers to hear. But many people are not as cautious online. Online communities like Facebook can also present unusual problems for a company when employees mix work with personal. Jules Polonetsky, director of the Future of Privacy, said every responsible company needs to have a social media policy. For instance, a salesperson might connect with prospects on Facebook and then gets fired. The employer does not have access to that person's personal Facebook page, thus does not have a record of the contacts made. In another scenario, an employee might check in at a client's headquarters, forgetting that he is sharing his location. Competitors can look at his check-in and see what client he is talking to.

"There are a range of ways employees need to understand and need to manage their social media. People often merge professional with personal. There needs to be a more rigid separation to ensure lines between personal and company data [are kept separate]," Polonetsky said.

In the meantime, Facebook stands to benefit ever more prosperously from our indiscretions. Sean Gourley, co-founder of Quid, a data analysis and consulting firm, thinks about the power of algorithms and how it's being used to manipulate people into consuming more. "A billion people are competing with each other and sharing more info. That's the world that we got, the world Mark Zuckerberg created--a platform that can collect as much information out of us, using addictive game mechanics and using algorithms to sell you stuff. The more you share, the more you project, and the more money Facebook makes--and the richer Zuckerberg becomes. Slowly we will wake up to this" he said.

So the next time you feel the urge to make your life look better by updating your Facebook page, think about the possible professional risks of posting, the security risks to your company, and the algorithms that are used to sell you stuff you didn't even know you needed.

Now that's the heart of consumerism. How do you "like" that?

Previous
2 of 2
Next
Comment  | 
Print  | 
More Insights
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - August 27, 2014
Who wins in cloud price wars? Short answer: not IT. Enterprises don't want bare-bones IaaS. Providers must focus on support, not undercutting rivals.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Howard Marks talks about steps to take in choosing the right cloud storage solutions for your IT problems
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.