Thursday, September 24, 2009

Why social networks can jeopardize the security of companies

You or someone within your company participate in social networks and access through the IT infrastructure work? Do you feel safe with this kind of access? If you said no, know that you're not alone.

According to research by security company Sophos, disclosed in early May, 63% of corporations in the world are afraid that communities bring Web 2.0 security risks to corporate infrastructure.

Nevertheless, most companies allow full access to collaborative tools. The analysis shows that 43% of them give the possibility to use Facebook, 50% of Twitter, MySpace 49% and 52% of LinkedIn.

For the vice president for Latin America and the Caribbean security firm Kaspersky, Alejandro Stetson, users rely on others to see the content on those networks and do not take basic precautions. "Even in more specific communities such as LinkedIn, attention should be redoubled. The professional information technology have every reason to worry about access to this type of site, "he said.

Threats can come from many different sources, from general attacks, with links to malicious code, by actions more targeted, aimed at achieving certain companies. It is important to bear in mind that criminals are increasingly sophisticated and specialized in deceiving officials with messages that seem harmless and even through social engineering.

Another example of the evils that networks can bring is Twitter. The tool has undergone a situation that exposed all of their risk. A hacker exploited a vulnerability in the tool to run an application in Java Script infecting the computer and the profile of those who accessed. "With this, the User was exposed to browser hijacking, malware can receive and therefore put the enterprise at great risk," says Gabriel Menegatti, chief technology officer at security firm F-Secure.

Given that, the technology department can have two attitudes: to block access to the tools or means used to protect the infrastructure of the company to promote awareness and constant monitoring of the network. In environments where social networks are important for the work, the lock is not an option. It remains to follow strict best practices of corporate security and implement a culture among the users.

For Roger Denny, a specialist in enterprise security area Safenet, you can not do without a good management of antivirus, firewall and other solutions to prevent entry of malware in the enterprise. "What should be done more consistently and that few companies do is a daily process of vulnerability assessment and risk and how these elements can affect the infrastructure of the corporation," he said.

To disseminate the culture of safety is something a little more complex, since it does not depend on technical and educational rather constant. According to Marcos Prado, channel manager for Websense, the best way to start is not necessarily talking about technical risks, but spreading the safest ways to transmit information. "The approach to security Companies are increasingly less focused on details of infrastructure and more focused on proper treatment of information," attests.