Why Should the CSO Care About an Employee’s Personal Social Media Account?

Thank you to Tom for allowing me to participate with social media security dot com. The guys in this community have been great resources in helping me to spread the word on the insecurities with social media. This year, I have been reaching beyond the security space, speaking to many social media clubs, podcampers and O’Reilly conferences only to realize something disheartening. Not enough people hear or are listening to us! I am going to start posting some real experiences to help with the questions of “why should I care about social media security?”

This week at Podcampnashville I was able to demo firesheep and in 3 mins and 48 secs, 64 accounts were in my sidebar waiting for me to double click. After the demo I had some great questions and just like that the session was over.  Later a young lady came to me and admitted she was 1 of the 64 in the sidebar. She asked me to show her what I “could” of done with her account. She was not really impressed or scared that I could of updated the profile, chat with friends or add creepy users.  Then fear came very quickly when I changed from the user account to the PAGES she had admin rights.

She is in charge of the facebook pages of 12 major medical practices in the area. I have to be honest she rocked at maintaining these pages. Impressed by her work, I asked how long she had into these pages and followers. Time was in the 1000’s of hours and also in the $100,000 range of billable time.  My final question to her was…what would she do if all of this time and money came crashing down by some idiot at a camp running a free Moz Plug-in. She said she would hunt them down. She was kidding of course but I was a little scared to be honest. We went over some settings and she is now going to help spread the word. 1 out of 64 down.

Facebook Pages security is basically in the hands of the personal accounts of the admins.  This is one reason why the CSO should care…

Things that make you go HMMMM? <- point to head -Arsenio Hall
Facebook terms and conditions state that you have to have a personal Facebook account to administrate your company page. Facebook company pages allow multiple users to have access to share content.  Are you monitoring or making sure the people with access is meeting your company security standards? If an employee has left, is Facebook Page access part of the account removal process?

Social Media Security Podcast 23 – Recent Changes to Facebook, Enterprise Social Media Tools, Spokeo

This is the 23rd episode of the Social Media Security Podcast recorded February 25th, 2011.  This episode was hosted by Tom Eston and Scott Wright. Below are the show notes, links to articles and news mentioned in the podcast:

Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below.  You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode.  You can also subscribe to the podcast in iTunes and follow us on Twitter.  Thanks for listening!

Social Media Security Podcast 22 – Skype Email, Taxonomy of Socnet Data, Facebook Graph API

This is the 22nd episode of the Social Media Security Podcast recorded January 21, 2011.  This episode was hosted by Tom Eston and Scott Wright. Below are the show notes, links to articles and news mentioned in the podcast:

  • Skype credit email as an apology – a new trend we can expect in 2011 from good guys and bad guys.  Screen shot mentioned in the podcast.
    Scott’s note: I searched for posts about this email before clicking on it, and it was actually legitimate. However, this would be a very compelling phishing attack for any organization that recently suffered a PR setback. Any time you get an unexpected email, even if it looks like the circumstances make sense, you need to check on its authenticity. And any organization issuing such an Email should also post an announcement of the campaign on their home page, and issue a press release to make it easy for people to verify the legitimacy of the email.
  • Bruce Schneier’s taxonomy of social network personal data
  • Facebook now tells you about people you know who have found friends using their Friend Finder
    Scott’s note: I always tell people never to enter their email address and password on sites that aren’t their email service. You don’t know what they will do with your password, or if it might be captured. It also exposes your friends to potentially unwanted email messages – e.g. spam.
  • Facebook Lets Developers Ask a User for Their Address, Phone Number in the Graph API
  • Twitter Worm Pushing Rogue Antivirus Scam

Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below.  You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode.  You can also subscribe to the podcast in iTunes and follow us on Twitter.  Thanks for listening!

Social Media Security Podcast 21 – Facebook Trolls, Cookie Monster, Gawker Breach

This is the 20th episode of the Social Media Security Podcast recorded December 17th 2010.  This episode was hosted by Tom Eston and Scott Wright. Below are the show notes, links to articles and news mentioned in the podcast:

Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below.  You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode.  You can also subscribe to the podcast in iTunes and follow us on Twitter.  Thanks for listening!

Social Media Security Podcast 20 – FireSheep, Privacy in the US, What NOT To Post On Facebook

This is the 20th episode of the Social Media Security Podcast recorded November 5th 2010.  This episode was hosted by Tom Eston and Scott Wright. Below are the show notes, links to articles and news mentioned in the podcast:

Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below.  You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode.  You can also subscribe to the podcast in iTunes and follow us on Twitter.  Thanks for listening!

Social Media Security Podcast 19 – New Changes to Facebook, Social Media Risk Survey, LinkedIn Scams

This is the 19th episode of the Social Media Security Podcast recorded October 8, 2010.  This episode was hosted by Tom Eston and Scott Wright. Below are the show notes, links to articles and news mentioned in the podcast:

Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below.  You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode.  You can also subscribe to the podcast in iTunes and follow us on Twitter.  Thanks for listening!

Social Media Security Podcast 18 – RFID and Facebook, Hacking Facebook Places, MySpace Privacy

This is the 18th episode of the Social Media Security Podcast recorded September 3, 2010.  This episode was hosted by Tom Eston and Scott Wright and is our 1 year anniversary episode!  Thanks to everyone that has supported the podcast over the last year…we really appreciate it!  Below are the show notes, links to articles and news mentioned in the podcast:

Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below.  You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode.  You can also subscribe to the podcast in iTunes and follow us on Twitter.  Thanks for listening!

Facebook Privacy & Security Guide Updated to v2.3

Just a quick post that I have updated the Facebook Privacy & Security Guide to include information on configuring the privacy settings for Facebook Places.  You can find this on the first page under “Sharing on Facebook”.  Stay tuned for more information on Facebook Places in the next day or so!

Download the updated Facebook Privacy & Security Guide here (pdf download).

1 2 3 4 5 6 16