Follow GFI:
Find us on Facebook Follow us on Twitter Find us on Linkedin Subscribe to our RSS Feed Find us on YouTube Find us on Google+
 

Twitter in the workplace – the threats

on February 12, 2010

Twitter was named ‘word’ of the year in 2009 confirming the growth of a social networking and media site that is used by over 350 million people worldwide. However, Twitter is also gaining a reputation as a security risk for individuals and organizations.

Cybercriminals follow social networking sites with a passion because they see in Twitter and other social networking sites a huge opportunity to make money and commit fraud. Although spammers, scammers and malware creators are the root of the problem, end-users of the service are equally dangerous because, ultimately, it is what they do with Twitter that counts. If Twitters paid attention to what they are doing, listened carefully to warnings from security experts (their IT team at work) and did not trust every follower who sent them a message, there would be no reason to be concerned.

Unfortunately, humans are the weakest link in the security chain. Add to that a lack of education and little or no awareness of security and you have the right combination for something to go wrong.

So what are the risks and what can organizations and users do to limit such risk?

 The Risks

Data leaks of confidential or proprietary information: Corporate organizations are constantly trying to reduce the channels through which information could be leaked. There are numerous ways to update your Twitter account so it is impossible to block access all the time. The information that could be leaked includes identity theft, credit card fraud, business plans, confidential data, information about facilities, availability of personnel or their schedules.

Malware and viruses: Malware creators see Twitter an as excellent opportunity to spread malware. The use of abbreviated URLs makes it easy for the bad guys to mask links to infected sites and to redirect users to websites that they would think twice about visiting. The setting up of fake services could be used to collect credentials and information from that user.

Applications: Users put too much trust in both the people following them and the applications that are easily distributed. These applications, which may be insecure, could be used to steal accounts.

Improper use: Twitter makes it so easy for people to inform their friends and extended network of contacts about what they are doing, where they are and so on. Impulse messaging can be dangerous especially if the user is irate and doesn’t stop to think about the repercussions of his or her tweet. Sending inappropriate tweets is not recommended. From a corporate perspective, employees can be a threat if they post information that could impact negatively on the business, hurt its integrity. A wrong post picked up by such a wide audience could become a PR nightmare for that business.

Customer care: As more and more organizations set up their own accounts and encourage customers to keep in touch, businesses need to be careful how they deal with disgruntled customers who may use Twitter to discuss a negative experience they had. With only 140 characters at its disposal, a business should avoid getting into a slanging match with an unhappy customer on Twitter and encourage the client to use traditional customer care channels. Take the conversation offline.

How to counter the risks?

Every business or organization which uses Twitter (or any other social media or networking site) should have a strong policy in place (and enforced) that clearly states how it should be used by employees.

They need to be aware of the consequences of sending out seemingly innocent tweets which could still get them into deep trouble. In December 2009, a Vodafone employee was fired after his post was deemed by the company to go against fair competition. Drastic? Maybe, but it showed that even a humorous post could backfire.

Some basic rules include:

  1. Think twice before posting. Employees need to think compliance, integrity, security… then post.
  2. Access URLs in tweets with care. If there is no real need to check out the site, leave it.
  3. Show employees what to look out for. How to notice when someone is stalking or attempting to social engineer information.
  4. Avoid confrontation on Twitter. It is a great tool for customer feedback but a disaster in resolving issues.
  5. Create a policy in a language that is understood by employees. Have them sign it. There should be no excuses that they did not know what they could or could not say.

About the Author:

David Kelleher is Director of Public Relations at GFI Software. With over 20 years’ experience in media and communications, he has written extensively for business and tech publications and is an editor and regular contributor to Talk Tech to Me.

submit to reddit
 
Comments
Mike McClure February 12, 20104:47 pm

Interesting thoughts and some good insights. We’ve all seen people, including celebrities & sports stars) get in trouble for tweeting in the heat of the moment or as an ill-thought out joke. But, I never really thought about the fact that with almost every link shortened, you really don’t know where you’re going. (of course, that’s how I got here to this blog) Will have to think about that more before I click on the next link.

David February 22, 20104:08 pm

Hi Mike. Thanks for your comment and for visiting our blog. The problem with Twitter and other social networking sites is that people take their content for granted. There is a high level of trust involved and even the most trusted of sites/friends can be a victim of a malware/phishing attack. As you said, thinking before clicking is a good first step. Links from trusted friends and reputable sites are usually safe but it does pay to be more careful when the origins of shortened links are suspect.