Are social networks effective

Espionage on social networks

Jim McDowell (name changed by editor) used to be strenuous work. He had to lie in wait outside the gates of a company and count cars or spend hours on the phone to find out the names of employees. The native American researches the competition on behalf of companies. But lately he hardly has to go out to do this, thanks to Web 2.0. Because on Facebook, Xing and LinkedIn, employees are now telling him what he wants to know by themselves: specialty areas, functions, private hobbies. McDowell only sifts through the profiles and he already knows how strong which department is and where the knowledge carriers are - information that is worth real money for the competition.

German employees are far too naive when it comes to protecting their know-how, concludes McDowell, "they think that because there is no Chinese with a camera in the courtyard, they are safe". Just a few clicks on Facebook - and you become an unwanted mole? That risk is real. Social networks are increasingly becoming a security risk for companies: dissatisfied employees are chatting away the names of customers or messing with industrial spies and secret agents without knowing it. "All of this happens - only most companies don't want to admit it," says Thorsten zur Jacobsmühlen, an expert on social media from Lohmar near Bonn. Such Facebook leaks would not be made publicly, only circumstantial evidence indicated that there was a lot of espionage behind the scenes. An example: In October last year, Porsche blocked access to Facebook for its employees - for security reasons, as announced from Zuffenhausen.

What floppy hats couldn't do

One thing is certain: The friendship platforms have made the dream of all floppy hats come true: "The virtual agent does not have to enter the operating area," explains Reinhard Vesper from the Office for the Protection of the Constitution at the Ministry of the Interior in North Rhine-Westphalia. Vesper warns that what spies used to have to research in a sometimes dangerous on-site mission can now - thanks to Facebook, Xing and LinkedIn - find out with just a few clicks.

The typical Facebook attack works like this: the attacker pretends to be an industry colleague and contacts a German employee, for example via Xing or Facebook. "This person is then researched with the help of social engineering," observes defense expert Vesper. Social engineering means "interpersonal hacking": First, the new "friend" reveals a few supposed secrets about his own employer and thus builds trust. Step by step, closeness is created, people talk about hobbies or private finances. When the target person fully trusts their new friend, he or she strikes. He steals or buys information or starts a hacker attack.

  1. Social media security
    What fears affect IT professionals when it comes to the use of social media in the business environment? The "2011 Social Media Protection Flash Poll" from Symantec shows with this overview which problems are affecting companies (source: Symantec).
  2. Social media security
    Security issues still make up the largest part of concerns for companies (and their employees) when it comes to using so-called Web 2.0 techniques and social media in the company, according to a survey by Clearswift. (Source: Clearswift).
  3. Social media security
    Interesting statements on information security in the organization, whereby these results only relate to the German companies surveyed. (Source: Clearswift).
  4. Social media security
    Content-based checking on the web gateway: With the so-called content scanning, the Internet content that is sent to the company via the gateway can be checked using guidelines. A lexical analysis is also helpful here (source: Clearswift)
  5. Social media security
    Traditional security solution providers are aware of the dangers and are beginning to offer appropriate additions. The Bitdefender solution shown here has been well integrated into the manufacturer's security suite.
  6. Social media security
    The Bitdefender app in use on the Facebook account: It provides a tidy view of the Facebook account and not only checks the links, but also the personal data and settings.
  7. Social media security
    The Bitdefender application is not only available as part of the software suite but also as a standalone solution directly on Facebook.
  8. Social media security
    With ShareSafe, the manufacturer F-Secure is also offering a special application on the market that is directly available on the Facebook platform - but it is still in the beta stage.
  9. Social media security
    This is the case with all security applications on Facebook, but initially it makes the user pensive: He has to grant the application extensive access rights to his data so that it can check it accordingly.
  10. Social media security
    Somewhat playful and precisely geared towards the Facebook target group: The F-Secure solution aims to encourage users to only exchange and post secure links using a points system.
  11. Social media security
    Under the name “Safe Web”, the security company Symantec offers both a standalone solution for checking the reputation of websites and this Facebook app.
  12. Social media security
    The result of a scan with the Norton "Safe Web" application: In order to be able to perform well, it only scans the links that have been shared within the last 24 hours. This application also offers an automatic scan setting.
  13. Social media security
    If you want to enable the automatic scan of the Norton application, you must allow the applications to access their profile even more extensively.
  14. Social media security
    One advantage of the Norton solution: The links, which are often shortened in social networks, are automatically displayed in their complete form, which offers the user more information about the corresponding website.

Source teaser image: Fotolia.de/Tomasz Trojanowski