What Is Social Networking? 245
Amber Alert Issued!! This one is not so much as scam as it is a hoax. Amber alerts are pasted
into status updates that turn out to be untrue. Although such attacks don’t gain information,
they are designed to cause panic and concern as well as increase traffic among recipients.
Countermeasures for Social Networking
Because social networking has exploded in popularity so quickly, companies and
individuals have not had much time to deal with the problems the technology has brought
to bear. Surveys taken in recent years have found that many companies either do not have a
policy in place regarding social networking or are unaware of the risks. Recently, however,
people are slowly starting to become aware of how big the danger is and that they need to
take steps to protect themselves. Company policies should touch on appropriate usage of
social media and networking sites at work as well as the kind of conduct and language an
employee is allowed to use on the sites.
Currently about 40 percent of companies have implemented a social-networking policy;
the rest have either suggested doing so or are not doing anything. Many individuals and
companies have been burned or heard about someone else getting burned and have decided
to do something about the issue.
Social networking can be used relatively safely and securely as long as it is used
carefully. Exercising some basic safety measures can substantially reduce the risk of using
these services. As an ethical hacker and security professional, consider recommending and
training users on the following practices:
■ Discourage the practice of mixing personal and professional information in social-
networking situations. Although you may not be able to eliminate the company
information that is shared, it should be kept to a bare minimum.■ Always verify contacts, and don’t connect to just anyone online. This is a huge problem
on many social media networks; users frequently accept invitations from individuals
they don’t know.■ Avoid reusing passwords across multiple social-networking sites or locations to avoid
mass compromise.■ Don’t post just anything online; remember that anything you post can be found, sometimes
years later. Basically, if you wouldn’t say it in a crowded room, don’t put it online.■ Avoid posting personal information that can be used to determine more about you,
impersonate you, or coax someone to reveal additional information about you.
To avoid problems with social networking, a company should exercise many different
countermeasures. As a pentester, consider recommending the following techniques as ways
to mitigate the threat of social-engineering issues via social networking:
■ Educate employees against publishing any identifying personal information online,
including phone numbers; pictures of home, work, or family members; or anything
that may be used to determine their identity.■ Encourage or mandate the use of non-work accounts for use with social media and
other types of systems. Personal accounts and free-mailers such as Gmail and Yahoo!
should be used in order to prevent compromise later on.