Online Security Not An Oxymoron, Even On Social Networking Sites

I use a whole shwack of social networking sites in the cause of spreading the word about the network infrastructure and web security work we’re doing at PCIS (On that note, have you heard about Web Threats Weekly? If you’re reading this blog, then you’re our target audience. Check it out).

LinkedIn, Facebook, Twitter, Google Groups and online forums and blogs can provide real benefits in terms of getting exposure for our company and building genuine relationships with our peers. As my fellow colleagues in the communications field understand, it’s a great way for us to stay in touch with our partners and customers. And it’s not just me using them. My boss and most of our network-infrastructure-security ninja strike force are on them as well.

But here’s the thing about working for a company known for its expertise in IT security: everybody here has to behave in ways that won’t compromise our security, or just as importantly, YOUR security. So, how do I balance this with nearly daily reports of social networks like Twitter or Google Orkut (ComputerWeekly) being exploited by hackers and cyber criminals?

Armed with the advice of my security-obsessed colleagues here at PCIS, I protect myself and the company with some hard rules when visiting social networks and other websites:

1. Give links in messages from friends the same level of scrutiny as you would from links in an email. Emails accounts can be taken over by nefarious geeks inserting spam into messages.

2. Following from rule #1, let your cursor hover over links to read the URL. If the link text reads "100 Ways to Build SEO" but the URL reads "http://hackers-RULE/100-suckers-are-born-every-minute.asp", this could be a sign that something is bad.

Unfortunately, you might not be able to tell 100 per cent just from looking at a URL whether it really is a trap, and even if a link does look good, it could redirect you to a bad one instantly. If you're that suspicious, you can always move to tip #3.

3. If you suspect that your friend’s account has been compromised because the message seems suspicious, contact your friend another way (phone is good) to check. If they HAVE had their ID stolen, better they hear it first from a friend than 27 credit card companies.

The "Web Threats Weekly" Online Safety Fact-Finding Mission

Over the next while, I'll be asking web-masters and developers for popular tech sites and social networking websites what they are doing to protect their visitors from online threats and their suggestions for staying safe while browsing online.

I'll be posting the results in our newsletter, Web Threats Weekly, distributed to over 14,000 individuals and businesses. If you would like to participate in this research and provide information about what your organization is doing, please contact me at PCIS. Thanks!

PS: Jonathon's Tip of the Day: If you're not sure what your organization is already doing to protect itself and don't know what questions to ask your IT people to get the info, check out the Managers' Cheat Sheet for Web Application Security.

Contributed by Jonathon Narvey, PCIS / Boonbox Communications