How Security Has Changed in the Recent Past
In the past, companies concerned themselves with the nefarious actions of hackers and corporate espionage activity. A relatively small but highly skilled group could represent a major threat to the operation of any size business. Today, anyone with a connection to the Internet and a proverbial “axe to grind” can cause irreparable damage to even the most beloved of brands. The types of attacks a company faces has evolved from purely technical hacking attacks to include attacks on brand image and corporate reputation. The casualties have been many and include The Gap (public derision over the new logo), Southwest Airlines (negative outcry resulting from kicking Kevin Smith, the actor/director, off a plane for being too fat), and Nestle (online attack coordinated by Greenpeace over environmental damage from deforestation when harvesting palm oil). Seemingly, no company today is immune to the many threats posed by a single individual, let alone a socially engaged and networked population.
As the influence of social media grows, security issues will continue to be a major concern for both companies and their active online customers and communities. The most popular social media security concerns have been in the areas of violated privacy rights and identity theft. A New York court recently referred to the users’ reasonable expectation of privacy on social media websites like Facebook and MySpace as merely “wishful thinking.”
NOTE
You can read more about the courts, privacy, and the admissibility of material posted on social networking sites at the Traverse Legal website. Go to http://tcattorney.typepad.com/digital_millennium_copyri/2010/10/breach-of-privacy-across-social-media-sites-addressed-by-two-court-rulings-in-new-york-and-californi.html.
If someone were to steal your employee’s identity over social media channels, that person could use the stolen credentials to break in to your company. If an attacker can capture the password that an employee uses on Facebook via an application like Firesheep (more to come on this), then the odds are high that employee uses that same password across multiple sites, including your corporate network. Finding a person’s name and key things, such as birth date, school name, or children’s name, about them is easy—and how many people use these as the basis of their passwords. As more companies become present and active on social networks, the explosion of attacks on individuals has now escalated to corporate-level attacks. As we’ll discuss in Chapter 4, threats emanating through social media channels are getting more complex, and a company without a good social media security strategy will be as vulnerable as a company without an IT security strategy.