Validating the End User
While e-mail still presents one of the greatest threats to a company’s network via malware, phishing, and so on, social media is quickly becoming a major challenge for most organizations. Internal and external communication standards should be implemented to aid in defense of your networks and user information. Here are a few countermeasures that serve as your first line of defense:
Modify and change passwords regularly.
Avoid dictionary words for passwords (try a C0mbin@t1on of numbers and uppercase and lowercase letters and symbols, instead of a pronounceable phase).
Create individual usernames and passwords for each social media platform (one for Twitter, another for Facebook, etc.).
Require DNS authentication on all company e-mail communications.
For individuals whose primary role is not social media community management, remove the ability of the end user to install applications on his or her desktop. In the case of community managers and those whose role is to interface with customers online, train them in the proper and secure use of desktop applications and make sure the latest versions are installed.
Remove end-user administrator privileges.
Implement URL filtering to help block malicious attacks via websites.
One of the first lines of defense is creating easily understandable standards for customer communications via social media channels. These standards should be applied to e-mail, social media, and all other forms of digital communications. By creating these standards, customers will be familiar with communication from your company and instantly suspicious of phishing attacks or malware links.
Here are a few key items that should be implemented to counter customer identity and phishing attacks:
Standardize your social communications with the customer.
Do not request personal information.
Use your customer’s full name when possible.
Implement e-mail authentication.
Avoid the inclusion of hyperlinks.
Determining Accountability
Your social media policy and IT security policy combine to define the consequences of breaking corporate restrictions. In Chapter 6, we develop the basics of your social media policy. But any company should already have a security policy in place that has been vetted by human resources and tells employees what is permissible and what is not. Employees have to be accountable for either utilizing social media insecurely or utilizing it to break the rules or laws and cross that cyberstalking line.
IT security teams have the capability to monitor activity, or can implement that capability easily enough. With URL filtering and web monitoring tools, you can easily determine what employees are doing on social media sites, if they are doing anything inappropriate, and determine consequences.