Organizations are wise to adapt to the unstoppable force that is social networking. At this point, if you don’t agree please refer to the myriad perspectives that advocate this point, right after you crawl out from under your rock.
Yes, there are reputational risks for companies/brands that engage through social media. These have been well documented with ample perspectives on how to prepare against such risks. (Ahem. Cough, cough.)
In addition, there are technological risks. Being “social” on these networks inherently implies that people are casual with information and, at times, complacent about how widespread that information is being shared. When (un)official company networks sprout, it’s the candid banter of employees or alumni typically reveals more than an untrained eye can see.
Like mosquitoes to standing water, hackers love social networks. The casual banter provides the information from which they can plan attacks against company infrastructures. If you have the stomach for it, you should read the play-by-play account of how a team of hackers used information pilfered from Facebook to infiltrate the entire infrastructure of an organization:
- Technical reconnaissance detected a vulnerability in the company’s corporate website, which could be exploited
- Hackers scanned nearly 200 employee Facebook profiles to piece together enough information to create a fictitious but realistic doppelganger (the profile was an attractive female to target male 20-40 year-old employees)
- The hackers launched the Facebook profile and the friends list grew quickly to include managers, executives, secretaries, interns, and even contractors
- Three days were spent “conversing” on topics learned from the previous profiling of Facebook conversations
- A link was provided with a note — “Omigawd have you seen this I think we got hacked!” – and people began clicking and verifying credentials, which provided access to the web-vpn and the entire network
Scary, huh? Luckily, the operatives were a team of “anti-hackers” who are hired to infiltrate so that companies can make improvements.
Of course, being too loose with information on social networks may affect individuals as well. A recent report from the U.K. shared that insurance companies are considering raising premiums based on how much revealing information can put a policyholder’s security and valuables at risk.
In the end, all individuals — company and non — must be reminded to only Tweet/post information that they’d say comfortably through a bullhorn on a street corner…in a not-so-safe part of town.
As always, I’d love your comments below. Feel free to share, Digg, Tweet, post…just please be careful!
Update (May 6): If Facebook’s Open Graph gets widely adopted, it must be assumed that the pool of private information from which hackers can draw will grow exponentially. More user preferences, links, likes and dislikes provide more patterns for hackers to exploit. I expect a few large hacking incidents will kick the social networking privacy debate into overdrive.