Posted by: badarrow
Barbara Darrow, Channel, Email -- Exchange, Outlook, Network and application security
Too much information!
Warning customers against posting personal data to the Web is one of the most important services VARs can provide.
Many in the business community are enamored of social networking sites and appear to feel that more is more when it comes to “sharing” their lives on LinkedIn, Facebook, Myspace, insert-your-favorite-social-site here.
The problem with that is cyber miscreants lurk just waiting to pounce on these nuggets. Something as innocuous-seeming as college affiliation, job history, names of family and friends can be used by social engineers to craft e-mail messages that will suck you in. That simple click will then unleash threats on your very own hard drive. Executables embedded in Word or Excel or PDF attachments will search your data to harvest -and secretly send out– passwords, account numbers, and other riches.
This online information trove is like a “playground for hackers,” says Yacov Wrocherinsky, CEO of Infinity Info Systems, a New York Sage Software and Microsoft partner specializing in business applications.
And for high-net-worth (ie. rich) executives who are likely targets, it’s important that their wives, kids, friends also be careful about what personal details they divulge.
The beauty of LinkedIn is members can see who their associates know. “It’s great for making connections or for finding people if you’ve lost their business cards,” Wrocherinsky says. But that doesn’t mean you should bare any more than is absolutely necessary.
And on the less-business oriented of the social networking sites, say Facebook, people tend to put in way too much information-birthdays, anniversaries, travel plans, kids names, etc. All of that is gold for social engineers with evil intent.
George Brown, CEO of Database Solutions, a Cherry Hill, N.J. solution provider tells his customers to keep their data zipped and not to post anything they are not required to do by law . As it is now with SEC filings for public companies, a lot of information about execs is already out there. No need to supplement that for the bad guys, Brown says.
Barbara Darrow can be reached at firstname.lastname@example.org.