IT Compliance Advisor

Jun 25 2009   6:51PM GMT

Add Twitter security to the top information security threats



Posted by: GuyPardon
Tags:
Facebook
identity theft
Information security
LinkedIn
malware
RSA Conference
Social Enterprise
Social network
Twitter

Last week’s 140 Characters Conference presented dozens of examples of how people are using Twitter creatively, effectively and disruptively. What didn’t get as much attention are the security risks and compliance challenges Twitter presents as the wildly popular microblogging platform continues to see adoption by enterprise users.

I talked with Erin Jacobs, chief security officer for UCB Inc., about Twitter security. If you haven’t found her on Twitter yet, she tweets as @SecBarbie. She sent her list of top information security threats about Twitter to us via email, which we published below.


Information leakage
Corporate networks try to protect themselves from email, IM and other means of sending information outside of the network. There are new services for updating Twitter popping up daily, so it is impossible at this time to completely block the ability to access Twitter. Network security professionals are constantly racing to fill in the holes to ensure that information cannot be leaked. Information leaks could include:

  • Identity information from inside organizations.
  • Business IP leakage.
    • Business plans
    • Code leakage
    • Copyright infringement
  • Facility information.
    • Business operating hours could be used in targeted physical theft attacks.
    • Personnel locations or schedules.

Malware/viruses/Oh-MY!
Since Twitter communicates over port 80 and 443, there really isn’t much to protect users from inadvertently bringing malicious code into the network. Bit.ly and other URL shorteners can easily send users to different addresses than the user expects.

Improper use of Twitter
Direct messages are not secure email. Education about potential vulnerabilities is essential for executives and top-level management to understand that they must keep business off of Twitter. Issues around human resources and online harassment are also a consideration.


After Erin wrote in, I used Twtpoll to ask my followers on Twitter the same question, using her list and adding a few other options.

You can vote on what your primary Twitter security concern is on Twtpoll. The results, as of today, are embedded below:

As you’ll see, insecure third-party apps leading to stolen accounts is (currently) the top answer – it’s an issue of natural concern to Twitter users. Coming in second, however, was Erin’s concern over data leaks of confidential or proprietary information. Information security threats are at the top of on any CISO’s list; add Twitter security to the list.
Each of these information security threats are valid for other social networking platforms or services as well, like LinkedIn and, in particular, Facebook. Issues around Twitter security and social media in general were frequently discussed at this past week’s Enterprise 2.0 Conference in Boston and, at the RSA Conference earlier this year, where Web application security was at the top of the information security threats list.

Reblog this post [with Zemanta]

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: