Introduction and Chapter One

SOCIAL MEDIA MARKETING RISK MANAGEMENT FOR SAFETY & PROFIT
"Anthony should change his professional title to the 'Social Media Marketing Wizard' because in less than 30 minutes, I went from being non-existent on Google+'s search listings for 'Maine Real Estate Agent' to being listed in the first position after Anthony worked his magic! Listen to this man - he does know his stuff." Zachery Blair, Real Estate Agent Dear Anthony! Hi, Thanks for a great invitation to YOUR most valuable & Precious Book, a basic guide of Social Media Marketing for most of the Internet- Marketers, a must to buy by all the NewComers to the Internet-World! H. M. Tahir, Khan Edwardes College Hello Anthony, Thank you for allowing access to your new BookI'm hoping to implement the info for myself and "My" Clients. I'll try to keep you posted. Again, Thanks! Joseph L. Warren, Owner and Partner at You And Me Enterprises Yes. The real social media marketing program. Stephien Shaden Hoyohoy Rojero Kibawe, Bukidno
ii
Social Media Marketing Risk Management For Safety & Profit
How To Make More Money, Cut Costs & Mitigate Your Social Media Marketing Risks Now Before Its Too Late!
ANTHONY COLN, SOCIAL MEDIA MARKETING RISK MANAGEMENT SPECIALIST
iii
Social Media Marketing Risk Management For Safety & Profit

How To Make More Money, Cut Costs & Mitigate Your Social Media Marketing Risks Now Before Its Too Late! byANTHONY COLN, SOCIAL MEDIA MARKETING RISK MANAGEMENT SPECIALIST
Copyright 2012 A.D.C. D/B/A MyInterOp. All rights reserved.
No part of this publication may be reproduced or transmitted in any form or by any means, mechanical or electronic, including photocopying and recording, or by any information storage and retrieval system, without permission in writing from author (except by a reviewer, who may quote brief passages and/or show brief videos clips in a review).
Disclaimer: we are neither affiliated with, sponsored by, nor endorse any of the mentioned social networking/social media, news agencies, and government (.gov) organizations. All names, pictures, or related items are registered trademarks and/or copyrights of their respective trademark and copyright holders. The respective company owns registered trademarks and this disclaimer is to state our services are not affiliated with or sponsored by them. In instances where the federally registered symbol -- "r" in a circle and/or the "tm" symbol is not visible -- it will be assumed by viewers to be attached to these with all rights reserved if applicable. The information provided and within this book is solely intended for general informational and educational purposes only and is not meant to replace professional advice. Neither Anthony Coln or its agents or representatives make any representations as to the accuracy, completeness or correctness, timeliness or usefulness of any information contained herein. All information contained herein is provided "as is" and we expressly disclaims making any express or implied warranties with respect to the fitness of the information contained herein for any particular usage, its merchantability, its application or purpose or its non-infringement. Solely for the purpose of providing access to information of potential utility to website users, links appear in this book to allow access to such information. However, we do not monitor or review the content of such independently operated websites. The inclusion of such links is neither intended nor understood to constitute any implied or express approval or acceptance of validity of the information contained in such independent websites and is not intended nor should it be understood by the user as an endorsement or recommendation of any of the information, products, or manufacturers identified in those independently operated websites. You should be aware some websites may have changed or disappeared between when this work was written and when it is read. Again, all content is provided "as is" and any and all warranties are disclaimed, whether express or implied, including, without limitation, any implied warranties of merchantability or fitness for a particular purpose. You agree that we are not engaged in any professional service such as providing legal advice, medical or accounting services. The use of our information, products, and services must be based on your own due diligence and you agree that our company is not liable for any success or failure of your business directly or indirectly related to the purchase and use of our information, products, and services.
Published by:
PRESS ISBN-10: 1453798935 ISBN-13: 978-1453798935
iv
Meet Anthony online and receive free training at www.MyInterOpPro.net & Like on Facebook.
DEDICATED to all the victims of social media that have fallen victim to the false sense of safety, security, and privacy purported by the likes of big name social sites. Like sheep to a slaughter they had been led. Also, Im dedicating this book to my loving and caring wife who always is a support to me even though she sometimes has no clue what the heck I am talking about when I talk shop. She just smiles her beautiful smile and says, I love you. In addition, my youngest son looked over my shoulder and asked so patiently What are you doing daddy? and this reminded me that he and his brother come first. I chose to release this book on my oldest sons birthday that says it all.
vi
CONTENTS Introduction... Risk Vs. Reward. Reputation Web 1.0 & Web 2.0............... Catch The Wave But Watch Out For Sharks.......... ID Theft. Password Management... Operating From Home...
Social Media In The Context Of Social Media Marketing.
1 2 3 4 5 6 7 8 9 10 11 12 13
Policy. Top Tips.... Crash Course...... Paranoid Chicken Little.. The Bald Tire Scenario... Social Media Marketing Risk Management System. Appendix.... References/Sources/Further Resources. Acknowledgements.... About The Author
viii 19 51 63 90 103 107 118 127 171 182 188 191 196 271 314 325 337
vii
viii
INTRODUCTION
It's safe to say that 2011 had its ups and downs. The challenges of the economy required that I take a good, hard look at which marketing methods were the most effective, and new ways of building relationships with customers and members. Social media marketing presents attractive options for small businesses with limited time and resources. However, Social Media Marketing is like raising a baby anaconda. It's cute at first but it can grow to strangle you. It can be hard for a time-starved small business to keep pace and know what to do when it comes to connecting with customers and members on sites like Facebook, Twitter, LinkedIn, Foursquare, Yelp, and other specialty social networks. Add to it the safety, security, privacy, and reputation threats of social media from the perspective of having to support your small businesss social media marketing efforts and you get the perfect storm. These types of risks have seen little discussion. Trying to get entrepreneurial risk takers to move into Social Media Marketing Risk Management is like trying to get a tight rope walker to retrain as a bean counter. Youre likely in charge of marketing your small business. So before you ride the wave, listen to me as I unveil the shocking and controversial "who, what, where, when, how, and why" of social media marketing risk. Im no IT Security Guru and Im certainly not an alarmist. But I can read the writing on the wall. A recent study courtesy of Internet security company PandaLabs in its 2010 Annual Security Report of the worlds most popular social media sites determined that social media sites are a perfect
ix
working environment for cybercriminals because Internet users, for now, place more trust in these sites than other online tools, like email. And they identified Facebook and Twitter as being the most affected by security breaches and shared some of the tricks these cybercriminals use in gaining access to your account such as hijacking Facebooks Like button, stealing identities to send out messages from trusted sources, exploiting vulnerabilities in Twitter to run JavaScript code, distributing fake apps that redirect users to infected sites, and so on. The report went on to state In 2011, not only will hackers continue to use these networks, but it is predicted that they will also be used more for distributed attacks. They seemed to have had a crystal ball. The bad guys certainly did a number on us social media users in 2011. And 2012 is already shaping up to be more of the same. If you are a social media marketer, you are in dire jeopardy of losing everything. Not only your reputation; but also your safety, security, and privacy. Threats lurk about. Thats only the obvious threats. Ill drill down for you and get you into the real hairy stuff. No Social Media Marketing Risk Management is like you being blindfolded driving a F1. Are you guilty of not adhering to basic precautions when it comes to Internet safety? Will using just common sense suffice? Will off the shelf software save the day? Can you trust your intuition? This book offers you a road map and fantastic resources to explain how to use social media safely in order to do safe and sound social media marketing. What is safe and sound social media marketing you may ask? Well, its more than just being informed on the security risks of social media, applying top safety tips, and having a security policy in place.
This book is based on my three years of exhaustive research looking for practical resources that are flexible and generic enough to use for you and your own small business. Ive personally used this system in my own small business. I wouldnt recommend any thing that I havent personally entrusted myself and my business to. You see, I was the victim of Identity Theft. Therefore, I know how painful an experience this is. The risk of becoming an identify thiefs victim is real I wrote this book to help myself avoid this again and to help others do the same. Yet this is only one of the many issues Ill cover. Risk Vs. Reward Granted Twitter, Facebook and other social media sites are great ways to communicate and to do marketing. Nevertheless, if youre not careful they can open the door to serious risks. And unless you can afford to hire an IT and Data Protection team (a good IT guy will cost you $100,000 a year in wages) to help you do this (and youd still have a lot of responsibilities) youre going to have to do this yourself. Yes, I am asking you sole proprietors and home business owners, i.e., the one man (or woman) shows, to wear yet another hat. I know you do many things yourself now. Heres one more. I am here to help! Social Media Marketing without Risk Management is like being a quarterback without a front line to protect you eventually you will get slaughtered. You Are Everything Inc. From the A department to the Z department you do it all. As a small business owner, you wear a lot of hats. Some by choice and some by necessity.
xi
The Face. You own the business and people want to hear from you and reach out and touch. Bookkeeper/Accountant. Generally a small business owner handles the day to day accounts receivable and payable. You have our system all set up, invoices are pristine and when customers pay on time and you can pay on payables on time this hat is easy to wear. Calling on past due when you have a relationship with customers can be difficult. Receptionist/Executive Secretary.You become your own gatekeeper. The relentless sales, you need to advertise with us calls. The Networker.The old see and be seen. You need to be out there to be remembered. Social Media Friend. Twitter, Facebook, LinkedIn, Blogger, etc. Reaching out and being around. Once again, building relationships is tough but necessary. You are responsible for all of these areas. You can obtain advice from your CPA, your attorney, your banker, and other owners, but in the end you are making the decisions. You will be wearing all of the hats, at one time or another each month. If theres one book within the world of small business that is widely acknowledged as The Bible that can help us better understand the key roles you need to play, its surely The E-Myth Revisited: Why Most Small Businesses Dont Work and What to Do About It. The book was written in 1995 by American author, Michael E.Gerber. In the book, Gerber cites what he considers are the three competing personalities that necessarily, reside within all successful small businesses. In Gerbers opinion and gauging by the books popularity, the opinion of many others - its necessary to both understand and embrace these roles if you are to succeed.
xii
You may recognize elements of each within you already, or you may come to realize that you have a weakness in one or more areas. The personalities or roles that Gerber describes are, The Entrepreneur, The Manager and The Technician. As a small business owner, particularly if you are a home business entrepreneur, you should be prepared to take on multiple responsibilities and tasks at the same time. Risk Management Having no Social Media Marketing Risk Management is like jumping off the cliff and mending your ripped parachute on the way down. You take risks in whatever you do. But if you understand, measure and account for them, that should keep you out of trouble Even though its imperative that a hired information security professional seek to understand the business side of the equation, he or she is not going to have the breadth and depth of vision into your small businesss unique mix of business issues that you have. As for deciding what the right amount of risk is for you, its naive (or arrogant) to believe that I -- as a small business owner myself -- am in a position to understand the incredible mix of business issues that determine the right risk-balance for you and yours. Running a small business requires weighing the various risk types you face (i.e., safety, security, privacy, reputation, etc.) as well as resource limitations and complex value propositions, and then making decisions about where to place your attention and resources. However, these are areas you cant afford to neglect. Social Media Marketing Risk management is like a chain; strong as its weakest link. Ill give you fantastic resources to learn from and
xiii
help explain to your marketing team (if youre not a one man/women show): y the risks of doing social media marketing y how to do safe and sound social media marketing, and y how to customize the tools to meet your specific needs and goals. Ive incorporated extensive bleeding edge research in to this definitive book. Some of the Social Media Marketing Risk Management tools Ill share with you included: y Top tips for using social media safely y Safe passwords y Avoid phishing y Social media threats y Social media statistics y Real life example y A-Z definitions y Examples social media security policy y Business implications of social media threats. You can use these tools as: y The basis for training sessions. y Post the Top Tips on your Intranet and get users to view them. y Include the stats and real-life examples in your small business briefings. y Email links to the Top Tips to your partners, customers, suppliers, associates. y Include the definitions in new employee orientation. y Implement the security policies in your small business. y A way to validate your concerns with your IT and Data Protection team.
xiv
Risks from social media use include malware infection, identify theft, data loss and reputation damage - both to users and their small businesses. Increased use of social media for marketing purposes together with demands for greater access within small businesses mean increased safety, security, privacy, and reputation concerns. Even home use can have implications for a small business through revealing sensitive information. It's vital to inform your users about the threats from social media together with practical best practice advice. Providing Value As A Book I will cite published standards and show you how to compare a checklist against what you see in front of you. The next level, to provide maximum value to you through this book, is teaching you to apply the subject matter with expertise as well as critical thinking skills to work toward optimum solutions of complex problems that cant be boiled down to a simple set of rules. Effective social media marketing risk management can be complex and difficult even if you leverage a solid risk analysis framework. This difficulty didnt, however, compel me to throw my hands up in defeat and rely solely on attempts at black and white solutions to complex, open-ended problems. Another point I considered is that I am not only responsible for helping you manage risks; Im responsible for helping you manage it as cost-effectively as possible. Social Media Marketing Risk Management is like a marathon rather than a sprint. Unfortunately, strict adherence to a one-size-fits-all best practice approach doesnt enable me to tailor my solutions to your specific circumstances. Sometimes best practice will be the most costeffective solution for a given circumstance; sometimes it wont. Throughout the book, I repeat myself intentionally because I believe repetition is best for learning. The views and concepts expressed are based on a combination of my professional experience and the Social Media Marketing Risk Management System (SMMRMS), an analytic framework Ive been developing and applying in my own small business.
xv
In Kansas? You may think you know about computer viruses but times have changes. You are not in Kansa anymore. Three decades ago, the first computer virus was written (Elk Cloner), apparently its intent was to display someones poem (a poet that didnt know it) every 50th computer boot up. Millions of viruses and other malware email viruses, Trojans, internet worms, spyware, keystroke loggers have appeared, some spreading worldwide and making headlines have made life harder since then. Maybe your idea of a virus is a thingy that fills your computer screen with garbage or deletes your files or malware is about pranks or sabotage. Blockbuster movie depicts computer virus detection as triggering off flashing screens and alarms. The threats are no less real today, but they are low-profile, welltargeted, and more likely to be about making cash than creating chaos. Today, malware is unlikely to delete your hard disk, corrupt your spreadsheet, or display a message. Such cyber-vandalism has given way to more lucrative exploits. Todays virus might encrypt all your files and demand a ransom. Alternatively, a hacker might blackmail a company by threatening to launch a denial-of-service attack, which prevents customers from accessing their website. More commonly, though, viruses dont cause any apparent damage or announce their presence at all. Instead, a virus might silently install a keystroke logger, which waits until the victim visits a banking website and then records the users account details and password, and forwards them to a hacker via the Internet. The hacker is an identity thief using these five details to clone credit cards or plunder bank accounts. The victim isnt even aware that the computer has been infected. Once the virus has done its job, it may delete itself altogether to avoid detection. Another trend is for malware to take over your computer, turning it into a remote-controlled zombie, and use it without your knowledge to relay millions of profit-making spam messages or launch other malware attacks on unsuspecting computer users.
xvi
Moreover, as social networks like Facebook and Twitter have grown in popularity, hackers and cybercriminals are exploiting these systems to find new ways of infecting computer users and stealing identities. Some threats are becoming more carefully focused. Spear phishing is an example. Originally, phishing involved sending out mass-mail messages that appeared to come from banks, asking customers to re-register confidential details, which could then be stolen. Spear phishing, by contrast, confines itself to a small number of people, usually within a small business. The mail appears to come from colleagues in trusted departments, asking for password information consequently they let their guard down. What of the future, you ask? Unfortunately, I dont have a crystal ball. Even Microsofts Bill Gates declared that spam would no longer be a problem by 2006. Its not clear where future threats will come from, or how serious they will be. What is clear however, is that whenever there is an opportunity for financial gain, hackers and criminals will attempt to access and misuse data. Wild Wild West Welcome to the World Wide Web or www or what I call the wild wild west. Its akin to people in the 1800s all excited to be going out west without any idea or clue as to what the hell they were getting themselves in to. The frontier west of the Mississippi was a pristine land of opportunity for ambitious traders, entrepreneurs, farmers and ranchers. You mean you favorite Internet Marketing Guru never warned you?! They just pushed you in to the 20 foot end of the pool not knowing if you knew how to swim. They enticed you. They said Come on in! The water is fine! They never told you to look before you leap.Alternatively, to do your due diligence. Worse yet, they didnt teach you to Put first things first. They taught you to Put the horse before the buggy, took youre money and ran for them hills filled with gold.
xvii
Lets look at the definitions for the saying all for naught: All for nothing, a quantity of no importance; "it was all for naught"; Synonyms: nothing, nil, nix, nada, null, aught, cipher, cypher, goose egg, zero, zilch, zip complete failure; "all my efforts led to naught". Now lets look at the definition of preemptive: Designed or having the power to deter or prevent an anticipated situation or occurrence, avert, avoid, clear away, debar, deflect, fence off, fend off, forefend, forestall, forfend, head off, obviate, overcome, parry, prevent, remove, repel, stave off, ward off, bar, hinder, interfere, keep, prevent - forbid, foreclose, forestall, preclude, prevent - bar, barrier, check, encumbrance, hinderance, hindrance, hitch, impediment, incumbrance, interference, obstacle, preventative, preventive. The Social Media Marketing Risk Management System youre about to learn about in the pages of this book is preemptive in its nature thats the way I designed it to keep you safe and sound. When anyone goes to battle, he must take adequate arms and ammunitions available. These are tools that a soldier uses in the battle or combat. On the same rationale, Social Media Marketing Risk Management is akin to going to war. We are fighting the enemy that I named as risk. Do we have enough arms and weapons? Are our weapons relevant, effective and user-friendly? Are they cost-effective (Bearing in mind that too expensive a weapon is also a risk to our financial constraint/ budget; and worse still this expensive tool may not help us a lot in defeating our enemy risk). Social media is a haven for marketers and collaboration between colleagues, but it can put at risk corporate information assets and reputation. Social networking platforms, such as Facebook, Twitter, and LinkedIn, are becoming an integral part of people's personal and business worlds. It's important to sit down and think about a few issues before you begin to do anything -- and plan a strategy that will let you enjoy its benefits without doing harm.
xviii
The first thing to consider is the nature of the social media site(s) you're using. Some sites are geared toward professional and business relationships, while others are more purely social. There are applications that allow you to link your updates across sites. For example, when you post to Twitter, the post also automatically becomes a status update to your Facebook page. This can save time and effort when used properly. However, if used incorrectly, it can alienate your friends. Twitter followers generally have no problem with you tweeting many times per day. Your Facebook friends may not be as happy. Any of those purposes can be a legitimate use of the sites, but you may run into problems if you try to combine purposes on one site. Ill explores the key risks associated with social media marketing, how policies and technologies can aid at mitigating these risks, and how they can also fail at protecting your employees, data, and company. This book also addresses how to evaluate the risks with the value it brings to the business; is it worth the risks? You decide
19
Chapter One
RISK VS. REWARDS

My risk analysis only identifies how much risk exists. But, at the end of the day, acceptability is a very human and personal issue unique to every individual. We each have different tolerances for loss, and our tolerance for loss varies from issue to issue. A decision-maker always chooses between risk and reward, or between various risks. Thats what risk decisions are choices between the probability of loss (risk) and the probability of reward. For example, I may have a very low tolerance for information loss, but be entirely willing to take up cliff diving. As a result, I shouldnt become too concerned when others have a very different perspective on what represents acceptable risk. Those differences are normal, natural, and unavoidable. Everything Ive covered so far highlights the fact that social media marketing risk is a complex subject, and that social media marketers have never been challenged to deal with it effectively before. At this point, Ill add that the Social Media Marketing Risk Management System (SMMRMS) is not a perfect solution; there are no perfect solutions. The SMMRMS does, however, provide a rational, effective, and defensible solution to the challenges Ive described. Ill begin with the definition of the term social network, which Wikipedia defines like this: A social network is a social structure made up of individuals (or small businesses) called nodes, which are tied (connected) by one or more specific types of interdependency, such as friendship, kinship, common interest, financial exchange, dislike, sexual relationships, or relationships of beliefs, knowledge or prestige.
20
Theres nothing new under the sun humans have been doing this all along. Then learned how to write, send text telegraph, send voice by phone and we as the human race took on other social networking forms all the while social networking started to incorporate the practice of sending letters and publishing articles. Businesses relied less on data than they do now so there were fewer safety, security, privacy, and reputation concerns. The Start Of Something Bad Email has been a formidable threat vector through which attackers have been sneaking malware past companies perimeter defenses for some time now. Email threats arent nearly what they used to be because were staying one-step ahead of the bad guys for the most part. Social media is an umbrella term that includes all blogs sites, video sites, social networking sites, and others. No one has clearly understand and articulated the risks associated with marketing on social media sites until now. This platform allows people to communicate in powerful, exciting, and sometimes risky ways. Todays technological and cultural forces encourage data sharing in ways that are staying ahead of information protection tools and processes. Fortunately, the technologies and ways for mitigating those risks are maturing. Hardly anyone is applying any of it yet which is really scary youll understand why shortly. There are good reasons to be concerned. Theres no way to stop this tsunami of powerful communication mediums. Risks fall into two categories in a small business setting: #1 -Risks as the result of small businesses using social media platforms for marketing campaigns: In this scenario, the small business interacts with consumers on social media sites such as Facebook and Twitter, rather than focusing on bringing consumers
21
to their own websites. You lose the home field advantage. Plus, this arena exposes the small business to several risks, including brand tarnishing, impersonation attacks, and the use of vulnerable IT infrastructure. Working a social media marketing campaign without doing solid Risk Management is like playing hide and go seek by standing in an open field with your hands over your eyes. The problems will still find you. #2 - Risks as the result of end-users interacting through social media sites: In this case, the users of for example a social network such as Facebook are at risks due to the link-sharing culture of such sites, whereby they may be targeted by malicious websites and may be social engineered into installing malware or into giving up sensitive data. The small businesses are also at risk when the employees inadvertently leak proprietary, regulated, or otherwise sensitive information. Other risks include revealing too much personal data that can be used to attack the individuals or their employers. Along with your other responsibilities, you need to think not only of how your employees interact with social networks as end-users, but also how your marketers use social media to interact with your customers. Your small business may have a marketing team that is either planning to or is already using social media. I also know this may be another hat you wear. Nonetheless, you need to understand how your small business operates through your marketing department for example - using social media before you attempt to identify and help mitigate the associated risks. Social media campaigns allow the small business to interact with its customers on social networksto go where the customers are rather than bring the customers to the small businesss own website. The risks tied to this fairly new method of marketing is drastically different from the way traditional marketing used to work just a few years ago yes its changed that much. Think about it there is little in common with the old way of doing things.
22
Everything is being seamlessly integrated, i.e., a website might present you with Fox News-related activities from your Facebook social network to allow you to deeply interact with content that is directly relevant to you. This opportunity for exposing your brand to customers directly on social networks and improving search engine rankings is filled with risk and rewards. Research data clearly supports that most marketers are new to the world of social media and are still trying to figure out how to best use it, looking for ways to measure the Return on Investment (ROI), and trying new things on the fly without seriously considering the ramifications. You must have your finger on the pulse of what your marketing team is doing be prepared to handle fast-changing infrastructure requirements that might drive these short-lived campaigns. These social media marketing campaigns may be ill-conceived putting your business in further jeopardy. Small businesses who restrict access to social networking sites will need to create exceptions for designated marketing personnel at that point youre all at greater risk of being attacked (e.g., phishing, data leakage, malicious links, etc.). Also, attackers could impersonate any one to target your customers fraudulently looking like it stems from your business and putting your customers data at risk. Your reputation is surely at risk then. Some small businesses allow the their customers to authenticate to their favorite social networking site, and use that identity to access personalized content on the small businesss own website. Facebook for Websites is one platform that delivers such capabilities; it was designed to make your website more personalized and social. On one side of the coin, its attractive not to have to worry about properly implementing authentication and about storing logon credentials. On the other side, small businesses lose control over
23
authentication when relying on identity attestation provided by a third party, such as Facebook. If your small business has a website that delegates authentication to a social networking platform, keep in mind that not all social networks apply the same rigor to protecting and authenticating user accounts. As the result, you might consider some social networking sites authentication attestation more reliable than others. LinkedIn seems to offer little in the way of automatically detecting when a user account has been compromised. Twitter seems to have some controls built in, as part of its effort to curtail Twitter spam. However, both of these popular networks are falling behind Facebook in their measures to protect user accounts. Facebook implements a mechanism known as social CAPTCHA to authenticate user accounts that are considered at risk. While CAPTCHA is traditionally used to distinguish between humans and bots, Facebooks method is designed to distinguish legitimate users from impostors. When Bots & Cheap Laborers Chat On-line scammers use various venues to social-engineer their victims into compliance. Email has been the most popular platform for such interactions. Scammers have also been known to chat with their victims using traditional instant messaging networks, such as Yahoo! Messenger and Google Talk. As people increasingly turn to social networking sites for their interactions, so do the scammers. Whats worse is low-cost labor is available throughout the world and scammers can employ humans for chatting with victims. One example is the Im stuck in London scam that was conducted via Facebook chat. The scammer used a compromised Facebook account in an attempt to solicit emergency funds from the victims friend. Its relatively easy to create a chat bot theres even a free chat bot hosting service that never was intended for use by the bad guys, but theyve tainted a cool thing.
24
Intelligent bots are hard to distinguish from humans. With this in mind, it might be worth educating end-users that attackers may be able to use compromised social network accounts for malicious chats. Since software is not available yet to deal with this issue, you need to educate your folks on thinking critically. Essential to this is identify anomalies in the timing, word usage, grammar and other message characteristics to note suspicious chat interactions. On a side note, one can never be certain the person they are talking to on Facebook is actually the real person. Criminals are stealing passwords, hacking accounts and posing as friends for financial gain. Once you have access to a person's account, you can see who their spouse is, where they went on holiday the last time. It is easy to pretend to be someone you are not. It does this by asking questions about the users social network. Facebook prompts the user to authenticate using the social CAPTCHA approach if the site notices an anomaly in the way the person is logging in. In one such personal incident, Facebook stated to me: You are signing in from a location not familiar with us. For your protection, please take a moment to answer a few security questions. Then FB presented to me an option to answer their predefined secret question or to identify photos of my friends. Security-conscious Facebook users can request a one-time password prior to logging in from an untrusted system, such as an Internet kiosk. If your mobile number is registered with Facebook, you can request a one-time (needs to be used within the next 20 minutes) password by texting the letters otp to 32665 (FBOOK) from your mobile phone. In my opinion, all social media sites need to be thinking along the lines of strengthening things up a bit. Take Facebook efforts for
25
instance theyve formed a partnership with security software vendor McAfee aimed at improving security for Facebook users. I encouraged you to become familiar with your small businesss marketing activities, so you can be prepared to support rapid social media marketing campaigns, help protect your companys brand and safeguard marketers from the exposure to social media marketing threats. Who's in the audience? Social networking is generally (although not exclusively) a form of written communication. All writers know that the first rule of writing is to know who's in your audience, because that determines not only what you say but also how you say it. If you've decided to use SN as a general public broadcast tool, being familiar with everyone in the audience is not as important. Dont dare mix business with pleasure. One of the biggest dangers of social networking comes when you mix your audiences -for example, having friends or followers who are business associates on the same account as personal friends, family members, and so forth. Deciding what is or isn't appropriate to post can get complicated really fast in that situation. A seemingly innocuous joke that your old college buddies might enjoy a lot may fall flat or even come across as offensive to a business colleague, causing awkwardness in working together. And remember that it works two ways: Don't post things on a friend's site that could be an embarrassment to him/her if the other person's boss, spouse, or minister saw it. A picture is worth a thousand words --and can be a thousand times more embarrassing Don't post pictures or videos of other people without their permission or unless you're absolutely sure they don't mind -including pictures that are not at all compromising or offensive. Some peeps don't like being photographed or having pictures of themselves displayed, even if you think they look great. Also be
26
cautious about "photo overload". Sensitive subjects can come back to bite you as well. Be careful when you start offering opinions, judgments, and commentaries. Venture carefully when you address the traditional hot topics: politics, sex, and religion. You should also think twice before you report on your involvement in legal issues or post something that might have ramifications pertaining to tax matters. Be careful in responding to others' rants and raves, also. Being under the influence of strong emotions, such as anger, fear, or grief, or suffering from lack of sleep can similarly impair your judgment and cause you to post things you otherwise wouldn't or respond to something in a less than ideal way. Be ready to reject a friendship request or "unfriend" someone. Some people have a hard time saying no. But if you accept every friendship request you receive, you may end up feeling as if you've thrown open the doors of your business and now you have a bunch of strangers camped out in your office, watching --and commenting on --everything you do and say. Don't explicitly notify people when they've been removed from your list of friends. Although, Facebook, for example, allows you to "hide" a particular person's posts from your friend feed. They still see all your updates (unless, of course, they hide you, too). Get familiar with the site's settings and options. One of the most important things you can do when you start using a social media is to completely familiarize yourself with how it works and the settings and options you can control. Social networking sites provide sophisticated privacy tools; take advantage of them to prevent faux pas. Remember that others who do have access can take screen shots or even digital photos of the screen and forward them to others. Avoid pseudonyms. You might be wondering if the best way to avoid all these problems is to just use a pseudonym for your social
27
networking accounts. You could create a fake persona and say whatever you want and nobody would know it's you. Aside from the fact that this pretty much defeats the whole purpose of social networking --getting to know people and letting them get to know you --it is also a violation of the Terms of Service (ToS) of most social networking sites. Also, it will make monitoring your reputation nearly impossible. Now lets take an even closer look at risks exposure for users. People, being social creatures, like to exchange information and share experiences. So do I. Weve all sent an email with attachments of documents and photographs along with sharing cool links. If the email is sent by attackers who cleverly get through to you, you risk being tricked into opening attachments and clicking on links that lead to malicious websites. In the social media arena, people share literally billions of links amongst its users. Most viruses sent over email or Instant Messenger wont damage your computer without your participation. For example, you would have to open an email or attachment that includes a virus or follow a link to a site that is programmed to infect your computer. So hackers often lie to get you to open the email attachment or click on a link. Some virus-laden emails appear to come from a friend or colleague; some have an appealing file name, like Fwd: FUNNY or Per your request!; others promise to clean a virus off your computer if you open it or follow the link. If you are following a friend on Twitter, LinkedIn, or Facebook, you are likely to click on the link that your friend shares, because you trust his taste and recommendations. Your poor friend unwittingly shared a link to poor you and it goes directly to a malicious website; or, maybe his or hers account is essentially under the attackers control and used to spread malicious links remotely. You can clearly see how it becomes an infection that can spread fast. Take Koobface for example. This malware spread by including links to malicious websites in Twitter and Facebook profiles. Once
28
the potential victim clicked on the link, he or she was typically directed to a website that attempted to trick the person into installing malware. When a persons system is infected with Koobface, the worm accesses the user social networking account and sends a message to the victims friends or followers with a link. When someone clicks the link, the person is directed to a website that attempts to infect the visitor with Koobface. Koobface authors employ creative techniques to social-engineer people into clicking the link and to bypass security measures. For instance, Websense documented how Koobface might share a purposefully broken link to avoid Facebooks URL filters. In this scenario, the attacker expects that the victims desire to visit the destination will lead him to manually fix the link and paste the URL directly in the browser. A common tactic involved presenting the user with a message that told users a Flash Player upgrade was required to view the video. Of course, it installed malware and not the Flash Player. Other malware examples dared victims to click the link to get them hooked up. Once that person copied and pasted that nasty JavaScript, it would hijack the persons Facebook session and used it to spread this malware to the persons Facebook friends. Whats even worse is that it automatically tells all your friends that you like the app, and it posts that link on your page for all your friends to see (or to be potentially victimized if they cant resist the urge to click). Next, I want to focus on the risk of leaking sensitive data. Little slips here and there usually arent the root of the problem. Its when someone smart enough is able to aggregate bits and pieces of
29
information to come up with something to use for malicious purposes. New hires are prime targets for social engineering, because they dont know much about their new employer. This makes them more open to new connections and experiences. They may be little chatter bugs online in the name of networking. Imagine clicking on the Facebook Share button and youve actually clicked on an invisible little area around the button that shared will spread malicious websites with you (the victim) friends. These fertile grounds are prime for big time scams. Take an open frame of mind of a user in an environment like social media that encourages sharing - it becomes a recipe for disaster. Facebook had one that promised to help you discover the people who had been viewing your Facebook profile. The intend of the scam was for you to reveal sensitive data. The malicious site shows a fake Facebook page in the background, requests that the user click the Like and Share button (to spread it to the victims friends on Facebook), and lastly, the person is asked to fill out some surveys that ask for contact information details. All that and the victim finally comes to realize the app never existed. Therefore, it seems that users of social networking sites are often to blame for putting themselves at risk by clicking on links or by sharing sensitive information. However, social networking sites themselves have been known to leak the data of their users. For example, a feature may be misunderstood by its user that now allows access to photos or status updates. The leaks can also take the form of social networking sites providing sensitive data to third parties without the users knowledge or consent. Numerous entities, both friendly and not, realize how much information about individuals can be harvested from social networks. Mark Zuckerberg himself blatantly said that he personally felt people are crazy to share so much. You should have seen the sweat beads form on his forehead when he was confronted about his statement while being interviewed on a TV program. You see, once a
30
user posts online, they essentially are creating a nicely stamped public record with a very accurate timeline of their personal (now public) activities. Social networking sites might leak data when interacting with other web applications. For instance, some Facebook applications were found to reveal to advertisers the user ID of the Facebook user. MySpace was discovered to have a similar data leak. Knowing the social network users ID, a third-party site can look up that users profile details, which may include the persons name, sex, and friend details. The data that users of social networking sites reveal about themselves can be used by attackers to guess or request passwords. One way to accomplish this is to succeed at answering the targeted persons questions of Favorite animal? The attacker may be able to look through the victims social networking history to see whether he or she posted about animals. Individuals activities on social networking sites may reflect badly on the employer. People want to speak freely when interacting with their friends or colleagues on social networks. However, these sites archive and often make public the conversations, making the conversations subject to everyones scrutiny. Its easy to say something that will offend someone, and might as the result taint the brand of the speakers employer. Action of an individual on a social networking site can even get that person fired. Remember the notorious Domino video. It was viewed by over a million people, showing some disgusting employees preparing sandwiches blatantly violating food prep standards (a lot of mucous was involved). They were fired and faced felony charges, while Dominos went into PR crisis mode. The question of when a message posted on a social networking site constitutes a firing offense is hard to answer. Most people get fired for violating company policy.
31
The issue is not clear-cut. Since social media is still a relatively recent phenomenon, small businesses are still trying to figure out how to control it to stay compliant with applicable regulations and standards. Merely blocking access to popular social networking sites might not be practical, nor sufficient: employees can still access those sites from a non-corporate location and may engage in activities that put their employers compliance posture at risk. Two areas to consider in these cases are controlling the distribution of sensitive data and requiring the retention of records. Small businesses need to consider how they will meet these requirements when their employees communicate and share data on public social networking sites. The challenge increased in the cases where the employees participate in these sites on their own time from home: they might still leak or refer sensitive company data, yet the company will have a hard time tracking their activities to meet compliance requirements. Like Brakes In A Car, As Opposed To A Brick Wall Social Media Marketing Risk Management is like the brakes - it permits what would otherwise be unacceptable risk. To mitigate the risks you need to start listening to the chatter. There are ways to do this albeit not in a perfected way. The basics involve monitoring for references to your business, its data, products, brands, and activities associated with your employees. Social Media Marketing Risk Management is like a rear view mirror only of limited use good to learn from - unless of-course you are driving backwards instead of forward! When monitoring activities of your employees, you need to be mindful of laws that may guard privacy of the individuals, especially when on-line interactions occur outside of your turf. Numerous free tools can help you keep an eye on things. These include: SocialMention, Google Alerts, Twitter Search, Twazzup, CrowdEye, etc. Higher end commercial tools include the various
32
marketing campaign tracking tools, such as PostRank, Social Sentry, and SAS. Social Media Marketing Risk Management is like feedback. If you're not going to pay attention to it, you're wasting your time. Culture Of Security Create a culture of security by implementing a regular schedule of employee training. Update employees as you find out about new risks and vulnerabilities. Make sure training includes employees at satellite offices, temporary help, and seasonal workers. If employees dont attend, consider blocking their access to the network. Train employees to recognize security threats. Tell them how to report suspicious activity and publicly reward employees who alert you to vulnerabilities. Tell employees about your company policies regarding keeping information secure and confidential. Post reminders in areas where sensitive information is used or stored, as well as where employees congregate. Make sure your policies cover employees who telecommute or access sensitive data from home or an offsite location. Warn employees about phone phishing. Train them to be suspicious of unknown callers claiming to need account numbers to process an order or asking for customer or employee contact information. Make it office policy to double-check by contacting the company using a phone number you know is genuine. Require employees to notify you immediately if there is a potential security breach, such as a lost or stolen laptop. Impose disciplinary measures for security policy violations. Employee Training Your SMMRM plan may look great on paper, but its only as strong as the employees who implement it. Take time to explain the rules to your staff, and train them to spot vulnerabilities. Periodic
33
training emphasizes the importance you place on meaningful these practices. A well-trained workforce is best defense. Check references or do background checks before hiring employees who will have access to sensitive data. Ask every new employee to sign an agreement to follow your companys confidentiality and security standards for handling sensitive data. Make sure they understand that abiding by your companys data security plan in regards to any social media marketing done and is an essential part of their duties. Regularly remind employees of your companys policyand any legal requirementto keep customer information secure and confidential. Know which employees have access to consumers sensitive personally identifying information. Pay particular attention to data like Social Security numbers and account numbers. Limit access to personal information to employees with a need to know. Have a procedure in place for making sure that workers who leave your employ or transfer to another part of the company no longer have access to sensitive information. Terminate their passwords, and collect keys and identification cards as part of the checkout routine. Well cover how to come up with policy/guidelines and employee training in a subsequent chapter. Briefly, the training (and guidelines/policies) is probably going to be different for those employees who are allowed to post on social media sites on behalf of the company, in contrast with the employees who are active in social media as themselves. Your first impulse may be to control their activities to mitigate risks. However, a more effective thought would be to allow some actions, but not others and use technology solutions to help. Such tools, include endpoint protection, anti-virus, and web filtering products, are improving their abilities to control users interactions. For example, Norton Internet Security includes a Facebook application called Norton Safe Web, which scans links the users friends share on Facebook to identify those that point to malicious sites. Others I use are BitDefender safego and
34
Websense Defensio. They all have customizable settings to combat spam content, attempts to distribute malware, links to undesirable content categories (e.g., adult material, gambling, etc.), and links to executable files. Endpoint Security Software Endpoint security software protects computers or devices against a wide range of security, productivity and compliance threats, and enables you to manage centrally the security of multiple endpoints. Endpoint security products bring together individual point products required to protect against modern threats in one solution. They often integrate the protection for multiple features into one agent or central console, facilitating management and reporting. They can include: Anti-virus software Device control Network access control Application control Runtime protection Encryption technology Data leakage prevention. Appliances Appliances are hardware and software security elements that are combined in one solution. This lets you plug them in rather than installing the software separately. The most common types of appliances are Email appliances and Web appliances. They sit at the gateway between a small business's IT systems and the internet, and filter traffic to block malware, spam and data loss. Email appliances block spam, phishing, viruses, spyware and other malware, and depending on the solutionalso employ content filtering and encryption to prevent the loss of confidential or sensitive information via email.
35
Web appliances block malware, spyware, phishing, anonymizing proxies and other unwanted applications at the web gateway. They may also offer tools to enforce internet use policies. Application Control Application control enables you to control the use of applications that may be inappropriate for use on business computers or networks. The main goal is to control those applications that have the potential to spread malware and can adversely impact network and user productivity. This includes many consumer based applications such as peer-to-peer file sharing software, games or media players. Application control can be used to enforce the use of chosen business applications. For example, a policy could be set to only allow the use of Internet Explorer and block all other internet browsers. Categories of applications that businesses may wish to control include Voice Over Internet Protocol (VoIP), remote management tools and instant messaging clients. Device Control Device control helps you control the use of removable storage, optical media drives and wireless networking protocols. Device control is a central element of data leakage prevention strategies, and also helps prevent malware that spreads through USB drives. Many small businesses use device control to enforce policies relating to the use of removable storage devices. Depending on the solution used, device control can enable small businesses to decide which devices can connect to the computers through a central policy. Encryption Software Encryption solutions secure your data by encrypting your desktops, laptops, removable media, CDs, email, files and other devices. Information can only be accessed by entering an encryption key or password. Some encryption solutions can be considered so that data is automatically decrypted for authorized users so they do not need to enter an encryption key or password to access the information. Depending on the product, encryption solutions often include key management (facilitating the storage, exchange and recovery of encryption keys), encryption policy enforcement, and centralized management and reporting features. Encryption solutions
36
enable you to protect your confidential information and comply with regulatory mandates for data security. Firewall A firewall prevents unauthorized access to a computer or a network. As its name suggests, a firewall acts as a barrier between networks or parts of a network, blocking malicious traffic or preventing hacking attempts. A network firewall is installed on the boundary between two networks. This is usually located between the internet and a company network. It can be a piece of hardware or software running on a computer that acts as a gateway to the company network. A client firewall is software that runs on an end users computer, protecting only that computer. In either case, the firewall inspects all traffic, both inbound and outbound, to see if it meets certain criteria. If it does, it is allowed; if not, the firewall blocks it. Firewalls can filter traffic on the basis of: y The source and destination addresses and port numbers (address filtering). y The type of network traffic (e.g., HTTP or FTP protocol filtering). y The attributes or state of the packets of information sent. A client firewall can also warn the user each time a program attempts to make a connection, and ask whether the connection should be allowed or blocked. It can gradually learn from the users responses, so that it knows which types of traffic the user allows. Use a firewall to protect your computer from hacker attacks while it is connected to the Internet. A firewall is software or hardware designed to block hackers from accessing your computer. A properly configured firewall makes it tougher for hackers to locate your computer and get into your programs and files.
37
Determine whether you should install a border firewall where your network connects to the Internet. A border firewall separates your network from the Internet and may prevent an attacker from gaining access to a computer on the network where you store sensitive information. Set access controlssettings that determine who gets through the firewall and what they will be allowed to seeto allow only trusted employees with a legitimate business need to access the network. Since the protection a firewall provides is only as effective as its access controls, review them periodically. If some computers on your network store sensitive information while others do not, consider using additional firewalls to protect the computers with sensitive information. Dont be put off by the word firewall. Its not necessary to fully understand how it works; its enough to know what it does and why you need it. Firewalls help keep hackers from using your computer to send out your personal information without your permission. While anti-virus software scans incoming email and files, a firewall is like a guard, watching for outside attempts to access your system and blocking communications to and from sources you dont permit. Some operating systems and hardware devices come with a built-in firewall that may be shipped in the off mode. Make sure you turn it on. For your firewall to be effective, it needs to be set up properly and updated regularly. Check your online Help feature for specific instructions. If your operating system doesnt include a firewall, get a separate software firewall that runs in the background while you work, or install a hardware firewallan external device that includes firewall software. Several free firewall software programs are available on the Internet. Network Access Control (NAC) A network access control solution protects your network and the information on it from the threats posed by users or devices accessing your network. There are three main aspects to network access control: Authentication of users and devices to check that they are who they say they are
38
Assessment of computers attempting to access the network to make sure they are virus-free and meet your security criteria Enforcement of policy based on the role of the user so each person can access information appropriate to his or her role, while preventing inappropriate access to other information. Runtime Protection Runtime protection protects against attempts to access vulnerable parts of your computer. Runtime protection analyzes the behavior of all the programs already running on your computer and blocks any activity that looks as if it could be malicious. For example, it checks any changes being made to the Windows registry, which may indicate that malware is installing itself so that it starts automatically whenever you restart the computer. Runtime protection solutions include host intrusion prevention systems (HIPS) and buffer overflow prevention systems (BOPS), which guard against unknown threats by analyzing behavior before code executes. Wireless And Remote Access Determine if you use wireless devices like cell phones to connect to your computer network or to transmit sensitive information. If you do, consider limiting who can use a wireless connection to access your computer network. You can make it harder for an intruder to access the network by limiting the wireless devices that can connect to your network. Better still, consider encryption to make it more difficult for an intruder to read the content. Encrypting transmissions from wireless devices to your computer network may prevent an intruder from gaining access through a process called spoofing impersonating one of your computers to get access to your network. Consider using encryption if you allow remote access to your computer network by employees or by service providers, such as companies that troubleshoot and update software you use to process credit card purchases.
39
Detecting Breaches To detect network breaches when they occur, consider using an intrusion detection system. To be effective, it must be updated frequently to address new types of hacking. Maintain central log files of security-related information to monitor activity on your network so that you can spot and respond to attacks. If there is an attack on your network, the log will provide information that can identify the computers that have been compromised; Monitor incoming traffic for signs that someone is trying to hack in; Keep an eye out for activity from new users, multiple login attempts from unknown users or computers, and higher-than-average traffic at unusual times of the day; Monitor outgoing traffic for signs of a data breach; Watch for unexpectedly large amounts of data being transmitted from your system to an unknown user; If large amounts of information are being transmitted from your network, investigate to make sure the transmission is authorized. Have in place and implement a breach response plan. Make SMMRM A Habit Whatever the reason, ignoring Social Media Marketing Risk Management is like drinking and driving: you may be able to avoid hitting a wall tonight, but eventually you're going to crash if you don't change your habits. Small businesses are especially vulnerable to computer viruses and lost or stolen data, since they typically lack the resources to deal with these threats. Inadequately protected computers open the door to annoying infections, or worse, serious business disruption. Three Core Practices 1. Install anti-virus, anti-spyware and anti-spam programs and keep them up to date. 2. Install a firewall and keep it properly configured. 3. Regularly install updates for your computer's operating system.
40
Anti-spam Software Anti-spam programs can detect unwanted email and prevent it from reaching users inboxes. These programs use a combination of methods to decide whether an email is likely to be spam. y Block email that comes from computers on a blocklist. This can be a commercially available list or a local list of computer addresses that have sent spam to your company before. y Block email that includes certain web addresses. y Check whether email comes from a genuine domain name or web address. Spammers often use fake addresses to try to avoid anti-spam programs. y Look for keywords or phrases that occur in spam (e.g., credit card, lose weight). y Look for patterns that suggest the emails sender is trying to disguise his or her words (e.g., hardc*re p0rn). y Look for unnecessary HTML code (the code used for writing webpages) used in email, as spammers often use this to try to conceal their messages and confuse antispam programs. y The program combines all the information it finds to decide the probability of an email being spam. If the probability is high enough, it can block the email or delete it, depending on the settings you choose. y Anti-spam software needs frequent updating with new rules that enable it to recognize the latest techniques used by spammers. Anti-virus Software Anti-virus software can defend you against viruses and other malware threats including Trojans, worms and depending on the product spyware. Anti-virus software uses a scanner to identify programs that are or may be malicious. Otherwise, its like leaving the back door open on a restaurant a lot of bugs will come in. Scanners can detect:
41
Known viruses: The scanner compares files on your computer against a library of identities for known viruses. If it finds a match, it issues an alert and blocks access to the file.
42
Previously unknown viruses: The scanner analyzes the likely behavior of a program. If it has all the characteristics of a virus, access is blocked, even though the file does not match known viruses. Suspicious files: The scanner analyzes the likely behavior of a program. If that behavior is considered undesirable, the scanner warns that it may be a virus. Detection of known viruses depends on frequent updates about the latest virus identities. There are on-access and on-demand scanners, and most anti-virus packages offer both. On-access scanners stay active on your computer whenever you are using it. They automatically check files as you try to open or run them, and can prevent you from accessing infected files. On-demand scanners let you start or schedule a scan of specific files or drives. What Keeps IT Security Professional Awake At Night? Most tools Ive come across on the market today simply boil down to this: At the end of the day, all these tools are, are ways for someone to identify things that bother him/her about their current risk landscape and apply a rating that represents how much sleep they lose at night worrying about them. Bottom line -- understanding likelihood of success is not very useful if I dont also understand the likelihood of occurrence. CSOonline recently checked in with dozens of IT security professionals (i.e., ironically, using more than one social networking platform to do so) to pinpoint typical mistakes people make, and how to avoid them. Over-sharing company activities. This is likely about ones pride, when someone gets excited about something their company is working on and simply must tell everyone about it. By sharing too much about your employer's intellectual property on social networks, you threaten to put it out of business by tipping off a competitor who could then find a way to duplicate the effort or find a way to spoil what they can't have by hiring a hacker to penetrate the network or by sneaking a spy into the building. Then there are hackers controlling legions of botnets that could be programmed to scour a company's defenses and, upon finding a
43
weakness, exploit it to access data on the intellectual property. With the data in hand, the hacker can then sell what they have to the highest bidder, which just might be your biggest competitor. Your new mantra: "Loose Tweets Sink Fleets". Mixing personal with professional. Closely related to the first, but it extends beyond the mere disclosure of company data. This is the case where someone uses a social network for both business and pleasure, most commonly on Facebook, where one's friends include business associates, family members and friends. In some cases, it's nearly impossible to separate business from the personal on a social networking site. Those who work for media companies, for example, are sometimes required to use all their social networking portals to proliferate content in an effort to boost page views which, in turn, attract potential advertisers. Engaging in Tweet (or Facebook/LinkedIn/Myspace) rage. Resist the urge to fire back with a stream of vitriol can be irresistible. Call this a sin of wrath. Believing he/she who dies with the most connections wins. For some social networkers, it's all about accumulating as many connections as possible. Folks on LinkedIn are notorious for doing this, especially those in such LinkedIn groups as TopLinked and LION. This may seem harmless enough or, at the worst, just annoying. It may make it easier to link or "friend" a scam artist, terrorist or identity thief. Consider a new paradigm: having smaller, unified, and loyal following. If not, why is the person trying to connect with you? Check if the profile of the other person is secured. If you can't retrieve a list of that person's connections, you need start questioning. Trigger finger (clicking everything, especially on Facebook). Facebook in particular is notorious as a place where inboxes are
44
stuffed with everything from drink requests to cause requests. Unfortunately, the bad guys know this and will send you links that appear to be from legitimate friends. Open the link and you're inviting a piece of malware to infect your machine. Malware Link Distribution By Blending In Scammers increasingly rely on the richness and popularity of the on-line social networks conduct fraudulent activities. They often employ malware, designed thrive in the social networking ecosystem, in support of these efforts. Malicious software might spread autonomously, like a worm, and might receive instructions from its operator, like a bot. The scammers objective may be to share links to malicious websites, distribute messages aimed to defraud their recipients, create postings to drive up the popularity of the advertised website, etc.). The bot mimics other users interests by copying features of their profiles into its own profile. These bots strive to appear to be full participants of the social network, building up friendships and reputation so that a wide audience sees the spam comments and blog postings they create. Some malwares goal is to overwhelm other posts with tons of spam, making it harder for humans to participate in legit discussions. The remaining few may be internet safety savvy people and might be deterred from participating, fearful that they will be caught accessing content such as pornography. Whats left is a cess pool where once was a clearly defined and safe environment for participants. You need to educate users to adapt by: y becoming more careful whom they friend, and y being more critical of the content they read. You role also includes imposing tighter controls on who can attach comments to existing legitimate content.
45
A report from security firm Cloudmark that was released at the end of 2008 concluded that close to 40 percent of new Facebook profiles are actually fake. If you are one of those people with hundreds of "friends," what are the chances you might have a fake friend or two out there in your network? Having lots of friends is dangerous is because it opens you up to additional security risks. The more friends you have, the more reach a criminal will have when he breaks into your profile and sends out a bad link to everyone. People Are Impulsive Clickers Malware spreads unabated because people frequently use them for sharing links to websites, articles, videos, and stories that they like. Since the links are seen as being distributed by a friend, many people click on them even with an awareness of the risks. Is it our nature? Our innate curiosity? Its hard to discuss with colleagues ways of securing social media interactions if youre not hip to Facebook or Twitter. You also need to understand the psychology behind their actions. Its hard to protect your companys social media marketing activities if you dont know how the company is trying to engage consumers through this medium and why. If your efforts to secure data and mitigate risks are seen as a wall that makes it impossible to conduct business, youll become irrelevant and will probably fail. However, if your efforts are seen as being quick, nimble, and on your toes, yet remaining in control enough to slow down when foresight tells you pitfalls lie ahead, you just might succeed big time. Social Engineering Social engineering is frequently used in computer attacks as well as in other forms of on-line fraud. Scammers rely on psychological factors to lower the victims guard or otherwise make him more susceptible to persuasion.
46
These factors include: y more money as evidenced by make money opportunities y less work as evidenced by little work to make big money scams y fitting in as evidenced by peer pressure to go with the crown y brand trust as evidenced by scams using legit trusted brands to entice y self-centeredness as evidenced by customized attacks that answers peoples question of Whats in it for me? Shift In Societal Norms & Implications For You Facebook founder Mark Zuckerberg made controversial remarks to a live audience at an awards event and stated that openly sharing information with many people is today's social norm. He went on to say "I view it as our role in the system to constantly be innovating and be updating what our system is to reflect what the current social norms are." Many have translated this to mean Facebook doesn't think its users want much privacy, and the policies of the site reflect that view. There has actually been a shift in societal norms regarding privacy on the Internet thanks to risk-taking teens and adults alike. They are using various public forums to exchange uncensored free-form banter without considering the long-term repercussions of having their conversations archived and searchable forever. Ones professional personae can be wrecked because information that is more personal is available about them. The user can change the privacy settings, but its evident they arent. An attacker can use the Find Friends feature to locate profiles of targeted individuals, or might create a script to mine data in bulk. Regarding Formspring.com, the attacker doesnt need to be a registered user to view public profiles, if he knows the victims username. The collected details could be used to target people using
47
social engineering techniques. Some fear it means an increase loss of privacy as the social networking site inevitably looks for ways to make money by offering up valuable user information to advertisers and developers When designing the SMMRMS, I did not make assumptions regarding personal details and related data being only known to the user. For instance, many applications provide a secondary login mechanism by asking the person for private details, such as his favorite color, flower, or restaurant. Aforementioned, privacy norms are changing rapidly. What was once private will soon be public. I am anticipating this change to continue rapidly and will adjust the mechanisms in anticipation of the increased transparency of peoples once-personal information. Cost Of Embracing It Is Low Think of it this way: When one of your customers or members shares a piece of your content (e.g., an issue of your newsletter, a blog post, or an event check-in), or talks about you on a social media site, hes offering his endorsement of what you do and sharing you with his network without you having to lift a finger or spend any additional money. Social media marketing sites are free. Facebook, Twitter, LinkedIn, Foursquare, Yelp, and other sites all offer free accounts for businesses and small businesses. You can even blog for free with services like Wordpress.com, Googles Blogger.com, or Posterous.com. Some sites like LinkedIn do offer paid accounts with features that are targeted at more advanced users, but for the purposes of getting started, theres no upfront cost for most of the social networking sites. LinkedIn has job information through partnerships with Dice and SimplyHired. Ensuring that your advertised positions go beyond monster and into LinkedIn is an extra step that can use the leverage of the LinkedIn network. The price is right. Most of LinkedIn services are free, so why not take advantage of the extra placement?
48
Social media sites allow you to be personal and professional. On Facebook, you can have two identities: one for you and one for your business or small business. Facebook offers an option known as Pages, which are different from the standard Friend connections, and allow you to post messages just to people who Like your small business, keeping any personal information about you separate and contained to your profile. You can use social media to detect trends and then take a deeper dive with an online survey. Many of the popular blog platforms also allow posting from a mobile device. Mobile Social Media Marketing 2011 was dominated by headlines about cell phone malware. This could be for several reasons: firstly, smartphones now exceed PC sales. Secondly, Android is becoming the dominant platform of mobile computing and is likely to win the tablet market shortly. Cyber-crooks are beginning to realize the existence of an emerging market they are willing to exploit, and are trying new techniques while continuing to use proven strategies, like using malware to get infected phones to send SMS text messages to premium rate numbers. A Trojan, detected as Trj/ADRD, stole personal information and sent it to cyber-crooks. I recommend that to combat these threats your SMM team needs to avoid downloading applications from unofficial and questionable places. Aim to download from the official store (Android Market) and Apple.com. Also, stay away from free wall papers, games, etc. Highly advanced Trojan can not only steal confidential information but could also can download and install other applications without user knowledge. If your PC was infected and you tried to make an online transaction, the bank would display a page (modified by the ZeuS Trojan) prompting you to enter your phone number and model in order to send you a message to install a
49
security certificate on your phone. However, this certificate was in reality a Trojan designed to intercept all messages you received. Mobile devices in our lives have become much more complex and powerful, and as a result, more attractive as targets for malware authors: y they run web browsers capable of running javascript or flash both with issues of those technologies on other platforms y they have built-in GPS capabilities that allow for tracking of our movements, an y nearly constant access to the internet to potentially share that information (or any other data on the device) with "the bad guys" Defensive capabilities have not kept pace. And because of their size, these new mobile devices are small enough that they are also much easier to misplace (or steal). Personal And Company Usage I urge a few measures for company use: Encryption- if the capability exists on the platform you are using, whole device encryption could provide some minimal protection to corporate (or personal) data on the device should it be lost or stolen. Remote Wipe- the ability to remotely kill or wipe a device that has been lost or stolen should be enabled if it exists. VPN- where possible, VPN back through the corporate environment. This allows one to take advantage of proxies, firewalls, -mail filtering of the corporate network. When possible, use the mobile device as a thin client to access data in the corporate network or in "the cloud" rather than keeping potentially sensitive data on the mobile device itself.
50
Regarding personal usage, the biggest thing is to remember that the defenses on these mobile devices are even slimmer than on our home PCs and laptops! y Fight the urge to do things like banking, that might reveal information that could be used for identity theft, from your mobile device. y Don't click on links sent via IM, Facebook, SMS. y In general, there are a few things that should probably be done all the time to protect yourself and your personal and company information. y Turn off the GPS and data (3G/4G/wifi) capabilities when you aren't actually using them. y If anti-virus software exists for your platform install it. y If at all possible, don't mix corporate and personal use on the same mobile device. Many social networking sites have a feature that allows users to check their profiles and post comments from their phones, allowing access from anywhere. That means the filters youve installed on your business computer(s) wont limit what your SMM team members can do on a phone. If your SMM team members are going mobile with their profiles or blogs, talk to them about using good sense when theyre using social media from their phones. Social Mapping With mobile GPS, people can pinpoint where their friends, business associates, etc. areand vice versa. Advise your SMM team members to use these features only with people they know in person and trust, and why not to broadcast their location to the world, 24-7. Texting If your SMM team members are texting, encourage them to: respect others. Texting shorthand can lead to misunderstandings. Think about how a text message might be read and understood before sending it; ignore text messages from people they dont know; learn how to block numbers from their cell phone; avoid posting their cell phone number online; never provide financial information in response to a text message.

Introduction and Chapter One

Transféré par

Informations du document

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Introduction and Chapter One

Transféré par

Droits d'auteur :

Formats disponibles

SOCIAL MEDIA MARKETING RISK MANAGEMENT FOR SAFETY & PROFIT

SOCIAL MEDIA MARKETING RISK MANAGEMENT FOR SAFETY & PROFIT

Social Media Marketing Risk Management For Safety & Profit

ANTHONY COLN, SOCIAL MEDIA MARKETING RISK MANAGEMENT SPECIALIST

SOCIAL MEDIA MARKETING RISK MANAGEMENT FOR SAFETY & PROFIT

Social Media Marketing Risk Management For Safety & Profit

PRESS ISBN-10: 1453798935 ISBN-13: 978-1453798935

SOCIAL MEDIA MARKETING RISK MANAGEMENT FOR SAFETY & PROFIT

SOCIAL MEDIA MARKETING RISK MANAGEMENT FOR SAFETY & PROFIT

SOCIAL MEDIA MARKETING RISK MANAGEMENT FOR SAFETY & PROFIT

SOCIAL MEDIA MARKETING RISK MANAGEMENT FOR SAFETY & PROFIT

SOCIAL MEDIA MARKETING RISK MANAGEMENT FOR SAFETY & PROFIT

SOCIAL MEDIA MARKETING RISK MANAGEMENT FOR SAFETY & PROFIT

SOCIAL MEDIA MARKETING RISK MANAGEMENT FOR SAFETY & PROFIT

SOCIAL MEDIA MARKETING RISK MANAGEMENT FOR SAFETY & PROFIT

SOCIAL MEDIA MARKETING RISK MANAGEMENT FOR SAFETY & PROFIT

SOCIAL MEDIA MARKETING RISK MANAGEMENT FOR SAFETY & PROFIT

SOCIAL MEDIA MARKETING RISK MANAGEMENT FOR SAFETY & PROFIT

SOCIAL MEDIA MARKETING RISK MANAGEMENT FOR SAFETY & PROFIT

SOCIAL MEDIA MARKETING RISK MANAGEMENT FOR SAFETY & PROFIT

SOCIAL MEDIA MARKETING RISK MANAGEMENT FOR SAFETY & PROFIT

SOCIAL MEDIA MARKETING RISK MANAGEMENT FOR SAFETY & PROFIT

SOCIAL MEDIA MARKETING RISK MANAGEMENT FOR SAFETY & PROFIT

RISK VS. REWARDS

SOCIAL MEDIA MARKETING RISK MANAGEMENT FOR SAFETY & PROFIT

SOCIAL MEDIA MARKETING RISK MANAGEMENT FOR SAFETY & PROFIT

SOCIAL MEDIA MARKETING RISK MANAGEMENT FOR SAFETY & PROFIT

SOCIAL MEDIA MARKETING RISK MANAGEMENT FOR SAFETY & PROFIT

SOCIAL MEDIA MARKETING RISK MANAGEMENT FOR SAFETY & PROFIT

SOCIAL MEDIA MARKETING RISK MANAGEMENT FOR SAFETY & PROFIT

SOCIAL MEDIA MARKETING RISK MANAGEMENT FOR SAFETY & PROFIT

SOCIAL MEDIA MARKETING RISK MANAGEMENT FOR SAFETY & PROFIT

SOCIAL MEDIA MARKETING RISK MANAGEMENT FOR SAFETY & PROFIT

SOCIAL MEDIA MARKETING RISK MANAGEMENT FOR SAFETY & PROFIT

SOCIAL MEDIA MARKETING RISK MANAGEMENT FOR SAFETY & PROFIT

SOCIAL MEDIA MARKETING RISK MANAGEMENT FOR SAFETY & PROFIT

SOCIAL MEDIA MARKETING RISK MANAGEMENT FOR SAFETY & PROFIT

SOCIAL MEDIA MARKETING RISK MANAGEMENT FOR SAFETY & PROFIT

SOCIAL MEDIA MARKETING RISK MANAGEMENT FOR SAFETY & PROFIT

SOCIAL MEDIA MARKETING RISK MANAGEMENT FOR SAFETY & PROFIT

SOCIAL MEDIA MARKETING RISK MANAGEMENT FOR SAFETY & PROFIT

SOCIAL MEDIA MARKETING RISK MANAGEMENT FOR SAFETY & PROFIT

SOCIAL MEDIA MARKETING RISK MANAGEMENT FOR SAFETY & PROFIT

SOCIAL MEDIA MARKETING RISK MANAGEMENT FOR SAFETY & PROFIT

SOCIAL MEDIA MARKETING RISK MANAGEMENT FOR SAFETY & PROFIT

SOCIAL MEDIA MARKETING RISK MANAGEMENT FOR SAFETY & PROFIT

SOCIAL MEDIA MARKETING RISK MANAGEMENT FOR SAFETY & PROFIT

SOCIAL MEDIA MARKETING RISK MANAGEMENT FOR SAFETY & PROFIT

SOCIAL MEDIA MARKETING RISK MANAGEMENT FOR SAFETY & PROFIT

SOCIAL MEDIA MARKETING RISK MANAGEMENT FOR SAFETY & PROFIT

SOCIAL MEDIA MARKETING RISK MANAGEMENT FOR SAFETY & PROFIT

SOCIAL MEDIA MARKETING RISK MANAGEMENT FOR SAFETY & PROFIT

SOCIAL MEDIA MARKETING RISK MANAGEMENT FOR SAFETY & PROFIT

SOCIAL MEDIA MARKETING RISK MANAGEMENT FOR SAFETY & PROFIT

SOCIAL MEDIA MARKETING RISK MANAGEMENT FOR SAFETY & PROFIT

Vous aimerez peut-être aussi