Security policies should now include Twitter, says new guide from Network Box

Business should review their security policies to include Twitter, according to a guide from Network Box.

The Guide to Secure Use of Twitter http://www.network-box.co.uk/sites/default/files/NBWP_securing_social_media_series_pt_3.pdf  is part of a series of securing social media guides from Network Box, and is designed to help IT managers review or create new user policies and update company security processes to include Twitter and other microblogs.

The most significant security threat to users posed by Twitter is the sharing of links between groups of followers often masked by URL shortening tools such as tinyurl or bit.ly which could be exploited to download malware, or launch a phishing attack. Other potential risks including identity hijacking, hacking into user accounts and spam campaigns.

The guide includes this advice for companies:

User access: Agree whether your company policy is to allow access to Twitter. There is often a clear business case for using Twitter; so be realistic about whether users should be using it. It may be that dont feel comfortable allowing blanket access to Twitter to all employees, so you could consider granting different access rights to different groups. For example, it may be important for customer-facing or product development staff to use Twitter to communicate with customers or test groups. If you do allow universal access, consider recommending Twitter tools that should and shouldnt be used; and stay up to date with development and use of those tools.  Review this policy regularly this is a fast-changing world.

Productivity: As with any interactive media tools, keep a close check on productivity. Make clear to employees that wasting company time on personal activity is not acceptable, whether this is spending time on Twitter, Facebook, personal email or the telephone. Give clear guidelines as to how much time spent on personal contact is acceptable. Ensure clear objectives and targets are set by the HR team or line managers, and are being met. If they are, then productivity is not an issue.

Personal security: Educate your employees about the risks of giving away personal details on Twitter, as on any other media. Dont give away your Twitter password, or information on Twitter that could expose any of your other personal account passwords. Commonly, these include: date of birth, mothers maiden name, fathers first name, pets name, key home address details and such like.

Downloading malware from unknown sources: Twitter is often used to share information and web links, photos or video links. Make it clear to employees that they should never click on a link they dont trust, or that is sent by someone they dont know personally. This may sound obvious, but with the rise of the social web, it is a point well worth re-iterating. URL-shortening tools such as tinyurl or bit.ly can cloak websites that are being used for malware downloads or phishing attempts. Some of these URL shortening tools (tinyurl and bit.ly on Firefox) have a preview function, which allows you to view the URL before you click through these have been developed as a result of increased security concerns and are worth using.

Associated reputational risks: As with other social media, make it clear to your employees that they have a contractual duty not to bring their company into disrepute. This includes talking about company business on public conversation networks such as social networks or microblogs.
 
Simon Heron, Internet Security Analyst for Network Box, says: The most important thing is that a companys security systems work for, not against, what employees need to do their jobs. Our advice is: make sure your security is up to date so it can deal with new technologies such as Twitter.

The guide can be downloaded free from http://www.network-box.co.uk/sites/default/files/NBWP_securing_social_media_series_pt_3.pdf
 

About Network Box:

Network Box Limited (NBL) is an international managed security services company, specialising in unified threat management (UTM).  It continuously defends the networks of its customers using PUSH technology to instantaneously update protection, from 12 Security Operations Centres spread around the globe.  NBLs customers in Asia, Australia, North America and Europe include companies such as BMW, Nintendo and Toyota, as well as banks, utilities companies and government organisations.