Who Would Want to Be a CISO or CPO for a Social Networking Site?
This morning I spoke with a reporter from billingworld.com about social networking sites, innovation and partnering established businesses with new sites such as this and the risks involved. After the call I continued to think about this and jotted down a few notes...
The well-known saying, "On the Internet nobody knows you're a dog" is especially applicable to social networking sites such as Myspace and Facebook. The nature of those sites is to give the users almost complete control over what they post and share with others. I have seen little evidence that the sites try to verify the information of the people signing up for the site. It is quite easy to pretend to be someone else...let's say a 14-year-old...when in fact you are a 36-year-old perverted "dog"!
Trying to provide security on those social networking sites is a huge challenge. And when the security area is not responsive to complaints, as the NY Attorney General's September 2007 investigation report shows, then there really can be no expectation of security over personal information.
Now that social networking sites such as Facebook are interfacing with other social networking sites such as Orkut, it complicates the security issues even further.
The folks responsible for security and privacy on social networking sites must be more diligent and have a much more robust security and privacy program in place than they currently do.
These security and privacy issues were not really considered when such sites were launched, but with their exponential growth came along sexual predators, criminals and fraudsters who saw an environment ripe for the picking to do their malicious and salacious activities.
A key problem with security, and subsequent safety problems, on these sites is that the sites are leaving virtually all access controls in the hands of their site users, doing no verification of the identities of their site users, and they are providing little to no information to the site participants about the importance of security, safety and privacy.
I dedicated the first issue of my new subscription multi-media awareness product, "Protecting Information" to this topic.
It is important that the users of these sites know and understand the risks involved; they basically are responsible for their own security when they choose to participate in the sites. They need to be aware of how information and activities that go on in the sites can negatively impact not only them, but their family members, friends, and even employers.
One of the articles in my October 2007 issue is written by a 16-year-old boy who gives his perspective and experiences about using the sites. He relates how one of his 14-year-old female friends was targeted and subsequently sexually assaulted by a man who initially contacted her on one of these sites.
People need to know and understand that they are ultimately in control of not only their own security, privacy and safety when they put information, photos, and other multi-media on these sites, but also for their friends, family and employers.
Just because these sites say they are secure does not mean they are...read the fine print on the privacy policies of these sites.
I blogged about this recently here, here, and here, and also wrote about it in, "On The Internet, If It Looks, Quacks and Walks Like a Duck, Is It REALLY a Duck?" but it's worth talking about again to try and raise the awareness of those using the sites.
When you use these sites, have fun, but think and be safe! You don't want to be swimming with the sharks or communicating with a wolf in sheep's clothing.
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine