A chain, as the saying goes, is only as strong as its weakest link. Apply that logic to a business, and when it comes to social malware, you’re only as secure as your most gullible employee.
By now, even the most gullible employees will probably not fall for email-based phishing schemes. But social media, thanks to its newness, is another story.
What can you do? Educate your employees about the risks of social media and establish policies for social media use, especially in regard to malware, which can infect PCs and compromise sensitive information.
Common Social Media Malware Scams
There are a few common scams that should be known to all employees. These include links and apps purporting to let you “See who viewed your profile” or “View your top profile stalker.” Other come-ons are offers for free stuff for social games, fake Facebook features (like “See who poked me the most”) and games not offered on Facebook.
And the most common trick is when these things come from someone you know. It can be hard not to accept that interesting Facebook or Twitter message at face value, but your friend’s account may have been hacked. “An employee might get an update from a friend saying ‘Check out this cool cat video,’” says Anton Chuvakin, principal of Security Warrior Consulting. But you should always “be cognizant of what links you click that look sensational,” says national security expert Robert Siciliano.
The good news is that Facebook and Twitter are aware of such schemes and are working to shut them down. The bad news: Malware makers are working just as hard.
Smart Social Media Malware Tips
It doesn’t make much business sense to ignore the value of social media, so aside from training employees, be proactive in employing a strong defense against social malware. Experts suggest these precautions:
1. Use strong antivirus software. If your antivirus software is doing its job, it will stop malware from infecting computers in your network.
2. Use a good browser. The latest versions of Google’s Chrome browser and Firefox have features that “help a browser-based infection stay there,” says Chuvakin. Most current browsers offer much better security than they did years ago. In particular, Internet Explorer 6 is known for offering poor security. If you have an older machine in the office using IE6, consider upgrading.
3. Use a service that scans links to make sure they’re legitimate.
4. Update security patches.
5. Employ a strong firewall. And make sure it’s turned on.
6. Decode links before clicking. One technique spammers use to camouflage a bad link is to shorten it, so use a short URL decoder before clicking on anything. You can find good free ones on TrueURL.net and Extractor.Links-Share.com.