ENISA warns of social media threats

ENISA (European Network and Information Security Agency) has issued its first position paper on a particularly relevant topic for today: Security Issues and Recommendations for Online Social Networks. If you use social media personally or as part of your employer’s social media systems, this position paper will be valuable for alerting you to the inherent risks.

Even if you do not read the whole paper, the three-page Executive Summary will list the 15 threats shown in this list:

1.1 Digital dossier aggregation
1.2 Secondary data collection
1.3 Face recognition
1.4 Content-based Image Retrieval
1.5 Linkability from image metadata
1.6 Difficulty of complete account deletion
1.7 SNS spam
1.8 Cross site scripting (XSS and widgets), viruses and worms

1.9 SN aggregators
1.10 Spear phishing using SNSs and SN-specific phishing
1.11 Infiltration of networks
1.12 Profile-squatting and reputation slander
through ID theft
1.13 Stalking
1.14 Bullying
1.15 Corporate espionage

Several of these threats are present and well known for all types of online applications. However threats that arise from using your facial image, identity aggregation and your implied behaviour derived by your linking with others are specific to social media systems.

Fortunately the Executive Summary also gives us 19 recommendations which provide several countermeasures, best practices and processes to mitigate the risks. Again I recommend all individuals and organisations read these recommendations carefully.

Thanks once more to Fred Stutzman, one of the paper’s authors, for this heads-up.

Technorati Tags:

About Michael Rees
Academic in IT interested in Web 2.0 and social media

Comments are closed.

%d bloggers like this: