As more and more nonprofits take advantage of social media
sites to connect with supporters, security concerns are rising more to
the forefront. This past weekend, Twitter was hit by a phishing
epidemic — just the latest in a string of attacks against social
networking sites that hit the mainstream news last month when a fake
video link spread the Koobface worm on Facebook and MySpace.
Ken Pappas of TechNewsWorld
sees a rash of new cyber-threats emerging in response to growing social
media use — it’s a fine phishing ground for those who want to exploit
the ever-growing demand for stolen personal information:
What’s on the threat horizon in 2009? Well, several factors —
including a severe recession, easier ways to commit cybercrime, and
continued growth of social networking online — will create for a unique
year of threats once again. Hackers will continue to study human
behavior — reactions to e-mail, Web and other social media attractions
— to determine these areas of vulnerabilities.
One factor that Pappas touches on only briefly, but one that I
believe almost certainly played a large part in the recent Twitter
phishing attack, is the high degree of trust that very quickly develops
among regular users of any social networking site.
There is an illusion of intimacy that comes with a sense of
community, and the language of social media reflects this. We tend to
speak of “meeting” someone, of “knowing” them — even if our only
contact has been through brief messages exchanged online — falling prey
to a much-criticized but very human tendency to blur the line between
real-world friendship and online “Friends.”
Social Media Brings Collaboration but Increases Exposure
Swelling the problem of new Web site threats is the continued
proliferation of online social networking amongst consumers and across
the enterprise. The benefits of social media have been
well-established; however, the lack of control and wide user base that
it involves opens up many more opportunities for Web site exploits,
whether it is clicking on a malicious video in a MySpace message or on
a devious link on Facebook.
Malicious people prey especially on the technologically naive, for
whom the ease of using social media sites has opened doors to new risks
as well as new connections — but it must be noted that some “experts”
were also snared by the recent Twitter phishing scheme, through
link-clicking carelessness or simple inattention.
And it’s likely that
nonprofits, who often have a number of staff people or well-meaning
volunteers logging in at different times to update a single social
media account, may be especially vulnerable to phishing attempts.
So, should nonprofits keep away from social networking sites?
I’d say, No.
No, because that barn door has closed, and the horse is long gone.
Social media is here to stay, and the nonprofit that doesn’t have an
active social media presence will soon be in the position of the
bricks-and-mortar business without a website in 2009 — the people who
want to know more about you will be frustrated in their efforts to
connect with you easily.
No, because cyber-threats of one kind or another exist in all
corners of the Internet, just as no corner of the offline world is
entirely safe and secure. Online, we need to do exactly what we do in
“real life” to keep ourselves as safe as possible: We educate ourselves
about the risks, take all sensible precautions, and try to stay out of
dark corners as we go on about our business.
But that’s just one opinion. What’s your take on security concerns for nonprofits on social networking sites?