Wild Apricot Blog

View: Tags | Archives

Security Issues in Social Media Shouldn't Put Nonprofits Off Networking Online

Lori Halley 04 January 2009 9 comments

As more and more nonprofits take advantage of social media sites to connect with supporters, security concerns are rising more to the forefront. This past weekend, Twitter was hit by a phishing epidemic — just the latest in a string of attacks against social networking sites that hit the mainstream news last month when a fake video link spread the Koobface worm on Facebook and MySpace.

Ken Pappas of TechNewsWorld sees a rash of new cyber-threats emerging in response to growing social media use — it’s a fine phishing ground for those who want to exploit the ever-growing demand for stolen personal information:

What’s on the threat horizon in 2009? Well, several factors — including a severe recession, easier ways to commit cybercrime, and continued growth of social networking online — will create for a unique year of threats once again. Hackers will continue to study human behavior — reactions to email, Web and other social media attractions — to determine these areas of vulnerabilities.

One factor that Pappas touches on only briefly, but one that I believe almost certainly played a large part in the recent Twitter phishing attack, is the high degree of trust that very quickly develops among regular users of any social networking site.

There is an illusion of intimacy that comes with a sense of community, and the language of social media reflects this. We tend to speak of “meeting” someone, of “knowing” them — even if our only contact has been through brief messages exchanged online — falling prey to a much-criticized but very human tendency to blur the line between real-world friendship and online “Friends.”

Social Media Brings Collaboration but Increases Exposure

Swelling the problem of new Web site threats is the continued proliferation of online social networking amongst consumers and across the enterprise. The benefits of social media have been well-established; however, the lack of control and wide user base that it involves opens up many more opportunities for Web site exploits, whether it is clicking on a malicious video in a MySpace message or on a devious link on Facebook.

Malicious people prey especially on the technologically naive, for whom the ease of using social media sites has opened doors to new risks as well as new connections — but it must be noted that some “experts” were also snared by the recent Twitter phishing scheme, through link-clicking carelessness or simple inattention. 

And it’s likely that nonprofits, who often have a number of staff people or well-meaning volunteers logging in at different times to update a single social media account, may be especially vulnerable to phishing attempts.

So, should nonprofits keep away from social networking sites?

I’d say, No.

No, because that barn door has closed, and the horse is long gone. Social media is here to stay, and the nonprofit that doesn’t have an active social media presence will soon be in the position of the bricks-and-mortar business without a website in 2009 — the people who want to know more about you will be frustrated in their efforts to connect with you easily.

No, because cyber-threats of one kind or another exist in all corners of the Internet, just as no corner of the offline world is entirely safe and secure. Online, we need to do exactly what we do in “real life” to keep ourselves as safe as possible: We educate ourselves about the risks, take all sensible precautions, and try to stay out of dark corners as we go on about our business.

But that’s just one opinion. What’s your take on security concerns for nonprofits on social networking sites?

Lori Halley [Engaging Apricot] Lori Halley [Engaging Apricot]

Posted by Lori Halley [Engaging Apricot]

Published Sunday, 04 January 2009 at 10:03 PM


  • Matt Harrell said:

    Sunday, 04 January 2009 at 3:21 PM

    Hey Rebecca,

    I enjoy your blog!

    I tend to disagree with this. I think, in more cases than not, it's risky for non-profits to use social networking. It's difficult to manage your organization's image with social networking and the very nature of social networking causes people to "trust" too much. Most of the time it's just fine but then all the sudden your organization is linked to some criminal through a staff member or volunteer. Likewise, the less tech savvy folks will make mistakes and click on those links that they shouldn't. And again, the very nature of how fast social networking spreads, and the increased dependance on it has the potential to cause non-profits and organizations of all kinds more headache than it's worth.

    But that's just one opinion. I think 2009 will be the year to see what happens with social media, social networking and the implications of more organizataions beginning to adopt it. Thanks!

  • Susan said:

    Sunday, 04 January 2009 at 3:35 PM

    I tend to agree with both you and Matt.  As a non-profit I believe that there must be some constraint in whom you give authority to in setting up some of the social media activities.  I do not agree that non-profits need to be "all over the net".  Choose wisely and access by need and training.  Being able to "click and use" is not an option for any organization involved in social media.

  • Ari Herzog said:

    Sunday, 04 January 2009 at 3:40 PM

    If I place anthrax onto an envelope and mail that to you, I knowingly infect anyone en route who touches the envelope.

    Phishing scams are different. Nine times out of ten, your account would need to be hacked, and that usually occurs if it's not secure, e.g. using the same password you use on other sites or using an English word, etc.

    Social networks are not to blame. Sadly, you are. And education can help.

  • Chris Bailey said:

    Sunday, 04 January 2009 at 3:48 PM

    Wow, Matt...that might have been a great argument to make five years ago, but I hope you come to see that risks are inherent in just about any enterprise. The reality is that no organization - either for-profit or non-profit - has control over its image any longer. Any membership association or fundraising nonprofit that thinks otherwise will find out painfully that irrelevance is perhaps the greatest cost of all.

    There's a part of me that finds your comment insulting to the folks who work in and around non-profits. I doubt you meant it this way, but it seems to suggest that the folks inside nonprofits and their volunteers aren't smart enough to understand and keep up with social media. In my ten plus years experience working in the sector, that opinion just doesn't jive.

  • Matt Harrell said:

    Monday, 05 January 2009 at 2:29 AM

    Chris and Ari,

    Please accept my apologies. I certainly did not intend to suggest that the "folks inside non-profits and their volunteers aren't smart enough to understand and keep up with social media." That would be ignorant. All organizations have less tech savvy people and they are inherenly a risk to your techinical infrustruce, just as my young daughter is to my computer. It seems to me that using social networking increases the chances of malicious activity and therefore the chances that organizations that use social networking will be "hacked".

    That being said, life is all about risk and I am trying to learn more about how non-profits are using social networking and what has been the larger experience. Non-profits and for-profits all need to explore it and it seems to me that it's really just now becoming popular. Please understand that my comments weren't aimed at people that work for non-profits...only that sometimes it's harder to enforce infrastructure around IT in a non-profit and it therefore, in my opinion may be riskier than it's worth.

    Ari, please share with me your suggestions for education. I am very interested in learning as much as I can. Thanks!!!

  • Lori Halley [Engaging Apricot] Lori Halley [Engaging Apricot]

    Lori Halley [Engaging Apricot] said:

    Monday, 05 January 2009 at 5:54 AM

    Matt, I think maybe what you're getting at is something like what I had in mind in this bit?

    ...it’s likely that nonprofits, who often have a number of staff people or well-meaning volunteers logging in at different times to update a single social media account, may be especially vulnerable to phishing attempts.

    It's pretty much a numbers game: If an individual's personal account at a social networking site is exposed to X amount of risk (for whatever reason), it seems to me that adding another person (or 2, or 3) to that login would automatically increase the risk by the same factor -- with no reflection on the technical sophistication of the people involved.  Yes? No? (Admittedly, math and stats were never my strong point!)

  • Maggie said:

    Monday, 05 January 2009 at 6:12 AM

    One way to minimize the risk associated with "a number of staff people or volunteers" is to limit the number of people with admin rights within the organization. The way we do it at the association I work for, only a few people have admin rights to the Facebook page and Twitter account; anyone else on staff who wants to post goes through one of these people.

    Anyone can post to the wall of the Facebook page, but that has nothing to do with passwords or compromised security--it's a public space. And like Chris says--not having a page on a social networking site just to avoid the possibility of someone posting something is a moot point because they'll post it somewhere; at least if it's on your page you have the power to remove it, assuming it's something really offensive or otherwise inappropriate.

  • Lori Halley [Engaging Apricot] Lori Halley [Engaging Apricot]

    Lori Halley [Engaging Apricot] said:

    Tuesday, 06 January 2009 at 5:07 AM

    Further education: TechMiso's Scott Jarkoff posted a useful article this morning  http://techmiso.com/196/hacked-twitter-accounts-highlight-need-to-be-security-conscious/ that highlights "a few problematic user behaviors which lead directly to phishing" and can be mitigated through education. Good basic precautions are suggested; it's well worth passing around the office.

  • Wild Apricot Blog said:

    Tuesday, 03 February 2009 at 10:31 AM

    If you’ve ever received an email with a long link that breaks across several lines, so you’ve had to copy-and-paste the URL into your web browser, the benefits of a URL-shortening service will be immediately clear. Short URLs are a better fit wherever

Sorry, this blog post is closed for further comments.

Search: WildApricot.com 

About results ( seconds) Sort by: 
Sorry, an error occured when performing search.
Scroll to top