Pixels and Policy takes a look at why increased foot traffic on social media sites is creating new opportunities for cybercriminals and fraud artists, and what can be done about it.
Facebook: Fertile Terrain for Cybercrime
Social media accounts for 2% of all web traffic during the workday, according to a recently published Cisco report. Despite the millions of accounts browsed at the office, relatively few lunchtime Facebookers have a real idea how to protect themselves from phishing scams and viruses.
This is a big problem, Cisco's report points out, because phishing and trojans won't just infect the unwitting browser's Facebook profile – they could dig deep into the technology infrastructure of the employee's company. That's when some really nasty stuff can happen.
According to the law policy website LawCrossing, companies are suffering increasing financial losses from organized cybercrime hit jobs. The problem has gotten so large that the U.S. Department of Justice launched a series of best practices for dealing with company cybercrime as part of a wider push against fraud and crime on the Internet. Cybercrime is a big enough issue that it now has its own .gov address.
Cisco digs into why Facebookers are such a convenient transmission point for viruses and backdoors that could cost companies millions of dollars in operational costs and client liabilities:
Because users of social networks trust their “friends,” they are
less vigilant about clicking on bogus links that download viruses or
malware onto corporate computers. The rise of short URLs for use in
Twitter messages has made it impossible for normal security software to
verify the authenticity of links and warn users to think before
“A few years ago, businesses enthusiastically adopted Second Life
and other virtual communities for social networking, but this trend
fizzled out,” the report says. As businesses have shifted towards
having a presence on social networks, criminals have shifted their
We reported on the role of cybercrime in virtual worlds a while back, where we noted that the majority of virtual fraud was instigated by individuals. Concerns about using virtual currency exchanges as fronts for money laundering are still very real, but now cybercriminals are adjusting to the new boom in town: social networking.
What Companies are Doing
Traditional scams are adapting to Facebook, and most won't put a larger company at risk. But that's a chance most employers can't afford to take, and it's one more reason why 54% of workplaces are weighing in against the use of social media websites in the office. Instead of taking the position of an outright ban, Pixels and Policy recommends taking some time to educate employees on safe social media browsing behavior.
Social media provides a way for employees to "blow off steam" while still working in the background. Counterintuitively, using Facebook may actually make employees more productive by increasing their morale and providing a "safety valve" from the stress of work. By providing employees with a sense of personal space, they become more willing to put in the hours needed to get a job done.
Banning social media outright is the easiest step, of course, but educating employees on safe usage of social media opens up new avenues for innovation within the company. An educated social media user will carry their company's name as a form of branding, and can take advantage of a wide range of networking and marketing tools that help the employee as well as the company. It's hardly comparable to an outright removal of social media.
It's the same problem that we addressed in our post about the U.S. government going full-steam into virtual worlds without fully educating the employees who will soon do their work in a digital office: Education creates possibilities and makes employees more valuable to the company. It will also lower the possibility of the employee falling victim to malevolent cybercrime.