A recent survey conducted by the Computer Technology Industry Association has shown that spyware is the top concern amongst IT administrators. The survey included a total of 1070 businesses, which showed that 55% considered spyware to be their biggest threat. Their second concern was a lack of user awareness.
Spyware is software that integrates itself into a computer and then collects a variety of data, which it sends back to the hacker that created it. The data collected could include passwords, personal information or corporate data.
Part of the issue around spyware is the new trend in social networking. A UK consumer company conducted a survey on 1324 users, including 390 TechNet users, on behalf of Microsoft. The survey found that a third of the users access a social networking program or application during working hours.
This is a major concern for business owners, as their companies are placed at a high security risk. However, according to the survey by the Computer Technology Industry Association, IT administrators are not concerned about social networking security at all. A few IT administrators commented that it might be a small problem in the future.
The report demonstrates a possible reason why the administrators might think this way. According to their survey, 46% of the IT administrators tasked to manage the social security confess they don't fulfil this duty. 62% of the IT professionals said they use social network services themselves. An area of concern is that 16% confessed they don't check the security around social applications that they have downloaded.
The survey also showed that 35% of users are happy to post their personal information on social networks. Personal information posted includes their date of birth, address and cell number. 10% admitted to having posted information about their clients. 80% of the users claim that their business has improved because of the tools available from social networking.
It would then be concluded that social networking is only a security issue if used incorrectly. If used wisely, it can be a valuable asset to a business. It isn't only the information that employees are posting on the network that is a risk for the companies, but their personal details are also at risk. In June 2006 MySpace, the largest social networking website online, was hit by a massive Phishing problem.
Phishing occurs when a hacker sends an e-mail to a user, falsely claiming to be an established and legitimate enterprise. For example, he or she can claim to represent either a bank or social network. The e-mail requests them to use a link, which will be used to scam the user into giving out their private information. The e-mail will probably run along the lines of a user having to update their details or log into some account. The link in the e-mail will then take them to the falsely created site, which is set up to convince/persuade the user into giving them their details. Some of the personal information the hacker would want includes passwords and credit cards details.
In the Myspace Phishing attack, users were sent an e-mail that was disguised to look like it came from someone on the user's contact list. The e-mail contained a link to the Phish site and a message to say that new photos had been uploaded. The user would click on the link and the Phish site would show up disguised as a MySpace log in page. Users would fill in their user names and passwords, which would be sent to the hacker once the users had clicked the "done" button.
The hacker would then have access to each user's account, including his or her personal profile page with all his or her details. He/she could then use that information for identity theft. MySpace has since taken down the site and begun monitoring for any more Phishing websites.
Sophos Research believes that getting a person's log in and password is unnecessary to gain his or her personal information. The company conducted its own experiment where the goal would be to see how free private users treat their personal information.
They created a fake profile on Facebook called Freddie. They proceeded to ask 200 random Facebook users to become friends with their fake profile creation. Out of the 200 they got 82 responses. Sophos showed that from those 82 responses, 72% displayed their email addresses on their profile page. 84% of the respondents showed their date of birth and 78% revealed their current address and location. Identify theft has never been easier. With just those details a hacker could open a bank account in the user's name. A bit more alarming was the fact that 23% showed their phone numbers as well. Sophos also indicated that they were able to view the majority of the respondent's photo albums of friends, family and other information.
Although a single user might not be of much importance, a company is only as strong as it's weakest link. If a hacker managed to assume just one identity, they would be able to move up the ladder and access more important information. Although it has been proved that social networking can be an advantage to a company, it is best used discreetly. Having a user's entire profile out in cyberspace is the equivalent of having spyware installed on a company's main server.
Celeste does writing for Data and Electronics News, which is the number one site for data recovery information.
Article Source: http://EzineArticles.com/?expert=Celeste_Yates
http://EzineArticles.com/?Identity-Theft---Spyware,-Social-Networks&id=865966
Print this page
