5 Tips for Safer Social Networking

Facebook and LinkedIn Can Help - or Hinder - a Career, Depending on How You Use Them
5 Tips for Safer Social Networking
Facebook, Linkedin, Twitter.com. These are just a few of the most popular social networking websites that are used extensively to find, meet and greet new people through a vast array of advanced web tools.

Social networking sites allow individuals and organizations to build communities through online profiles, affinity groups and networks of contacts and supporters. These sites are used extensively by both hiring managers and employees to find potential job prospects and boost job search initiatives.

But just as social networks, used correctly, can help build a career, used badly they can derail one. Following are some key do's and don'ts of effective social networking.

Why Social Networking?

"Social networking makes the world smaller," says Lee Kushner, President, L.J. Kushner and Associates, LLC, an executive search firm dedicated exclusively to the information security industry. These sites promote awareness and give an excellent opportunity to the user to update profiles and let others in their trusted network know what is going on with their lives. "It is a great resource to conduct research on potential job prospects and know them better," he says. Among these social networking sites, LinkedIn and Twitter are most popular with the business community. "LinkedIn is where companies and recruiters want to be when they are hiring," says Tracy Lenzner, CEO, Lenzner Group, an executive security search and consulting services firm based in New York. "It is important for users to take their time to build their LinkedIn profile, to add to their connections, and to effectively use their connections to help with their job search. It is also important to help their connections, too, when they can - it works both ways".

Twitter is a social networking and micro blogging service utilizing instant messaging. People and companies use Twitter in a variety of ways, including to job search. Companies and job boards post job openings on Twitter, and job seekers network through to help facilitate their job search. TwitterJobSearch.com is a job search engine that searches Twitter for jobs that match the keywords that users enter.

JobShouts.com is another free resource for both employers and job seekers. Employers can post their jobs for free; those jobs are then automatically "tweeted" to users on Twitter.

Facebook is a popular free social networking website that allows registered users to create profiles, upload photos and video, send messages and keep in touch with friends, family and colleagues. It is a great resource for both employers and job seekers to get connected.

What are the Risks?

Social networking is the norm today, marking the global trend of seeking friendships or relationships online, and gradually getting into corporate life, where networks are used for boosting client interactions, initiating meaningful discussions on business and related areas, enhancing communication with colleagues, as well as being a platform for promotion of companies products, services and brands.

All of which begs the question: How much social networking on the job is appropriate? Most companies do not yet have a specific user policy for employees re: social networking sites. But the acceptable policy, like anything else in business (i.e. Internet and telephone) is to limit usage of these sites for business purposes only - including client interaction or for research purposes. The key objective, of course, is to safeguard the company's reputation and not reveal sensitive or confidential information that may prove harmful for the company's goodwill, says Kevin Richards, an information security executive at Crowe Horwath LLP.

Beyond questions of productivity, social networking also raises issues of information security risks, including:

  • Disclosure of private information;
  • Cyber-stalking;
  • Identity theft;
  • Viruses and new phishing attacks.

"There is a very easy possibility for people to put too much information out there without really grasping how much information they have made publicly available," says Richards.

"People need to understand that what information they post on these websites remains for life and is accessible publicly throughout the world," says John Pironti, President IP Architects, LLC, and a senior member of ISACA's Education Board. This information can help the criminal community to build patterns and profiles of an individual's knowledge base through their work and life history, making it easy to launch widespread identity theft attacks, malware and phishing schemes etc.

5 Tips for Safer Social Networking

Both Pironti and Richards are members of social networking sites, including MySpace, Facebook, Twitter and Linkedin. Both use these sites to keep in touch with colleagues and friends, to initiate meaningful discussions and communicate with clients on business related activities and for research purposes. They both have learned to leverage the benefits offered by these social networking sites and stay safe at the same time. Here is their advice:

  1. Restrict Your Information. "My profile is very minimal in Facebook and Twitter," says Richards. "People need to focus on the minimum set of requirements needed to be a user on these sites vs. being a victim in providing all information the site is requiring of them." It is very easy to post information -- at times too much information -- on these sites without thinking that people may manipulate this information or misuse it for their personal benefit. "Remember what information users put up - it remains for life," emphasizes Pironti, and from a corporate perspective this information can be used by competitors, political parties and be taken out of the context, resulting in damaging effect to both the company and individual. A lot of corporations today are conducting background checks by visiting prospective candidates' online profiles and mapping information posted to their actual personalities. Hires are actually being based on individual profiles posted and the message they convey to these hiring managers.

  2. Understand there is no Validation. Understand that there is no validation that anything they see in these websites is real, indicates Richards. There is no ID check behind any of these profiles. "We just cannot differentiate between the real and fictional profiles created". So users need to be prudent in the way they create profiles and provide information.

  3. Leverage Tools and Settings. Make most of the tools and settings available on these sites, which provide various options to create online profiles. Invest time in learning about these settings for better security, mentions Richards. Profiles on any of the sites can be set as public or private--with a private profile being accessible only to those users who are authorized. Facebook, for instance, allows users to control who can contact them, who can find them in a search and what information they will find. Users can also set up a limited profile for when they want to connect with someone, but not share everything. On LinkedIn, where there is less information that may be of privacy concern, users still can decide whether people are notified when they make changes to their profile. Each site offers options to the user on information access; therefore education on these features is extremely important to protect one's privacy.

  4. Be Proactive, and Activate Google Alerts. Users need to know "what is out there on the internet about them which is available to the general public," says Pironti. It is advisable for users to activate Google alerts by using their first or last name and know what information is posted about their personal and family history. You want to be more knowledgeable than your prospective adversary.

  5. Control Network Access. It is extremely crucial for users to control who they allow into their network, says Pironti, as these sites are a huge hanging ground for organized crime groups, underground criminals and people with malicious intent who can launch targeted attacks on individuals. "Trust but validate," says Pironti. When users receive a link request from someone claiming to know them, they should always ensure that the request is legitimate and verify before accepting any request.

About the Author

Upasana Gupta

Upasana Gupta

Contributing Editor, CareersInfoSecurity

Upasana Gupta oversees CareersInfoSecurity and shepherds career and leadership coverage for all Information Security Media Group's media properties. She regularly writes on career topics and speaks to senior executives on a wide-range of subjects, including security leadership, privacy, risk management, application security and fraud. She also helps produce podcasts and is instrumental in the global expansion of ISMG websites by recruiting international information security and risk experts to contribute content, including blogs. Upasana previously served as a resource manager focusing on hiring, recruiting and human resources at Icons Inc., an IT security advisory firm affiliated with ISMG. She holds an MBA in human resources from Maharishi University of Management, Fairfield, Iowa.




Around the Network