Social networking sites could be exposing consumers and businesses to increased security risk, it has been claimed.
According to credit information provider Equifax, fraudsters could make off with users' personal information in order to commit ID theft--and the company is urging Web users to limit the amount of info they post online.
Neil Munroe, external affairs director for Equifax, said in a statement: "The problem is that people don't realize the significance of the kind of information they are putting out on the Web and who may be accessing it." He cited details such as date of birth, e-mail, job and marital status as the kind of data frequently posted online by unwary users.
Munroe added: "Fraudsters can use this information to steal an individual's identity and open accounts in their name."
And Mark Murtagh, technical director of security company Websense, warned the rise of Web 2.0 applications is creating "security and productivity challenges" for European small businesses.
When it comes to Web security, research from Websense highlighted what it dubbed SME workers' 'blind confidence' in their IT departments--66 percent of workers believe in-house techies are protecting them from all Internet security threats. Moreover, it found the vast majority (98 percent) of IT managers believe their technology and security processes are adequate, while more than half (53 percent) believe their company is very well protected against security threats. A quarter even feels completely immune.
This is dangerous complacency, said Websense. Out of a list of nine potential security risks, the survey showed that not a single company protects against all threats.
And while the majority (84 percent) of European SMEs said they do have Internet usage policies, only a quarter (25 percent) ensure employees sign them. And fewer than half (47 percent) automate their policies by using Web filtering software. In addition, the survey found 15 percent of businesses believe firewall and antivirus solutions are sufficient protection for their business.
The issue of data theft should be of particular concern for SMEs, according to Websense--not least because close to half (45 percent) of survey respondents admitted to engaging in activity that could put their company's data at risk.
Murtagh blamed "smaller IT budgets and fewer technical staff" for punching holes in SMEs' Internet security systems but also emphasized the data-theft risk resulting from companies' failure to control the use of peer-to-peer applications or to block access to phishing Websites.
According to the survey, only six percent of SMEs block iPods or other USB-based storage devices; 22 percent block peer-to-peer apps; 30 percent block instant messaging attachments; and 31 percent block phishing sites. Meanwhile, a quarter of SME staff surveyed said they could not live without P2P file-sharing during their work day and 17 percent said they use free software download Websites at work.
The Websense study questioned 750 IT managers and general employees in companies with up to 100 to 250 employees in France, Germany, Italy, the Netherlands and the U.K.
Equifax has issued a list of top tips for users of Facebook et al, including the following:
Natasha Lomas of Silicon.com reported from London.
Play video
Surely the underlying issue is banks/credit card issuers and others using easily obtained information for authentication purposes. Dates of birth, former addresses, and even social security numbers can be obtained these days regardless of whether you post on social networking sites - it's high time the insecurity of these identifiers is recognized.
Posted by John Bowser on Thursday, July 26 2007 08:49 AM