“How to hack a corporate network with Facebook”
// January 13th, 2010 // Social Networking
This blog from e-fraud expert Robert Siciliano on Finextra, the man that bought an ATM on eBay. It links to a blog by ethical hacker Steve Stasiukonis who got 24/7 access to a client company’s building in order to highlight an area of vulnerability. He did this by creating an “Employees of…” Facebook site for the company and “friended” employees who discussed their work there on their Facebook pages. Armed with a fake business card and company shirt, they had someone fake the ID of a head office employee turn up at a satellite office asking to be given access in order to check emails, use the toilet etc. He was given a 24/7 access key to the building and internet access and was able to return later that night to hack into the network.
With the exception of Linked In, I am personally sceptical about the merits of social networks and, while I admit there is a role for Twitter and Facebook in corporate marketing and customer service, I see risks for broader use by employees. The main issue that I had thought of until now had been productivity with employees distracted by constant “pokes” and “tweets” but the security concern is also a legitimate one.
I am increasingly coming meeting social network advocates who urge clients to embrace Facebook and Twitter in spite of the productivity issues. My instinct is to bar access in the office apart from those with a clear business need in say, marketing or customer service. On the basis of the security risks, perhaps employees should also be discouraged from discussing their work on social networking sites?
My main concern with your assertion is that you constrain reputation management and communication to people in marketing and PR. But everyone is responsible for the company’s reputation. Saying that, I also see Facebook et al eating large swathes of people’s day, when they should be working!