Welcome to duststar theory
- random, casual, stray thoughts -
"Only a life lived for others is a life worth while." - Albert Einstein
What is your corporate’s social media policy?
Author duststar | 03.01.2010 | Category Cyber Security, MapleSEA
Introduction
Do you think social media is an effective tool for communicating with your customers?
Most people will say it is because the younger generations are into it.
So what are the risks involved?
Information leakage. Unknowingly you might be giving out more information than what is necessary to perform your job. Or your job does not need you to let people know who you are.
A Real Example
Let us look at the company that is running MapleSEA and other popular games such as AuditionSEA, World of Warcraft SEA, SuddenAttack SEA, Yulgang SEA etc. So what are the issues?
We know Asiasoft is the company that provides MapleSEA game service. However, we usually would not know who are the ones behind it. Who are the Game Masters (GM)? Who are part of the IT team supporting the maintenance of game applications, servers and networks? Who updates content on the websites such as Playpark? Who are the customer service officers behind the whatever “Box” helpdesk?
Facebook. By performing a search on “Asiasoft Online Pte Ltd”, we are able to get access to a list of people that are working for them. Out of 25 results, there are 5 persons who publicly shared their working experiences. The rest actually hides them from public view (that is good but we are still able to find out that they work for Asiasoft; Facebook should not display results that were hidden from public view.). So, the person behinds the keyboard trusts Facebook and key in these details, but Facebook allows others to search “non-public” details. Facebook issue? I would probably suggests that it is better not to key in the details in the first place.
http://www.facebook.com/LouisLewJH
(PR Manager – Louis Lew)
http://www.facebook.com/designrock
(Playpark Manager – Peter Ong)
http://www.facebook.com/LLHomme
(Playpark Copywriter – Leslie Lin)
http://www.facebook.com/kahcheong
(Director, Business Development – Tan Kah Cheong)
http://www.facebook.com/profile.php?id=530997219
(Senior Software Engineer – Shelby Tan)
If I am a malicious attacker, I would probably target Leslie Lin and/or Peter Ong if I want to get hold of information and access to Playpark Portal, or target Shelby Tan if i want to get hold of information and access to game applications, servers, databases etc, or even target Tan Kah Cheong if we want to know more about Asiasoft’s future business development plans – the business competitors would be very interested in this area.
Is there anything we can/should do to prevent all these?
Yes. In 3 easy steps.
Protect
Firstly, define a corporate social media policy to govern its use and make sure that all employees are notified and aware that they should not keep any work-related information on their own social medias.
Detect
Secondly, monitor the situation.
Response
Lastly, escalate any breaches discovered from the monitoring for immediate remediation.
.duststar