Web Threats Weekly

Privacy and security and social media

The same economic climate forcing companies to look carefully at bottom lines is also pushing organizations to protect themselves against a costly -- and for unprotected networks, virtually inevitable -- security breach. But companies are also increasingly incorporating social media into their business to help promote their brand and connect with partners and customers. Can we do both?

This week, we're seeing what a successful Vancouver-based social media consulting company, Social Signal, suggests about balancing online security and social media capabilities.

"We’re used to thinking about security concerns in terms of what happens when someone breaks in, steals data and misuses it," says Social Signal President Rob Cottingham. "In other words, we often think of security concerns in terms of the technology failing, not in terms of when it works."

But the exposure and aggregation of information that happens when Web 2 technology is working flawlessly that gives rise to these personal security and privacy concerns, he notes. "And the more information we ask people to share through community web sites – the more we invite them to tell us – the more exposed they are."

It's important for any company collecting information online, whether that's a social networking company, government agency or online T-shirt shop, to think clearly about the security aspect of collecting information. Cottingham suggests we consider:

Self-assessment: How much of the information that we collect do we really need? How much of it helps to drive conversation and community, and how much are we just gathering out of force of habit? And how much of that information is exposed to the outside world? 

Persistence: How long do we need to keep this information? At what point do archives cease to be contributing to a dialogue, and just become a data mine for intruding on privacy?

Education: How can we talk with our members and users about these issues in a way that allows them to make informed decisions about what information they share, how and why?

Network and Learn How To Protect Your Business Online

Online protection will be even more important in 2009, as Gartner analysts estimate 80 per cent of all companies will suffer through a web application security incident, with potential security breach costs of $90 to $305 per compromised record.

PCIS would like to invite you to the upcoming Vancouver Board of Trade Managers’ Toolbox session, Online Protection: How to secure your business and build consumer trust. It's happening on Tuesday, March 10. 

At this session, PCIS President Vaclav Vincalek will provide essential tips and practical steps you can take to protect your business and customers online. 

Register for the session at the Vancouver Board of Trade website.

Identity Fraud Increases in 2008  

In the past twelve months, the number of identity fraud victims increased 22% to 9.9 million adults, reversing a four-year trend of decreasing fraud (Javelin Research).

Not a good sign. This is exactly the kind of trend that we’ll be hoping to explain on March 10 at the “On-line Protection” session with the Vancouver Board of Trade. More businesses need to understand the practical ways they can help prevent the exploitation of their customers by cyber criminals.

Interestingly, the Javelin blog author Mary Monahan notes that middle-aged women are suffering from ID fraud significantly more than men. Younger adult women actually had lower rates of ID fraud victimization than men, and elderly women had no significant difference with their male counterparts. Mary suggests the at-risk group may be suffering at higher rates because of different behavior when it comes to using technology like alerts and mobile account monitoring.

As we’ve emphasized often in Web Threats Weekly, it is up to businesses and organizations to ensure their customers don’t get compromised.

But the research reminds us that individuals also have to do their part to make sure they don’t get burned by cyber criminals. If you move into a brand new apartment that includes a security system but never bother to switch it on as you come and go, that leaves a vulnerability.

Businesses need to not only build security into their systems but where applicable, educate their customers about the systems they can use to protect themselves.

Contributed by Jonathon Narvey, PCIS / Boonbox Communications

See the original post on the Pacific Coast Informer Blog

February 25, 2009

Web Threats Weekly is distributed by:

Pacific Coast Information Systems Ltd.

Boonbox, a division of PCIS

Contact PCIS

Toll-free 1.877.744.7558

In this issue:

* Privacy and security and social media

* Network and Learn How To Protect Your Business Online

* Identity Fraud Increases in 2008 

* Hacker Bait 

* Mythbusters Tip #14

* Spam-Alot

Web Threats Weekly helps organizations protect themselves and their customers from known online threats. 

Contact Boonbox

Name

*

Company

*

Phone

*

Email

*

How can we help?

Please tell us how you found out about PCIS

Please Select One - - - - - - - - - - - - - - - - - - - We've done business with PCIS before A PCIS representative contacted meWord of MouthSearch EngineLink on another websiteNews Article or PublicationPrint AdvertisementOther

 Resources Links:

• Get more IT Security Resources
• Register for Online Protection: How To Secure Your Business and Build Consumer Trust (Vancouver Board of Trade)
• Read the Managers' Cheat Sheet For IT Security
• Experience and join the discussion about tech trends and IT security on the Pacific Coast Informer Blog
• Become of fan of the Boonbox Facebook fan page

Hacker Bait

The latest Hacker Bait list contains websites of business, social networking sites and some popular Canadian organizations that have been found to have vulnerabilities that hackers and cyber criminals could exploit. 

This is not a complete list of all vulnerable sites on the Internet, but only represents websites where vulnerabilities were found within the past 90 days.

These are only the latest additions to an ever-growing club of sites found to be insecure according to various public sources and online tools used in the web security industry.

If you would like more information on our data and why these sites are listed here, please contact PCIS

Hacker Bait Sites With Vulnerabilities Discovered in Past 90 Days

Mythbusters Tip #14

“Security spending is a money pit, because you'll never be able to achieve 100 per cent security.”

But effective security can be cost effective. It's all about having realistic expectations that you are mitigating risk, not attempting to eliminate it entirely (which any honest IT security professional will tell you is impossible).

When you understand how your network, web applications or website was developed, you can identify risks and prioritize security solutions that work for your specific IT infrastructure.

Mythbusters Myths 1 to 13

Spam-Alot

Spammers are linking to blogs, profiles and other pages on these trusted sites to give victims a false sense of security that the links can be followed safely. These sites may not have been hacked, but following the spam links to these sites and clicking on links shown there can result in harm to your computer.

If you would like more information on our data and why these sites are listed here, please contact PCIS

Spam-Alot Websites Exploited Since Feb. 19, 2009

Boonbox and Pacific Coast Information Systems Ltd.

Boonbox is a division of Pacific Coast Information Systems Ltd., specializing in products for web security, network security, password management and data backup.

PCIS is a Vancouver-based company which provides strategic consulting, application development, technology solutions and managed services to companies and government organizations throughout North America.

HOW TO SUBSCRIBE/UNSUBSCRIBE

SUBSCRIBE: To subscribe to Web Threats Weekly, send a blank email message with subject line "SUBSCRIBE" to informer@pcis.com

UNSUBSCRIBE: If you do not wish to receive future issues of Web Threats Weekly, send a blank email with subject line "UNSUBSCRIBE" to:informer@pcis.com and we will promptly remove you from our distribution list.

WE WANT YOUR FEEDBACK

Our purpose for providing this free service is to keep our clients and business contacts informed of technology developments. This information can help them resolve common problems and achieve their full potential by strengthening their business processes and infrastructure. Your input is important to us and we welcome your ideas for new features and how we can continue to improve our service to you. Send your comments and suggestions to informer@pcis.com or contact us directly at 604.844.7558