A cautionary tweet
Twitter incident shows the risks of using personal accounts for work
- By William Jackson
- Jan 26, 2009
Firewalls can be powerful security tools, and I’m not talking just about the kind you install on your network or your PC. Firewalls can also be useful in keeping your personal and professional lives separate as well.
The networking site Twitter confirmed earlier this month that some of its users’ accounts -- some of them reportedly belonging to high-profile people and organizations, including the Barack Obama campaign -- had been compromised and used in phishing attacks. If you are one of Obama’s or Britney’s friends, you might have gotten a Twitter telling you to check out a Web site that in reality was a phishing site.
The significant point here is not that Twitter can't be trusted — whoever said it could be? — but that a breach in a social networking site can easily spill over into professional accounts and become a real security risk. This happens, at least in part, because people increasingly are using social networking sites as business tools for keeping in touch and sharing information.
Like instant messaging and wireless access, these technologies were developed for personal convenience and amusement, but they have been rapidly adopted as business tools before appropriate policies and safeguards could be put in place. Another problem is that log-in credentials frequently are reused, so that a breach in one of your accounts can pose a risk to others.
The proliferation of user names, passwords and other credentials required to function online creates a powerful temptation to reuse them. Given the difficulty of remembering handfuls of secure, complex passwords and the warnings we regularly receive never to write our passwords down, the reuse of passwords is likely to remain a problem for the foreseeable future.
The least we can do to mitigate the risk is keep the user names and passwords in business accounts separate from those in personal accounts. Then, we need to resist the temptation to use a personal account for business. This type of personal firewall can help reduce the chance that your work will be compromised if a supposed friend sends you a spurious link and you are incautious enough to click on.
And while you’re at it, remember to practice safe computing. The same kinds of safeguards should be used in both the real and cyber worlds. We know that being too “friendly” in real life can result in unwanted infections, so use the same caution in your online social networking to avoid infections. Some of the best advice that I have seen on this subject came in the wake of the Twitter breaches from Mary Landesman, a Web security expert from ScanSafe.
“Stop the virtual popularity contest,” Landesman wrote. “There’s a real trend among members of social networking sites to friend as many folks as possible, even if they don’t actually know them. Promiscuous friending provides ripe opportunities for would-be attackers to spread worms and other viruses.”