Friday, July 23rd, 2010

LinkedIn, Facebook, Twitter and social networking in general are argued by some to have tangible business benefits, but are these communication channels nothing more than a business risk gateway or do they have the potential to deliver a real and positive impact upon total Return on Investment (ROI)?

Did You Know?
• Leading research and advisory company Gartner predicts social networking will overtake email by 2014.

• A Manpower survey in January 2010 indicated that only 20% of companies worldwide have a social media policy.

• In the first six months of 2010 the number of LinkedIn members grew by 40% to 70 million; Twitter grew to 190 million users; and around 250 million people log into Facebook every day.

• 40 per cent of businesses globally have successfully used social media for business development, according to a new survey by Regus.

According to Facebook founder Mark Zuckerberg “...people are a lot more relaxed about online privacy than they used to be. Attitudes have changed and people have ‘opened up on the web’ as they share information about themselves on social networking sites...”. Although this action creates personal privacy risks, the real issue arises when users take this approach with them to work and are equally ‘open’ in a business environment.

The shift in attitudes about personal information sharing among its user base caused Facebook to change its privacy rules in late 2009 with some of its 350 million worldwide users concerned that the company was out of step with identity theft and online security.

Industry opinion suggests that while businesses have adopted Facebook (and perhaps even more prevalently LinkedIn and Twitter) as a networking tool, the privacy improvements that the social networking giant brought to bear were not commensurate to the risks that now exist at the corporate networked level. Put simply, if we use social networks inside a business network then a new privacy policy alone doesn't cut it. Without directly addressing the issues of identity theft, cyber crime and web-driven targeted espionage attacks then we are leaving the door wide open.

Social networking sites in the meantime appear to be focused on how to make sites more engaging, easier to use and more 'sticky' to hold users' attention. A central part of this is getting users to post more personal content and link in with more personally connected information. All of which builds up profile and identity. Take this example to the business environment and identity becomes intellectual property – and this needs to be locked down.

Sending out information detailing which companies you are meeting with highlights your business partners and prospects to your competitors. Telling the world about your company's new product innovations prior to their official launch could weaken their impact. Perhaps worst of all, pump out details of which companies you can't stand dealing with and whose products you hate and you might just be one step away from a defamatory court case.

The danger of an unguarded approach to social networking is not just about risks to physical property on a personal or corporate level; identity theft is also a serious concern. The Australian Government web site Stay Smart Online contains useful advice on using social networking sites safely at

Lloyd Borrett, Security Evangelist at AVG (AU/NZ), says, "Online social networks have sprung up for business, hobbies, schools and religious groups. Used properly, they are a unique communications tool to keep in touch with friends and colleagues. But like any online tools, social networking sites can be abused by hackers and cyber criminals."

Borrett warns that both casual and business users should be careful about what they post online. Criminals use the sites to trawl for information that they can exploit, so it is an essential process to get acquainted with the privacy settings and tools on the social networks that you use. “The bottom line is – all employees should be aware of which social sites they are allowed to use during working hours.”

A new term to learn – gateway data
So how exactly could a cyber criminal use information from a Facebook or LinkedIn profile to get access to a business or personal bank account for instance? Herbert "Hugh" Thompson, professor in the Computer Science department at Columbia University in New York, has coined the term "gateway data" to refer to the confidential information harvested from social networking sites.

Thompson argues that at some point there has got to be some fall-out from the over-sharing of information via social media. "Criminals have got to be able to leverage the information that people are sharing to do harm at some point - and I now think we have gotten to that point," he says.

The gateway data identified by Thompson can be used in a variety of ways. For example, discovering someone's mother's maiden name from Facebook could in turn be used to answer a password prompt question on an email account. Even if that account is a personal account, the user will have been compromised and the hacker is one step closer to all the business information that they want.

Once a criminal has gained access to the user's email there is a good chance there will be details inside which will enable them to break into a bank account for example. Other uses for gateway data include using a partial piece of information, such as the first five digits of a company credit card, to trick the user into revealing the full card number.

Basically a hacker will be looking to use lots of fragments of data to reveal a larger piece of confidential information. So the separation between your personal and business data is not as distinct as you might think; in fact there could no boundaries between them at all.

In addition to following the safe and sensible approaches prescribed by Stay Smart Online, other experts advise against installing applications from social networking sites unless the application itself is from a trusted source – and this in itself is a highly subjective judgement to make, as who do you know who you can really trust and how do you know that they themselves have not already been compromised?

"Develop a healthy dose of scepticism," Borrett advises. "When you get one of those offers to watch a video and you have to install something to watch it - don't do it. It's not worth it and you should never have to do that. These unknown applications can often contain malicious code such as viruses or worms and an enticing video is precisely the kind of tool that criminals will try to virally disseminate on the web."

Borrett also warns about the popularity of shortened URLs on sites such as Twitter. “The problem with shortened links is that they usually don’t bear any resemblance to the original URLs, which means that users don’t know what they’re clicking. People click with the intention of going to a specific site, but the link can be easily hacked to send them to a site containing Trojans, spyware, rootkits and other malware instead.”

The ROI Benefits
Okay, so all of the above makes using social networking for business seem very risky. Certainly, if you get it wrong it can be. But just what are the benefits of social networking that deliver ROI?

Used correctly, social networking typically delivers on four main goals:

1. Increased brand awareness. Interacting with customers, prospects, suppliers and others using social media builds awareness of you, your staff, your services and your brand. Get the interaction right and you stick in people’s minds, plus drive traffic to your web site.

2. Improved reputation. Using social media to respond effectively to questions and feedback enhances how others think about your business and its place in their community.

3. Relationships with benefits. People are more likely to provide you with benefits such as their business, testimonials and referrals if you take the effort to interact with them and build mutually beneficial relationships.

4. Personal development. Networking with others and observing others via social networking is a great way to improve your knowledge and experience in your chosen field of expertise.

Achieving these goals can deliver tremendous benefits to your business. The ROI may be difficult to measure because the benefits are often not direct and immediate. Indeed, you’re more likely to get higher returns in the future than the immediate present. However, so long as you manage to correctly balance the time and money spent with your expected returns, the ROI benefits will be worthwhile.

In summary, social networking can represent a positive force within a business communications environment and contribute positively to a profitable bottom line and a business's total ROI. It just needs a layer of management, some user policy controls in place and a degree of strategic planning to ensure that user awareness of the 'company voice' is upheld.

AVG (AU/NZ) has a comprehensive range of security tips on its web site at

Contact Profile


social networking, cyber crime, anti-virus, Facebook, Twitter, LinkedIn



More Formats