TORONTO, Nov. 28 /CNW/ -
While companies race to develop policies to deal with employee use of
social networking sites such as Facebook, YouTube and blogging, they may be
overlooking some real potential dangers. Corporate policies tend to focus on
reputation management and productivity issues, disregarding what experts say
is the bigger threat: social engineering. http://en.wikipedia.org/wiki/Blog
Social engineering, where hackers steal sensitive personal and corporate
information, has become even easier because there is no way to authenticate
the person behind the profile. Acting as a fellow employee or new 'friend',
these imposters are experts in penetrating computers and luring information
out of people in online conversations without raising a flag.
Kevin Lo is an Electronic Discover Expert at LECG Canada. Lo travels the
globe with a 90 pound, black waterproof case that he uses for mobile forensic
imaging on hard drives to help corporations determine damages from electronic
correspondence for regulatory compliance, litigation, and corporate
SUGGESTIONS FOR CORPORATIONS:
1. Create a social media policy for use outside the office. Prohibit
using the company name in personal profiles and electronic
correspondence. "An imposter would pose as an employee from another
office, as an example, to find out policy information and
passwords," said Lo.
2. Companies should set up an official site that is controlled and
monitored. "There's great potential for a corporate Facebook profile
for recruiting purposes," said Lo. "The idea is not to ban it, but
help prevent private company information from being disclosed."
3. Educate employees about how to protect themselves. "Just having a
company name, your birthday and pet's name as part of your profile,
is enough for a hacker to access personal information."
4. Ban web2.0 applications in the office if you work with sensitive
information. "Spam is a great example of social engineering," said
Lo. "People click and download disguised malicious software that can
penetrate a computer and then the entire network."
5. Conduct regular internal audits to see where the company name comes
up on the worldwide web. Electronic discovery identifies key players,
irregular patterns, data transfer and even common key words used in
Google searches. In addition to capturing the data, forensic IT
experts preserve the information to make sure it will stand up in a
court of law.
Hackers now work with organized crime, largely in Eastern Europe and
Asia, selling credit card numbers for as low as 50 cents each. Sophisticated
hackers sell higher priced CDs full of identity information as well as the
know-how for hacking.
Electronic discovery experts work directly with outside counsel, general
counsel, corporate executives, bank examiners, bankruptcy trustees, forensic
accountants, fraud examiners, and damages experts and provide objective
ABOUT LECG: LECG Canada is one of this country's largest independent
firms dedicated exclusively to providing expert opinion reports and testimony
in matters involving the valuation of business enterprises, financial damages,
personal injury damages, forensic accounting, computer forensics, electronic
discovery, and corporate investigations. Our professionals are consistently
recognized as experts in their fields in various levels of courts, government
agencies and tribunals in Canada, the United States, Europe, Asia, South
America and the Middle East.
For further information:
For further information: Brown & Cohen Communications & Public Affairs
Inc., (416) 484-1132, Rowena Calpito, ext 4, firstname.lastname@example.org, Wendy
Kauffman, ext. 3, email@example.com