RSS
Логотип
Баннер в шапке 1
Баннер в шапке 2
2022/06/03 14:49:23

Social media security

Content

The main articles are:

2023

France strengthens protection of children on the Internet

France has passed a law protecting children in the digital space. According to the law, social platforms such as TikTok are required to verify the age of their users and obtain parental consent to register those under the age of 15. This became known on July 4, 2023. Read more here.

Created a department for "patrolling" games and social networks

At the end of June 2023, it was reported that an online police patrol was created in Denmark, whose employees prevent crimes by playing video games. Police officers play Counter-Strike 2, Minecraft and Fortnite and learn about crimes by interacting with teenagers. Read more here.

2022: Germany approves introduction of AI systems for age recognition by face for authorization in social networks

Three systems that test people's ages with artificial intelligence technology to prevent harmful content from affecting minors were approved on May 31, 2022, by the Juvenile Protection Commission. Read more here.

2020: The Ministry of Internal Affairs of Russia has created a group to combat the manipulation of the consciousness of adolescents in social networks

In early September 2020, it became known about the creation in the Ministry of Internal Affairs of a special group designed to identify and suppress attempts to manipulate the consciousness of adolescents using social networks. Read more here.

2009

Social resources are becoming increasingly important in modern society. According to Gartner's "Predictions 2010: Social Software Is an Enterprise Reality" study published in December 2009, by 2014 about 20% of business users will use social media as their primary means of communication. However, managers and IT professionals have expressed growing concern about the security of such services.

According to some sources, about 25% of companies prohibit their employees from using social networks in their workplaces, according to other sources, this figure reaches almost 50%. However, prohibitive policies do not simultaneously realize the enormous potential of social services to improve the efficiency of business communications, marketing or sales goals. Stonesoft Corporation, a developer of network security and business continuity solutions, presents 10 tips to help companies take advantage of social resources without compromising their security.

10 Tips for Safe Use of Social Resources

  1. Regularly raise awareness of your employees in the field of information security. People can change their behaviour on social media if they are informed of what threatens them and are clear about what the consequences of their careless actions might be. Employees of companies should be aware of the threats of using social networks and imagine how seemingly harmless information can cause irreparable harm to both the company and human privacy. Companies should also develop rules for the use of social resources, and employees should be able to constantly receive up-to-date information about new Internet threats and ways to protect against them. It is also advisable to introduce the position of an information security expert into the company's staffing table for conducting relevant trainings and constant contact with employees.
  2. Establish clear processes for protecting against threats and ensure that they are monitored. Company administrators should constantly monitor current Internet threats. Thus, it is more appropriate to establish clear systematic processes related to the daily activities performed by administrators. For example, administrators need to download and install updates and patches in a timely manner. This seemingly routine process will allow IT administrators to detect network attacks in time or avoid them altogether.
  3. Define strict access rules and adhere to them clearly - In accordance with corporate security policy, network administrators can define a list of network resources and applications that can only be accessed by certain employees and strictly at certain times. This will allow you to flexibly manage access to critical corporate data, and control it at any time, which will reduce the risk of information falling into the wrong hands through unauthorized channels. In addition, companies must take into account the requirements of regulators, and monitor the relevance of established rules, changing them if necessary in accordance with new business requirements.
  4. Block malicious sites - Despite regular events to raise staff awareness of information security, any of the unnoticed employees can go to the infected site and upload a virus, Trojan or other malicious content to their computer. The filtering URL functionality allows administrators to block access to known malicious or phishing sites, it can also be applied to simply suspicious sites on the Internet. The filters are updated using the mechanism of the so-called "black" and "white" lists.
  5. Use next-generation firewalls. Companies should monitor modern security technologies and, if possible, use them in their networks. For example, modern firewalls provide a comprehensive analysis of all network traffic. Deep traffic inspection allows you to control any type of traffic: from web pages and peer-to-peer applications to encrypted traffic in an SSL tunnel. In a process known as SSL inspection, the firewall decrypts the SSL data stream for verification and then encrypts it again before sending the data to the network. This effectively protects workstations, internal networks, hosts, and servers from attacks within SSL tunnels.
  6. Secure remote access to business applications - Mobile users, partners, and distributors often need access to the corporate network from outside. At the same time, it is very difficult to control the use of social resources by such users. Therefore, it is very important to assign network access rights centrally, for example, using the SSL VPN portal. The use of technologies for strict one-time authentication of users to corporate resources can also significantly facilitate the work of the administrator. As a result, one set of credentials will allow the user to access only the network segments and services allowed to him.
  7. Protect yourself from vulnerabilities - Vulnerabilities pose a serious risk to any network. In addition, the number of attacks aimed at vulnerabilities in social web services is increasing. Modern intrusion prevention (IPS) systems, such as Stonesoft's StoneGate IPS, for example, can provide an effective security barrier. IPS automatically prevents attacks by network worms, viruses, and other malicious content. After the attack is identified, IPS instantly blocks malicious traffic and prevents it from spreading over the network. The system also allows you to install 'virtual patches' for found vulnerabilities in servers and services that cannot be updated to the latest versions for any reason.
  8. Protect your Intranet effectively. The internal network of each company contains highly critical information. These internal network segments must be isolated from the rest of the local network by means of a firewall. This will allow the company to separate network segments, such as finance or accounting, from the rest of the local network, and thereby prevent viruses from entering these important network segments.
  9. Set the mobile rules in your corporate security policy. Many users use mobile devices such as laptops, PDAs and smartphones to access both social media services and corporate information resources. Therefore, administrators need to include mobile devices in their corporate security policy and monitor them. This can be done, for example, using special functionality that checks the device from which the user requests access to corporate resources for compliance with certain information security requirements. For example, it can monitor the version of the operating system, installed patches, the presence of the latest antivirus updates, the version of the firewall software, etc. If one of the requirements is not met, then the user is automatically denied access, or his access may be limited. If necessary, the user of the mobile device can be redirected to the site containing the required updates.
  10. Use centralized management. The centralized management functionality allows system administrators to manage, control and configure the entire network and devices using a single console. Administrators also have the ability to generate and view various reports, such as who had access to what information and when. This helps them more effectively prevent attacks, investigate incidents, and provide more effective protection for critical applications. At the same time, a centralized management console makes it easy to enforce a single information security policy across the network and monitor its implementation.

Notes