This type of approach to Twitter and other Web 2.0 tools allows companies to safely harness the speed and flexibility...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
these services provide. There's no doubt many people find them to be a productive form of communication. I think an essential step when embracing Twitter and other new technologies is to make everyone aware of their potential risks and the purpose of an acceptable usage policy. Not everyone in an organization will need access to Twitter, and firewall rules should control who has access and at what times. People are far less likely to try to circumvent such restrictions if they understand the logic behind them. Due to the increasing use of social engineering-based attacks against Twitter users, it's important to regularly remind staff of the social networking dangers. Those in charge of communicating policy should highlight the types of content or requests that must be treated as suspicious. Twitter's relaxed style shouldn't mean relaxed security.
Enterprises that don't work to control Twitter in the workplace and give employees unfettered access are certainly putting their systems and data at risk. Because Twitter's creators have focused on making the service easy to use, they have gone a bit too easy on security, in my opinion. As I'm sure you're aware, there have been numerous successful hacks on Twitter and its users, not to mention the recent denial-of-service attacks on Twitter. Although Twitter Inc. reacts quickly to any breaches it discovers, there is the additional risk from the many services built on the Twitter API that uses Twitter passwords for authentication. Even if Twitter was to improve its authentication, phishing scams would still be possible.
I think phishing will always be a big problem for micro-blogging sites like Twitter, as there has to be a certain level of trust involved when people are sharing links, particularly shortened links that lead users to unknown destinations. TinyURL is the most common link-shortener URL you'll see on Twitter, as well as one of the easiest ways for a malicious user to expose users to attacks, ranging from phishing scams to malware installs. (At least the Bit.ly URL-shortening service provides a Firefox plug-in that allows a user to see where short URLs link to, including site page titles.)
Unless an organization has the infrastructure and resources to enforce safe and sensible usage of Twitter, I think the site opens too many attack vectors against your employees to warrant its use. At the end of the day, do your employees really need Twitter to be able to perform their jobs?
Dig Deeper on Web Application Security
Related Q&A from Michael Cobb
Open source NoSQL MongoDB database faced 30,000 insecure instances. Expert Michael Cobb explains the misconfiguration that led to this, and how to ...continue reading
A new Veracode report offers details on common mobile application security risks. Expert Michael Cobb explains these flaws, and what developers can ...continue reading
Juniper firewall products were found to have two backdoor vulnerabilities. Expert Michael Cobb explains how a cryptographic algorithm and hardcoded ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.