Protecting Your Brand from Scams on Twitter

It took me a little while, but I eventually joined the Twitter generation with an account set up specifically to communicate with friends. One of my earliest tweets was about my Lasik surgery and within hours, I was being followed by eye surgeons and a company that makes eye drops. After mentioning my reaction to a bottle of wine I had tried, the winery tweeted to say thanks and added me to its list of follows. At this point, the vast majority of my Twitter relationships involve businesses.

As Twitter grows as a business tool, the risk of security breaches increases. For example, what company (or individual, for that matter) doesn’t want to increase the number of its followers? Scammers have come up with ways to take advantage.

The attackers prey on the fact that users are anxious to build followers as quickly as possible to add legitimacy to their profiles, Michael Sutton of Zscaler told me. In many ways, corporations may be more at risk as they are hesitant to launch a Twitter profile that does not appear to be established, by having thousands of followers.

Corporations, like celebrities, can be popular targets due to their large base of followers, Sutton added. If an attacker can gain control of such as account, they can communicate with thousands, if not millions of contacts.

On his blog at SearchSecurity.com, Michael Cobb writes that the best way to prevent security risks on corporate Twitter accounts is to establish strict use guidelines and enforce them. “Employees are far less likely to try to circumvent any restrictions if they understand the logic behind them and have been involved in developing the overall corporate Twitter policy. Also, they will have no excuse for not knowing what they can and can't say and do when using Twitter,” Cobb writes.

Christopher Burgess also has great tips on effectively communicating the security policy to users over at Network Security Edge.

Because Twitter and other social networks are third-party Web applications, businesses will never be in control of the platform and will always be reliant to an extent on the security practices in place at the site itself, Sutton said. For example, the authentication credentials of the corporation could be stolen if the Twitter system were compromised and that would be beyond the control of the corporation.

Companies can, however, ensure that they don’t compound the problem. They should ensure that they have systems in place to monitor traffic to and from all Web applications to make sure that vulnerabilities or malicious content on the sites are not used to attack the corporate network.