social media and mobile risk - cio perspective - michalis mavis - icompetences rsi2012
TRANSCRIPT
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 1/50
Risk case studies- Social Networks Risk Management - A CIO Perspective
- Mobile applications risks in the modern business environment
byMichalisMavis,MSc,MSc
f.ChairmanofHellenicFraudForumSecurityCountermeasures
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 2/50
2
SNsinthe21stcentury
OnlineSocialNetworks(SNs),orweb2.0are
oneofthemostremarkabletechnological
phenomenaofthe21stcentury,
withseveralSNs
nowamongthemost
visitedwebsitesglobally.
2
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 3/50
Agenda• UnderstandingtheopportuniGesandtherisks
ofsocialnetworks(SNs)tocorporatesecurity
andthedangersfortheindustry.
• CIOconcernsrelatedtoSN,onhowtoprotecttheITinfrastructure,thecompanybusiness&
reputaGon.
• RisksofmobileapplicaGonsandcounter-
measures.
• ConclusionsandRecommendaGons.
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 4/50
4
THE ENISA Report
• AccordingtoENISAreportexperiencingonlineSocialNetworkingSites(SNSs)hasbecomeoneofthemostpopularacGviGescarriedouton
theInternet,forstayingintouchwithbusinessandpersonalcontacts.
• RecentstaGsGcsshowedthatmorethan80millionacGve
usersareaccessingFacebookthroughtheirmobiledevices.
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 5/50
Social Network popularity around
the world in 2012 • Onlinesocialnetworksareeverywherethesedays,atrulyglobalphenomenon.
• Butwherearethedifferentsocialnetworkshavingthemostsuccessin
termsofpopularity?
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 6/50
Countrieswiththehighestinterestin
1. Turkey
2. Venezuela
3. Tunisia
4. Colombia
5. Dominican
Republic
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 7/50
7
Opportunies-1(ISACAwhitepaper)
• Enterprisesthataggressivelyembracesocialmediaaspartoftheirstrategyaremorefinanciallysuccessful.
• UseofSocialNetworkshascreatedhighlyeffecGvecommunicaonplaHormswhereanyuser,virtually
anywhereintheworld,canfreelycreatecontentand
disseminatethisinfoinrealGmetoaglobalaudience,
ofpotenGallymillionsofpeople,inlessGmethanit
takestoreadasmalldocument.
• S.N.provides the ability to reachlargepopulaons
almostinstantly.
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 8/50
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 9/50
Butarethereany
securityconcerns?
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 10/50
10
Social Networks risks, the CIO headaches (security and privacy concerns)
• S.N.useisabenefit,buttheenterprisesshouldalsoconsiderrisksvs.opportunies.
• Variousvulnerabilies,suchasinsecureapplicaGonsforexample,maycauseunacceptableexposureofthecorporatenetworktovariousrisks.
• Maliciousoutsiderscoulduseemployeesocialmedia
pagestolaunchtargeteda_acksbygatheringinfoto
executesophisGcatedsocialengineeringcampaigns,orhackinga_acks.
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 11/50
11
Majorrisksandthreats
• IdenGtythe`.• MalwarepropagaGon
• CorporatedataleakageandreputaGonrisk.
• User’sposiGontracking(whentheusermobilephoneisequippedwiththenecessary
technology–mapfuncGon).
• Datamisuseandmore…
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 12/50
MorePhishingbyusingSNs
• Thereisatrendofhighlytargetedphishinga_acks,facilitatedbyfakedprofiles.
• SNsaremorevulnerabletosocialengineering
techniques.
12
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 13/50
13
Itissoeasy...to
buildacompanydirectory
Icompetenceslistofemployeesbya
simpleLinkedinsearch.
13
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 14/50
14
CorporateEspionage
SNswillbeusedmoreandmoreinthe futureforgatheringsensiGveenterprise
databyusingtheemployeesposGngs.
• Dataiso`engatheredgradually,piecebypiece.
• Forexample,severalprofessionalSNspublishinformaGononlistsof
employees.Itallowsa_ackerstoseetheconnecGonsbetweenemployees.
• IfanemployeepublishessensiGveinformaGononaSN,thismightposeaseriousthreattoacompany.
• Themainriskhereisthelossofcorporate
intellectualproperty,blackmailingofemployees
torevealsensiGvecustomerinformaGonand
eventoaccessphysicalassets.
14
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 15/50
15
Whereandhow…?
• Intelligencegathering.SomeGmesthereisnoreasontospendalotofmoneytogatherusefulinformaGon.ItisavailablefreeontheInternet,byusingtherighttools.
• WiththeuseoftherighttoolsandtechniquesyoumayfindextremelyusefulinformaGonaboutcompeGtors,individuals,governments,companiesandnotonly.
• ItispossiblebyusinglegiGmateorillegalways.
• Butyoushouldknowhowandwheretosearchfor…• YoushouldmakeaDEEPwebsearch!
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 16/50
16
LeakageofconfidenalInfo
• Doyouknowwhatisbeingpostedbyyouremployees,customers,oryourcompeGGon?
• WhatdoestheInternetsayaboutyourcompany?
• WeallknowinformaGonorintelligencegatheringis
oneofthemostimportantphasesofapenetraGontest.
• However,gatheringinformaGonandintelligenceabout
yourowncompanyisevenmorevaluableandcan
helpanorganizaGonproacGvelydeterminethe
informaGonthatmaydamageyourbrand,reputaGon
andhelpmiGgateleakageofconfidenGalinformaGon.
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 17/50
AREALRISKSCENARIO
• YouareconnectedtoLinkedinnetworkatofficeorhomeandsomeonecapturesthecookiesin
traffice.g.byusingFiresheepandyouraccountis
hijacked.
• Youasauserwillnotknowthatthecookieisstolenortherehavebeenanyparallelloginby
thea_acker.
• Thehackersareusingyourhijackedaccounttoaackyouandthereputaonofyourcompany!
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 18/50
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 19/50
Firesheep characteriscs• Firesheeptargets26onlineservices,andincludesmanypopularonlineservicessuchas
Amazon,Facebook,Foursquare,oogle,The
NewYorkTimes,Twi_er,WindowsLive,
WordpressandYahoo.• Theextensionisalsocustomizableallowinga
hackertotargetotherWebsites
notlistedbyFiresheep.• ItworksoverWiFiconnecGons.
d h Y
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 20/50
Id-TheYinSNs• IdenGtythe`inSNsisoneofthemostimportant
threatsasitmayaffectthereputaGonandprivacyoftheuser.Itmaytakeplaceindifferentways.
• Incasethea_ackerisabletotakefullcontroloftheuser’saccount,hemaypublishcommentsinthe
nameofthelegiGmateuser,changethecurrentpasswordande-mailaddress.Thenusethecompromisedaccounttospreadmaliciouss/w.
• Id-the`mayhaveveryseriousimpact
touser’spersonallifeandreputaGonatwork.
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 21/50
21
BLOGSposngs
• BlogscanbesearchedviaanytradiGonalsearchengine,however,thechallengewithblogsarenotthepoststhemselvesbutthe
comments.• EspeciallycommentscomingfromcurrentorformeremployeesorcustomersonhighlysensiGvepublicrelaGonsissues.
• Itisimportanttobemonitoringblogsandtheircomments,beforetheygoviral.
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 22/50
Countermeasures?
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 23/50
23
Trainingandpolicy-standards
• TrainingshouldbeconductedonaregularbasisandshouldfocusonthebenefitsandopportuniGesaswell
asonthedangersrelatedtouseofsocialmedia.
• Emphasisshouldbeplacedonspecificdangersand
methodsofsocialengineering,commonexploitsand
threatstoprivacy.
• Effecvecontrolsshouldbeinplace.Professionalswithintheenterpriseshouldvalidateandmonitorthecontrolsaccordingtoawelldefinedsocialmedia
securitypolicy.
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 24/50
24
Sothat:
• TheyknowhowtouseS.N.intheworkplace.• Theyknowwhatisallowedandwhatnot,outsidetheworkplace.
• HowtouseS.N.forbusinessuse.Whoisapproving
publishingofinformaGonrelatedtothecompany.
• Whatisnotallowedandwhenitisnotallowed.
Employees
shouldbetrained…
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 25/50
25
GoldenRules?
• Paya_enGontowhatyoupostandupload.Considercarefullywhichimages,videosandinformaGonyouchoosetopublish.
• Neverpostsensiveinfoandifneededuseapseudonym.
• Verifyallyourcontactsanddonotacceptfriendrequestsfrompeopleyoudon’tknow.
• Protectyourworkenvironmentandavoidreputaonrisk
• Useprivacyandsecurityorientedse]ngsinyourprofile.
• Deacvatelocaonbasesservicesofyourmobilephoneif
youdon’tneedthem.
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 26/50
Anexample:LinkedInhousekeepingsecuritymeasures...
Plselp!MySNprofilehasbeenhacked!!
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 27/50
owtobackupyourLinkedinProfile
• Saveyourfullprofiletoapdfdocument,bypressingthepdficonunderyourphoto.
• Saveyourconnecons,byfollowingthelink:h_p://www.linkedin.com/addressBookExport
• Restoretheconneconsincaseofproblem
fromtherelevantfile.LinkedinConnecGons
=>AddConnecGons=>ContactsFile..........
i k di
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 28/50
ExportLinkedinConnecons
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 29/50
QuickpsonSecurityandPrivacy
• Alwayshaveatleastoneotheremailaddressassignedtoyouraccountshouldyoulose
accesstotheprimaryemailaddress.
• Log-outyourLinkedinAccountwhenfinished.• Ensureyourcomputer’ssecurityso`wareis
uptodate.
• Don’tclickonalinkyoudon’ttrust.• SetyourProfilesengs.
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 30/50
Twoimportantse]ngs
• Preventyourconneconsfromseeingwhoyouaredirectlyconnectedtoo.Thiswillmake
surekeyvendorscontactsandclients
connectedthroughLinkedInremains
confidenGal.
• ProfileViews –Whatothersseewhenyou
visittheirprofile.
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 31/50
Recommendaon
• NeverprovideyourLinkedincredenGals(email+password)whenclickingonalink.Always
useh_ps://www.linkedin.comtologin.
• Log-outimmediatelywhenfinished.• Setyourbrowsertodeleteallcookiesattheendofthesession
(whenbrowserisclosed).
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 32/50
32
Internetposngsmetadata
• Metadata(dataaboutdata)areindocumentstradiGonallyusedforindexingfiles,andfindingoutinformaGonabout:
– Thedocumentcreator.
– s/wusedtocreatethedocument,andmanymore...
• Byreadingmetadatayoumaydiscover
– vulnerableversionsofs/w,thatcanbeusedforclientsidea_acks,
– OSversions, – pathdisclosure, – userid’sandmore…
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 33/50
33
Metadata(thesilentKiller…)
• Metadataarehiddenfromtheuser.
• Therearelotsoftoolstopulloutmetadatafromdocumentsandpictures(seepaperby
LarryPesceinwww.sans.org).• Onaposteddocumentalotofrevealingmetadatamayexist,likeuserid,OS,s/wversionnumber,telephonenumber&emailaddressofdocumentowner,MACaddress,documentpath,LocaGon(city),etc…
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 34/50
MobileAppsandphonefeatures
securityconcerns
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 35/50
Mobile Apps plus & minus points• Mobile apps make our lives
easier, but they also give a wider group of application developersand advertising networks theability to collect information aboutour activities and leverage the
functionality of our devices.• Even though a list of permissions
is presented when installing anapp, most people don’tunderstand what they areagreeing to.
• Free apps are more dangerous.
Séminaire International RSI'2012 Morocco, 19 & 20 Novembre 2012
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 36/50
Some of the
major risks ?
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 37/50
Whatfreemobileappsmaybedoing?
• TheymaygetpermissiontotrackyourlocaGon.
• Theymayhavepermissiontoaccesstoyouraddressbook.
• Theymayhavepermissiontosilentlysendtextmessages!
• TheymayiniGatecallsinthebackground(acGngasaspy
device).• Theymayhavepermissiontoaccess
thedevicecamera.
• Theymaysilentlyconnecttothe
Internet…
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 38/50
Spyingonyourphone
• Unauthorizedtransferof Mobiledatathataackerscanintercept:
– Calls(CDRs)andbrowsinghistory(sites). – ourcurrentlocaon. – Contacts(addressbook). – EmailsandSMSssent&received. – Acvateaudio&video(online–realme). – Datafiles(personalphotos,videos,recordingsetc.).
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 39/50
Fraud• Enforcethecompromiseddeviceto...
– MakePRScalls(highcost) – SendPRSSMSmessages. – Makeunauthorizedmobilepayments. – Propagatevirusandworms – Contributetobotnets.
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 40/50
Phishing&Impersonaon
• Vicmisaskedtoauthencatethinkingitisconnecngtoasecuresiteandendsup
sendinghiscredenalstoanaacker.
• ThemaliciousappcreatesaUserInterfacethatimpersonatesalegimateapplicaon,
forobviousreasons.
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 41/50
Rootkitbehavior
• Rootkitsaremalwarethatstealthilyachievetheirgoalsbymodifyingoperangsystem
codeanddatainordertohidetheir
presence.
• Forexampletheyaremodifyingtheproxyconfiguraonand/ortheysetupe-mail
forwardingtocopyreceivedemailswithoutbeenidenfied.
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 42/50
Legimateappsvulnerabilies
• Poorsecurityimplementaonofalegimateapplicaonsmayexposedeviceinformaon
andauthencaoncredenalsandother
sensivedatato3rdpares.
• ExamplesincludelocaonandownerIDinformaon,telephonenumberanddevice
ID,authencaoncredenalsandauthorizaontokens.
Social Network on your Iphone !
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 43/50
Social Network on your Iphone !
Wh t i G T i ?
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 44/50
Whatis Geo Tagging ?
Geo Tagging is the processof adding geographical
idenGficaGon metadata to
various media such as a
photos, videos, websites,SMSmessages,etc.
Any use of geo tagging ?
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 45/50
Any use of geo tagging ?
• GeotaggingcanhelpusersfindawidevarietyoflocaGon-specificinformaGon.
• Forinstance,onecanfindimagestakenneara
givenlocaGonbyenteringlaGtudeandlongitudecoordinatesintoasuitable
imageSearchEngine.
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 46/50
Geo Tagging concerns
• Smartphonesmayallowsomeonewiththenecessarytechnicalknowledgetofindwhere
youareoneverymoment,withafewsimple
clicks?
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 47/50
LocationBased Services (LBS)
• SocialNetworkswithgeotaggingfacilityONmayallowsomeintruderstolinkinformaonaboutyou
moreeasily.
• DoyoureallyneedLBS?SomeonemayconnectthepiecesofinformaGonrelatedtoyouracGviGes,and
leadtoproblems.
• IfneededlimitpeoplewhoareabletouseandseenetworklocaonservicesinyourSNprofile.
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 48/50
Which mobile OS is more secure ?
• Android• iOS• Blackberry• WindowsPhone
• Symbian
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 49/50
CONCLUSIONS
• Socialnetworksareheretostay,andastheycanbringbusinessbenefitsaswellasrisks,it
isbe_ertoensurethatuserscanparGcipate
insocialnetworkssensiblyandsafelyrather
thanbanningthemfromtakingpartatall.
• TrainingandpublishingofSMpolicyiscriGcal.
• MobileappsareextremelyusefulbuttheypotenGallyopendoorstomaliciousbehaviour.
7/30/2019 Social Media and Mobile Risk - CIO Perspective - Michalis Mavis - iCompetences RSI2012
http://slidepdf.com/reader/full/social-media-and-mobile-risk-cio-perspective-michalis-mavis-icompetences 50/50
ThankyouMichalisMavis,MSc,MSc
//gr.linkedin.com/in/mmavis