Social Media Security Tactics: Think Small, Save Big?

April 10, 2015
| |
3 min read

Most enterprises don’t think small when it comes to cybersecurity. Bigger is better — bigger budgets, bigger reach, bigger payoff, right? However, at Facebook’s recent F8 conference, Chief Executive Officer Mark Zuckerberg touched on “small” security tactics the site uses to avoid larger issues down the line. Can enterprises benefit from this kind of scaled-down security thinking?

Fast and Stable

While most F8 attendees got what they were hoping for — more about new developer initiatives such as the Messenger Platform and the evolving Facebook Login app — Zuckerberg also made it clear that he is committed to improving security. According to a recent Motley Fool article, safety is vital for users’ ability to trust a social platform.

“We need to put people first by keeping them safe and giving them more control of their experiences,” Zuckerberg said.

Meanwhile, Fortune noted that Zuckerberg had taken to repeating a slightly altered version of a Silicon Valley mantra: “Move fast and break things.” His version? “Move fast and with stable infra.”

So how is Facebook thinking small but getting big results? It starts with events such as Hacktober, which sees the company’s internal security experts trying to dupe other employees into falling for security scams such as phishing attacks and other socially engineered threats. Additionally, the company scatters USB sticks and other devices marked “confidential” around its headquarters and satellite offices and then tracks their use to see which employees take the bait. On the surface, this seems like small potatoes; tricks and traps are hardly enterprise-grade security measures. However, according to Facebook security engineer Ted Reed, the idea here is to create a company culture that is naturally resistant to security threats, which helps limit the chance of a large-scale breach.

Curated Security Tactics

Meanwhile, social sharing site Twitter just debuted a new feature that aims to filter out offensive tweets and notifications. As reported by Naked Security, this “quality filtering” will remove any content that contains “threats, offensive or abusive language, duplicate content” or anything sent from suspicious accounts. The new feature is currently only available to verified Twitter users and those running iOS, but if the service proves to be popular and effective, expect to see this roll out across devices and even to unverified users.

The small lessons here? First is the concept of starting small and only expanding security services as necessary. Spending big on company-wide rollouts does no good if security measures can’t keep up or don’t have their intended effect. Twitter’s effort also speaks to the opposite side of the security coin: While Facebook looks to create a culture of security among its employees, Twitter wants to do the same among users. Not only does this help them feel safe — and more likely to use the sharing app — but it also makes it more likely they will report emerging security issues.

Evolving Information

Professional sharing site LinkedIn is also taking small steps to shore up its security tactics. According to its official blog, the company has launched a new security site to “help our members and the businesses that use LinkedIn better understand our security practices.” The site includes a safety center with tips to protect user information, a list of LinkedIn security practices and a security blog to offer more direct insight into the company’s efforts to keep users safe. The takeaway for enterprises? Information matters. Easy-to-find best practices and use expectations, combined with transparency about existing security measures, goes a long way toward bolstering large-scale security efforts. When employees and users feel like they are in the loop, security becomes more than just a buzzword.

For social media sites such as Facebook, Twitter and LinkedIn, the mandate is clear: Smaller security tactics make a world of difference. The same holds true for enterprises. By getting employees involved, curating user content and providing easy ways to access pertinent security data, it’s possible to think small, spend less and sidestep bigger security issues.

Image Source: Flickr

Douglas Bonderud
Freelance Writer

A freelance writer for three years, Doug Bonderud is a Western Canadian with expertise in the fields of technology and innovation. In addition to working for...
read more