I’m sure your customers are using Facebook, who isn’t? So is this okay? Facebook is like cloud computing and SaaS. It’s an application like Saleforce.com or like using Gmail. So if you discover Facebook accounts during an assessment or in the selling process, don’t consider this to be justification for a security project. However, there are some things you should be looking for as you work with clients that access Facebook.
The problem with Facebook; just about everyone uses it, and that means a lot of uneducated users. It also means that family members are spending time of systems owned by your clients. Expect company provided laptops and home computers to be used for social networking, peer-to-peer networking, and accessing websites that are likely infected. So you’re not looking for Facebook accounts, but you are looking for systems that have been compromised by malware, and Facebook (along with any other social network program) increases the chances.
Yesterday’s report on Social Networking Scams is a great start in understanding why these programs open the door to attacks – it’s worth a quick skim. Remember to pull out the sound bites – know these and you’ll not be challenged by arrogant IT administrators. http://www.usatoday.com/tech/news/2009-12-14-searchsecurity14_ST_N.htm