When I see Facebook access reported in assessment reports I yawn.  The asset owner is not going to conclude they’re in trouble when this is reported.  However, if you take time to show them why this is problematic, you might have something.  Here’s a clear statement, using an attraction story (if you’ve read previous posts on great marketing tips), explaining the issue with a live example.  USA Today reports a recent attack brought on by hackers who gained access to one Facebook account, and used the friends list to entice others into clicking on infected links.  One problem with this story – it assumes that only work computers are used for work, so extrapulate this to home PCs used by those who take their work home at night.

Key Points:

1. Hackers gained access to an account – Facebook was not well protected.

2. An infected link was sent to the Facebook account friends list

3. Some of those who received the link clicked on it – why not?  The average user is going to have no way of telling the difference.

4. Infections resulted, adding these computers to the glowing list of zombies tied to botnets.