Online social networking

Online social networking (OSN) and microblogging sites have become very popular in recent years, and offer significant business benefits to organisations. However, their use poses risks both to the data on the IT system used to access the sites, and to the users of the sites and the organisations they work for.

Threat actors are increasingly using OSNs to target individuals and specific groups for both online and offline attacks. Such targeted attacks are much harder to spot and therefore more likely to be successful. This is exacerbated by the fact that many people are more relaxed online than they would be in face-to-face communication.

Many organisations have an increasing business need to use online social networks. This guide, developed as a collaboration between CESG (the National Technical Authority for Information Assurance) and the Centre for the Protection of National Infrastructure (CPNI), details the risks associated with the use of these applications, and gives guidance on how they can be used safely. The risks posed by the use of online social networks are not purely related to IA, but also threaten other aspects of security.

This guide therefore aims to provide a holistic view of the risks and appropriate countermeasures relating to all aspects of the safe usage of OSN technologies.