Guy-Hermann Ngambeket Ndiandukue, CISA, CISM, CGEIT, ITIL V3(F), PMP, is a computer engineer and practices as a consultant at PwC Cameroon. He has carried out audits on behalf of multiple businesses in sectors as diverse as banking, telecommunications, insurance and the metallurgical industry, among others. He also specializes in data analysis. He can be contacted at firstname.lastname@example.org.
Social Networks and Privacy—Threats and Protection
“Broadcast yourself!” YouTube’s slogan alone could summarize the spirit of the social revolution caused by the tidal wave of social networks. These have emerged as one of the main channels of communication on the web: links of all kinds are being forged, developed and broken almost instantly. According to a study1 published in France by the French Institute of Public Opinion (IFOP) on social networks, carried out using a sample of 1,002 people aged 18 years and over, 77 percent of Internet users say they are a member of at least one of the online social networks included in the study. These social networks’ notoriety is not simply the result of a mere fad. They allow their members to connect in a useful and enjoyable way by offering a variety of applications and benefits tailored to their target audience. LinkedIn has a huge employment market; for example, Jeff Epstein, chief financial officer of Oracle, was allegedly recruited thanks to his profile on this network.2 However, it would be unrealistic to think that the exponential growth of social networks has only positive effects. Indeed, publication and sharing of personal information exposes Internet users to all types of abuse and violation of their privacy. In 2009, a worker was fired for using Facebook during her sick leave from work due to migraines when using computers. Her boss said that if she could use Facebook, she was capable of working on a computer. This incident launched the issue of spying using Facebook.3 The aim of this article is twofold: to identify, based on the motivations of Internet users visiting social networks, the risk of violating users’ privacy, and to analyze and evaluate the effectiveness of the control methods used. MOTIVATION OF INTERNET USERS A study published by Deloitte4 in April 2011 states that “continuous connection to the maximum number of friends is the main function for most people” connected to social networks. This statement does not mean that this function is unanimous among all users of social networking sites. Indeed, members of social networks are far from forming a uniform population. Depending on age and socio-professional background, there are several groups, each with different areas of interest. Figure 1 provides a brief overview of the major user groups and their motivations for using social networks.
Figure 1—Groups of Users of Social Networks
Group Individuals Motivations Interaction with family and friends, research, and professional opportunities Psychological and social profiling of applicants Spam, scams and sexual crimes Staff profiling, criminal investigations and quick communication with the public, particularly via Twitter Ideological propaganda, research and gauge of popularity Profiling and targeting potential markets, deepening customer relationships, online promotion and sales, and online surveys and studies
Employers and recruiters Criminals Police, army, secret services and government agencies Politicians and activists Businesses
Do you have something to say about this article? Visit the Journal pages of the ISACA web site (www.isaca. org/journal), find the article, and choose the Comments tab to share your thoughts. Go directly to the article:
Figure 1 shows that the most vulnerable group is individuals, who make up the majority of social network users. In fact, the other groups freely make use of the information published by individuals for a variety of purposes. So, what are the types of risk facing the hundreds of millions of people connected...