HOME
SUBSCRIPTIONS
RESOURCE DIRECTORY
BACK ISSUES
JOBS
GUIDES
CONTACT US
 QUICK LINKS: SUBSCRIBE | BLOG | RSS | AUDIO
www.nptimes.com   


advertisement
 

Dangers For Nonprofits And Members Of Online Social Engineering

By Marla E. Nobles
The term "social engineering" might sound innocuous, fresh even, with its likeness to the Web 2.0 phenomena "social networking" that's fast becoming a ubiquitous term.

But in reality, social engineering is as shifty and underhanded as it gets. And with the explosion of social networks -- resulting in a wealth of personal information that's as easily attainable as candy is from a baby -- it's becoming so much easier to perform.

"Social engineering is always something that nonprofits should be concerned about," said Marnie Webb, co-CEO of San Francisco-based nonprofit CompuMentor, a leading provider of technology assistance to nonprofit organizations.

advertisement

Webb finds the concept particularly relevant today. "The sort of dumb things that you could say to somebody, but only one person hears you, and you can go, 'Oh, that was a dumb thing, remind me to never repeat it.' Well now, it becomes indexable by Google," said Webb. "People will talk out of turn, and share information, but now the megaphone in which they're sharing it is much bigger."

Social engineering has its roots in the offline arena, made infamous by Kevin Mitnick, who at his height was arguably one of the most wanted computer hackers in the world.

In his book "Art of Deception," (2002) Mitnick discussed how he used the telephone, not the Internet, to gain proprietary information from companies. Mitnick described how he would wait until the CEO of a targeted company was out of town, and then show up at the company's headquarters pretending to be a close friend of the CEO. He would then con a subordinate employee into divulging vital information.

"We do see a lot of organizations worried about this," said Webb, "and not just with sort of the MySpace and Friendster social networking, but as they look at an organizational blog. They worry about the sensitivity of their information, and making sure that they're positioning things right. They worry about the words being taken out of context and used against them."

According to Webb, nonprofits tend to worry about social engineering more than they should. However, when The NonProfit Times posed the question to a forum of nonprofit IT professionals, not a single individual responded that this was ever an issue at their organization. So, is the concern being kept under wraps?

"Most of what I have seen is concern more than any specific stories of people being victim to it," said Webb. This is particularly the case for organizations that have a certain political lean, which tend to worry more.

For instance, Webb noted one nonprofit with a pro-choice stance. Several staff at the organization voiced concerns regarding using social networking tools, fearing they might expose membership to danger. "For example, do we really want to use 'Meetup' to tell people where the...group is meeting? And the same kind of thing with opening their site up to comments, because people have a lot of very emotional feelings about (the pro-choice stance)."

But blogs, vlogs, MySpace, Friendster, and YouTube, to name a few, are going nowhere any time soon - so what is a nonprofit to do?

"Increasingly, I think the danger to organizations not thinking about this issue explicitly, and in fact, not having some level of policies about it, is that whether they give their employees permission to or not, they have social networking sites," said Webb. "Employees are sharing information. And if they care about the cause that they're working for, it very well might be related to their job."

Take the blog "Don't Tell the Donor," for instance, whose blogger openly states, "I currently work as a fundraiser for a nonprofit in the United States, but I've been too scared to tell my boss I run this anonymous blog."

If social engineering is a concern for you, or you simply want to maintain some control on the World Wide Web over what's being written about your organization, Webb recommended the following simple steps:

  • Just talk to your employees about it; ask them to use good judgment
  • Make employees aware of information that shouldn't be shared
  • Put the appropriate protections around sensitive information - make it harder for employees to make an innocent mistake.
  • Prior to setting up a blog, consider the message you want to send, who is receiving that message, and what it's potential is for misuse
  • Using Google Analytics, Technorati, or other technologies, an organization can monitor what people are saying about them in their area of interest.
advertisement

***

This article is from NPT TechnoBuzz, a publication of The NonProfit Times.

Subscribe to NPT TechnoBuzz or any of our other enewsletters and get the latest nonprofit news and stories delivered to your inbox..

 

 

 

 

 



WEB EXLUSIVES


 
   

HOME | SUBSCRIPTIONS | RESOURCE DIRECTORY | BACK ISSUES | JOBS | GUIDES | CONTACT US
© 2007 The NonProfit Times Privacy Policy