For example, social networking also extends beyond sites and reaches users through chain-letter emails and e-cards as well. These can be used to both infect user systems with malware or to harvest email addresses. Each time an email is read, a request can be sent to the server hosting the image divulging the user’s email address.

What can companies do to educate employees on how to protect themselves and the company from threats associated with social networking sites?

Security awareness training can go a long way to protect the enterprise from Internet-based attacks. Employees and executives alike should be made aware of the threats that exist and how to guard against them. Corporate Internet security policies should be put in place and all users need to have a clear understanding of why and how to comply with these polices.

Still, network administrators need to keep in mind that while awareness campaigns address part of the problem, hackers are constantly adapting. Companies must keep current on security trends that target enterprise users. Because user behaviour can be so unpredictable, it is wise to invest more heavily in security technologies, like high-quality endpoint security products. If your machine is protected, this forms a critical last line of defense.

What best practices should be implemented to protect against malicious threats?

Two of the most important best practices mentioned above are to be careful of who you allow to join your network and filter which information you publish on the site. Additionally, do not run programs sent to you by others, even your own friends or contacts, without first confirming via a side channel that it is legitimate. Also, when you browse to a social networking site, have the latest version of a reputable Internet security suite on your machine. For example, the software you use should have browser protection that is capable of blocking a wide class of web-based threats. Also, if the social networking site has privacy options, make sure that these are set as strictly as your normal usage of the site allows.

For social networking site administrators, user confirmation scripts such as captchas can be added to verify that postings are from actual users versus automated systems. Even though these systems can be successfully bypassed by bots, it will reduce the risk from less technically savvy hackers. A more successful approach would likely involve the utilization of a behaviour-based antivirus solution to detect potentially malicious code in a virtual environment, prior to the site allowing data to be uploaded.Material gains in virtual worlds can have real-world impact. There are often secondary markets where goods inside of virtual worlds can be bought and sold for real currency. Attackers go where the money is.

2. Virtual currencies and goods are not regulated. Therefore, the legal implications for performing theft are murky. That’s good news for the attacker.

3. Converting virtual currencies and goods can provide a money laundering mechanism. Because currencies and goods can be traded inside the virtual world and then subsequently sold into secondary markets for real money, it becomes difficult to trace a crime.

4. Many people are willing to go to great lengths to acquire assets inside a virtual world, and might compromise their security in the process. For example, suppose that the virtual world takes the form of an online game. If a hacker posing as a player or game administrator offers you a tool that claims to improve your performance in the game, you might use that tool without thinking through the repercussions