We Are Only As Strong As Our Weakest Plugin
Internet security is a constant challenge that we often neglect because, let’s face it, having tons of passwords and changing them every month is a real pain. Sadly, this view of internet security often neglects many of the other vulnerabilities in our online systems. The New York Times recently discovered that it had a weakness with the software it uses to suggest other relevant content to readers when they near the end of an article. It appears this software was hacked by the Syrian Electronic Army, who in effect managed to take down the site.
This is an important reminder that, when it comes to social media, we are only as strong as our weakest plugin. Many of our social media platforms, including Facebook and Twitter, use plugins that allow us to expand the use of the networks and enjoy additional features.
This is an era where the web has gone social, and plugins are a primary means of making interaction possible across different sites. The difficulty is that each of these plugins, often with their own passwords, can represent an online vulnerability. It is as if we have built a house with a single door and we slowly add windows, a French door, a patio, and a deck, each with their own access points. Unless we maintain the same level of security on each of these access points, with each plugin we increase our vulnerability for our networks to be compromised further.
Here are a few tips:
- Remove any plugins or apps on Facebook and Twitter you no longer use.
- Maintain a printed list of plugins that you update regularly. This can become an easy checklist in the event of a social network that becomes compromised.
- If a password becomes compromised on one platform that you use for other platforms (we know you do this!), switch all of your passwords across all plugins and apps that interface with your system. We know, it takes a little more time, but it can also save the embarrassment of tweets from your business about get-rich-quick-schemes and magical weight loss plans.
- If your network is compromised, suspend plugin access for a period of time and slowly return access. This can help you determine where the compromise may have occurred and provides breathing space after the attack.
Your system may not be at risk from the Syrian Electronic Army, and Al’Queda probably isn’t thinking your Facebook page is ripe for posting terrorist messages, but there are still other, less headline grabbing hackers who would love to use your page to make a few bucks selling “investments”. These attacks can happen to anyone, so maintain your vigilance and remember, you are only as strong as your weakest plugin.
– Trevor (Digital Communications Strategist)