Below are a few quotes that should make you shudder and "go very slow" if approached about your church setting up a page on a social networking service. Can you justify deliberately adding risk for your church's children and members as well as its visitors?
- "With more than 150 million members worldwide and a huge amount of data on every user, [FaceBook] is a dream come true for spammers and identity thieves." (WindowsSecrets newsletter)
- "[Facebook] site has been hit by five separate security problems in the last seven days, say security experts. ... Security firms warn that the popularity of social networking sites makes them a tempting target for hi-tech thieves." (BBC news)
- "Get used to this [Koobface worm attack]. I think we'll see a steady stream of these kinds of stories with malware propagating via social networking contacts throughout the next few years. And, given the increasingly flexible APIs the social network sites are implementing, bad guys will be able to mine this information for attacks far more effectively." (SANS Security Newsletter)
- "In an analysis of cyber crime activity in the 2nd half of 2007, security vendor Symantec Corp. found that two social networking sites [FaceBook and MySpace] together were the target of 91 percent of U.S.-based phishing Web sites." [And it will likely only get worse] (The Washington Post)
Churches place great emphasis on providing a "Safe Sanctuary" for children. But they leap onto FaceBook without any concern for their congregation or the visitors they hope will visit there. Taking some teens on a picnic lunch in a park is a great idea. But if that park is a known hangout for drug pushers, muggers, and rapists, we would never take them there.
Yet most churches ignore the very real (and increasing) criminal activity related to social networking sites because the sites are neat, modern, and popular. Churches need to do better at protecting our children, members, and web site visitors. Fun and fad should never trump the safety of our flock.
Maybe it's time for a "Safe Web" policy for churches. Does your church have such a policy? Does it enforce it?
The US-CERT governmental organization has issued some tips for people who just have to risk everything and have a social networking page/site. (See the US-CERT tips) These tips appear aimed at getting teenagers to be less naive about Internet use in general, but there are lots more steps that people should take. Why don't many take these steps? Because if they followed them, it would take some of the "fun" out of their (risky) surfing. Here are a few:
- Never use your real name in your email address. Give away as little information about yourself as possible.
- Use disposable email addresses when singing up at online stores or services (including social networking sites). If an address starts getting tons of Spam, you may be able to determine where it came from. You may even be able to alert a "friend" that their computer may be infected and that any email addresses on it may have been "harvested".
- Whenever possible, do not give out your real name or other information that identifies you personally.
- Do not identify other people by name, especially a full name, while online.
- Always provide the minimum required information when signing up for a service or buying a product. Don't fill in every field on a form just because it's there.
- Never "assume" that Jane Doe is really Jane Doe, even if "she" has a cute photo icon that is really her and she's using "her" email address. Anyone can copy images that appear on the web. And criminals steal email addresses all the time.
- If you want to share photos, use a photo service such as Google Photos or Flickr. Don't use a social networking site for photos. That's just one more thing the criminals can steal.
- Avoid associating personal information with online photos.
- If you really must create a social networking page, tighten the security by customizing the configuration. The social networking site usually has info on how to do that. But the default for nearly all social networking sites is very "open" and not very secure.
- Be paranoid. Be very, very paranoid. It's a good and righteous thing to be paranoid when the "bad guys" really are "out to get you"!