Information security and privacy are multi-faceted concepts, and earlier definitions of information security and privacy seem inadequate in the context of emerging technologies such as social media. Hence, this chapter presents an analysis of the concept of information security followed by a discussion of computer security, information security, network security, personal privacy, informational privacy, etc. Then the discussion narrows down to information security and privacy on Social Networking Sites (SNS) followed by an analysis of the consequences of information security and privacy breaches from individualistic and organizational perspectives. The lack of understanding of the complex nature of security and privacy issues are preventing businesses from gaining the full economic benefit, especially on SNS. Therefore, some solutions and recommendations are suggested towards the end of the chapter, including the need for a common legal framework. Finally, the chapter ends with suggestions for future research.
TopIntroduction
Information security and privacy is a vital concern for organizations and individuals operating in today’s digital society. Gordon et al. (2010) argue that the rise of the Internet and e-commerce has elevated the value of information as an organisational asset. However, protecting such information assets against cyber-crimes such as “denial-of-service attacks, web hackers, data breaches, identity and credit card theft, and fraud” etc. (Smith, Winchester, Bunker, & Jamieson, 2010, p.1) is posing a major challenge to organizations operating on the web. Breaches of information security could have a significant negative effect on the value of an organization (Campbell, Gordon, Loeb,, & Zhou, 2003; Cavusoglu, Mishra, & Raghunathan 2004; Kritzinger & Smith 2008; Johnston & Warkentin, 2010), not only in terms of losing time, manpower, money and/or business opportunities (Dhillon & Moores, 2001; Whiteman & Mattord, 2003) but also in losing the trust, loyalty and goodwill of their customers (Jarvenpaa, Tractinsky, & Saarinen, 2000; Miyazaki & Fernandez, 2001; Lee & Turban, 2001; McKnight, Choudhury, & Kacmar, 2002; Gefen, Karahanna, & Straub, 2003; Liu, Marchewka, Lu, & Yu, 2004; Chen & Barnes, 2007). Despite these negative consequences, many organisations, particularly those with commercial interests, have continued to use and consider the Internet as a lucrative business platform. However, in recent years, a notable change has taken place in terms of how online businesses interact with their customers, which has considerably changed traditional online business practices. This new paradigm shift involves the use of social media as a cost effective, convenient and efficient means of conducting business (Kaplan & Haenlein, 2010; Mangold & Faulds, 2009). As mentioned before, the concern for the susceptibility of information assets belonging to businesses operating on the Internet is on the rise and the emergence of online social media driven business models adds to, if not increases the concern for online security. Apart from businesses organisations, governmental and other non-profit organisations have also had their fair share of security issues in recent years. Recent incidents involving attacks on government systems using fake social media profiles is one good example (Constantin, 2013).
From an individual point of view, Symantec recently revealed consumers have high levels of trust in social media, which results in vast quantities of self-disclosed information (BusinessTech, 2013). This is not only limited to disclosure of information but extends to monetisation of social networks including the use of digital currency, purchase of virtual gifts and online credit used in services such as gaming and Voice over IP (VOIP). Cyber-criminals have taken to exploiting the information available on social media and commercial application on social media platforms. Cyber security predictions for 2013 include an increase in social media-oriented security threats such as malware attacks targeting monetary and non-monetary information, targeting both the individual users and online businesses (BusinessTech, 2013). Recent incidents such as the Sony PlayStation information security breach (Minihane, 2011), and criticisms against Facebook apps tracking/selling personal information (Hickins, 2012) suggest there is room for further enquiry pertaining to social media security and privacy.