Instantly Online - 17 Golden Rules to Combat Online Risks and for Safer Surfing Mobile Social Networks

By Enisa - European Network And Information Security Agency, PRNE
Saturday, February 6, 2010

BRUSSELS and HERAKLION, Greece, February 8 - The EU 'cyber security' Agency - ENISA (the European Network and
Information Security Agency) today presents a new report on accessing social
networks over mobile phones, 'Online as soon as it happens' ( ). The
report points out the risks and threats of mobile social networking services,
e.g. identity theft, corporate data leakage and reputation risks of mobile
social networks. The report also gives 17 'golden rules' on how to combat
these threats.

Online Social Networking Sites (SNSs) have had an exceptional growth
trend on Internet. 211Mn users (out of 283 Mn) in Europe use SNS, and,
primarily, Facebook in 11/17 countries studied. The modern way of staying in
touch with business or personal contacts is through SNS and other digital
tools. Consequently, the ways people meet, share opinions, communicate
information and ideas is changing. With growing popularity of SNS, the demand
for instant, continuous access over the mobile phone has increased-i.e.
mobile social networks (MSN). More than 65 Mn users now access the social
network Facebook over their mobile device. MSN users are 50% more active than
non-mobile users, and are estimated to be 134 Mn in Europe by 2012.

Many MSN users also use their phone as a backup device for business
mails, personal data, contacts, pictures, and access codes. As a consequence,
a lost mobile phone can cause serious damage, e.g. when illegitimately used
to access MSNs. Many mobile phones come pre-packaged at purchase, with built
in MSN applications i.e. 'on-deck' services.

Several stories from Italy, France, Spain, Greece, UK, witness that many
SNS/MSN users are largely unaware of security risks, privacy issues and
threats related to misuse of the information put online in an SNS and of
proper online privacy protection. A number of unique MSN risks/threats are
identified in the report. The ENISA report ( gives
an overview of the situation and underlines that in particular MSN users need
awareness on how to safer use MSN on a mobile phone to avoid unexpected and
damaging consequences. Risks include identity theft, and serious damage to
personal or corporate reputation, or data leakage. Two samples case studies:

    - Fake profile on Facebook. A professor at Turin University
      discovered someone else had created a profile for him at Facebook with
      offensive features, affecting his reputation.

    - Data leakage/corporate reputation. After a 2008 incident, Virgin
      Atlantic airlines later dismissed 13 staff members who had posted
      comments on Facebook which e.g. criticised the cleanliness of the
      company's fleet and of its passengers. Similarly, British Airlines
      check-in staff at Gatwick posted messages on Facebook saying e.g.
      travellers were 'smelly' and criticised the chaotic operations at

The paper also gives a comprehensive view of the SNS world under the lens
of the European directive on data protection (Dir. 95/46/EC). The Executive
Director of ENISA, Dr. Udo Helmbrecht, comments:

"This report provides practical, hands-on advice to the users of how to
more safely be online, anywhere and anytime, when enjoying mobile social

The paper includes 17 practical 'golden rules'. Samples include:

    - Remember to log out from the social network once your navigation is

    - Do not to allow the social network to remember your password (this
      function is called 'Auto-complete').

    - Do not mix your business contacts with your friend contacts.

    - Report immediately stolen/lost mobile phone with contacts, pictures,
      or personal data in its memory

    - Set the profile privacy level properly.

For all recommendations, please download the full report

For interviews: Ulf Bergstrom, Spokesperson, ENISA, press at, Mobile: +30-6948-460143, or Isabella Santa, Senior Expert Awareness Raising. ENISA, awareness at

will not be displayed