What are the best social networking practices for preventing social network malware that every company should follow?

This is a very nice question by Duaa Saif as it concerns almost  every body here. According to Tony Bradley, PC World, here are three simple things you can do to avoid these attacks and protect your PC and your personal data:

Take a look at your "friends" on Facebook and on other social networks. How many of those people are people you know personally and trust? Use discrimination in choosing your social network contacts to minimize your exposure to these threats.

Society at large has been brainwashed with the mantra to not open unsolicited or suspicious email file attachments, and to not click on links within email messages. That same common sense logic has to be extended to social networking. Do not open attachments or follow links on messages—even from friends you know—on social networks unless you know what it is. A message to you out of the blue and lacking context should immediately raise some red flags.

Many attacks exploit known vulnerabilities, or even use known malware variants as a means of propagation. Keep your operating system and applications patched and up to date, and use security software to detect and block malware. A security tool with data access monitoring can provide additional protection by ensuring that sensitive information isn't leaving your PC without your knowledge.

Truth be told, the tips for avoiding attacks are pretty much the same as you should follow for email. Use some common sense, and exercise some health skepticism about every message and link, and you can defend yourself against the vast majority of attacks.

What's your opinion on guidelines for time-out settings, caching and other security best practices with regards to how enterprise users can interact with social networking sites? Is it possible to establish and implement a standard set of guidelines for enterprise users, and would it help to not only prevent data leaks, but also keep emerging social networking malware at bay?

You certainly need to implement and enforce an acceptable usage policy covering the use of social networking sites....

As you say, it will help prevent data leaks and reduce the chances of a social networking-based attack from succeeding.

The best way to ensure your policy works is to develop it through consultation with your employees and strictly enforce it. Employees are less likely to circumvent restrictions if they understand the logic behind them and have been involved in developing the overall policy.

It's an enterprise social networking security best practice to permit access only to social networking sites that have obvious business benefits and only to users with a business need to access them. When deciding which sites employees are allowed to access, you should take into account the sites' terms and conditions, as well as what they can do with user information and content.

It is key that all staff receive security awareness training covering your acceptable usage policy for social networking. Promoting good practice and improving user behavior are the best methods of reducing the risks from this form of communication. Many social networking sites' profile pages encourage the publication and sharing of personal information, but it can be harvested and used for phishing or targeted malware attacks against the user or organization, possibly putting personnel safety and the organization's information assets and reputation at risk. Employees need to be made aware that although content can easily be posted, it is essentially impossible to completely delete it.

User training should also cover the common social network malware scams and social engineering techniques used to procure personal or login information. Of course the use of strong passwords should be mandated and, where possible, require users to operate separate personal and work accounts. Also, advise users to make full use of any available privacy settings that control what information is viewable and to whom.

To your question, setting short session time-outs and limiting cached content are good practices. Cached content can be controlled via most browsers, while setting a short idle time to activate a password protected screen saver is one way of combating unclosed sessions.

These are all good practices, but making your security policies enforceable will have a much bigger effect on your users' overall behavior. Web monitoring tools, such as Websense Inc.'s Web Security Gateway, or BlueCoat Systems Inc.'s ProxyAV line, can detect holes in your acceptable usage policy so it can be updated or, when necessary, disciplinary steps can be taken against specific users. Also, data loss prevention (DLP) tools can prevent accidental or intentional data disclosures via social networking by analyzing content, monitoring cut-and-paste actions, and overseeing file access and blocking inappropriate access or transmission, while warning users at the same time.

Source: searchsecurity.techtarget

It becomes more and more difficult to protect your social media networks from malware the more interconnected we become online, but there are some prevention methods. One way to do that is to stay aware, alert, and ahead of the game. Research the newest ways that people are attacking networks. It can be as subtle as a trojan attack through Facebook, or embedded coding in a photo on Twitter. The more technology we are exposed to, the smarter the hackers become...so it is our responsibility to make sure that we are doing our due diligence and ensuring that our networks are secure and safe for everyone to use. Especially when it comes to marketing on social media, we have to be careful. We are depending on the social media networks for marketing more these days. We depend on Social Media for so much more than that, we depend on it to stay connected. So it's better to be 100 steps ahead of the malware developers in order to keep the social networks safe.

wait more details from our experts

I think its better to use some security steps and target your audience carefully. We cannot avoid such risks but can minimize with various steps.

Thank You for the invitation ... I would agree with answers that really covered your question ... Variety of correct info and opinions !

Train your staff to increase security awarenes.

i think it would be through good train to the employees and to be aware up to date with the new articles and updates 

The best way to ensure your policy works is to develop it through consultation with your employees and strictly enforce it. Employees are less likely to circumvent restrictions if they understand the logic behind them and have been involved in developing the overall policy.

A better understanding of this threat will lead for better proactive actions that can protect the company from such a digital danger.Experts at IT departments should train the company's employees on a periodic base how to be aware and prevent this threat.