Social media – the risks and rewards

Solutionary Blog and Bloggers

Solutionary is an information security company. What does that mean? Simply put, we help businesses protect their assets, remain fully secure and safe online, and maintain and adhere to compliance regulations and standards. Solutionary's blog is a place to learn about, and discuss, a wide variety of security and compliance topics.

For more information about Solutionary, click here.

To read the Solutionary blog comment policy and disclaimer, click here.

Solutionary Bloggers:

Brad Curtis, Compliance Manager              Jon Heimerl, Director of Strategic Security  Mike Hrabik, President and CTO             Don Gray, Chief Security Strategist       Court Little, Director of Strategic Security Joseph Blankenship, Director of Marketing 
Doug Picotte, Regional Technical Manager
Rob Kraus, Manager, Security Consulting Services    
Erik Barnett, Regional Technical Manager Jose Hernandez, Security Consultant
Vincent Ragosta, Information Security Engineer                                         Jozef Krakora, Sr Product Manager        

Subscribe to our blog

Your email:

Tags

Posts by popularity

Solutionary Minds - Your Information Security Blog Source

Current Articles | RSS Feed RSS Feed

Social media – the risks and rewards

Posted by Mike Hrabik on Tue, Feb 16, 2010 @ 05:06 PM
  
  
  
Add to delicious  delicious  
  

I've talked to a lot of business leaders who are trying to figure out if they need to integrate social media and blogging into their marketing plans. For better or worse, the concept of social media and networking is changing the face of how consumers use the Internet, and therefore, how businesses and organizations create an online presence. Social media is the "reality TV" of the Internet and is playing a huge role in shaping the future of the online world.

Most social media tools are free. Companies pay for marketing and web services, so why not use free tools available to them online? The problem is, many social media users don't really think about how information could be used against them, or even believe anyone would share or use sensitive information in a bad way.

Enter the need for a corporate "social media policy" - simply blocking Facebook and other sites is not a solution.

Employees must be aware of what they can and cannot post and/or discuss on public blogs, forums, collaboration, help and technical forms, etc...and such posts should be monitored. You'd be surprised to know how many assessments I've performed over the years where I was able to obtain sensitive information available to the public, such as dump files, log data, network diagrams, configuration files, and yes, even user names and passwords.

Social media is also vulnerable to many threats: Web application security; data aggregation; retargeting; reputation damage, etc. Companies must assess the amount of risk they are willing to given the potential impact of a threat - and the likelihood of the threat occurring is EXTREMELY HIGH.

The bottom line is, whether your company is using social media tools/sites or not, you must have policies regarding the use of external social and collaborative sites. You should also have strategies and tools in place to measure effectiveness of their social media system, as well as information leakage. I'll be looking at this more closely in a post later this week - check back soon!


 

describe the image

Tags: ,

COMMENTS

Currently, there are no comments. Be the first to post one!
Post Comment
Name
 *
Email
 *
Website (optional)
Comment
 *

Allowed tags: <a> link, <b> bold, <i> italics