Social media – the risks and rewards – part 2

Solutionary Blog and Bloggers

Solutionary is an information security company. What does that mean? Simply put, we help businesses protect their assets, remain fully secure and safe online, and maintain and adhere to compliance regulations and standards. Solutionary's blog will be a place to learn about and discuss a wide variety of security and compliance topics. More information about Solutionary can be found here. To read the Solutionary blog comment policy and disclaimer, click here.

Solutionary Bloggers: 

Brad Curtis, Compliance Manager              Jon Heimerl, Director of Strategic Security
Mike Hrabik, Chief Technology Officer
Don Gray, Chief Security Strategist
Court Little, Director of Strategic Security
Phoram Mehta, Senior Security Consultant
Doug Picotte, Regional Technical Manager
Scott Simpson, Director, Security Consulting Services


Subscribe to our blog

Your email:

Posts by category

Posts by popularity

Solutionary Minds - Your Information Security Blog Source

Current Articles | RSS Feed RSS Feed

Social media – the risks and rewards – part 2

Posted by Mike Hrabik on Fri, Feb 19, 2010 @ 09:53 AM
Share on Twitter Twitter | Share on Facebook Facebook | Submit to Digg digg it |  Add to delicious  delicious |  Submit to StumbleUpon StumbleUpon | Submit to Reddit reddit 
Earlier this week, I highlighted the importance of a corporate "social media policy." Today, I wanted to address what this type of policy would look like and what elements it should include to be most effective. Communications today are much different than they were in the past so it's important to establish new or enhance existing policies to accommodate these changes.

Below are some examples to get you started!

What's the business value? - It's important to consider whether utilizing these tools will add any real value to your organization. At the same time, the phrase "if you can't beat ‘em, join ‘em" comes into play here. If there aren't any social media activities/technologies sponsored at the corporate level, your folks will likely put something out there anyway and without your control. When this happens, it quickly spins out of control.

A company contemplating starting a blog or utilizing social networking sites should:

• Produce policies, standards and procedures
• Training regarding business strategy for use of such sites
• Update and refresh material as necessary to be sure the messages are always accurate
• Measure success and quality distribution channels

Evaluate the security and risk - The most effective way I've found to illustrate security risk is to educate by example. For instance, say you have a sales person who uses LinkedIn to create a network of business connections. Sounds great, right? Not always - anyone can easily view this person's connections and see who many of their current and past clients and co-workers may be.

Here's another example. Technical people may use support blogs and forums to post questions about challenges and problems. Again, while this certainly has value to the individual, these posts often provide huge insight into an organization's IT infrastructure. I think we can all agree attackers would love to get their hands on this type of information.

Security-related items to consider include:

• Information use guidelines and policies:
• Dictate what content can/should be published
• Comply with company's confidential guidelines
• In-line with company's image and vision
• Respect all copyrights and trademarks
• Train employees on publishing materials and document the results of this training

Don't forget to assess and review - How do you know if these sites are effective? How do you know what information is being put out "there" if you don't check for it? This is a key part to understanding effectiveness and finding examples of policy breach to utilize for training purposes.

This final step should include:

• Identify authorized persons or agencies to access social media websites
• Monitor for information leakage
• Automated tools are your friend
• Gather proof for training

I know this might seem a little overwhelming, but taking note of even a few of these could make a difference (in a good way!) for your organization. I'll continue to use this blog as a way to offer tips - keeping the line of communication open on the "risks and rewards" of social media.

Tags: ,

COMMENTS

Currently, there are no comments. Be the first to post one!
Post Comment
Name
 *
Email
 *
Website (optional)
Comment
 *

Allowed tags: <a> link, <b> bold, <i> italics