By Mike Meikle, Hawkthorne Group
Social Media (Web 2.0) is on everyone’s lips these days. A million gurus have sprung up nearly overnight to cash in on the phenomena. Social Media has been promoted as the next big trend in productivity enhancement and a key to opening the coffers of customers everywhere. Many companies are scrambling to craft a Social Media implementation plan and one facet they will need to consider is information security.
Data is at the heart of a company’s value and social media is all about making more data available to the general public. Corporate management must consider that previously private data may be released onto the Internet.
Also, applications like Facebook are rife with malware and phishers attempting social engineering. A standardized communications policy is a must in order to manage outbound, inbound sharing of data.
The Federal government has recently posted some preliminary guidelines regarding social media out on CIO.gov. Gartner has published a critique of those guidelines, stating they lack implementation best practices. However, the Fed document will be a good starting framework for an effective policy and implementation.
Social engineering is the top method of phishers and hackers to gain access to sensitive data. One of the most effective was to combat social engineering is training. Training people not to post sensitive data about themselves (birth dates, full addresses, corporate email, etc.) is crucial. If the company wants to have a social media presence, then the people involved in the usage will need to have the training to understand what to and not to post and what is acceptable use (no Facebook apps).
The Internet is full of regrettable stories of CEOs and other high-ranking employees discussing inappropriate topics that immediately plunge themselves and their firm into hot water.
When drawing up the corporate social media implementation plan, user requirements gathering will be paramount. What exactly does the corporation want to achieve with social media? This will drive what applications are to be used or developed for the purpose.
Of course once a company heads down the software development path you add a huge layer of complexity to the equation. Using off the shelf applications is usually the most cost effective.
Standardization is still an Information Technology best practice and for social media applications standardization is key. If IT is going to support social media applications, the company must decide on what tools it will use and make that the standard. If users are allowed to use non-supported applications, it will only lead to IT and user dissatisfaction/conflict and a needless increase in risk.
Now for some links to backup my pontification:
• Generic Social Media Planning Steps
• Another Generic Social Media Plan Post
• Blog Post on Social Media IT/Business Concerns
• Cisco Security Blog Post on Socia Media Pros & Cons
• Federal Guidelines on Social Media Security
Finally, when it comes down to it, a wiki may be a better alternative for an “in-house” social platform.
Microsoft SharePoint or Atlassian Confluence are robust products that fill the employee collaboration and communication niche well, with the added benefit of having a number to call if something breaks.
Copyright © 2008 To Present · Information-Security-Resources.com
Mike Meikle is CEO of Hawkthorne Group, a Virginia-based independent consultancy.
Only registered users can write comments.
Please login or register.