Social networking security in the workplace
- 22 May, 2012 11:00
At any given moment today, on-the-clock employees are updating their social media status, reading feeds and networking on business media sites. Moments can stretch to minutes: A recent study by the Ponemon Institute found that 60 per cent of social media users spend at least 30 minutes a day on these sites while at work.
Social networking has become the preferred channel of communication, and while companies initially resisted on-the-job use of social media, many now embrace it as good for business. They understand that enterprise social media tools can spark collaboration among co-workers, strengthen employee productivity and improve communications. Public social networking sites may help an organisation attract customers and employees, improve customer service and manage its brand image.
Slideshow: 11 Promising Enterprise Social Networks
The inherent risks of social networking, however, can be very bad for business. Chief among them: Social media can be a very effective on- ramp for malware attacks. Other threats include network breaches, intellectual property theft, leakage of sensitive business information and hijacking of websites and social media accounts.
Containing these risks requires a security strategy that fuses policies governing the use of social media with technology that monitors and protects the corporate network. It is essential to reinforce policies and technology with thorough and continuous employee training on acceptable use of social media.
A first step in creating a social media security strategy is classification of business data so that employees understand precisely what is -- and is not -- sensitive information. This process also should specifically delineate who is authorised to access corporate content and how that information can be used.
Policies will vary by employee role and by social media site. For instance, a worker may be permitted to include employer affiliation and job title on a public profile on a business media site, but not on a personal one; HR staff may be allowed to provide more company information because doing so is essential to recruiting.
Remember that hackers now target mobile devices such as smart phones and tablet PCs. Businesses should specify whether employees are permitted to access social networking sites from these devices and which apps may be used to do so.
Once policies are established, it may be necessary to reinforce them with a carefully considered combination of network monitoring and data protection technologies. In some cases, these technologies may already be in place as part of standard IT security measures. If so, they should be configured to include social networking controls.
The challenges of changing employee behaviour
With social media, even a carefully planned mix of policies and technology may not be wholly effective. That's because you cannot stop employees from posting data on social media when they go home at night; people will do what they want, regardless of corporate policy. What can you do? Implement a rigorous and continuous employee education program on acceptable use of social media.
A business should proactively train employees and be very clear about what it considers proper use of company information. Be specific: Tell them what they can and cannot say on social networking sites about the company. Employees should understand that posting corporate data is absolutely forbidden -- unless it is expressly encouraged.
Tailor the education program to meet the security knowledge level of your employees. The risks of malware, data loss and other threats should be described in very real scenarios that explain impacts to the individual and the business. Show employees how to recognise current scams used in social media attacks and how to identify a phishing website. Training should demonstrate how these threats propagate on social media and how they can be downloaded to a user's computer or mobile device and then infiltrate the enterprise network. Emphasize that this knowledge will be as useful at home as it is in the workplace.
Education should not be exclusively technical, however. For many employees, sharing via social media has become so reflexive that they may not realize how information innocently posted on a social network can harm a business. Workers also should understand that when they identify themselves as an employee they are representing the company to the digital world.
Finally, fully explain the consequences of failure to follow company policies on use of social media. Be very clear: Jobs are at risk for those who violate the corporate code of conduct for privacy, client confidentiality and intellectual property.
Gary Loveland is a principal in PwC's Security Advisory practice.
Rethinking the worst case
The brand called CIO
Motorola turns to the Moto G's price to reserve its smartphone fortunes
Virtual desktop computing service: The next cloud disruptor?
Google app translation service now available to Android developers
Introduction to Storage efficiency technologies
Data is growing at a tremendous rate, and organisations of every type rely on the timely retrieval of information to facilitate transaction and decision making. Processing powers are also expanding, now equipped with storage efficiency technologies that help simplify the many IT challenges that companies are facing. This white paper describes how proper simple storage efficiency features help you leverage daily storage, maximise capacity and performance optimisation, while reducing power consumption and total cost.
Case Study: Sustainability Value in a Virtual World
Over time we have learnt that teleconferencing services have made organisations work faster, more focused and environmentally responsible. In this case study, we look at the travel costs that are avoided, the more effective decision-making capacity that is unlocked and the better work-life balance that is afforded to employees. Click to download!
The Power of Transformational Knowledge
Apple saves $5 million a year on case and email deflection, while its agents find information 47 per cent faster than before they invested in something called Transformational Knowledge. In today’s consumer-empowered marketplace, you cannot afford negative customer experiences. However many companies lack the tools and processes required to empower their employees to deliver great customer experiences. In this whitepaper, we look at how to breakdown silos and deliver great customer experiences.