Menu
Menu
Second generation webbers need social security

Second generation webbers need social security

Most organisations don't realise they may be vulnerable as a result of employees freely sharing information.

When a leading evangelists for Enterprise 2.0 acknowledges "there are some real dangers in an increasingly transparent world", it's worth listening. Ross Dawson, chairman of the Future Exploration Network, is a great fan of online collaboration and communication, but admits there are limits. While research has revealed "a positive impact on stock prices where there is more transparency," he warns that companies which transparently reported their customers' private information, for example, would quickly see the opposite effect on share prices.

Dawson says it is important organisations understand both the risks and the value of transparency, and then put in place systems to manage both.

"Clearly, if people want to deliberately steal information there are no fail-safe devices, but you can make it harder. But then there is inadvertent information loss - where people chat on Facebook, for example, and create something that is visible outside the company.

"Organisations need to think far more explicitly about what information they want to protect, what information to share with trusted partners, and what to disseminate freely." According to Dawson, once an organisation has identified these three tiers of information it can put in policies and systems to corral them.

He says that some organisations are already doing this - citing Westpac, which allows employees to use Facebook for collaboration and communication, but blocks access to some of the widgets in order to reduce the chance of information being too widely distributed.

Ajoy Ghosh, a security executive at Logica, says most organisations have yet to wise up to the degree to which they may be vulnerable as a result of employees freely sharing information.

Ghosh says that just as pedophiles groom children online, there are groups of people grooming employees in order to later tap them for information.

While organisations needed to be careful to comply with the Workplace Surveillance Act, Ghosh says employers should keep a close eye on employees' online activities.

In his role as a security consultant Ghosh says he has monitored companies' employees and identified people who were having illicit affairs, downloaded child pornography, were cult members, or were selling company assets online - from toilet paper to cars.

Ghosh claims that such information in the hands of unscrupulous groomers could be used to blackmail people into providing company information.

"The problem comes when people mix their corporate persona and their private persona. Companies are aware of the corporate persona but they need to make an effort to understand the employee's personal persona," says Ghosh.

This may require them to search online sites, social networks such as MySpace and Facebook, and also trawl matchmaking sites which could identify staff vulnerabilities.

"Corporate groomers get close to the individual to find out their secrets, then they build on that closeness and intimate relationship or use secrets to coerce them to do something. What better secret is there than threatening to break up someone's marriage?"

To date though: "Corporations are sticking their heads in the sand and ignoring this. Some are actually promoting the problem by encouraging staff to get on social networks. They are a great tool for business networking - but companies need to be aware of the other side," says Ghosh.

People who use social networking tools indiscriminately certainly need to consider what information they put on public display, according to Ross Dawson. "Everyone needs to understand that anything online is visible for ever more."

According to Leo Cole, vice-president of marketing for online security specialist Websense, the challenge organisations currently face is having young technically savvy and open staff with access to the internet at home and work. It's a case of "Employee 2.0 meets Web 2.0," says Cole.

Websense is one of many IT vendors developing solutions to help manage the problem. Its technologies trap and analyse Web 2.0 content which can then be used to help protect clients' information systems by blocking suspect content, or limiting access by employees to online sites deemed potentially risky. Internal content can also be "fingerprinted" according to Cole, so that it can be closely tracked, and any breach of policy regarding application of the information instantly identified.

However this is no shrink-wrap solution - organisations need to first develop policy regarding information access and sharing, and only then implement enforcing technologies.

According to Phil Vasic, Websense Australian and New Zealand country manager, although no Australian organisation has yet signed up for the, system, one of the major banks is considering the technology, and he has also had calls from China regarding its potential as a content filter.

KEY POINTS

* It is important organisations understand both the risks and the value of transparency.

* They should then put in place systems to manage both.

* Companies can block suspect content or limit access to online sites deemed potentially risky.

* There exist online groups which groom employees in order to tap them later for information.

Fairfax Business Media

Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

Join the newsletter!

Error: Please check your email address.

Tags securityweb 2.

Show Comments

Market Place