People Hacking
with Social Media
Reg Harnish, CISSP, CISM, CISA
Chief Security Strategist
GreyCastle Security
November 15,...
Copyright NBC All Rights Reserved
• Who am I?
• Who is GreyCastle Security?
• What are we doing here?
Introduction
Social media
security challenges
rharnish@greycastlesecurity.co
m
What’s in an e-
mail address?
People are
not awesome
Copyright Universal Pictures All Rights Reserved
People who care: here
they are
Compliance regulations
Social media
horror stories
Social media
security solutions
1. Operationalize security
2. Implement
a policy
3. Train relentlessly
4. Test relentlessly
“Everybody has a plan
until they get punched in
the face.” – Mike Tyson
5. Plan for the worst
Final thought
27
Social Media:
Old Rules,
New Game
About Dowling Law, PLLC
• Dowling Law, a labor and employment boutique firm,
provides strategic legal advice and represent...
The Applicant
You are about to hire a new
salesperson.
Before you make an offer,
should you:
conduct an internet search
fo...
The Salesperson
One year later, your assistant informs you that your
salesperson recently set up a website with your
compa...
The Salesperson Strikes Again
This same salesperson has been
posting derogatory comments about
your assistant on his Faceb...
On the Way Out the Door
Before you even had an opportunity to speak with your salesperson, you
receive a terse email from ...
35
Social Media:
Old Rules,
New Game
About Dowling Law, PLLC
 Dowling Law, a labor and employment boutique firm, provides
strategic legal advice and represent...
The Applicant
You are about to hire a new
salesperson.
Before you make an offer, should
you:
conduct an internet search
fo...
The Salesperson
One year later, your assistant informs you
that your salesperson recently set up a
website with your compa...
The Salesperson Strikes Again
This same salesperson has
been posting derogatory
comments about your
assistant on his Faceb...
On the Way Out the Door
Before you even had an opportunity to speak with your salesperson, you receive a
terse email from ...
Social Media Security November, 2012
Social Media Security and Human Resources
Pinnacle Human Resources, LLC
Social Media Security November, 2012
About Pinnacle Human Resources, LLC
Pinnacle’s staff is comprised of certified Senior...
Social Media Security November, 2012
Changes in the Workplace
 Technology & Social
Media has Changed the
Way We Work
 Pr...
Social Media Security November, 2012
Management Concerns
 New Policies Need to be
Developed
 Multi-generational Issues
...
Social Media Security November, 2012
Company Facebook
– Car Dealership
• The salesman, the cashier
and a third party on
Fa...
Social Media Security November, 2012
The Importance of Employee
Communications
 The result of poor communications
– Archi...
Social Media Security November, 2012
Supporting Technology, Communications &
Social Media Policies
 Reading and Understan...
Social Media Security November, 2012
Effective Supervision
 Being a Good Example
 Communicating Policies
and Following P...
smAlbany 2013 people hacking with social media 07 13
smAlbany 2013 people hacking with social media 07 13
smAlbany 2013 people hacking with social media 07 13
smAlbany 2013 people hacking with social media 07 13
smAlbany 2013 people hacking with social media 07 13
smAlbany 2013 people hacking with social media 07 13
smAlbany 2013 people hacking with social media 07 13
smAlbany 2013 people hacking with social media 07 13
smAlbany 2013 people hacking with social media 07 13
smAlbany 2013 people hacking with social media 07 13
smAlbany 2013 people hacking with social media 07 13
smAlbany 2013 people hacking with social media 07 13
Upcoming SlideShare
Loading in...5
×

smAlbany 2013 people hacking with social media 07 13

114

Published on

smAlbany 2013 presentation http://ww.smAlbany.org

Published in: Business, Career
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
114
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

smAlbany 2013 people hacking with social media 07 13

  1. 1. People Hacking with Social Media Reg Harnish, CISSP, CISM, CISA Chief Security Strategist GreyCastle Security November 15, 2012
  2. 2. Copyright NBC All Rights Reserved
  3. 3. • Who am I? • Who is GreyCastle Security? • What are we doing here? Introduction
  4. 4. Social media security challenges
  5. 5. rharnish@greycastlesecurity.co m What’s in an e- mail address?
  6. 6. People are not awesome Copyright Universal Pictures All Rights Reserved
  7. 7. People who care: here they are
  8. 8. Compliance regulations
  9. 9. Social media horror stories
  10. 10. Social media security solutions
  11. 11. 1. Operationalize security
  12. 12. 2. Implement a policy
  13. 13. 3. Train relentlessly
  14. 14. 4. Test relentlessly
  15. 15. “Everybody has a plan until they get punched in the face.” – Mike Tyson 5. Plan for the worst
  16. 16. Final thought
  17. 17. 27
  18. 18. Social Media: Old Rules, New Game
  19. 19. About Dowling Law, PLLC • Dowling Law, a labor and employment boutique firm, provides strategic legal advice and representation to private-sector employers in Tech Valley and across New York State. • Joanmarie M. Dowling, Esq., is an attorney and founding member of Dowling Law. Joanmarie counsels and represents employers of all sizes, with a special focus on small to mid-size companies and not-for-profit employers. Joanmarie also currently serves as Vice President of the Capital Region Human Resource Association.
  20. 20. The Applicant You are about to hire a new salesperson. Before you make an offer, should you: conduct an internet search for the applicant’s name and background information? check the applicant’s Facebook, LinkedIn, and other accounts? request the applicant’s social media account user names and passwords?
  21. 21. The Salesperson One year later, your assistant informs you that your salesperson recently set up a website with your company’s name and logo prominently displayed. On that website, he has been complaining about your company and its commission plan - and insulting your management style as “boorish” and “incompetent.”
  22. 22. The Salesperson Strikes Again This same salesperson has been posting derogatory comments about your assistant on his Facebook page. She believes he is retaliating against her because she refused to go out with him.
  23. 23. On the Way Out the Door Before you even had an opportunity to speak with your salesperson, you receive a terse email from him, advising you that he is leaving your company effective immediately. You breathe a sigh of relief… but your relief is short-lived. The next day, you see that your former salesperson is soliciting your clients for a competitor, using LinkedIn contacts and Twitter followers you helped him develop while he was your employee. Are those contacts and followers property of your company? Would communication to these contacts violate your former salesperson’s noncompetition and nonsolicitation agreement?
  24. 24. 35
  25. 25. Social Media: Old Rules, New Game
  26. 26. About Dowling Law, PLLC  Dowling Law, a labor and employment boutique firm, provides strategic legal advice and representation to private-sector employers in Tech Valley and across New York State.  Joanmarie M. Dowling, Esq., is an attorney and founding member of Dowling Law. Joanmarie counsels and represents employers of all sizes, with a special focus on small to mid-size companies and not-for-profit employers. Joanmarie also currently serves as Vice President of the Capital Region Human Resource Association.
  27. 27. The Applicant You are about to hire a new salesperson. Before you make an offer, should you: conduct an internet search for the applicant’s name and background information? check the applicant’s Facebook, LinkedIn, and other accounts? request the applicant’s social media account user names and passwords?
  28. 28. The Salesperson One year later, your assistant informs you that your salesperson recently set up a website with your company’s name and logo prominently displayed. On that website, he has been complaining about your company and its commission plan - and insulting your management style as “boorish” and “incompetent.”
  29. 29. The Salesperson Strikes Again This same salesperson has been posting derogatory comments about your assistant on his Facebook page. She believes he is retaliating against her because she refused to go out with him.
  30. 30. On the Way Out the Door Before you even had an opportunity to speak with your salesperson, you receive a terse email from him, advising you that he is leaving your company effective immediately. You breathe a sigh of relief… but your relief is short-lived. The next day, you see that your former salesperson is soliciting your clients for a competitor, using LinkedIn contacts and Twitter followers you helped him develop while he was your employee. Are those contacts and followers property of your company? Would communication to these contacts violate your former salesperson’s noncompetition and nonsolicitation agreement?
  31. 31. Social Media Security November, 2012 Social Media Security and Human Resources Pinnacle Human Resources, LLC
  32. 32. Social Media Security November, 2012 About Pinnacle Human Resources, LLC Pinnacle’s staff is comprised of certified Senior Professionals in HR (SPHR) from the Certification Institute in Princeton, NJ and Masters in Education. Pinnacle employes over a dozen HR Professionals plus partners within a network of independent consultants to increase bandwidth. Rose Miller is the President of Pinnacle Human Resources with over 25 years experience in strategic human resources management. Rose recently was awarded HR Leader of the Year from the Albany Chapter of the Society of Human Resources Management (SHRM)! Rose Miller, SPHR/Owner rmiller@pinnaclehrllc.com 7 Century Hill Drive, Latham, NY 518-486-8151 www.pinnaclehrllc.com
  33. 33. Social Media Security November, 2012 Changes in the Workplace  Technology & Social Media has Changed the Way We Work  Pros and Cons
  34. 34. Social Media Security November, 2012 Management Concerns  New Policies Need to be Developed  Multi-generational Issues  Answers May Be Complicated or Not Yet Available
  35. 35. Social Media Security November, 2012 Company Facebook – Car Dealership • The salesman, the cashier and a third party on Facebook
  36. 36. Social Media Security November, 2012 The Importance of Employee Communications  The result of poor communications – Architect Firm • What happens when terminations are not explained properly – Engineering Firm • Misuse of Smartphone, skype, and email equal harassment
  37. 37. Social Media Security November, 2012 Supporting Technology, Communications & Social Media Policies  Reading and Understanding Policies  Communicating Expectations- No Privacy  Background Checks and Monitoring Social Sites  Reporting Claims and Supporting Claims  Developing Performance Measures  Recording Hours Worked  Checking for Abuse of Technology  Collection of Signed Acknowledgements
  38. 38. Social Media Security November, 2012 Effective Supervision  Being a Good Example  Communicating Policies and Following Procedures  Communicating Standards  Monitoring Performance  Training
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×