smAlbany 2013 people hacking with social media 07 13

227 views
177 views

Published on

smAlbany 2013 presentation http://ww.smAlbany.org

Published in: Business, Career
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
227
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
3
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

smAlbany 2013 people hacking with social media 07 13

  1. 1. People Hacking with Social Media Reg Harnish, CISSP, CISM, CISA Chief Security Strategist GreyCastle Security November 15, 2012
  2. 2. Copyright NBC All Rights Reserved
  3. 3. • Who am I? • Who is GreyCastle Security? • What are we doing here? Introduction
  4. 4. Social media security challenges
  5. 5. rharnish@greycastlesecurity.co m What’s in an e- mail address?
  6. 6. People are not awesome Copyright Universal Pictures All Rights Reserved
  7. 7. People who care: here they are
  8. 8. Compliance regulations
  9. 9. Social media horror stories
  10. 10. Social media security solutions
  11. 11. 1. Operationalize security
  12. 12. 2. Implement a policy
  13. 13. 3. Train relentlessly
  14. 14. 4. Test relentlessly
  15. 15. “Everybody has a plan until they get punched in the face.” – Mike Tyson 5. Plan for the worst
  16. 16. Final thought
  17. 17. 27
  18. 18. Social Media: Old Rules, New Game
  19. 19. About Dowling Law, PLLC • Dowling Law, a labor and employment boutique firm, provides strategic legal advice and representation to private-sector employers in Tech Valley and across New York State. • Joanmarie M. Dowling, Esq., is an attorney and founding member of Dowling Law. Joanmarie counsels and represents employers of all sizes, with a special focus on small to mid-size companies and not-for-profit employers. Joanmarie also currently serves as Vice President of the Capital Region Human Resource Association.
  20. 20. The Applicant You are about to hire a new salesperson. Before you make an offer, should you: conduct an internet search for the applicant’s name and background information? check the applicant’s Facebook, LinkedIn, and other accounts? request the applicant’s social media account user names and passwords?
  21. 21. The Salesperson One year later, your assistant informs you that your salesperson recently set up a website with your company’s name and logo prominently displayed. On that website, he has been complaining about your company and its commission plan - and insulting your management style as “boorish” and “incompetent.”
  22. 22. The Salesperson Strikes Again This same salesperson has been posting derogatory comments about your assistant on his Facebook page. She believes he is retaliating against her because she refused to go out with him.
  23. 23. On the Way Out the Door Before you even had an opportunity to speak with your salesperson, you receive a terse email from him, advising you that he is leaving your company effective immediately. You breathe a sigh of relief… but your relief is short-lived. The next day, you see that your former salesperson is soliciting your clients for a competitor, using LinkedIn contacts and Twitter followers you helped him develop while he was your employee. Are those contacts and followers property of your company? Would communication to these contacts violate your former salesperson’s noncompetition and nonsolicitation agreement?
  24. 24. 35
  25. 25. Social Media: Old Rules, New Game
  26. 26. About Dowling Law, PLLC  Dowling Law, a labor and employment boutique firm, provides strategic legal advice and representation to private-sector employers in Tech Valley and across New York State.  Joanmarie M. Dowling, Esq., is an attorney and founding member of Dowling Law. Joanmarie counsels and represents employers of all sizes, with a special focus on small to mid-size companies and not-for-profit employers. Joanmarie also currently serves as Vice President of the Capital Region Human Resource Association.
  27. 27. The Applicant You are about to hire a new salesperson. Before you make an offer, should you: conduct an internet search for the applicant’s name and background information? check the applicant’s Facebook, LinkedIn, and other accounts? request the applicant’s social media account user names and passwords?
  28. 28. The Salesperson One year later, your assistant informs you that your salesperson recently set up a website with your company’s name and logo prominently displayed. On that website, he has been complaining about your company and its commission plan - and insulting your management style as “boorish” and “incompetent.”
  29. 29. The Salesperson Strikes Again This same salesperson has been posting derogatory comments about your assistant on his Facebook page. She believes he is retaliating against her because she refused to go out with him.
  30. 30. On the Way Out the Door Before you even had an opportunity to speak with your salesperson, you receive a terse email from him, advising you that he is leaving your company effective immediately. You breathe a sigh of relief… but your relief is short-lived. The next day, you see that your former salesperson is soliciting your clients for a competitor, using LinkedIn contacts and Twitter followers you helped him develop while he was your employee. Are those contacts and followers property of your company? Would communication to these contacts violate your former salesperson’s noncompetition and nonsolicitation agreement?
  31. 31. Social Media Security November, 2012 Social Media Security and Human Resources Pinnacle Human Resources, LLC
  32. 32. Social Media Security November, 2012 About Pinnacle Human Resources, LLC Pinnacle’s staff is comprised of certified Senior Professionals in HR (SPHR) from the Certification Institute in Princeton, NJ and Masters in Education. Pinnacle employes over a dozen HR Professionals plus partners within a network of independent consultants to increase bandwidth. Rose Miller is the President of Pinnacle Human Resources with over 25 years experience in strategic human resources management. Rose recently was awarded HR Leader of the Year from the Albany Chapter of the Society of Human Resources Management (SHRM)! Rose Miller, SPHR/Owner rmiller@pinnaclehrllc.com 7 Century Hill Drive, Latham, NY 518-486-8151 www.pinnaclehrllc.com
  33. 33. Social Media Security November, 2012 Changes in the Workplace  Technology & Social Media has Changed the Way We Work  Pros and Cons
  34. 34. Social Media Security November, 2012 Management Concerns  New Policies Need to be Developed  Multi-generational Issues  Answers May Be Complicated or Not Yet Available
  35. 35. Social Media Security November, 2012 Company Facebook – Car Dealership • The salesman, the cashier and a third party on Facebook
  36. 36. Social Media Security November, 2012 The Importance of Employee Communications  The result of poor communications – Architect Firm • What happens when terminations are not explained properly – Engineering Firm • Misuse of Smartphone, skype, and email equal harassment
  37. 37. Social Media Security November, 2012 Supporting Technology, Communications & Social Media Policies  Reading and Understanding Policies  Communicating Expectations- No Privacy  Background Checks and Monitoring Social Sites  Reporting Claims and Supporting Claims  Developing Performance Measures  Recording Hours Worked  Checking for Abuse of Technology  Collection of Signed Acknowledgements
  38. 38. Social Media Security November, 2012 Effective Supervision  Being a Good Example  Communicating Policies and Following Procedures  Communicating Standards  Monitoring Performance  Training

×