Social Media & Enterprise Security Presentation


Published on

Published in: Business, Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Social Media & Enterprise Security Presentation

  1. 1. SOCIAL MEDIA AND ENTERPRISESECURITY WHITEPAPERSarah SchleighPresentation and Paper can be viewed here:
  2. 2. SOCIAL MEDIA APPLICATIONS Researching job candidates Connecting with clients and consumers – sales Market research – polling and surveying customers to see what they want or need Networking – professionals at different firms can network with each other if they share common interests or job responsibilities and bounce ideas off each other Communication dissemination – notices of upcoming sales, or recent company accomplishments (such as being voted #1 in a customer service survey)
  3. 3. SOCIAL MEDIA THREATS Sites are frequently used by malicious individuals to spread malware and viruses Hackers use social media sites to gather personal information and attempt to guess passwords and login information (both personal and work-related) Data leakage – intentional or unintentional disclosure of confidential information on social media sites – can cause severe reputational damage and loss of customers Hard to monitor and control – unlike email
  4. 4. CURRENT STEPS BEING TAKEN TO MITIGATERISKS Daily updates to malware and virus detection software Some companies limit users ability to download plug-ins or applications from social media sites Some companies only allow certain users with a business need to access social media Some companies provide training – particularly in regards to confidential information The problem is many companies are not doing everything they could be doing to mitigate social media security risks
  5. 5. RECOMMENDATIONS Social Media Use Policy  This policy preferably would be separate from the normal internet use policy and/or code of conduct in order to emphasize its importance  Should spell out specific guidelines on what is acceptable or unacceptable to post, what kind of activity is acceptable, and what is expected of users  Should also specifically spell out the consequences if and when employees violate the Social Media Use Policy  This policy should be reviewed with new employees immediately following their hire date and existing employees should be required to review it at least annually
  6. 6. RECOMMENDATIONS (CONT’D) Limit access to social media sites at work to only those users who need access to it. Discourage employees from using accessing their personal social media accounts at work. Offer training regularly – this will provide employees the opportunity to ask questions about what is and is not acceptable and allow them to understand the risks of social media Establish appropriate communication channels – in between annual policy reviews and periodic training, employees may have questions and it is important that they know who to direct these questions to and that questions are welcome
  7. 7. RECOMMENDATIONS (CONT’D) Have a dedicated team handle the corporate social media accounts – if size allows. Recommended to not leave this up to one person as a team may catch more incidents of data that should not be disclosed. Randomly monitor the activity of users who have authorized access to social media at work Don’t forget about mobile devices! Firms should try to stick to one kind of smartphone and one kind of tablet to be issued by the company so that they do not have to support many different kinds
  8. 8. RECOMMENDATIONS (CONT’D) General IT security improvements – password management training, implement stricter password requirements, use security tokens, use content filtering technology and make sure that antivirus and antimalware software is updated as frequently as possible Less commonly used but still worth consideration is the use to two separate networks – one for employees’ personal activity and one for business so that if malware/virus threats are downloaded through social media they cannot impact the highly important business network