Your SlideShare is downloading. ×
0
The Risky Business of Social Media Tom Snyder Trivera Interactive Contents Copyright © 2011 Trivera Interactive and ISACA
<ul><li>Trivera Interactive </li></ul><ul><ul><li>Web site development, Email  Marketing, SEO and Social Media  </li></ul>...
I’m the guy who convinces your marketing people to do all the Social Media stuff that turns the IT, IS, Security, Legal an...
<ul><li>Top 100 most valuable brands in the world are experiencing a direct correlation between  top financial performance...
95%  of social media users now use it for  business reasons 61%  use public social media sites like LinkedIn, Twitter, Fac...
 
76%  of companies now use Social Media  for business purposes 43%  have experienced  employee misuse 31%  have  discipline...
The Old Paradigm
The New Paradigm
<ul><li>Internal/Infrastructure </li></ul><ul><li>Viruses/malware </li></ul><ul><li>Non-compliance with record management ...
<ul><ul><li>Malicious profile generation  – Fake profiles: celebrities, coworkers, ads used in a number of different scams...
<ul><li>External/Customer Facing </li></ul><ul><li>Lack of control over publicly-generated content </li></ul><ul><li>Lack ...
Tactics  without  strategy  is the  noise before defeat Strategy  without  tactics is the  slowest route to victory -Sun T...
<ul><li>Social Media Strategy </li></ul><ul><li>Set your Goals </li></ul><ul><li>Identify your Target </li></ul><ul><li>Ch...
<ul><li>Social Media Policy </li></ul><ul><li>“ Official” Voices </li></ul><ul><li>Associated Voices </li></ul><ul><li>Eve...
Mitigating Risk Threats and Vulnerabilities Risks Risk Mitigation Techniques Introduction of viruses and malware to the or...
Mitigating Risk Threats and Vulnerabilities Risks Risk Mitigation Techniques Unclear or undefined content rights to inform...
Mitigating Risk Threats and Vulnerabilities Risks Risk Mitigation Techniques Use of personal accounts to communicate work-...
Social Media Audit/Assurance <ul><li>ISACA's Social Media Audit Assurance Program  released February 2011 and is available...
Resources and References <ul><li>5 low-risk, high-reward experiments that could turn IT people into heroes </li></ul><ul><...
 
Tom Snyder [email_address]   http://www.triveraguy.com Trivera Interactive http://www.trivera.com   ISACA http:// www.isac...
Upcoming SlideShare
Loading in...5
×

Risky business of social media

839

Published on

Published in: Business, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
839
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
20
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Risky business of social media"

  1. 1. The Risky Business of Social Media Tom Snyder Trivera Interactive Contents Copyright © 2011 Trivera Interactive and ISACA
  2. 2. <ul><li>Trivera Interactive </li></ul><ul><ul><li>Web site development, Email Marketing, SEO and Social Media </li></ul></ul><ul><ul><li>Social Media Strategies and Policies. </li></ul></ul><ul><li>Tom Snyder </li></ul><ul><ul><li>Founded Trivera in 1996 </li></ul></ul><ul><ul><li>Working with businesses and organizations to find the acceptable level of balance between visionary possibilities and technological and organizational realities. </li></ul></ul>
  3. 3. I’m the guy who convinces your marketing people to do all the Social Media stuff that turns the IT, IS, Security, Legal and HR people into this:
  4. 4. <ul><li>Top 100 most valuable brands in the world are experiencing a direct correlation between top financial performance and deep social media engagement </li></ul><ul><li>~ ENGAGEMENTdb, The World’s Most Valuable Brands </li></ul><ul><li>Fortune Global 100 companies </li></ul><ul><li>65% have active Twitter accounts </li></ul><ul><li>54% have Facebook fan pages </li></ul><ul><li>50% have YouTube video channels </li></ul><ul><li>33% have corporate blogs </li></ul><ul><li>~ Burson-Marsteller, The Global Social Media Check-up Insights </li></ul>Social Media Usage
  5. 5. 95% of social media users now use it for business reasons 61% use public social media sites like LinkedIn, Twitter, Facebook, and YouTube every day (up from 51% in 2008). 15% use these sites &quot;constantly throughout the day. 56% work for companies that have no policies that cover use at work and outside work Social Media Usage
  6. 7. 76% of companies now use Social Media for business purposes 43% have experienced employee misuse 31% have disciplined employees for misuse 29% block employee access 27% monitor employee use 25% ban use for non-business purposes Social Media Usage
  7. 8. The Old Paradigm
  8. 9. The New Paradigm
  9. 10. <ul><li>Internal/Infrastructure </li></ul><ul><li>Viruses/malware </li></ul><ul><li>Non-compliance with record management regulations (PCI-DSS, HIPAA) </li></ul><ul><li>Employee Inefficiency </li></ul><ul><li>Employee Headhunting </li></ul>Risks for Business
  10. 11. <ul><ul><li>Malicious profile generation – Fake profiles: celebrities, coworkers, ads used in a number of different scams, monitoring users, revenge, business </li></ul></ul><ul><ul><li>Exploitation of “Social Human Touch” – Presumption of Trust between engaged profiles; entry point for malware infection </li></ul></ul><ul><ul><li>Worm Generation – Chain Infection and Reaction – 2 step infection mapped as 1:many that enable Bot Nets </li></ul></ul><ul><ul><li>Drive-by-Download Attacks – Using built-in browser functionality, users machine is exploited and malware is downloaded into the victim’s machine; pervasive and often go undetected by antivirus software </li></ul></ul><ul><ul><li>Exploitation of Custom Code and Social Networking APIs - Generic design of an application development model looks authentic </li></ul></ul><ul><ul><li>Exploitation of URL Shorteners and Hidden Links - malicious links hidden in compressed URLS </li></ul></ul>Risks for Business
  11. 12. <ul><li>External/Customer Facing </li></ul><ul><li>Lack of control over publicly-generated content </li></ul><ul><li>Lack of control over internally-generated content </li></ul><ul><li>Customer expectations </li></ul><ul><li>Brand hijacking </li></ul>Risks for Business
  12. 13. Tactics without strategy is the noise before defeat Strategy without tactics is the slowest route to victory -Sun Tzu Addressing Risk
  13. 14. <ul><li>Social Media Strategy </li></ul><ul><li>Set your Goals </li></ul><ul><li>Identify your Target </li></ul><ul><li>Choose your Tools </li></ul><ul><li>Craft your Voice </li></ul><ul><li>Define your Roles </li></ul><ul><li>Commit to Consistency </li></ul><ul><li>Measure and Improve </li></ul>Addressing Risk
  14. 15. <ul><li>Social Media Policy </li></ul><ul><li>“ Official” Voices </li></ul><ul><li>Associated Voices </li></ul><ul><li>Everyone Else </li></ul><ul><li>Work and Non-Work Usage </li></ul><ul><li>Process </li></ul><ul><li>Technology </li></ul>Addressing Risk
  15. 16. Mitigating Risk Threats and Vulnerabilities Risks Risk Mitigation Techniques Introduction of viruses and malware to the organizational network <ul><li>Data leakage/theft </li></ul><ul><li>“ Owned” systems (zombies) </li></ul><ul><li>System downtime </li></ul><ul><li>Resources required to clean systems </li></ul><ul><li>Ensure that antivirus and antimalware controls are installed on all systems and updated daily. </li></ul><ul><li>Consider use of content filtering technology to restrict or limit access to social media sites. </li></ul><ul><li>Ensure that appropriate controls are also installed on mobile devices such as smartphones. </li></ul><ul><li>Establish or update policies and standards. </li></ul><ul><li>Develop and conduct awareness training and campaigns to inform employees of the risks involved with using social media sites. </li></ul>Exposure to customers and the enterprise through a fraudulent or hijacked corporate presence <ul><li>Customer backlash and/or adverse legal actions </li></ul><ul><li>Exposure of customer information </li></ul><ul><li>Reputational damage </li></ul><ul><li>Targeted phishing attacks on customers or employees </li></ul><ul><li>Engage a brand protection firm that can scan the Internet and search out misuse of the enterprise brand. </li></ul><ul><li>Give periodic informational updates to customers to maintain awareness of potential fraud and to establish clear guidelines regarding what information should be posted as part of the enterprise social media presence. </li></ul>
  16. 17. Mitigating Risk Threats and Vulnerabilities Risks Risk Mitigation Techniques Unclear or undefined content rights to information posted to social media sites <ul><li>Enterprise’s loss of control/ and/or legal rights of information posted to the social media sites </li></ul><ul><li>Ensure that legal and communications teams carefully review user agreements for social media sites that are being considered. </li></ul><ul><li>Establish clear policies that dictate to employees and customers what information should be posted as part of the enterprise social media presence. </li></ul><ul><li>Ensure capture and log all communications. </li></ul>A move to a digital business model may increase customer service expectations <ul><li>Customer dissatisfaction with the response received, leading to potential reputation damage for the enterprise and customer retention </li></ul><ul><li>Ensure that staffing is adequate to handle the amount of traffic that could be created from a social media presence. </li></ul><ul><li>Create notices that provide clear windows for customer response </li></ul>Mismanagement of electronic communications that may be impacted by retention regulations or e-discovery <ul><li>Regulatory sanctions and fines </li></ul><ul><li>Adverse legal actions </li></ul><ul><li>Establish appropriate policies, processes and technologies to ensure that communications via social media that may be impacted by litigation or regulations are tracked and archived appropriately. </li></ul><ul><li>Depending on the social media site, maintaining an archive may not be a recommended approach. </li></ul>
  17. 18. Mitigating Risk Threats and Vulnerabilities Risks Risk Mitigation Techniques Use of personal accounts to communicate work-related information <ul><li>Privacy violations </li></ul><ul><li>Reputational damage </li></ul><ul><li>Loss of competitive advantage </li></ul><ul><li>Work with the human resources (HR) department to establish new policies or ensure that existing policies address employee posting of work-related information. </li></ul><ul><li>Develop awareness training and campaigns that reinforce these policies. </li></ul>Employee posts that link them to the enterprise <ul><li>Brand damage </li></ul><ul><li>Reputational damage </li></ul><ul><li>Develop a policy that specifies how employees may use enterprise related images, assets, and intellectual property (IP) in their online presence. </li></ul>Excessive employee use of social media in the workplace <ul><li>Network utilization issues </li></ul><ul><li>Productivity loss </li></ul><ul><li>Increased risk of exposure to viruses and malware </li></ul><ul><li>Manage accessibility to social media sites through content filtering or by limiting network throughput to social media sites. </li></ul>Employee access to social media via enterprise-supplied mobile devices. <ul><li>Infection of mobile devices </li></ul><ul><li>Data theft via mobile devices </li></ul><ul><li>Circumvention of controls </li></ul><ul><li>Data leakage </li></ul><ul><li>Route enterprise smartphones through corporate network filtering technology to restrict/limit access </li></ul><ul><li>Ensure controls installed/updated on mobile devices </li></ul><ul><li>Establish/update policies and standards regarding the use of smartphones to access social media. </li></ul><ul><li>Social media awareness training and campaigns </li></ul>
  18. 19. Social Media Audit/Assurance <ul><li>ISACA's Social Media Audit Assurance Program released February 2011 and is available to members only </li></ul><ul><li>Objective </li></ul><ul><li>The objective of the social media audit/assurance review is to provide management with an independent assessment relating to the effectiveness of controls over the enterprise’s social media policies and processes. </li></ul><ul><li>Scope </li></ul><ul><li>The review will focus on governance, policies, procedures, training and awareness functions related to social media. Specifically, it will address: </li></ul><ul><ul><ul><ul><li>Strategy and governance—policies and frameworks </li></ul></ul></ul></ul><ul><ul><ul><ul><li>People—training and awareness </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Processes </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Technology </li></ul></ul></ul></ul>
  19. 20. Resources and References <ul><li>5 low-risk, high-reward experiments that could turn IT people into heroes </li></ul><ul><li>FaceTime Survey Reveals 38% of IT Managers Ignoring Web 2.0 Risks </li></ul><ul><li>IT departments in dark over social media use </li></ul><ul><li>Social Media in Healthcare Marketing: Making the Case </li></ul><ul><li>Data breaches and the erosion of consumer trust in brands </li></ul><ul><li>Top Five Social Media Risks for Business: New ISACA White Paper   </li></ul><ul><li>Social Media: Business Benefits and Security, Governance and Assurance Perspectives </li></ul><ul><li>Chain Exploitation - Social Media Malware </li></ul><ul><li>ISACA's Social Media Audit Assurance Program released February 2011 and is available to members only </li></ul>
  20. 22. Tom Snyder [email_address] http://www.triveraguy.com Trivera Interactive http://www.trivera.com ISACA http:// www.isaca.org/socialmedia Contents Copyright © 2011 Trivera Interactive and ISACA
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×