SlideShare a Scribd company logo

Social media risks - data leakage and data accountability

Arrka Consulting
Arrka Consulting

Social Media Risks go beyond data leakage & brand reputation risks - to those seriously impacting data privacy. This ppt was made at a conference of the Institute of Internal Auditors, Mumbai, India

Internet
1 of 29
Download to read offline
SOCIAL MEDIA: WHY SHOULD IT BE ON YOUR AUDIT PLAN? Shivangi Nadkarni, CISA, CIPT, DCPP Co-Founder & CEO – Arrka Consulting
The Social Media Ecosystem 15-Feb-17Arrka Consulting - Confidential 2 This is a placeholder text. It can be replaced by your own one. Communication Apps: Gmail, Skype, Whatsapp... Organizational sites, apps, games, pages Games, Interactive Media Popular Apps: Facebook, Linked In, Twitter...
The Risks: Category #1 15-Feb-17 3 Arrka Consulting - Confidential
How things can go wrong… 15-Feb-17Arrka Consulting - Confidential 4 Twitter:  Who: Their own CFO – Anthony Noto  What: Accidently tweeted instead of sending a private message  What was it about: An M&A plan  "I still think we should buy them. He is on your schedule for Dec 15 or 16 -- we will need to sell him. i have a plan.“
How things can go wrong… 15-Feb-17Arrka Consulting - Confidential 5 Across Social Media:  Who: UK Armed Forces  What: Disclosed details of Britain’s submarines, posted videos of people & equipment in Afghanistan & Libya, details of sensitive visits, etc
How things can go wrong 15-Feb-17Arrka Consulting - Confidential 6  …Am sure each of you has a story to tell from your own organization…
Data Leakage on Social Media – How? 15-Feb-17Arrka Consulting - Confidential 7 Leakage The DELIBERATE The VICTIM The ‘OOPS’! Data leaked by mistake • Very Common • Eg: putting great details in Linked In profiles, uploading sensitive documents on public cloud, posting internal plans on Facebook, etc The Malicious Insider Victimised by Cybercrime • 40 percent of social media users have fallen victim to cybercrime • One in six users believe their accounts have been compromised* * Norton Study
At the Organizational Level 15-Feb-17Arrka Consulting - Confidential 8  Impersonation/ spoofing of organization’s properties  Fake pages, handles etc  Fake domains  Fake apps
The Risks: Category #2 15-Feb-17 9 Arrka Consulting - Confidential
When you are Online – what happens in the background? 15-Feb-17Arrka Consulting - Confidential 10 Types of data collected: - Device id, location data, browser history, your OS, - Anything else you may have given ‘permission’ to access – eg, contact info, etc Your Profile & Identity is built
What happens to this data? 15-Feb-17Arrka Consulting - Confidential 11 ANALYTICS is done on this SOLD to data networks/ ad networks/ other agencies -Who use it to sell products & services to you Used to SYNC UP with other channels to do omni-channel reach Fed into ALGORITHMS and used to make automated decisions about you
In Short, When You Are Online….
What happens when you use a mobile app? 15-Feb-17Arrka Consulting - Confidential 13 You give ‘Permissions’
What happens when you use… 15-Feb-17Arrka Consulting - Confidential 14 APP or Website Gets access to your account
So How and Why is all this relevant to an organization? 15-Feb-17 15 Arrka Consulting - Confidential
15-Feb-17Arrka Consulting - Confidential 16  Your organization is engaging in all these digital interactions  Online  Mobile apps  Applications like FB/ Instagram/ Linked in/ etc
Data: Today’s Reality 15-Feb-17Arrka Consulting - Confidential 17 Explosion of Data • Tracking • Online Behavioural Advertising (OBA) • Ad / Data Networks Individuals as Data Generators Social, Mobile, Analytics, Cloud, IOT… Personal Data is the New Currency
Types of Personal Data 15-Feb-17Arrka Consulting - Confidential 18 PERSONAL DATA Knowingly provided by a user Unknowingly provided by a user Observed Data Derived or Inferred Data Harvested From 3P sources Eg: Filling in account details Eg: Device identifiers, Location Data, etc Eg: Data generated from analysis and/or deploying algorithms. Like online behaviour profiles
What does the law say? 15-Feb-17Arrka Consulting - Confidential 19  Data Protection & Privacy laws in most countries:  Define personal data to include all device data, meta data, location data, etc  Anything from a device that can be used to identify an individual  The laws have some strict curbs on how this data should be treated and used  With some stiff penalties and liabilities  Eg:  EU GDPR: upto 2% to 4% of global turnover  Most countries have criminal liabilities
So Who Owns What Data? 15-Feb-17Arrka Consulting - Confidential 20 Dedicated 3rd Parties 3P’s using their own platforms/ products Personal Data Personal Data 3P’s own usage 4th Parties Where Does Accountability lie? Who takes on the liabilities? Who carries the reputation risk?
What can go wrong?: InMobi 15-Feb-17Arrka Consulting - Confidential 21  One of the world’s largest Mobile Ad Network  Tracked a customer’s location using surrounding wi-fi networks  EVEN when the customer had turned off location services on her mobile  Hauled up and fined by the US FTC  InMobi: Basically from India!
What can go wrong: Silverpush 15-Feb-17Arrka Consulting - Confidential 22  A technology that tracks ‘audio beacons’ from Televisions  Captured on a mobile device  Sent to a central server  Profiles what exactly you have watched on tv  Feeds to ad networks to deliver ads  Not even a standalone app  Embedded in other mobile apps  Hauled up by US FTC
Think of this scenario 15-Feb-17Arrka Consulting - Confidential 23  Your organization ties up with a third party to co-brand a mobile app  Hosts it on the third party’s platform  Third party uses the data from the customer to do analytics and sell to an ad network  Meanwhile, your orgn has promised the customer that you wont sell her personal data to anyone  What happens in this scenario? Who is accountable?
To Summarise 15-Feb-17Arrka Consulting - Confidential 24 Data Leakage related risks Data Accountability related risks Risks from the Social Media Ecosystem
What can you do to address this? 15-Feb-17 25 Arrka Consulting - Confidential
What can you do to address this 15-Feb-17Arrka Consulting - Confidential 26  Create Awareness  That these risks exist  They are real  They are an integral part of business – not a ‘tech-only’ problem  They have to be urgently addressed  Assess  What is your organization’s risk exposure vis-à-vis the social media ecosystem  Assess the gaps
What can you do to address this 15-Feb-17Arrka Consulting - Confidential 27  Review existing programs/ initiatives that address these risks  Likely that existing risk management initiatives may be addressing some parts of these risks  Initiate new programs/ initiatives to take care of unaddressed gaps  Do this on a continual basis  Pace of change is explosive  Risk profiles keep changing  Global developments affect local ecosystems- although you may not be dealing with outside markets
15-Feb-17Arrka Consulting - Confidential 28  It is an exciting world out there….full of opportunities….just make sure you have your risks covered as you make the most of the opportunities
Shivangi Nadkarni, CISA, DCPP, CIPT Co-Founder & CEO – Arrka Consulting shivangi.nadkarni@arrka.com www.arrka.com @shivanginadkarn Questions? 15-Feb-17 29 Arrka Consulting - Confidential

Recommended

AML and Compliance Analytics
AML and Compliance Analytics AML and Compliance Analytics
AML and Compliance Analytics Naveen Grover
 
Risk Analysis using open FAIR and Adoption of right Security Controls
Risk Analysis using open FAIR and Adoption of right Security ControlsRisk Analysis using open FAIR and Adoption of right Security Controls
Risk Analysis using open FAIR and Adoption of right Security ControlsPriyanka Aash
 
Risk Management - Business Continuity Planning and Management
Risk Management - Business Continuity Planning and ManagementRisk Management - Business Continuity Planning and Management
Risk Management - Business Continuity Planning and ManagementCody Shive
 
Case Study: The Role of Human Error in Information Security
Case Study: The Role of Human Error in Information SecurityCase Study: The Role of Human Error in Information Security
Case Study: The Role of Human Error in Information SecurityPECB
 
Are you Cyber ready? Introducing Netpluz managed cyber security - cyber intel...
Are you Cyber ready? Introducing Netpluz managed cyber security - cyber intel...Are you Cyber ready? Introducing Netpluz managed cyber security - cyber intel...
Are you Cyber ready? Introducing Netpluz managed cyber security - cyber intel...Netpluz Asia Pte Ltd
 
Cyber Security Threats in the Financial Sector
Cyber Security Threats in the Financial SectorCyber Security Threats in the Financial Sector
Cyber Security Threats in the Financial SectorFarook Al-Jibouri
 
Employee Security Awareness Training
Employee Security Awareness TrainingEmployee Security Awareness Training
Employee Security Awareness TrainingDenis kisina
 
Fraud & Risk Management - A Guide to Good Practice
Fraud & Risk Management - A Guide to Good PracticeFraud & Risk Management - A Guide to Good Practice
Fraud & Risk Management - A Guide to Good PracticeArianto Muditomo
 

Recommended

AML and Compliance Analytics
AML and Compliance Analytics AML and Compliance Analytics
AML and Compliance Analytics Naveen Grover
 
Risk Analysis using open FAIR and Adoption of right Security Controls
Risk Analysis using open FAIR and Adoption of right Security ControlsRisk Analysis using open FAIR and Adoption of right Security Controls
Risk Analysis using open FAIR and Adoption of right Security ControlsPriyanka Aash
 
Risk Management - Business Continuity Planning and Management
Risk Management - Business Continuity Planning and ManagementRisk Management - Business Continuity Planning and Management
Risk Management - Business Continuity Planning and ManagementCody Shive
 
Case Study: The Role of Human Error in Information Security
Case Study: The Role of Human Error in Information SecurityCase Study: The Role of Human Error in Information Security
Case Study: The Role of Human Error in Information SecurityPECB
 
Are you Cyber ready? Introducing Netpluz managed cyber security - cyber intel...
Are you Cyber ready? Introducing Netpluz managed cyber security - cyber intel...Are you Cyber ready? Introducing Netpluz managed cyber security - cyber intel...
Are you Cyber ready? Introducing Netpluz managed cyber security - cyber intel...Netpluz Asia Pte Ltd
 
Cyber Security Threats in the Financial Sector
Cyber Security Threats in the Financial SectorCyber Security Threats in the Financial Sector
Cyber Security Threats in the Financial SectorFarook Al-Jibouri
 
Employee Security Awareness Training
Employee Security Awareness TrainingEmployee Security Awareness Training
Employee Security Awareness TrainingDenis kisina
 
Fraud & Risk Management - A Guide to Good Practice
Fraud & Risk Management - A Guide to Good PracticeFraud & Risk Management - A Guide to Good Practice
Fraud & Risk Management - A Guide to Good PracticeArianto Muditomo
 
Enterprise Risk Management.pdf
Enterprise Risk Management.pdfEnterprise Risk Management.pdf
Enterprise Risk Management.pdfSelf Employed
 
Fraud risk management
Fraud risk managementFraud risk management
Fraud risk managementEMAC Consulting Group
 
Cybersecurity - Webinar Session
Cybersecurity - Webinar SessionCybersecurity - Webinar Session
Cybersecurity - Webinar SessionKalilur Rahman
 
Fraud Risk and Control
Fraud Risk and ControlFraud Risk and Control
Fraud Risk and ControlWeaverCPAs
 
10 Steps to Building an Effective Vulnerability Management Program
10 Steps to Building an Effective Vulnerability Management Program10 Steps to Building an Effective Vulnerability Management Program
10 Steps to Building an Effective Vulnerability Management ProgramBeyondTrust
 
Third-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a StrategyThird-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a StrategyNICSA
 
Managing privileged account security
Managing privileged account securityManaging privileged account security
Managing privileged account securityRaleigh ISSA
 
Role of a Chief Risk Officer
Role of a Chief Risk OfficerRole of a Chief Risk Officer
Role of a Chief Risk OfficerMichel Rochette
 
Third Party Risk Management
Third Party Risk ManagementThird Party Risk Management
Third Party Risk ManagementEC-Council
 
BUSINESS CONTINUITY PLANNING
BUSINESS CONTINUITY PLANNINGBUSINESS CONTINUITY PLANNING
BUSINESS CONTINUITY PLANNINGHealth Informatics New Zealand
 
Third Party Vendor Risk Managment
Third Party Vendor Risk ManagmentThird Party Vendor Risk Managment
Third Party Vendor Risk ManagmentPivotPointSecurity
 
Cyber Security Case Studies
Cyber Security Case Studies Cyber Security Case Studies
Cyber Security Case Studies Moksha Kalyan Ram Abhiramula
 
Conduct Risk. Assessing risk and identifying cultural drivers for clear defin...
Conduct Risk. Assessing risk and identifying cultural drivers for clear defin...Conduct Risk. Assessing risk and identifying cultural drivers for clear defin...
Conduct Risk. Assessing risk and identifying cultural drivers for clear defin...Compliance Consultant
 
Governance, Risk & Compliance Management Solution
Governance, Risk & Compliance Management SolutionGovernance, Risk & Compliance Management Solution
Governance, Risk & Compliance Management SolutionRishabh Software
 
What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance BOC Group
 
Information Security Assessment Offering
Information Security Assessment OfferingInformation Security Assessment Offering
Information Security Assessment Offeringeeaches
 
Cryptika cybersecurity - company profile
Cryptika cybersecurity - company profileCryptika cybersecurity - company profile
Cryptika cybersecurity - company profileSafwan Talab
 
Grc governance, risk management & compliance
Grc governance, risk management & complianceGrc governance, risk management & compliance
Grc governance, risk management & complianceHR Globe Consulting
 
Third-Party Oversight & Governance
Third-Party Oversight & GovernanceThird-Party Oversight & Governance
Third-Party Oversight & GovernanceEDR
 
Cyber security for business
Cyber security for businessCyber security for business
Cyber security for businessDaniel Thomas
 
Blog y página web
Blog y página webBlog y página web
Blog y página webMaría Camila Castellanos Mora
 
8 березня
8 березня8 березня
8 березняHelen Ilchuk
 

More Related Content

What's hot

Enterprise Risk Management.pdf
Enterprise Risk Management.pdfEnterprise Risk Management.pdf
Enterprise Risk Management.pdfSelf Employed
 
Cybersecurity - Webinar Session
Cybersecurity - Webinar SessionCybersecurity - Webinar Session
Cybersecurity - Webinar SessionKalilur Rahman
 
Fraud Risk and Control
Fraud Risk and ControlFraud Risk and Control
Fraud Risk and ControlWeaverCPAs
 
10 Steps to Building an Effective Vulnerability Management Program
10 Steps to Building an Effective Vulnerability Management Program10 Steps to Building an Effective Vulnerability Management Program
10 Steps to Building an Effective Vulnerability Management ProgramBeyondTrust
 
Third-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a StrategyThird-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a StrategyNICSA
 
Managing privileged account security
Managing privileged account securityManaging privileged account security
Managing privileged account securityRaleigh ISSA
 
Role of a Chief Risk Officer
Role of a Chief Risk OfficerRole of a Chief Risk Officer
Role of a Chief Risk OfficerMichel Rochette
 
Third Party Risk Management
Third Party Risk ManagementThird Party Risk Management
Third Party Risk ManagementEC-Council
 
Third Party Vendor Risk Managment
Third Party Vendor Risk ManagmentThird Party Vendor Risk Managment
Third Party Vendor Risk ManagmentPivotPointSecurity
 
Conduct Risk. Assessing risk and identifying cultural drivers for clear defin...
Conduct Risk. Assessing risk and identifying cultural drivers for clear defin...Conduct Risk. Assessing risk and identifying cultural drivers for clear defin...
Conduct Risk. Assessing risk and identifying cultural drivers for clear defin...Compliance Consultant
 
Governance, Risk & Compliance Management Solution
Governance, Risk & Compliance Management SolutionGovernance, Risk & Compliance Management Solution
Governance, Risk & Compliance Management SolutionRishabh Software
 
What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance BOC Group
 
Information Security Assessment Offering
Information Security Assessment OfferingInformation Security Assessment Offering
Information Security Assessment Offeringeeaches
 
Cryptika cybersecurity - company profile
Cryptika cybersecurity - company profileCryptika cybersecurity - company profile
Cryptika cybersecurity - company profileSafwan Talab
 
Grc governance, risk management & compliance
Grc governance, risk management & complianceGrc governance, risk management & compliance
Grc governance, risk management & complianceHR Globe Consulting
 
Third-Party Oversight & Governance
Third-Party Oversight & GovernanceThird-Party Oversight & Governance
Third-Party Oversight & GovernanceEDR
 
Cyber security for business
Cyber security for businessCyber security for business
Cyber security for businessDaniel Thomas
 

What's hot (20)

Enterprise Risk Management.pdf
Enterprise Risk Management.pdfEnterprise Risk Management.pdf
Enterprise Risk Management.pdf
 
Fraud risk management
Fraud risk managementFraud risk management
Fraud risk management
 
Cybersecurity - Webinar Session
Cybersecurity - Webinar SessionCybersecurity - Webinar Session
Cybersecurity - Webinar Session
 
Fraud Risk and Control
Fraud Risk and ControlFraud Risk and Control
Fraud Risk and Control
 
10 Steps to Building an Effective Vulnerability Management Program
10 Steps to Building an Effective Vulnerability Management Program10 Steps to Building an Effective Vulnerability Management Program
10 Steps to Building an Effective Vulnerability Management Program
 
Third-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a StrategyThird-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a Strategy
 
Managing privileged account security
Managing privileged account securityManaging privileged account security
Managing privileged account security
 
Role of a Chief Risk Officer
Role of a Chief Risk OfficerRole of a Chief Risk Officer
Role of a Chief Risk Officer
 
Third Party Risk Management
Third Party Risk ManagementThird Party Risk Management
Third Party Risk Management
 
BUSINESS CONTINUITY PLANNING
BUSINESS CONTINUITY PLANNINGBUSINESS CONTINUITY PLANNING
BUSINESS CONTINUITY PLANNING
 
Third Party Vendor Risk Managment
Third Party Vendor Risk ManagmentThird Party Vendor Risk Managment
Third Party Vendor Risk Managment
 
Cyber Security Case Studies
Cyber Security Case Studies Cyber Security Case Studies
Cyber Security Case Studies
 
Conduct Risk. Assessing risk and identifying cultural drivers for clear defin...
Conduct Risk. Assessing risk and identifying cultural drivers for clear defin...Conduct Risk. Assessing risk and identifying cultural drivers for clear defin...
Conduct Risk. Assessing risk and identifying cultural drivers for clear defin...
 
Governance, Risk & Compliance Management Solution
Governance, Risk & Compliance Management SolutionGovernance, Risk & Compliance Management Solution
Governance, Risk & Compliance Management Solution
 
What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance
 
Information Security Assessment Offering
Information Security Assessment OfferingInformation Security Assessment Offering
Information Security Assessment Offering
 
Cryptika cybersecurity - company profile
Cryptika cybersecurity - company profileCryptika cybersecurity - company profile
Cryptika cybersecurity - company profile
 
Grc governance, risk management & compliance
Grc governance, risk management & complianceGrc governance, risk management & compliance
Grc governance, risk management & compliance
 
Third-Party Oversight & Governance
Third-Party Oversight & GovernanceThird-Party Oversight & Governance
Third-Party Oversight & Governance
 
Cyber security for business
Cyber security for businessCyber security for business
Cyber security for business
 

Viewers also liked

Consulta sobre las unidades de almacenamiento
Consulta sobre las unidades de almacenamiento Consulta sobre las unidades de almacenamiento
Consulta sobre las unidades de almacenamiento josefrancisc84
 
Autonomia 5 - nicolaides - autonomia na ensinagem de línguas
Autonomia 5 - nicolaides - autonomia na ensinagem de línguasAutonomia 5 - nicolaides - autonomia na ensinagem de línguas
Autonomia 5 - nicolaides - autonomia na ensinagem de línguasEliana Barbosa dos Santos
 
Ransomware: una guía de aproximación para el empresario
Ransomware: una guía de aproximación para el empresarioRansomware: una guía de aproximación para el empresario
Ransomware: una guía de aproximación para el empresarioAlfredo Vela Zancada
 
4 สูตรหมักผมธรรมชาติ
4 สูตรหมักผมธรรมชาติ 4 สูตรหมักผมธรรมชาติ
4 สูตรหมักผมธรรมชาติ Suchart Sriwichai
 

Viewers also liked (11)

Blog y página web
Blog y página webBlog y página web
Blog y página web
 
8 березня
8 березня8 березня
8 березня
 
guia
guiaguia
guia
 
blogger
bloggerblogger
blogger
 
CAIM
CAIMCAIM
CAIM
 
Consulta sobre las unidades de almacenamiento
Consulta sobre las unidades de almacenamiento Consulta sobre las unidades de almacenamiento
Consulta sobre las unidades de almacenamiento
 
Castelo Alimentos
Castelo AlimentosCastelo Alimentos
Castelo Alimentos
 
Autonomia 5 - nicolaides - autonomia na ensinagem de línguas
Autonomia 5 - nicolaides - autonomia na ensinagem de línguasAutonomia 5 - nicolaides - autonomia na ensinagem de línguas
Autonomia 5 - nicolaides - autonomia na ensinagem de línguas
 
Demonitization v2
Demonitization v2Demonitization v2
Demonitization v2
 
Ransomware: una guía de aproximación para el empresario
Ransomware: una guía de aproximación para el empresarioRansomware: una guía de aproximación para el empresario
Ransomware: una guía de aproximación para el empresario
 
4 สูตรหมักผมธรรมชาติ
4 สูตรหมักผมธรรมชาติ 4 สูตรหมักผมธรรมชาติ
4 สูตรหมักผมธรรมชาติ
 

Similar to Social media risks - data leakage and data accountability

Information security overview
Information security overviewInformation security overview
Information security overviewPonum Raja
 
DN18 | Deploying a Risk Monitoring Tool on Third Parties | Jean-François Heer...
DN18 | Deploying a Risk Monitoring Tool on Third Parties | Jean-François Heer...DN18 | Deploying a Risk Monitoring Tool on Third Parties | Jean-François Heer...
DN18 | Deploying a Risk Monitoring Tool on Third Parties | Jean-François Heer...Dataconomy Media
 
Data Protection Scotland Summit 2019
Data Protection Scotland Summit 2019Data Protection Scotland Summit 2019
Data Protection Scotland Summit 2019Ray Bugg
 
The Privacy Illusion
The Privacy IllusionThe Privacy Illusion
The Privacy IllusionMary Aviles
 
Your Digital Identity - are you feeling lucky?
Your Digital Identity - are you feeling lucky?Your Digital Identity - are you feeling lucky?
Your Digital Identity - are you feeling lucky?Kirsten Thompson
 
Online Trust Alliance Recommendations
Online Trust Alliance RecommendationsOnline Trust Alliance Recommendations
Online Trust Alliance RecommendationsMeg Weber
 
Data Privacy Micc Presentation
Data Privacy Micc PresentationData Privacy Micc Presentation
Data Privacy Micc Presentationashishjoshi
 
Consumer Mobile Policy & Security - Lightspeed & Kantar
Consumer Mobile Policy & Security - Lightspeed & KantarConsumer Mobile Policy & Security - Lightspeed & Kantar
Consumer Mobile Policy & Security - Lightspeed & KantarMerlien Institute
 
Is GDPR a showstopper for social media usage in your company
Is GDPR a showstopper for social media usage in your companyIs GDPR a showstopper for social media usage in your company
Is GDPR a showstopper for social media usage in your companyVanguard Leadership
 
COVID-19 free penetration tests by Pentest-Tools.com
COVID-19 free penetration tests by Pentest-Tools.comCOVID-19 free penetration tests by Pentest-Tools.com
COVID-19 free penetration tests by Pentest-Tools.comPentest-Tools.com
 
Internet of Things With Privacy in Mind
Internet of Things With Privacy in MindInternet of Things With Privacy in Mind
Internet of Things With Privacy in MindGosia Fraser
 
Data Security for Nonprofits
Data Security for NonprofitsData Security for Nonprofits
Data Security for NonprofitsNPowerCR
 
GDPR How ready are you? The What, Why and How.
GDPR How ready are you? The What, Why and How.GDPR How ready are you? The What, Why and How.
GDPR How ready are you? The What, Why and How.James Seville
 
The 1% Who Can Take Down your Organization
The 1% Who Can Take Down your OrganizationThe 1% Who Can Take Down your Organization
The 1% Who Can Take Down your OrganizationCloudLock
 
The Ugly Secret about Third Party Risk Management.pdf
The Ugly Secret about Third Party Risk Management.pdfThe Ugly Secret about Third Party Risk Management.pdf
The Ugly Secret about Third Party Risk Management.pdfBreachSiren
 
Smart Data Module 5 d drive_legislation
Smart Data Module 5 d drive_legislationSmart Data Module 5 d drive_legislation
Smart Data Module 5 d drive_legislationcaniceconsulting
 
Privacy 2020: Recap & Predictions
Privacy 2020: Recap & PredictionsPrivacy 2020: Recap & Predictions
Privacy 2020: Recap & PredictionsTrustArc
 
FinTech Belgium - MeetUp on The Ideal RegTech for Banks and FinTechs - Jean-F...
FinTech Belgium - MeetUp on The Ideal RegTech for Banks and FinTechs - Jean-F...FinTech Belgium - MeetUp on The Ideal RegTech for Banks and FinTechs - Jean-F...
FinTech Belgium - MeetUp on The Ideal RegTech for Banks and FinTechs - Jean-F...FinTech Belgium
 

Similar to Social media risks - data leakage and data accountability (20)

Information security overview
Information security overviewInformation security overview
Information security overview
 
DN18 | Deploying a Risk Monitoring Tool on Third Parties | Jean-François Heer...
DN18 | Deploying a Risk Monitoring Tool on Third Parties | Jean-François Heer...DN18 | Deploying a Risk Monitoring Tool on Third Parties | Jean-François Heer...
DN18 | Deploying a Risk Monitoring Tool on Third Parties | Jean-François Heer...
 
Data Protection Scotland Summit 2019
Data Protection Scotland Summit 2019Data Protection Scotland Summit 2019
Data Protection Scotland Summit 2019
 
The Privacy Illusion
The Privacy IllusionThe Privacy Illusion
The Privacy Illusion
 
Your Digital Identity - are you feeling lucky?
Your Digital Identity - are you feeling lucky?Your Digital Identity - are you feeling lucky?
Your Digital Identity - are you feeling lucky?
 
Online Trust Alliance Recommendations
Online Trust Alliance RecommendationsOnline Trust Alliance Recommendations
Online Trust Alliance Recommendations
 
Data Privacy Micc Presentation
Data Privacy Micc PresentationData Privacy Micc Presentation
Data Privacy Micc Presentation
 
Social Media and the Law
Social Media and the LawSocial Media and the Law
Social Media and the Law
 
Consumer Mobile Policy & Security - Lightspeed & Kantar
Consumer Mobile Policy & Security - Lightspeed & KantarConsumer Mobile Policy & Security - Lightspeed & Kantar
Consumer Mobile Policy & Security - Lightspeed & Kantar
 
Is GDPR a showstopper for social media usage in your company
Is GDPR a showstopper for social media usage in your companyIs GDPR a showstopper for social media usage in your company
Is GDPR a showstopper for social media usage in your company
 
Lecture #22: Web Privacy & Security Breach
Lecture #22: Web Privacy & Security BreachLecture #22: Web Privacy & Security Breach
Lecture #22: Web Privacy & Security Breach
 
COVID-19 free penetration tests by Pentest-Tools.com
COVID-19 free penetration tests by Pentest-Tools.comCOVID-19 free penetration tests by Pentest-Tools.com
COVID-19 free penetration tests by Pentest-Tools.com
 
Internet of Things With Privacy in Mind
Internet of Things With Privacy in MindInternet of Things With Privacy in Mind
Internet of Things With Privacy in Mind
 
Data Security for Nonprofits
Data Security for NonprofitsData Security for Nonprofits
Data Security for Nonprofits
 
GDPR How ready are you? The What, Why and How.
GDPR How ready are you? The What, Why and How.GDPR How ready are you? The What, Why and How.
GDPR How ready are you? The What, Why and How.
 
The 1% Who Can Take Down your Organization
The 1% Who Can Take Down your OrganizationThe 1% Who Can Take Down your Organization
The 1% Who Can Take Down your Organization
 
The Ugly Secret about Third Party Risk Management.pdf
The Ugly Secret about Third Party Risk Management.pdfThe Ugly Secret about Third Party Risk Management.pdf
The Ugly Secret about Third Party Risk Management.pdf
 
Smart Data Module 5 d drive_legislation
Smart Data Module 5 d drive_legislationSmart Data Module 5 d drive_legislation
Smart Data Module 5 d drive_legislation
 
Privacy 2020: Recap & Predictions
Privacy 2020: Recap & PredictionsPrivacy 2020: Recap & Predictions
Privacy 2020: Recap & Predictions
 
FinTech Belgium - MeetUp on The Ideal RegTech for Banks and FinTechs - Jean-F...
FinTech Belgium - MeetUp on The Ideal RegTech for Banks and FinTechs - Jean-F...FinTech Belgium - MeetUp on The Ideal RegTech for Banks and FinTechs - Jean-F...
FinTech Belgium - MeetUp on The Ideal RegTech for Banks and FinTechs - Jean-F...
 

Recently uploaded

VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With RoomVIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Roomgirls4nights
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一Fs
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012rehmti665
 
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girladitipandeya
 
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on DeliveryCall Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Deliverybabeytanya
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With RoomVIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Roomdivyansh0kumar0
 
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Dana Luther
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)Christopher H Felton
 
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With RoomVIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Roomdivyansh0kumar0
 
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Lucknow
 
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Roomdivyansh0kumar0
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts servicevipmodelshub1
 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)Damian Radcliffe
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一Fs
 

Recently uploaded (20)

sasti delhi Call Girls in munirka 🔝 9953056974 🔝 escort Service-
sasti delhi Call Girls in munirka 🔝 9953056974 🔝 escort Service-sasti delhi Call Girls in munirka 🔝 9953056974 🔝 escort Service-
sasti delhi Call Girls in munirka 🔝 9953056974 🔝 escort Service-
 
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With RoomVIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
 
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
 
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on DeliveryCall Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
 
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With RoomVIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
 
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
 
Call Girls Service Dwarka @9999965857 Delhi 🫦 No Advance VVIP 🍎 SERVICE
Call Girls Service Dwarka @9999965857 Delhi 🫦 No Advance VVIP 🍎 SERVICECall Girls Service Dwarka @9999965857 Delhi 🫦 No Advance VVIP 🍎 SERVICE
Call Girls Service Dwarka @9999965857 Delhi 🫦 No Advance VVIP 🍎 SERVICE
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
 
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With RoomVIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
 
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
 
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
 

Social media risks - data leakage and data accountability

  • 1. SOCIAL MEDIA: WHY SHOULD IT BE ON YOUR AUDIT PLAN? Shivangi Nadkarni, CISA, CIPT, DCPP Co-Founder & CEO – Arrka Consulting
  • 2. The Social Media Ecosystem 15-Feb-17Arrka Consulting - Confidential 2 This is a placeholder text. It can be replaced by your own one. Communication Apps: Gmail, Skype, Whatsapp... Organizational sites, apps, games, pages Games, Interactive Media Popular Apps: Facebook, Linked In, Twitter...
  • 3. The Risks: Category #1 15-Feb-17 3 Arrka Consulting - Confidential
  • 4. How things can go wrong… 15-Feb-17Arrka Consulting - Confidential 4 Twitter:  Who: Their own CFO – Anthony Noto  What: Accidently tweeted instead of sending a private message  What was it about: An M&A plan  "I still think we should buy them. He is on your schedule for Dec 15 or 16 -- we will need to sell him. i have a plan.“
  • 5. How things can go wrong… 15-Feb-17Arrka Consulting - Confidential 5 Across Social Media:  Who: UK Armed Forces  What: Disclosed details of Britain’s submarines, posted videos of people & equipment in Afghanistan & Libya, details of sensitive visits, etc
  • 6. How things can go wrong 15-Feb-17Arrka Consulting - Confidential 6  …Am sure each of you has a story to tell from your own organization…
  • 7. Data Leakage on Social Media – How? 15-Feb-17Arrka Consulting - Confidential 7 Leakage The DELIBERATE The VICTIM The ‘OOPS’! Data leaked by mistake • Very Common • Eg: putting great details in Linked In profiles, uploading sensitive documents on public cloud, posting internal plans on Facebook, etc The Malicious Insider Victimised by Cybercrime • 40 percent of social media users have fallen victim to cybercrime • One in six users believe their accounts have been compromised* * Norton Study
  • 8. At the Organizational Level 15-Feb-17Arrka Consulting - Confidential 8  Impersonation/ spoofing of organization’s properties  Fake pages, handles etc  Fake domains  Fake apps
  • 9. The Risks: Category #2 15-Feb-17 9 Arrka Consulting - Confidential
  • 10. When you are Online – what happens in the background? 15-Feb-17Arrka Consulting - Confidential 10 Types of data collected: - Device id, location data, browser history, your OS, - Anything else you may have given ‘permission’ to access – eg, contact info, etc Your Profile & Identity is built
  • 11. What happens to this data? 15-Feb-17Arrka Consulting - Confidential 11 ANALYTICS is done on this SOLD to data networks/ ad networks/ other agencies -Who use it to sell products & services to you Used to SYNC UP with other channels to do omni-channel reach Fed into ALGORITHMS and used to make automated decisions about you
  • 12. In Short, When You Are Online….
  • 13. What happens when you use a mobile app? 15-Feb-17Arrka Consulting - Confidential 13 You give ‘Permissions’
  • 14. What happens when you use… 15-Feb-17Arrka Consulting - Confidential 14 APP or Website Gets access to your account
  • 15. So How and Why is all this relevant to an organization? 15-Feb-17 15 Arrka Consulting - Confidential
  • 16. 15-Feb-17Arrka Consulting - Confidential 16  Your organization is engaging in all these digital interactions  Online  Mobile apps  Applications like FB/ Instagram/ Linked in/ etc
  • 17. Data: Today’s Reality 15-Feb-17Arrka Consulting - Confidential 17 Explosion of Data • Tracking • Online Behavioural Advertising (OBA) • Ad / Data Networks Individuals as Data Generators Social, Mobile, Analytics, Cloud, IOT… Personal Data is the New Currency
  • 18. Types of Personal Data 15-Feb-17Arrka Consulting - Confidential 18 PERSONAL DATA Knowingly provided by a user Unknowingly provided by a user Observed Data Derived or Inferred Data Harvested From 3P sources Eg: Filling in account details Eg: Device identifiers, Location Data, etc Eg: Data generated from analysis and/or deploying algorithms. Like online behaviour profiles
  • 19. What does the law say? 15-Feb-17Arrka Consulting - Confidential 19  Data Protection & Privacy laws in most countries:  Define personal data to include all device data, meta data, location data, etc  Anything from a device that can be used to identify an individual  The laws have some strict curbs on how this data should be treated and used  With some stiff penalties and liabilities  Eg:  EU GDPR: upto 2% to 4% of global turnover  Most countries have criminal liabilities
  • 20. So Who Owns What Data? 15-Feb-17Arrka Consulting - Confidential 20 Dedicated 3rd Parties 3P’s using their own platforms/ products Personal Data Personal Data 3P’s own usage 4th Parties Where Does Accountability lie? Who takes on the liabilities? Who carries the reputation risk?
  • 21. What can go wrong?: InMobi 15-Feb-17Arrka Consulting - Confidential 21  One of the world’s largest Mobile Ad Network  Tracked a customer’s location using surrounding wi-fi networks  EVEN when the customer had turned off location services on her mobile  Hauled up and fined by the US FTC  InMobi: Basically from India!
  • 22. What can go wrong: Silverpush 15-Feb-17Arrka Consulting - Confidential 22  A technology that tracks ‘audio beacons’ from Televisions  Captured on a mobile device  Sent to a central server  Profiles what exactly you have watched on tv  Feeds to ad networks to deliver ads  Not even a standalone app  Embedded in other mobile apps  Hauled up by US FTC
  • 23. Think of this scenario 15-Feb-17Arrka Consulting - Confidential 23  Your organization ties up with a third party to co-brand a mobile app  Hosts it on the third party’s platform  Third party uses the data from the customer to do analytics and sell to an ad network  Meanwhile, your orgn has promised the customer that you wont sell her personal data to anyone  What happens in this scenario? Who is accountable?
  • 24. To Summarise 15-Feb-17Arrka Consulting - Confidential 24 Data Leakage related risks Data Accountability related risks Risks from the Social Media Ecosystem
  • 25. What can you do to address this? 15-Feb-17 25 Arrka Consulting - Confidential
  • 26. What can you do to address this 15-Feb-17Arrka Consulting - Confidential 26  Create Awareness  That these risks exist  They are real  They are an integral part of business – not a ‘tech-only’ problem  They have to be urgently addressed  Assess  What is your organization’s risk exposure vis-à-vis the social media ecosystem  Assess the gaps
  • 27. What can you do to address this 15-Feb-17Arrka Consulting - Confidential 27  Review existing programs/ initiatives that address these risks  Likely that existing risk management initiatives may be addressing some parts of these risks  Initiate new programs/ initiatives to take care of unaddressed gaps  Do this on a continual basis  Pace of change is explosive  Risk profiles keep changing  Global developments affect local ecosystems- although you may not be dealing with outside markets
  • 28. 15-Feb-17Arrka Consulting - Confidential 28  It is an exciting world out there….full of opportunities….just make sure you have your risks covered as you make the most of the opportunities
  • 29. Shivangi Nadkarni, CISA, DCPP, CIPT Co-Founder & CEO – Arrka Consulting shivangi.nadkarni@arrka.com www.arrka.com @shivanginadkarn Questions? 15-Feb-17 29 Arrka Consulting - Confidential