Asset Protection Conference 2011 -The Good, The Bad and The Ugly of Social Media
•
0 likes•570 views
While beneficial for marketing purposes, social media activity creates potential pitfalls in terms of protecting a company’s assets and reputation. What if sensitive company information was leaked online and, even worse, you didn’t know it was out there? Are you prepared for serious damage control? A social media expert will show you how to manage and track your online reputation, identify online threats and address compliance issues. Learn investigative techniques to solve retail theft and the six key social media best practices. (This presentation was given at the Asset Protection Conference 2011 - Food Marketing Institute)
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Asset Protection Conference 2011 -The Good, The Bad and The Ugly of Social Media
Similar to Asset Protection Conference 2011 -The Good, The Bad and The Ugly of Social Media (20)
Recently uploaded
Recently uploaded (20)
Asset Protection Conference 2011 -The Good, The Bad and The Ugly of Social Media
- 2. “Social Media – The Good, The Bad And The Ugly” Presenter: Helen Levinson
- 3. Social Media Fears Most Common Reasons: • Lack of Knowledge & Understanding • Brand Management & PR Concerns • Lack of Time and Personnel • It’s a Passing Fad
- 5. Facebook tops Google for weekly traffic in the U.S.
- 6. 50 million Tweets per day - 80% are outside of Twitter
- 7. If Facebook were a country, it would be the world’s 3rd largest
- 9. 80% of companies use LinkedIn as primary tool to find employeesSource Mashable.com & Socialnomics.net
- 10. Click to view video: http://www.youtube.com/watch?v=lFZ0z5Fm-Ng&feature=player_embedded: Source Socialnomics.net – Eric Qualman
- 13. Click to view case study: http://blog.thoughtpick.com/2010/01/learn-sm-by-example-dunkin-donuts-campaign.html
- 16. Source - YouTube http://www.youtube.com/watch?v=5YGc4zOqozo
- 17. Click to view video: http://www.youtube.com/watch?v=-QDkR-Z-69Y
- 19. 1/3rd of employed respondents say they never consider what their boss would think before posting materials online.
- 20. 61% of employees say that even if employers are monitoring their social networking profiles or activities, they won’t change what they are doing online.
- 21. 54% of employees say a company policy won’t change how they behave online.Source Deloitte Ethics & Workplace Survey, 2009
- 23. 54% of CIOs said their firms do not allow employees to visit social networking sites for any reason while at work. Source Deloitte Ethics & Workplace Survey & Robert Half Technology 2009
- 25. 13% of US companies investigated the exposure of confidential, sensitive or private information via a an SMS text or micro-blogging serviceSource Twitter, Outbound email and data loss prevention in today’s enterprise, 2009
- 26. Social Media Best Practices What Should I Know? • Corporate Guidelines• Personal vs. Corporate?• Employee & Customer Interaction• Damage Control • Etiquette• Guard Your Information
- 27. Protecting Your Image Best Practice No. 1:Establish CorporateGuidelines
- 28. IBM and Intel IBM and Intel each established guidelines for their employees who participate in social media. These market leaders were essentially saying, “have at it out there on blogs, social networks, Twitter, etc. But make sure you know the company’s expectations.” These guidelines represent a milestone in large enterprises’ comfort with social media. Source Hutch Carpenter - bhc3.wordpress.com/2008/12/
- 30. Source IBM - http://www.ibm.com/blogs/zz/en/social_computing_guidelines.html
- 31. Source IBM - http://www.ibm.com/blogs/zz/en/social_computing_guidelines.html
- 32. Source IBM - http://www.ibm.com/blogs/zz/en/social_computing_guidelines.html
- 33. Source IBM - http://www.ibm.com/blogs/zz/en/social_computing_guidelines.html
- 35. Intel Social Media Guidelines Source Intel - http://www.intel.com/sites/sitewide/en_US/social-media.htm
- 36. Consequences What happens with no guidelines in place? • PR Nightmares• Lawsuits• Loss of Time and Money
- 37. Posting Information Best Practice No. 2:Personal vs. Corporate
- 39. Keep it personal … or keep it strictly business
- 40. People Interaction Best Practice No. 3:Employee and Customer Interaction
- 46. Cover Your Risk Best Practice No. 4:Think “Damage Control”
- 48. Click to view video: http://www.youtube.com/watch?v=g-Z2x4SClaE&feature=related
- 50. Respond fast and efficiently in order to stop the snowball effect
- 52. Re-focused the attention of clients back to the product “pizza” by building alliances with bloggers and giving away free food in order to reconcile with the product.
- 54. Wal-Mart Concocts Fake Community Group to Gain Chicago Support
- 56. Be proactive in response
- 57. Operate by a code of conduct
- 60. 35% leaked proprietary information
- 61. Blog Breaches
- 62. 25% data loss via blogs
- 63. Video Exposure
- 64. 21% disciplined employees
- 65. Friends or Foes?
- 66. 20% offenses made on Facebook & LinkedInSource Marketwire.com
- 68. Blog Posts
- 70. Tweets
- 71. Fan Pages
- 72. IP Blocking & Web Cloaking
- 73. Sidejacking
- 75. Google
- 76. Bing
- 78. Blog Posts
- 81. Visit Board Tracker: http://www.boardtracker.com
- 83. Tweets
- 84. Visit Twitter Search: http://search.twitter.com
- 86. Fan Pages
- 88. IP Blocking & Web Cloaking
- 90. Sidejacking
- 91. Firesheep View case study: http://money.cnn.com/2010/12/14/technology/firesheep_starbucks/index.htm
- 92. Auction Sites
- 93. Monitor Your Brand Monitoring Tools: Social media provides a way to market yourself, your business, your products and services.Tools such as Radian 6, Sprout Social, and Socialmentionhelp you monitor your brand.
- 94. Remember… Be mindful of what you post.
- 96. Warren Buffett once famously said…“It takes twenty years to build a reputation, and five minutes to ruin it.”
- 97. Who, What, Where, Now? What are the Next Steps? Create a Social Media Strategy • Define Goals • Who Owns It? Risk Management & Compliance • Establish Best Practices • Create Response Teams • Damage Control Protocol Listen & Respond • Adopt a 24 hour culture • Offer Hotline / Email
- 98. Questions
- 99. Connect, Join, Follow Connect with Helen Levinson LinkedIn: http://www.linkedin.com/in/helenlevinson Twitter: http://twitter.com/helenlevinson Quora: http://www.quora.com/Helen-Levinson Connect with Desert Rose Design Website: http://www.desertrose.net Facebook: http://www.facebook.com/DesertRoseDesign Twitter: http://twitter.com/DRDmarketing LinkedIn: http://www.linkedin.com/groups?home=&gid=1846028
Editor's Notes
- Interesting Firesheep story: http://money.cnn.com/2010/12/14/technology/firesheep_starbucks/index.htmThere's been a lot of talk about Firesheep, a free Firefox extension that collects data broadcast over an unprotected Wi-Fi network without using SSL. You turn it on, and by default it collects cookies for Facebook, Twitter and 24 other sites. Then you can sidejack the account and gain access under the acquired identity.1021Email PrintCommentThis extension isn't shocking. If you're worth your weight as a developer, you've known this flaw has existed for a long time. But what about the rest of the world? What about the people who haven't heard about the newly accessible threat through their friends, or through Engadget or Slashdot?I thought I'd spread the word and help some laymen out after work. There's a large Starbucks (SBUX, Fortune 500) near my apartment. I dropped in, bought some unhealthy food, opened my laptop and turned on Firesheep.Less than one minute later, there were five or six identities sitting in the sidebar. Three of them were from Facebook.This wasn't at all surprising. Firesheep isn't magical, and anyone that's been to a Starbucks knows that a lot of people mindlessly refresh Facebook while sipping their lattés. I thought I'd give it more time, so I listened to some music, talked to a few friends -- and, most importantly (and difficultly) did not navigate to anything sent over vanilla HTTP (including, of course, Facebook).Aside from avoiding vulnerable services in the open, there isn't really any way for users to protect themselves from these attacks. While Firesheep runs within Firefox, all browsers are vulnerable to it. Logging on to https://www.facebook.com just redirects to an unsecured connection. And while a VPN would create a secure tunnel through the unprotected connection, most users don't have access to one. The best thing to do is to log out of Facebook and Twitter when using one of these connections.Half an hour later, I'd collected somewhere between 20 and 40 identities. Since Facebook was by far the most prevalent (and contains more personal information than Twitter), I decided to send the users messages from their own accounts to warn them of their exposure. I drafted a friendly, generic message that stated the location of the Starbucks, what the vulnerability was, and how to avoid it. I sent messages to around 20 people.I cleared the Firesheep sidebar, took off my headphones, and waited.Your Facebook ID is a goldmineI heard one expletive muttered a few feet away, and wondered if my message was the cause. Over the next 15 minutes, I didn't hear anyone talk about what had happened -- and folks at Starbucks are usually not ones to keep their conversations private. However, what I did see happen was a sharp decline in the number of identities I was collecting when I restarted Firesheep.This was relieving -- these people got the message. Hopefully they'll tell their friends. I cleared the sidebar once again, and after another 20 minutes of mindless conversation I saw five familiar names had returned to my herd.This was puzzling. Didn't they receive the first message?I logged into their accounts, and sure enough, they had. One of them was even on Amazon.com, which I had warned about in my first message.I targeted him first: I opened up his Amazon (AMZN, Fortune 500) homepage, identified something he had recently looked at, and then sent him a "no, seriously" message on Facebook from his account -- including the fun fact about his music choices.I cleared again the sidebar again and waited for 10 minutes. After I resumed Firesheep's collection, it appeared that he was gone. Yet the other four remained, persistently.A compromised Facebook account doesn't just mean someone can view your photos, likes and wall posts. A compromised Facebook account gives someone access to an identity, from which they can perform social engineering attacks and potentially ruin relationships -- both out of boredom and for gain.While much of this can be corrected, the time and energy it takes to do so is significant. Someone sending a fake message to one of your friends may not seem like a big deal, but someone sending a fake message to 500 of them is -- especially when that 500 may include colleagues, family, and clients.0:00 /2:38My private life revealed on the web So I didn't understand why my sheep were still grazing, unprotected. Perhaps, I reasoned, they thought the message was automatically generated and randomly targeted -- even though I'd mentioned their precise location. So, one last message was in order.I drafted a very short message (perhaps the first was too long?) and sent it to the four, once again from their own accounts: Really wasn't kidding about the insecurity thing. I won't send another message after this -- it's up to you to take your security seriously. You're at the [XYZ Street] Starbucks on an insecure connection, and absolutely anyone here can access your account with the right (free) tool.Twenty minutes passed, and all four were still actively using Facebook.Again, I considered that they may not have received the second message, but after viewing their accounts it was clear that they had.This is the most shocking thing about Internet security. Not that we are all on a worldwide system held together with duct tape that has appalling security vulnerabilities; not that a freely available tool could collect authentication cookies; and certainly not that there are people unaware of either of those.What's absolutely incomprehensible is that after someone has been alerted to the danger -- from their own account! -- they would casually ignore the warning and continue about their day.But, I kept my word and did not send another message. I packed my things, I walked around the store, and recognized several of the people I'd just introduced to their own vulnerability.On my way home, I considered what the experience meant about our society. No matter how many security measures we provide to the world, there will always be people who leave the door open, even after they've had an intruder. The weakest link in security has been, and always will be, the user's judgment.Back at my apartment, I began to settle in -- only to realize that throughout the entire night, my fly had been wide open. Just another demonstration: we're all walking around with vulnerabilities we have yet to discover.