This document summarizes a seminar on managing risk with social media. It discusses how social media is complex and misunderstood. It notes that boards rarely review cybersecurity measures. There are increasing cybersecurity threats from malware and data breaches. Most companies have not adequately adopted security measures. To improve, companies need to pay attention to security, hire the right experts, properly organize security functions, and regularly review policies, audits, and assessments. Social media presents both new challenges and similarities to old issues. Proper implementation requires training, clear communication, and general principles rather than rigid rules. The effects and conclusions emphasize protecting information, being transparent, following laws and policies, and knowing how social media fits an organization's needs and how

1. Social Media Seminar: Managing
Risk
June 20, 2012
Steven H. Shapiro

2. Social Media is like teen sex.
Everyone wants to do it. Nobody knows how.
When it’s finally done, there is surprise it’s not better.
Avinash Kaushik, Analytics Evangelist, Google

3. Social Media as part of
Cybersecurity
• 71% of their Boards rarely or never review privacy and
security budgets.
• 79% of their Boards rarely or never review roles and
responsibilities.
• 64% of their Boards rarely or never review top-level
policies.
• 57% of their Boards rarely or never review security
program assessments.
The Governance of Enterprise Security: CyLab 2012 Report
Carnegie Mellon University

4. Cybersecurity Threats Increasing
• 80% of respondents faced a large-scale
denial-of-service attacks on a large scale.
• 85% experiences network infiltrations
• Almost 2/3 said that at least once a month
that they found malware designed to
sabotage their system
“In the Dark: Crucial Industries Confront Cyberattacks.”

5. Bottom Line:
“Most companies failed to
adopt many of the available
security measures. This
means that, for many, security
remained rudimentary."

6. What can be done?
1. Pay attention.
2. Get the right people.
3. Organize the function properly.
4. Review regularly – report, audit and
assess.
5. Review policies to create a culture and
respect for privacy.

7. SOCIAL MEDIA:
NEW
OR
MORE OF THE SAME?

8. “The more things change, the
more they stay the same.”
* * * *
“The Internet has been the
most fundamental change
during my lifetime and for
hundreds of years.”

9. SOCIAL MEDIA:
NEW
AND
MORE OF THE SAME

10. More of the same
• Conform to strategy and business of
company
– Using for offensive or defensive purposes?
• Work within legacy guidelines
– Existing laws, regulations and case law
– Existing company policies
• Maintain existing protections – privacy,
confidentiality and ownership

11. More of the same (continued)
• Identify who said what and who is
speaking for whom
• Update, update, update
• When implementing:
– Train effectively
– Communicate clearly
• Use general principles, not detailed rules

12. Differences
• Can not legislate from the top down
• Permanence of items posted on the web
• Internet creates its own reality
• Not a 24/7 world, an instantaneous world
• The line between personal and business
matters is not blurred, but obscured

13. Differences (continued)
• Communication can and should be 2 way
• Understand the nature of a community
• Use carrot, not stick, to generate desired
behavior

14. Some effects
Dell used “Social Media Principles”
1. Protect Information
2. Be Transparent and Disclose
3. Follow the Law, Follow the Code of Conduct
4. Be Responsible
5. Be Nice, Have Fun and Connect
6. Social Media Account Ownership
Global Policy on Social Media Effective Date: 15 August 2011

15. Conclusions- Cybersecurity
• Protect yourselves!
– Pay attention
– Get the right people
– Organize yourself the right way
– Check yourself regularly

16. Conclusions- Social Media
• Know what your organization needs
• Know where it comes from
• Know how it has to change

17. DISCUSSION
Steve Shapiro
Corporate Partner
sshapiro@pircher.com
312-915-3175