Is Social Media putting you at risk?
by Mark Glucki on Oct 13 at 4:46 pm
I use social media everyday, at work and at home. I use it when I get up and have coffee, heading to working, going to meetings, in meetings, at lunch, on the way home, while running, while riding my bike, while watching tv, while sleeping, you get the picture. So am I actually at risk? I personally don’t think so. It’s all in how you approach it, and by learning best practices to avoid attacks and using the tools we have at the office to mitigate those risks, I think we’re in a pretty safe zone. But we always have to keep on top of what’s going on out there, and be one step ahead.
Here’s an article from the Mindshift newsletter that talks about risks associated with social media. Do you use social media in business and what do you think about the risks?
ORIGINALLY PUBLISHED OCT 13, 2011:
Social Media is quickly taking hold as a valuable corporate communication tool, and at the same time it is introducing new security risks that most organizations are unaware of. Is Social Media putting your organization in danger?
Every day we hear more about the risks of malware, internet attacks and zero day threats — the gap between the launch of an application and identifying its vulnerabilities. Social Media has widened the field from which security threats can be launched. According to a 2011 Information Week survey, 76% of IT and security professionals believe their company is more vulnerable to attacks today than one year ago, because now there are more ways to attack a corporate network.
“Hackers, or ‘hacktivists,’ can use Social Media to try to figure out as much about a target as they can, and we as a society have been very generous in telling people where we are, what we are doing and so on,” explains Rick Hayes, senior principal consultant, Dell SecureWorks, which partners with Allstream to provide Managed Security Services.
A recent study by Amplitude Inc., commissioned by VanDyke Software, surveyed network administrators’ greatest concerns about employee use of Social Media. The responses show the scope of potential threats: viruses, data leaks and intrusion were each cited by 19% of respondents, while carelessness and malware were each mentioned by 9%, and privacy risk by 6%.
While some businesses have taken a strict approach and banned employee use of Social Media, others don’t want to forgo the advantages of these tools, such as enhanced collaboration among employees and greater job satisfaction. It’s a challenge to determine what is best for an organization.
Minimize the risk
“In terms of protection from threats from Social Media, one way for businesses to minimize their risk is to simply not allow it, but if they do allow it then they need to have well-defined corporate policies in place and ensure that their employees are well-versed on their Social Media code of conduct,” says Craig Deveau, senior product manager for Managed Security Services at Allstream.
If in the end an organization chooses to allow Social Media use by employees, then the critical issues are in identifying potential threats and managing them. Failure to do so can be costly.
“In certain cases, if confidential information inadvertently becomes public it can be very harmful to a business, such as impacting company share prices or providing sensitive information to competitors,” Deveau notes.
In fact, the average organizational cost of a data breach in the U.S. in 2010 was $7.2 million, according to a study conducted by the Ponemon Institute.
On the other end of the spectrum from organizations that ban Social Media are those that treat them like an “online cocktail party,” according to Focus, a network of leading business and technology experts. Organizations that treat Social Media in a casual manner leave themselves exposed, as though they were in a “loud glass house: a place with endless visibility and each occupant talking through a highly amplified bullhorn,” says the Focus article. Endless visibility can translate into endless vulnerability.
Identify the issues
Ultimately, when using Social Media, people can be left exposed and potentially vulnerable, as can their organizations. Some of the key risks include:
- Mobile applications: It is dangerous to assume that the apps employees download are risk-free. “Mobile devices are one of the biggest issues now,” says Hayes. “You can get malware on your phone, and remember, your phone is just like a mini computer.” The risk of using mobile devices such as tablets and smart phones to engage in Social Media activity is that employees can do so outside corporate firewalls. IT/security departments have limited ability to control this usage unless they are able to extend their network security to include them. To demonstrate the scope of the threat, according to security vendor McAfee, the number of pieces of mobile malware grew by 46% in 2010.
- Weak or no policy: Failure to have a strict Social Media policy stating goals, rules and restrictions can place an organization at risk.
- Employees: Staffers are a potential source of vulnerability, and their intent needn’t be malicious. A seemingly innocent comment, once circulated, cannot be controlled. Add to that the threat posed by unhappy employees.
The growing use of Social Media has increased the scope of threats to organizations, many of which don’t understand the extent of their vulnerability. “There isn’t anybody who doesn’t have to worry about it,” Hayes warns of the dangers posed by Social Media. “Saying your company is not vulnerable is incredibly myopic.”
Once these threats are recognized as genuine, key defensive strategies include thorough staff training, strict policies, and, depending on the size of the organization, designating trained people to oversee the Social Media environment.
Subscribe to the Allstream Mindshift newsletter at http://bit.ly/rnM4ws
Want to learn even more about how to minimize your risk with Managed Services? Check out the October 19 Allstream webinar to learn from the experts, download the whitepaper, and participate in the live Q & A with Allstream and Dell SecureWorks product specialists. Register today at allstream.com!
Image by flavouz
Share