Social Media Security Boils Down to User Training

Your company's employees are participating in social media on your network. You may encourage the practice, or you may discourage it, but unless you run a "1%" locked down environment, it's happening. Probably as you read this post.

 

Social media can be a great communication and marketing device, but it also presents a wide range of risks for your company, of both inappropriate disclosure and IT security breaches. The best bet for any company is to thoroughly train its staff about best practices for using social media.

 

"Socializing Securely: Using Social Networking Services," by the United States Computer Emergency Readiness Team, offers a wealth of advice for any user of social media services like Facebook and Twitter. The 5-page PDF, which is available free to IT Business Edge members here in the IT Downloads library, is ideal as a quick training pass-around to your staff.

 

 

 


The report starts off by listing the various threats posed by social media: social engineering attacks, identity theft and good old-fashioned viruses. When the entire user experience is based on building trust with people whom you've never actually met, there will always be folks looking to abuse that trust. And even with people you do know personally, the implied anonymity of the Web tends to make even well-intentioned folks a little reckless - a quick status update about how stupid your weekly team meeting is not only hurts your own professional reputation, it makes your company look bad.

 

The report lists two steps that, in a corporate setting, fall under the IT department: Keep anti-virus solutions and OS and application patching up-to-date.

 

It then goes into greater detail about best practices that you will have to count on your users to employ.

 

  • Use strong passwords on social media services, which most folks are less likely to do on their Twitter accounts than their bank accounts.
  • Use strong privacy settings on social networks. Almost as importantly, pay careful attention to changes to privacy policies, which happen all the time. You never know when a slight tweak in a policy is going to leave your email address publicly exposed to scrappers.
  • Avoid suspicious third-party applications. A huge part of the social media business model is to allow third parties to use the service as a platform for marketing applications. Unfortunately, many social media networks are not as rigorous as they might be when it comes to vetting these apps. Allow only apps from vendors you trust to access your social accounts.
  • Treat everything as public. Privacy settings are great, but when it comes down to it, if you publish a piece of information on a Web page, it's out there and you lose control of it. Copy and paste works on social media, too. The report lists a few areas to be particularly sensitive about - we'd add the company's financials to the mix.

 

Again, your best plan here is training. The US-CERT report is a great starting point.



Add Comment      Leave a comment on this blog post

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

null
null

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.