Australian Organisations Lack Social Media Security
“A new survey on social media risks suggests a dangerous gap in Australian corporate social media security. The survey conducted by the Ponemon Institute and sponsored by content security provider Websense, is believed to be the first study that determines what IT and security practitioners throughout the world think about the security risks that are associated with employee use of social media. The use of social media in the workplace is growing at a rapid pace. Savvy businesses are using blogs, social networks, wikis and other vehicles to quickly share information with their target audiences. The result can be greater brand awareness and an enhanced image in the marketplace. Social media also can play an important role in gathering intelligence directly from an organisation’s target audience to help improve products, services and other areas of their business. As social media technology and the security for these tools continue to evolve, organisations will realise even more benefits. Along with these benefits have come risks. ISACA has identified the following as the top five risks of social media: viruses/malware, brand hijacking, lack of control over content, unrealistic customer expectations of “Internet-speed”, service and non-compliance with record management regulations. The challenge remains how to ensure the use of social media vehicles does not jeopardise the security of their organisations’ networks. To achieve the right balance Websense recommends the following:
- Understand the risk social media tools create in the workplace. Conduct a risk assessment to understand what practices may be putting the organisation at risk.
- Educate employees about how their social media usage could impact the company. For example, how posting something inappropriate could breach company security and hurt its reputation.
- Create a comprehensive policy (including detailed guidelines) for all employees and contractors who use social media tools in the workplace. The policy should address the risks and the security procedures that should be followed.
- Improve the ability through expertise and enabling technologies to detect and prevent attacks.
- Consider the use of time quotas, bandwidth management and coaching to allow employees the freedom of the social web with policy controls to keep productivity and resource utilisation in check”
From → social media policies