Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Privacy

Translating Facebook, Twitter Privacy Controls into Social Media Policy

Managing Risks of Social Media in the Enterprise

Between the launch of Google + and recent announcements from Twitter and Facebook, social network security has been front and center in the press during the past several days. While the changes are unlikely to diminish attackers’ interest in social networks, the talk about privacy once again underscores the importance of developing sound acceptable use policies for your organization.

Managing Risks of Social Media in the Enterprise

Between the launch of Google + and recent announcements from Twitter and Facebook, social network security has been front and center in the press during the past several days. While the changes are unlikely to diminish attackers’ interest in social networks, the talk about privacy once again underscores the importance of developing sound acceptable use policies for your organization.

Social Networking Security TipsFrom a user standpoint, the changes – which include an “Always use HTTPS” feature for Twitter users and new dropdown privacy menus for Facebook – are meant to provide simple, effective mechanisms for offering security. From a business perspective however, controls do not lessen the need for enforceable policies, meaning they still face the task of crafting rules that balance privacy, security and productivity.

“The first thing to do is to define what social media is and how it relates to your organization,” explained Beth Jones, senior threat researcher at Sophos. “Different organizations will have different needs. Are you a school or a business? What do you consider to be social media? Just Facebook and Twitter? What about FourSquare, or Flickr or YouTube? How do employee personal blogs (or student blogs) factor in?”

IT Security Resource: Justifying IT Security: Managing Risk & Keeping Your Network Secure

Next, there is the issue of content. In a template for corporate policies, Websense suggested a number of guidelines, ranging from the obvious – such as not disclosing confidential information – to rules such as not referencing partners or customers without approval and including links back to their Websites when they are mentioned. It also includes recommendations such as identifying oneself instead of using pseudonyms and having users speak in the first person during personal communications so it is clear they are not speaking on behalf of the company.

Key to all this of course is education. Tom Clare, senior director of product marketing for Websense, cited three main tips companies need to communicate to their employees about social media. Tip #1: “if you don’t want it on CNN, don’t post it.”

“Every employee is a brand ambassador when they use social media channels,” he said. “So my recommendation is to use common sense. Would you want your boss to read what you are posting? Is that information confidential? Do I want my competitors or customers to read this? When in doubt, use common sense.”

His second tip: understand social media use is monitored.

Advertisement. Scroll to continue reading.

“Excessive use of entertainment, unproductive, inappropriate content or time-consuming habits will be monitored and if necessary, policies will be enforced to ensure employee productivity and the proper use of the social web,” he added.

Finally, employees need to understand they are the solution, not the problem, and should look for ways to use social media to increase productivity and improve customer relationships.

From a security standpoint, organizations should also monitor their employees and seek out technology to prevent data leaks and other threats, he said.

“Use your resources wisely,” Clare told SecurityWeek. “For example, you can allow folks to watch video surveillance of their kids at home, but on quota time. This will reduce bandwidth strain and corresponding costs while keeping your employees happy.

Suggested Reading: Vulnerability Management Buyer’s Checklist: Key Questions to Ask

Related Reading: Facebook vs. Privacy – What You Can do to Protect Your Privacy

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn about active threats targeting common cloud deployments and what security teams can do to mitigate them.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Privacy

Many in the United States see TikTok, the highly popular video-sharing app owned by Beijing-based ByteDance, as a threat to national security.The following is...

Privacy

Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...

Mobile & Wireless

As smartphone manufacturers are improving the ear speakers in their devices, it can become easier for malicious actors to leverage a particular side-channel for...

Government

The proposed UK Online Safety Bill is the enactment of two long held government desires: the removal of harmful internet content, and visibility into...

Application Security

Open banking can be described as a perfect storm for cybersecurity. At one end, small startups with financial acumen but little or no security...

Cloud Security

AWS has announced that server-side encryption (SSE-S3) is now enabled by default for all Simple Storage Service (S3) buckets.