Social Media Check-Ins Are Poised To Be The New Currency Of Mobile Advertising

Social Media Check-Ins

Subscribe to Social Media Check-Ins: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get Social Media Check-Ins: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


All You Need To Know About Social Media Check-Ins and Their Importance Authors: Mat Rider, SyedKashif tacyStone1, Valeriia Timokhina, AppDynamics Blog, Kasper Loy

Related Topics: Web 2.0 Magazine, Security Journal, Social Media Check-Ins

Article

Employee Social Media Access at Work Challenges the Security Pros

The social media challenge arises with how to secure certain channels without blocking social media websites & services entirely

The rise in use of personal social sites, social networking tools, and BYOD mobile devices in the workplace increases the threats to any company's mission exponentially.

Social media, including Facebook, Twitter and LinkedIn, is used extensively by many functional areas in companies today to communicate about and promote their efforts, and to interact with their constituencies. For the marketing department, in particular, social media can help build brand awareness, improve (or destroy overnight!) the company's reputation, and engender customer loyalty. It also offers the hope of achieving the ultimate dream of any marketing professional - to see their new marketing campaign "go viral" on the Internet. When skillfully used by the HR department or a hiring manager, social media can quickly find talented new hires using an informal network of millions of interconnected people. And free social media tools are being widely used today as internal platforms for distributing key announcements as well. For example, Twitter is being used extensively to keep employees up-to-speed on important company news, "Didn't you read this morning's Tweet from the CEO."

As beneficial as social media is for business - and it surely is as organizations are beginning to realize that it also brings with it a multitude of problems. Most of these problems have been seen before, going back to the genesis of the Internet: lost productivity, misuse of network bandwidth, exposure to unmanaged content, security threats, and confidential data leakage. But some of them are unique to and exacerbated by this new social media phenomenon that has exploded onto the Internet over the past few years.

Advances in personal smartphones, tablets, and laptops have led to the consumerization of corporate IT on the hardware front as well. Personal mobile devices are allowed in most workplaces today and in some cases they are even approved for business use. This "bring your own device" (BYOD) phenomenon that organizations are experiencing is in many ways driven by workers' needs or desires to use a mobile device that is "better" than the company might provide for them, continue monitoring personal email and texts at work, and remain active in social media no matter where they are.

All of this (new social sites, social tools, and mobile devices) increases the threat level to any company's network exponentially. Hackers and online criminals have begun to introduce mobile-specific viruses and malware code. Once downloaded onto the device, this malware can be introduced into the workplace network. Employees being active on social sites (whether at home or at work) can expose companies to the release of confidential information onto the Internet where it can quickly spread like wildfire and never be contained or completely deleted. This social media information leakage can occur either accidentally or deliberately by sharing information (news, data, photos, etc.) on social networks that are completely outside of the company's traditional network security perimeter.

Even when keeping in mind that data leaks are normally innocent mistakes made by good employees, one of the last things any company wants is for their protected customer data or the company's own trade secrets to be leaked out on Facebook, in Twitter, on a forum, in a blog post, on LinkedIn, at foursquare's "here I am" site, in a YouTube video, during a chat session, or whatever is next on the social media horizon.

How Security Pros Address the Threat of Confidential Data Leaks over Social Media
Firewalls, AV, NAC, IDS, IPS, and other security tools can help mitigate the threat of malware and hacker threats on the network. However, as social media and BYOD grow as cultural norms in the workplace, the new risk of "data leakage" through social media activity must be addressed with new tools and approaches given the deadly threat it presents to the ongoing success of any business or brand.

The organization must first establish a well-developed acceptable use policy for social media with their employees. This will serve as a prerequisite for securing social media use and protecting the company from legal liability. In addition to policy development, communication and training measures, technology solutions must also be deployed to ensure a successful and legally defendable policy. Technology should be used to automate the policy's enforcement by consistently blocking certain social media postings and downloads from endpoint devices regardless of who the employee is or how ignorant of the policy they may claim to be.

Any policy that is not consistently enforced serves no purpose and offers no value.

No security technology is perfect. Security tools that stop data leaks while also simultaneously informing the employee "why" they have been blocked from posting or downloading something (on Facebook for example) are far superior in achieving their ultimate goal. Combination "block and inform" products like this quickly educate the staff about this critical policy so they don't violate it again, and hopefully results in the employee spreading the word to a few co-workers about their warning. In short, this is one break room conversation organizations should want to encourage.

The social media challenge arises with how to secure certain channels without blocking social media websites and services entirely. The solution requires the ability to differentiate between personal, corporate, public and confidential information in social media exchanges, so it must be data-centric and content-aware. In addition, legitimate social communications that are in accordance with the acceptable use policy must not be affected. The solution has to be capable of real-time content analysis.

Among the many existing IT security technologies available today, the only one that truly satisfies this set of requirements is Data Loss Prevention (DLP), and today there are numerous DLP solutions available. Determining which one would be the best fit for securing social media use in any given organization depends on a myriad of criteria as is true with any security technology. The needs, risks, and budget of a 20 workstation company are vastly different from those of a large global enterprise.

One thing is certain - the source of most data leaks (not data hacks) is almost always insiders on the network at a workstation or employees with a company laptop that they often take with them outside of the network. For company-owned devices, DLP solutions that stop the problem at the source (at the workstation/ mobile device) can be the least expensive, easiest to deploy and manage, and offer the broadest umbrella of protection. The "stop data leaks at the source" strategy offers the broadest DLP coverage precisely because it follows the mobile devices outside of the network where network sniffers, traditional perimeter firewalls and content security gateways typically do not reach.

Whether or not you apply DLP filtering software or security appliances on and around the network, you still need to consider applying DLP technology on laptops and other endpoint devices. Given the effort to build business and IT processes to secure a high percentage of user devices from the threat of data leakage and the downloading of files that may be infected with malware, a deployment of DLP security to all user-class devices is the most prudent place to start applying DLP technology in any sized organization.

The combination of a written, well-communicated acceptable use policy for social media, and DLP technology that includes pop-up educational warnings when a social media policy is being violated can reliably prevent data leaks through social media communications.

More Stories By Vincent M. Schiavo

Vincent M. Schiavo joined DeviceLock as Chief Executive Officer in September 2011. A veteran of the computer industry for more than 30 years, most recently Mr. Schiavo served as the Executive Vice President of Worldwide Sales for LogLogic, a San Jose based security information and event management provider. Prior to LogLogic, he was the Senior Vice President of Worldwide Sales and Marketing for Secure Computing, a San Jose based web information security company which was acquired by McAfee in 2008.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.