Social media needs a social security strategy

There are plenty of stories about companies using social networking, micro-blogging and online collaborative services to generate business leads, build sales...

There are plenty of stories about companies using social networking, micro-blogging and online collaborative services to generate business leads, build sales networks and engage directly with customers. So why are the majority of businesses still reluctant to use this channel of communication? writes Ash Patel, country manager, UK & Ireland at Stonesoft.

Undoubtedly, part of the reason is cultural with the older generation of senior executives either not understanding the technologies or thinking it is a passing fad so not worth the time and investment. But, the main reason, to my mind is unnecessary scare mongering by the security community which has created the myth that these tools are inherently insecure.

I hear many IT managers and CIOs claiming that social networking sites such as LinkedIn or Facebook will open new doorways for cyber-attacks, such as phishing and desktop hi-jacking. While it is true that online security threats are evolving to the point where legitimate websites are increasingly carrying malicious malware, this is not limited to social networking platforms. Businesses continue to use online banking despite the fact that these services are also being targeted by hackers to steal financial data.

In reality, when it comes to social media the weakest link in the security chain will always be people. The best example of this is the recent Ministry of Defence data leak where confidential information had been leaking out through social media sites for the past 18 months. This potential threat to national security would not have been prevented by better network security. The reality is that social networking services present the same threats that any online service presents.

So, organisations can fully utilise social networking tools while also mitigating online threats by implementing pro-active security devices. By using technologies such as intrusion prevention systems and firewalls that have the ability to inspect traffic comprehensively at the application layer, while also inspecting encrypted traffic, organisations will be equipped to meet the technical challenges that social media and networking presents. Businesses need to start treating social media like any other kind of online service accessed from within the organisation.

But, employees will continue to pose the weakest link in any security chain as we have seen with the torrent of data loss stories due to misplaced USB sticks in the last couple of years. Organisations need to set clear rules of engagement by ensuring that they have comprehensive social media strategies in place, with policies that are tailored to the requirements and culture of their business.

If businesses want to compete in this tough economic climate they need to fully utilise all the tools available to them including social media platforms. They need to spend time training and advising staff as well as implementing pro-active security technologies to identify and prevent malicious traffic before it breaches the corporate network.

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.