The “Global Survey on Social Media Risks” report released by the Ponemon Institute in September 2011 revealed more than half of 4,640 respondents across 12 countries said social media users have increased malware in the office. Only 29 per cent of these participants said they had the right security essentials to prevent these cyber threats, however. These statistics prove anti-virus alone is no longer arming organisations against cyber threats introduced by social media users.
To guard social media users from the latest cyber threats, organisations should develop security essentials from both a policy level and a technical protection level. In this post, we’ll focus on the common cyber threats and the security essentials to incorporate into your policy to protect social media users at your organisation.
Knowing the cyber threats
In a tactic known as click jacking, cyber criminals are embedding malicious code in what seems to be ordinary social media content and gaining access to social media users’ information or engaging in phishing attacks. The proliferation of these cyber threats not only compromises social media users’ accounts and devices, but likely their followers’ — some of whom are undoubtedly co-workers. You can just imagine the Pandora’s Box of cyber threats swept into your organisation if 50 social media users click on the same infected link.
As with any web site or application, there’s always the risk social media users may log on from corporate devices or devices with corporate information on them through an unencrypted Wi-Fi connection. That means your company data has been released into a sea of strangers sitting at a random café. Without the right security essentials, your data is left open to cyber threats.
Security essentials for social media users
When customers approach Datacom about implementing new technologies or access to different applications or services, we first advise them to come up with a user policy before discussing technology to manage or secure devices. It’s once a business has outlined its security essentials in these terms, including both its risks and strategic goals, that we get into the different technologies and approaches that can protect data and devices. It’s no different when protecting social media users from the latest cyber threats: outlining security essentials in a policy is vital.
When considering security essentials for social media users, organisations should first determine whether Twitter or Facebook is necessary for an employee’s role. Consider enacting a step-by-step process requiring employees or departments to request access to become social media users. As part of the process, organisations might require employees to use their personal address, not their work email, in their contact details to guard against cyber threats. The policy can also dictate security essentials around how social media users consume and use information on these sites. For instance, organisations might allow some departments to read information on social media, but not post on it, to prevent cyber threats.
Those employees who are allowed to post on social media should have clear guidelines on what’s appropriate to write and what’s not. You could also prevent social media users from downloading any content from these sites as part of your security essentials. If you know employees will be accessing social media sites in public through Wi-Fi, specify what can and cannot be shared or accessed while they are connected to prevent cyber threats.
Make sure social media users are educated about the cyber threats and security essentials, on social media sites and elsewhere, and don’t forget the final piece that many organisations neglect — actually enforce the policy across the organisation. All social media users should know the security essentials and what will happen if they ignore them.
Stay tuned for Part II, where we’ll discuss the technical security essentials of protecting social media users from cyber threats.