Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

Social Media Risk Mitigation In The Workplace

Dimension Data : 15 November, 2010  (Special Report)
Chris Jenkins, the Security Director at Dimension Data, explains the risks associated with the use of social media in the workplace and how this risks can be mitigated
The use of social media applications such as Facebook and Twitter in business represents a rapidly growing security risk. McAfee's 2010 Threat Predictions report asserts that social networking sites and applications are rapidly altering the approach cybercriminals are taking and drastically increasing user vulnerability. Unless businesses take a totally 'lock-down' approach to social media and the internet - and in some organisations invite employee mutiny in doing so - they need to tackle this security challenge or face a host of negative repercussions, including data loss, IP theft and reputation damage. This article provides an overview of the security threats social media generates when used at work, or on work PCs and mobile devices, and offers advice on how to mitigate them.

What are the security threats specific to social media?

Many of the security threats associated with social media are just old risks in a new form, requiring a different approach, but not new security technology necessarily. Indeed, some threats are wrongly seen as security issues when they are more of a business issue. Businesses need to understand the types of threats they face to work out what area of the business is best placed to take action against each threat, and to successfully employ a social media security strategy.

How can businesses protect themselves from social media security threats?

The first thing to note is that security technology can't provide total protection from social media threats. The main reason for this is that people are an organisation's greatest security threat, and there's only so much IT security can do to protect against human error. So, like all security strategies, a social media security strategy needs to take people, processes and technology into account.

For example, there have been many examples of employees losing laptops and USB sticks carrying valuable and confidential data. In this scenario, while security technology couldn't prevent the loss of the machine, encryption technology would have prevented the data on it from falling into the wrong hands. In the case of social media, the frequency of communication and less guarded attitude users have means that there people are generally more likely to click on a malware link when it is in a message from a Facebook friend, compared to an email from a stranger. Although anti-malware applications, firewalls and data leakage prevention tools can help mitigate this, it takes education and the implementation of a social media security strategy and acceptable usage policy for a business to comprehensively tackle the human element.

Balancing risk exposure, business culture and security technology

So the best place to start when tackling the social media risk is defining, communicating, monitoring and enforcing a corporate policy on its usage in the business. This will require the involvement of HR and management, and needs to take into account things like the business culture and its appetite for risk, and employee demand for social media.

Any use of social media at work or on work devices will open up a business to security risks. Some organisations will therefore ban all social media usage, while others may encourage employees to use them as tools necessary for their job. It's important to note, however, that in any case demand for social media is growing, and that if employees are keen to use it at or for work, some will find a way to do so. For example, an employee working from home may simply turn off their VPN, while another may bring in a 3G dongle and connect to the corporate network bypassing security systems. This highlights the need to make acceptable usage policy for social media reasonable and in keeping with a business's culture and risk appetite. It also underscores the need to complement policy with sound IT security measures.

For example, a multi-national customer of ours found that employee demand for social media was growing, and usage was increasing despite attempts to stop it. Working with Dimension Data, the customer assessed its business culture and risk appetite, as well as the risks related to social media usage. It developed a company policy and implemented technology to allow social media usage while managing the particular risks. The technology deployed included corporate Instant Messaging (IM) that sat inside their perimeter security, and web content-aware controls that allowed the use of specific social media applications but blocked the leakage of confidential data. In doing so, employees were allowed to continue using social media for personal and productivity gain, and in a way that kept the customer's exposure to related security risks at an acceptable level.


As cybercriminals find new ways to exploit social media users, and as social media usage grows, so too must businesses adapt their approach. The key challenge is exploiting the business benefits of social media while keeping security risk exposure at an acceptable level - and continuing to do so as the threat landscape evolves. Although the threats social media usage in business generates are not necessarily new, the approach organisations must take to address them is. This approach needs to consider people, processes and technology, and involves defining a business's culture and its appetite to risk, and the implementation of a corporate policy and security technology.
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo