Corporate security is in the news again and this time, the story relates to the use of social networking tools. TechCrunch, an online blog received confidential documents pertaining to Twitter’s strategic business plans. The blog editors published some of these documents, saying, “It’s important to note that we have been given the green light by Twitter to post this information - They aren’t happy about it, but they are able to live with it, they say (more on why they did that in our later post).” Yet, other reports indicate that Twitter did not agree with the posting of this information.
This raises some critical questions. Individuals who post information on the internet today may or may not have a journalistic background, therefore, may not have received ethics training. Fast Company blogger, Alyson Kapin writes, "The lines between blogger and journalist are blurred and as a result we have run into ethics issues.” The posting on TechCrunch raises corporate alarm bells on two fronts: security and trust. How secure are tools that many employees now rely on? Moreover, how much trust do users put in these sites when they enter information?
In the case of the Twitter breach of security, William Jackson writes in Government Computer News that “It seems that a poorly protected password allowed a hacker to gain access to company records in Google Apps, a suite of online office services Twitter uses.”
Employees are using a variety of social networking tools on an ever-increasing basis, which has security implications. The 2009 Deloitte report Losing Ground says, “Technologies such as social networks, blogs, and email increase the organization’s internal security challenges.” The same Deloitte survey found that “The top three breaches for respondents who had been breached internally on repeated occasions, were breaches related to: Accidental breach of information (e.g., loss of unencrypted laptop etc.) Malicious software (e.g., viruses/worms) Employee misconduct.” Furthermore, “Only 30% of respondents are “very confident” in their third parties’ information security practices, while 49% of respondents indicate to be “not very confident” or “somewhat confident”.”
Certainly, it is true that along with technological security, risk can increase or decrease depending upon employee behavior. Yet, David Armano says in a Harvard Business blog, “The current state of "social media" for many businesses looks more like an episode of MacGyver than Apple's design process.”
Regardless of the risks involved, the use of these technologies is here to stay. William Jackson writes in Government Computer News that when it comes to social networking tools, “Banning their use probably is not necessary and might even be impossible, but policies to ensure responsible use and adequate security need to be in place as soon as new technology shows up in the workplace.” Thus, it may be time—if your organization has not already—to develop policies and procedures around how to use social networking technology.
According to Staysafeonline.org “A comprehensive cyber security plan needs to focus on three key areas.” These areas include prevention, resolution and restitution.” Of course, once a strategy is developed, it must be communicated and reinforced using a variety of means, including the performance management process.
References:
Armano, David. “Yes, Your Social Media Strategy Needs Design.” Harvard Business Publishing [www.blogs.harvardbusiness.org]. July 21, 2009.
Cain Miller, Claire. “Twitter and TechCrunch Joust Over Stolen Documents.” New York Times [www.nytimes.com]. July 16, 2009.
Deloitte, Touche, Tohmatsu. Losing Ground: 2009 TMT Global Security Survey. Amstelven, Netherlands, Detloitte, Touche, Tohmatsu, 2009.
Goodchild, Joan. “5 Facebook, Twitter Scams to Avoid.” CIO Magazine [www.cio.com]. July 13, 2009.
Jackson, William. “Tweeters beware: All is not secure on the cyber front.” Government Computer News [www.gcn.com]. July 20, 2009.
Kapin, Allyson. “Twitter's Stolen Documents Raises Ethics Questions.” FastCompany.com [www.fastcompany.com]. July 20, 2009.
Schonfeld, Erick. “Twitter’s Internal Strategy Laid Bare: To Be “The Pulse Of The Planet” TechCrunch [www.techcrunch.com]. July 16, 2009.
Staysafeonline.org. “Draft and Implement Cyber Security Plan” [www.staysafeonline.org]. Obtained July 26, 2009.
Social networking is so viral, the advantages are tremendous. It’s incredible what employees carry in their minds. We have solved so many critical issues through social networking than through formal processes. I agree espionage is a concern, but you must remember that espionage will happen with or without social networking. One way we manage company secrets is through education.