30 July 2014

Identity Theft Expert

Robert Siciliano - IDTheftSecurity.com

500 | posts 1,283,755 | views 57 | comments

7 Social Media Security Tips To Protect Your Business

24 March 2014  |  2537 views  |  1

Your employee's online life could open your business to some serious dangers.

 

Many small businesses recognize the benefits of having a social media presence for customer service and long-term marketing purposes. However, many are slow to recognize social media's security issues and how employees’ own social presence can add to the company's security issues.

Some companies restrict internal access. Others may prevent employees from having any corporate association outside of work on their own social platforms. This is due to the fact that whatever an employee says outside of work publicly can have a significant impact on the organization.

Turns out the robbers scanned the teller’s social media sites based on searching the name of the bank as employer.

Last year I presented a robbery response program to a credit union. My presentation came after a mock robbery was staged, using real cops acting as masked robbers with guns. The robbers came in, guns blazing and screaming profanities, and, quite frankly, were very disturbing in their delivery. Some tellers cried, others cowered. Pregnant women were not allowed to participate and for good reason: Cops make great robbers!

At the end of the robbery, we all circled and discussed what happened. The teller who received the robbery note read it aloud, stating: “Your husband works at the Main Street Garage. We intercepted him when he was opening this morning. He is in a trunk at an undisclosed location. If you hit the silent alarm and the police come, we will kill him.”

Turns out the robbers scanned the teller’s social media sites based on searching the name of the bank as employer. Once done, they looked up her spouse’s place of employment. They were able to learn what time he opened and closed the shop. Scary.

Follow these social media security tips for small business to prevent security issues just as scary:

Institute a policy. Social media policies must be in place to regulate employee access and establish guidelines for appropriate behavior. Policies must specifically state what can and cannot be said, referring to slang, abusive language, etc. Employers should train their employees on proper use, as well. At this point, many of the mistakes have already been made; a quick search for “social media policy” will return lots of great ideas.

Consider a no-employment disclosure. Request employees leave their employment status blank when setting up a social site profile. Employees represent their employer 24/7/365, so what an employee says on or off the job and online directly reflects on his or her employer and, as stated in my credit union story, can be used against the organization.

Limit access to social networks. There are numerous social networks serving different uses, from wine and recreation to music to movies, used for everything from friending to finding a job. Some are more or less appropriate, and others are less than secure. Employee association with a social network that is considered off-color in any way will come back and haunt the company.

Train IT personnel. Policies and procedures begin from the top down. Managers and IT personnel responsible for managing technology need to be fully up to speed with social media security risks and set leadership examples.

Maintain ongoing monitoring and security. Once a policy is in place, it needs to be updated and enforced, and employees’ online lives must constantly be scrutinized. Invest in consulting, hardware, software and anti-virus protection, and update critical security patches for your operating system to make sure your business network is up to date.

Lock down social settings. Require employees to learn about and incorporate maximum privacy settings. Most social networks have privacy settings that need to be administered to the highest level. Default settings generally leave the networks wide open for attack.

Don’t completely eliminate social media. Eliminating access to social media opens an organization up to other business security issues. Employees who want access will get it—and when this happens, they sometimes go around firewalls, making the network vulnerable.

How do you ensure social media security in your business? Share your experiences in the comments.

TagsSecurity

Comments: (1)

Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune | 26 March, 2014, 14:03

When my uncle, who is married for over 3 decades, had set up his Facebook page a couple of years ago, he'd quickly filled out just the mandatory fields and had intentionally left the marital status field blank. When he recently took FB's advice to complete his profile and updated his marital status to "married", all his nephews and nieces got an update saying our uncle got married. 

Today, I got an update from LinkedIn saying a business associate founded a new company. Turns out all he'd done was to expand his existing company's name on his LinkedIn profile from "XYZ" to "XYZ LLC".

Apart from a deep chuckle or two and a few raised eyebrows, the above examples are innocuous.

However, for those people planning to act on "Consider a no-employment disclosure", here's a word of caution: By itself, there's nothing wrong with this tip but, the way social media notifications work, this could result in unintended consequences. By keeping the employer field blank or removing the employer's name if it was entered earlier, I won't be surprised if social media networks send out a "so-and-so is now unemployed" type of notification to friends, followers and connections! If that happens, it could be a lot more embarrassing than my two aforementioned examples. 

Comment on this story (membership required)
Log in to receive notifications when someone posts a comment

Latest posts from Robert

Make Information Security a Priority

15 hours ago  |  276 views  |  0  |  Recommends 0 TagsSecurity

Medical Identity Theft Can be Deadly

24 July 2014  |  583 views  |  0  |  Recommends 0 TagsSecurity

Beware of Flight MH17 Facebook Scams

23 July 2014  |  618 views  |  0  |  Recommends 0 TagsSecurity

How to Prevent Summertime Scams

19 July 2014  |  742 views  |  0  |  Recommends 0 TagsSecurity

Phishing Alert: 8 Tips to protect yourself from Attacks

17 July 2014  |  983 views  |  0  |  Recommends 0 TagsSecurity
name

Robert Siciliano

job title

Security Analyst

company name

IDTheftSecurity.com

member since

2010

location

Boston

Summary profile See full profile »
Security analyst, published author, television news correspondent. Deliver presentations througho...

Robert's expertise

Who is commenting on Robert's posts

Fred Pyziak
Matt Scott
Spyindiavimlesh kumar
Paul Love
Ketharaman Swaminathan
Mike McCormack