Social media applications are not just a part of one’s personal lifestyle; this has also become incorporated in the corporate climate. Many places use these applications for marketing, file sharing, communication, and employee recruitment. While these applications can open up a great many doors of communication, some type of guidance or governance is necessary. Because banning the use of such sites is most likely unenforceable or impractical, a hospital or other such entity that must shield private information should at least ask or force their employees to adhere to some Social Media Policy guidelines.

For instance, when utilizing social networking sites, one should use separate passwords for the different sites, as an individual can easily hack all of one’s accounts if they know the one password. A security breach of one account could snowball. Passwords should be complex and change every 90 days. Accessing social media sites should be over SSL and only from trusted network connections, not coffee shops especially for business purposes!

In the case of company documents or patient information, if it isn’t found on the company’s web page it probably should not be posted elsewhere. There are sites that exude a feeling of privacy and security, but are far from it. Allowing one’s corporate information security team to determine what sites are acceptable is the best option.

Another thing one should not do is post his or her own identifying information publicly, such as date of birth, his or her social security number, or an employee ID number. If a site requires this information, 1) it is most likely not a reputable site, and/or 2) one could make something up or ensure that it is not going to be displayed in a profile that will be public.

Some information may not be considered confidential; yet not posting these items to public social media sites is probably a good idea. This can include anything from rumors, to purchases the company plans on making, anything about the technology one’s company uses or will use, and any projects the individual may be working on.

So in one’s personal endeavors, it is most beneficial to all involved if confidential information, or information that could be considered secret, stays out of the hands of the public. Follow practical posting guidelines and do not share more information than is necessary in corporate social media activities.

Gary Bahadur

CEO KRAA Security, baha@kraasecurity.com

http://www.kraasecurity.com

http://blog.kraasecurity.com

http://twitter.com/kraasecurity

*Managed Security Services

*Vulnerability Management

*Compliance & Police Development

*PGP Security

*Free Website Security Test

When you join a company, you relinquish certain rights. The workplace is not a democracy. Yet many people still think that their corporate email, their corporate computers and the data they use is “theirs”. Who owns that data? Well the answer is the company. Companies are concerned with data loss prevention. A company can fire you for mis-using company data, that is obvious. A company can fire you for portraying a poor image such as drunkenness, poor behaviour, saying negative or derogative things about your boss or company,  public displays of nudity, well I could go on about why you can be fired.

One example is a young woman who got fired from her job because she said she ” thought her job was boring. So she said so on her Facebook page.  Her employer, Ivell Marketing and Logistics of Clacton, U.K., gave her this update: “Following your comments made on Facebook about your job and the company we feel it is better that, as you are not happy and do not enjoy your work we end your employment with Ivell Marketing & Logistics with immediate effect” as stated in this CNET article, http://news.cnet.com/8301-17852_3-10172931-71.html

So the question is, can a company can fire you for your out of office activities, should they have the right to monitor your activity? Should an employee be required to register all their social media profiles with their employer so that the reputation of the company can me monitored? It would obviously make it easier to know if an employee is damaging the reputation of the company.

The biggest challenge Social Media plays for a company is damage to reputation. A silly yet powerful example of Social Media affecting a company’s reputation is United Airlines breaking a musician’s guitar and refusing to pay for it. The musician Dave Carroll had a YouTube hit with his song about the poor airline response to him (http://www.boston.com/travel/blog/2009/07/song_over_guita.html) This viral video caused reputation damage. So this is a bit different from an employee posting something, but it has the same end result, reputation damage.

So when you start a new job, you have to take a drug test, get a background check, so why not register all your social media profiles? What are the pros and cons? Is it to much “Big Brother” or is it becoming a relevant reality of doing business in the Social Media age?

Gary Bahadur

CEO KRAA Security,  baha@kraasecurity.com

http://www.kraasecurity.com

http://twitter.com/kraasecurity

*Managed Security Services

*Vulnerability Management

*Compliance & Policy Development

*PGP Security

*FREE Website Security Test

Related articles by Zemanta

• How Social Media Can Revolutionalise Your HR Department (gautamblogs.com)
• Social Media In, Common Sense Out (socialmediatoday.com)
• Managing Both Objections and Reputation Through Social Media (debbieweil.com)

Part 2
The Data Lifecycle Management (DLM) goes through 5 steps: creation, usage, transport, storage and destruction. Most companies have parts of this lifecycle under control, but that means there are lots of areas for gaps in the control measures that could let a threat affect the data. The multiple part blog, (I am not sure how many parts it will take), will walk through the steps of the data lifecycle and what a company can do to implement a good process for all the data management challenges.

In the first part of this series, we covered what it means to say you have or want a data lifecycle management process.  So why do we need something different from what we are already doing around DLM?

Why does traditional security not work for DLM?

Users have risky behavior. They will always have risk behavior and we rely on mostly technology controls to keep them in a secure box.  Solutions aimed at the external threats coming in, not the regulation and governance of internal communications going out. Problems we see are typically:

• Unauthorized application use: 70% of IT say the use of unauthorized programs result in as many as half of data loss incidents.
• Misuse of corporate computers: 44% of employees share work devices with others without supervision.
• Unauthorized access: 39% of IT said they have dealt with an employee accessing unauthorized parts of a company’s network or facility.
• Remote worker security: 46% of employees transfer files between work and personal computers.
• Misuse of passwords: 18% of employees share passwords with co-workers.

The reasons typical technology controls will not work in the full DLM process are:

• Products are not geared to protect a full life cycle of a customer records
• Most solutions and processes are outward facing, based on perimeter security
• Encryption can affect data management
• Real-time intrusion detection and remediation is rare
• Context and intent of messages was not analyzed properly
• Functional areas in organizations create different policies, monitoring requirements, enforcement priorities and reporting
• New technologies can avoid security measures
• Technologies look at the network, the operating system or the application not the data across all environments
• Not mapped properly to regulations

What risks does customer data loss pose for organizations?

If we know that security is not working, what are the risks we face? A very recent example of how this can have a practical affect is with the Massachusetts Privacy Law 201 CMR 17.00. Loss of data can have a great financial impact with this law.  Key things we need to consider include:

• Penalties: Not complying with regulations can cause civil and financial penalties
• Confidence: Loss of customer confidence because of a customer data breach can lose customers
• Reputation: Damage to reputation will lose customer and damage relationships
• Competitive Advantage: Information and customers can move to competitors
• Costs: Ponemon Institute’s 2008 annual study, average $6.6 million per breach.
• Valuation: Decreased stock prices could result

I will continue this process in the next post…

Gary Bahadur
http://www.kraasecurity.com

http://blog.kraasecurity.com

http://twitter.com/kraasecurity
Address: 200 Se 1st St #601 Miami FL 33131

*Managed Security Services
*Vulnerability Management
*Compliance & Policy Development
*PGP Security
*FREE Website Security Test

Related articles by Zemanta

• Analyst Study Shows Employees Continue to Put Data at Risk (newswire.ca)
• Perception of Data Security at Odds with Reality, Accenture Study Finds (eon.businesswire.com)
• Data protection a priority for CEOs (newstatesman.com)
• HSBC admits to understating data theft (v3.co.uk)
• Breach numbers fall while costs rise Ponemon study finds (v3.co.uk)
• Symantec Shells Out $370 Million For Data Encryption Companies PGP and GuardianEdge (techcrunchit.com)

Why should you switch from the Blackberry? Well there may not be a good reason. The Blackberry has a number of apps and it is secure, it has encryption and has been beaten up on the security front like network security assessment and application security testing. It’s ingrained in businesses and Blackberry Enterprise Server is well known to many IT administrators.

The Entrepreneur can use both devices. Let’s assume there are at least some people using the IPhone, what apps should they have in their toolkit?  Of the thousands of apps, how can you pick a few that would be beneficial to the Entrepreneur Road Warrior? Well the way I picked them is through word of mouth , that are of benefit to me and comes with network security assessment tools. I travel, work in my car, have meetings at all times of day, I am away from the office for days or weeks.

Take these with a grain of salt and do not send any flame emails. But please send in the apps that you think should be shared with the world or at least readers of this Blog.

Urban Spoon

First up is Urban Spoon. You are thinking, well that’s not some kind of spreadsheet or financial app. What is the business purpose? The lifeblood of the Entrepreneur is networking , managed security services, application security risk assessment and deal making. Where deal making most of the time involves some kind of meal. Urban Spoon can find you restaurants by cuisine, by neighborhood, by cost, by distance. Everything you need for a meeting is the most random city.

AroundMe

In the same vein as Urban Spoon, is AroundMe . Say you are on your way to an important lunch you have setup with a restaurant you found on Urban Spoon but you are almost out of gas. Use AroundMe to find the closed gas station. Or if you need cash to pay for that gas because your Amex Card has been cancelled, find the closest bank.

GoogleMaps

Well this is pretty obvious. But when you are traveling and maybe forgot to bring your Garmin GPS and do not feel like paying the rental company an extra $11.99 a day to rent their GPS , this is just as good.

ReQall

This is a pretty useful app. The developers were one of the www.TiE.org Top 50 companies this year at TiECon. The app captures your voice, translates it to text, organizes your calendar based on your voice messages, integrates into Outlook or Google Calendar and provides memory assistance. It’s great when you have no pen or driving in a car or need a memory reminder.

FlightAware

For the true Road Warrior, there is no road, there is the sky. So when you are rushing to the airport or think you need to rush to the airport, track down what is going on with your flight. Check out FlightAware to get an update and help you plan that trip to the airport.

TweetDeck

Social Media, the latest buzz word, actually has some teeth. Small companies and the Entrepreneur have to be connected to the work whether you like it or not.  Twitter is a way of life these days even if people seem to be twittering their lives away. How do you tell your followers that you are stuck in an airport in Baltimore? Try using TweetDeck.

These Apps don’t seem very business-like, but the Entrepreneur is practical, cheap, requires network security audit tools and has to get things done today . These help you achieve your million tasks on a timely basis.

Gary Bahadur

http://www.kraasecurity.com

http://blog.kraasecurity.com

http://twitter.com/kraasecurity

*Managed Security Services

*Vulnerability Management

*Compliance & Policy Development

*PGP Security

Related articles by Zemanta

• Urbanspoon: Half A Billion Shakes And Counting (techcrunch.com)
• Will the iPad make a great car gadget? (blogs.computerworld.com)
• What are your favorite iPhone apps? (scienceblogs.com)
• My iPhone Apps (lenestrada.com)