Lately, I've been thinking more and more about social networking. I was reading a recent article by Eric Ogren on this issue at Searchsecurity.com. The article said:
"According to a recent Websense Inc. survey, the decision has already been made by the business units with 86% of IT respondents reporting pressure to allow more social networking in the business. The message resonates loud and clear to security: Resistance to advances in technology is futile; find secure ways that business can move forward."
It seems obvious that the more social networking we do, the more vulnerable we make ourselves to breeches in security. Viruses can spread quickly, data can be compromised and entire systems can be severely hampered.
The fact is Facebook offers a variety of ways for those in the same company to interact and for various organizations to create networks - there's business value there. Not to mention that Twitter, LinkedIn, MySpace and other such sites, although all different, have the power to bridge a global communications gap. Both Facebook and Twitter have become popular with professionals between the ages of 25 and 35.
It’s evident to me that it’s virtually impossible to stop this trend towards incorporating and integrating social networking sites into the IT networks of companies. With pressure on businesses to allow the use of such sites comes the need for controls, common sense and regulations. While I'm a huge fan of incorporating social networking in to business, there's definitely an important control issue here. Here are a few questions I encourage anyone to consider before using a social networking site in tandem with his/her business.
Why are you deciding to incorporate a social networking site?
There’s no doubt that such sites make communication easier. That’s a given. But you have to determine the reason for this expanded communication and how much control is needed. You’ll need to develop protocols for using the site within your company and other protocols in utilizing the site when dealing with vendors, clients and the general public.
Which features will your employees be able to access and which will your business utilize in its public profile?
Each social networking site offers a range of choices to its users. As an example, if you elect to go with Facebook, a range of choices await you as to how much information is public, which tools are made available and how participants can interact. Are Wall postings appropriate, should Status updates be allowed and which groups, if any, will be established? These questions and others are appropriate for the manner in which the network is used within the company and amongst the general public, clients and vendors.
What controls will you put around the use of the technology?
Once you decide to incorporate a social networking site, you’ll need to develop a sound security plan and a method for checking on how individuals are using the site. Opening your business up to a site such as Facebook makes it more vulnerable to hackers, phising schemes and other security concerns. Once you open up your organization to an outside entity greater security precautions and more vigilance will be needed. Beyond just technical controls, also consider the need for policies and procedures - develop written policies, specific guidelines and a clear vision of the exact reasons for using such a site to guard against misuse, miscommunication and compromises in security. It’s the first step in helping to ensure a smooth transition by your company into the world of social networking.
Anybody who knows me knows that I'm a huge fan of social networking (evidence Twitter, LinkedIn, Facebook) - as such, I welcome the fact that social networking sites are not only here to stay, but that they will continue to expand and evolve. That means that the security and business communities as a whole must also evolve and develop.