Following on from my recent blog ‘Re-enforcing our doors in 2013’ solving all of the issues of disruptive innovations isn’t going to be possible in a year but we must take some strides towards making some of the changes. The four members of the disruptive family are Cloud computing, social media, big data and Mobile.
Let’s take Social Media this week and examine some competencies organizations must start to build.
Social Media is here to stay; it is not going to go away so organizations really must start to define a clear policy when it comes to Social Media. It should not be a standalone policy and must be integrated into the overall security policy and process. Companies often make the mistake of having a complete separate policy and the risk is that some controls fall by the wayside. It also must involve all the key stakeholders in the business on who owns what and define a clear incident management responsibility. For example, legal/compliance owns the liability issues, marketing owns sentiment management, and security owns technical monitoring solutions.
Response plans that may have worked in the past don’t work for Social Media due to the massive audience outreach and the speed with which the information can propagate. So, it may be time to have a dummy run of a breach via Social Media. For most organizations the far reaching security issues in Social Media only come to light when it’s too late.
Onto my favorite topic – User training. Social media due to outreach and speed requires a completely different level of training. Users may not be aware of the fact that a damaging tweet can be re-tweeted thousands of times within seconds. So, set out clear training around the use of social media and some of the issues it can create for companies. Set clear boundaries via technical controls and training.
And finally organisations often forget to monitor the social media for threat management. Brand monitoring on social sites is used by organizations to address reputational risk and customer services can also be monitoring to see if customers are escalating unsolved issues. Social media monitoring could also highlight hacktivist group activity that may be a concern for the organization.
All of these controls raised here shouldn’t come as a big surprise to a security professional but it time to re-think them and ensure you have the controls in places to mitigate any risks via Social Media.
Look out for my next blog on Must Have Competencies for Big Data in 2013.