Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
6 Tips For Securing Social Media In The Workplace
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
stuartjacklin
50%
50%
stuartjacklin,
User Rank: Apprentice
9/19/2014 | 3:04:50 AM
Opinion
It's necessary to use Social media websites and Gmail securely on work .The most important thing that can be done is frequently change your passwords and use of  secure browsers can help you to protect your data .

 

www.pitchussocial.com
Bprince
50%
50%
Bprince,
User Rank: Ninja
5/30/2014 | 11:05:21 AM
Re: Secure your social
The point about LinkedIn I think was just brought home by the situation with the Iranian hackers. It is important for organizations, particularly defense and financial organizations, not to underestimate how much social networking sites can be used for the purposes of recon for attackers.

BP
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
5/22/2014 | 4:04:26 PM
Re: Training
I do think that today most employees today are aware of the risks from social media in the workplace (and at home) but it's easy to fall into bad practices. Technology solutionsn like using Web browsers with high malware block rates seem to me like a no brainer from the IT side. And putting the onus on employees to avoid location-based social media on their corporate mobile devices doesn't seem to onerous. LinkedIn, on the other hand, would require more of an effort in user education. 
JohnPirc
50%
50%
JohnPirc,
User Rank: Author
5/22/2014 | 2:40:19 PM
Re: Secure your social
Thank you Shawn. This point was tied to an actual use case. The amount of data you can mine within LinkedIn isn't only tied to M&A but also employee moral.  When I typically get request to provide recommendations, usually shortly after I gave the recommendation they left their job for another opportunity. Again, I appreciate your commnets.
JohnPirc
50%
50%
JohnPirc,
User Rank: Author
5/22/2014 | 2:31:49 PM
Re: Social media corporate policy
Thank you this is great insight.
PaulS681
50%
50%
PaulS681,
User Rank: Apprentice
5/22/2014 | 8:00:14 AM
Re: Training
It's so easy to say but much harder to do. You have to put time aside for this. That is the toughest part. Real world examples would help. Many that post things about the company don't even realize it, and unless you show them hard examples, they may not get it.

Some kind of interactive piece would also help... Even if that is just asking questions, Get them involved somehow.
jpizzle
50%
50%
jpizzle,
User Rank: Apprentice
5/22/2014 | 6:58:32 AM
Re: Training
Thank you Paul! I couldn't agree with you more.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
5/21/2014 | 2:44:15 PM
Re: Training
Finding the happy medium of training that is not too technical or too long -- yet still is effective -- sounds like a pretty tall order. Does anybody want to share their best practices (or lessons learned)? 
PaulS681
50%
50%
PaulS681,
User Rank: Apprentice
5/20/2014 | 7:03:11 PM
Training
Training to backup the company policy is a must. You can put all you want in the policy, people just are not going to read it. You could say that it's their problem if they don't read it but it can make major headaches for IT staff if they do something they shouldn't. Training and talking about it helps alot. Keep the training short and to the point, don't get to technical and you can make your job easier.
cumulonimbus
50%
50%
cumulonimbus,
User Rank: Apprentice
5/20/2014 | 5:34:19 PM
Social media corporate policy
If you think that bad news travels 10x as fast as good, then perhaps a good social media policy is minimalistic? I agree that companies need a "firm but fair" policy for social media, and to educate on the downside. I have seen corporate policies that attempt to limit access to certain sites using third party taxonomy, but I am not sure this works as a moral quotient. In the end it comes down to exercising good judgement through emotional intelligence. Thanks for a great article.
Page 1 / 2   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises Are Assessing Cybersecurity Risk in Today's Environment
The adoption of cloud services spurred by the COVID-19 pandemic has resulted in pressure on cyber-risk professionals to focus on vulnerabilities and new exposures that stem from pandemic-driven changes. Many cybersecurity pros expect fundamental, long-term changes to their organization's computing and data security due to the shift to more remote work and accelerated cloud adoption. Download this report from Dark Reading to learn more about their challenges and concerns.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-4875
PUBLISHED: 2022-01-21
IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 190838.
CVE-2020-4876
PUBLISHED: 2022-01-21
IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 190839.
CVE-2020-4877
PUBLISHED: 2022-01-21
IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could be vulnerable to unauthorized modifications by using public fields in public classes. IBM X-Force ID: 190843.
CVE-2020-4879
PUBLISHED: 2022-01-21
IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could allow a remote attacker to bypass security restrictions, caused by improper validation of authentication cookies. IBM X-Force ID: 190847.
CVE-2021-4016
PUBLISHED: 2022-01-21
Rapid7 Insight Agent, versions prior to 3.1.3, suffer from an improper access control vulnerability whereby, the user has access to the snapshot directory. An attacker can access, read and copy any of the files in this directory e.g. asset_info.json or file_info.json, leading to a loss of confident...