Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
6 Tips For Securing Social Media In The Workplace
Oldest First  |  Newest First  |  Threaded View
Page 1 / 2   >   >>
ShawnB287
ShawnB287,
User Rank: Apprentice
5/20/2014 | 1:05:32 PM
Secure your social
Thanks John for this post. I especially like the point about posting details to LinkedIn It's frightening how many organizations do not consider social media an organizational threat.  
cumulonimbus
cumulonimbus,
User Rank: Apprentice
5/20/2014 | 5:34:19 PM
Social media corporate policy
If you think that bad news travels 10x as fast as good, then perhaps a good social media policy is minimalistic? I agree that companies need a "firm but fair" policy for social media, and to educate on the downside. I have seen corporate policies that attempt to limit access to certain sites using third party taxonomy, but I am not sure this works as a moral quotient. In the end it comes down to exercising good judgement through emotional intelligence. Thanks for a great article.
PaulS681
PaulS681,
User Rank: Apprentice
5/20/2014 | 7:03:11 PM
Training
Training to backup the company policy is a must. You can put all you want in the policy, people just are not going to read it. You could say that it's their problem if they don't read it but it can make major headaches for IT staff if they do something they shouldn't. Training and talking about it helps alot. Keep the training short and to the point, don't get to technical and you can make your job easier.
Marilyn Cohodas
Marilyn Cohodas,
User Rank: Strategist
5/21/2014 | 2:44:15 PM
Re: Training
Finding the happy medium of training that is not too technical or too long -- yet still is effective -- sounds like a pretty tall order. Does anybody want to share their best practices (or lessons learned)? 
jpizzle
jpizzle,
User Rank: Apprentice
5/22/2014 | 6:58:32 AM
Re: Training
Thank you Paul! I couldn't agree with you more.
PaulS681
PaulS681,
User Rank: Apprentice
5/22/2014 | 8:00:14 AM
Re: Training
It's so easy to say but much harder to do. You have to put time aside for this. That is the toughest part. Real world examples would help. Many that post things about the company don't even realize it, and unless you show them hard examples, they may not get it.

Some kind of interactive piece would also help... Even if that is just asking questions, Get them involved somehow.
JohnPirc
JohnPirc,
User Rank: Author
5/22/2014 | 2:31:49 PM
Re: Social media corporate policy
Thank you this is great insight.
JohnPirc
JohnPirc,
User Rank: Author
5/22/2014 | 2:40:19 PM
Re: Secure your social
Thank you Shawn. This point was tied to an actual use case. The amount of data you can mine within LinkedIn isn't only tied to M&A but also employee moral.  When I typically get request to provide recommendations, usually shortly after I gave the recommendation they left their job for another opportunity. Again, I appreciate your commnets.
Marilyn Cohodas
Marilyn Cohodas,
User Rank: Strategist
5/22/2014 | 4:04:26 PM
Re: Training
I do think that today most employees today are aware of the risks from social media in the workplace (and at home) but it's easy to fall into bad practices. Technology solutionsn like using Web browsers with high malware block rates seem to me like a no brainer from the IT side. And putting the onus on employees to avoid location-based social media on their corporate mobile devices doesn't seem to onerous. LinkedIn, on the other hand, would require more of an effort in user education. 
Bprince
Bprince,
User Rank: Ninja
5/30/2014 | 11:05:21 AM
Re: Secure your social
The point about LinkedIn I think was just brought home by the situation with the Iranian hackers. It is important for organizations, particularly defense and financial organizations, not to underestimate how much social networking sites can be used for the purposes of recon for attackers.

BP
Page 1 / 2   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The Promise and Reality of Cloud Security
Cloud security has been part of the cybersecurity conversation for years but has been on the sidelines for most enterprises. The shift to remote work during the COVID-19 pandemic and digital transformation projects have moved cloud infrastructure front-and-center as enterprises address the associated security risks. This report - a compilation of cutting-edge Black Hat research, in-depth Omdia analysis, and comprehensive Dark Reading reporting - explores how cloud security is rapidly evolving.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-48093
PUBLISHED: 2023-02-01
Seacms v12.7 was discovered to contain a remote code execution (RCE) vulnerability via the ip parameter at admin_ ip.php.
CVE-2022-48094
PUBLISHED: 2023-02-01
lmxcms v1.41 was discovered to contain an arbitrary file read vulnerability via TemplateAction.class.php.
CVE-2023-23135
PUBLISHED: 2023-02-01
An arbitrary file upload vulnerability in Ftdms v3.1.6 allows attackers to execute arbitrary code via uploading a crafted JPG file.
CVE-2023-23136
PUBLISHED: 2023-02-01
lmxcms v1.41 was discovered to contain an arbitrary file deletion vulnerability via BackdbAction.class.php.
CVE-2023-24997
PUBLISHED: 2023-02-01
Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 through 1.5.0. Users are advised to upgrade to Apache InLong's latest version or cherry-pick https://github.com/apache/inlong/pull/7223 https://github.com/apache/i...