Tech Talk The latest news, reviews, and discussions for the IT professional.

Are Enterprises Equipped to Mitigate Social Media Security Risks?

Are Enterprises Equipped to Mitigate Social Media Security Risks?

Strangely, when we speak of cybersecurity, social networking becomes more of a curse than a boon. All those collaboration and productivity benefits lose focus and cyber criminals take center stage. Their most common ploy seems to be phishing, with objectives to initiate attacks, breach corporate information, introduce malware, or access the company network.

With so many touch points to exploit, hostile actors have expanded their focus to include extremely well financed private or even government organizations. Examples abound. And thus, in a recent Form 8K filing, retail giant Target acknowledged that firms incurred $252 million in costs due to data breaches in 2013 and a net of $162 million after insurance proceeds. Users too have suffered on this count – for instance, a data breach affected 1 billion Yahoo users.

Incumbent Compliance Standards Lacks Effective Security Policy

Technology adoption must keep pace with the regulatory requirements. In the fintech[1] sector, static content such as LinkedIn or Facebook profiles need documented pre-approval before posting. Also, Interactive content including stream of updates on Twitter must be supervised in addition to sampling compliance violations (FINRA regulatory notices 10-06 and 11-39).

[1] FinTech (financial technology) is anywhere technology is applied in financial services or used to help companies manage the financial aspects of their business, including new software and applications, processes and business models. https://www.computerworld.com/article/3225515/financial-it/what-is-fintech-and-how-has-it-evolved.html   

Lack of specialized tools that integrate with existing email compliance solutions often fails to capture social content automatically and store it securely on cloud-based servers.

Traditional Antivirus (AV) systems, which are built to stop signature based attacks, are helpful but have their limitations. These signatures can take months to develop and download to the AV endpoint.

Clearly, compliance requirements are not advancing as fast as hackers are.

Social Media Compliance is Necessary

While current security models are inadequate, the emergence of top-notch cybersecurity service providers is beginning to make a difference.

Thanks to them, there are certain posture assessments and remediation services to help organizations achieve compliance. Among these, Access Control Lists (ACL), Mobile Device Management (MDM), and Network Admission Control (NAC) provide layered access based on secure credentials. These solutions determine which users, systems, or processes are granted access to a specific device. MDM consists of a policy manager, gateway, and endpoint security, designed to provide identity and secure admission of mobile devices too.

Typically, NAC includes a policy manager, enforcement engine, and integrates with networking and directory credentials to determine who can access which networks and applications within an organization.  It also provides categorized access to prevent breach from non-authorized users.

The list goes on. Secure Web Content filtering can help control situations where users attempt to connect to sites which are against company policy. As such, users are rescued from being their own worst enemy.

Balancing Social Networking and Security

By now, you have probably realized that social networking has opened up avenues for perpetrators to go beyond what was possible years ago. This does not suggest that organizations stay out of the social media phenomenon. We would say a better option is to go full speed ahead with security strategies and continuously educate and train employees to champion this cause.

That is exactly what Cambridge University did. With over 260 social media accounts to protect, they created a social media policy to safeguard their online reputation. Its “living document” policy leverages monitoring and insights to keep the workforce aware of their various social networks.

For Cambridge University, this strategy worked and there is no reason why it should not work for other companies on the hunt for security solutions. Combine policies and the right security offerings, and you will be well on your way to making cybersecurity threats past history.

 

For more information please contact pcmsecurity@pcm.com  or visit www.pcm.com/security

 

Meet the Author:

Phil J. Mogavero
Vice President, Network Solutions
PCM

 

 

JOIN THE CONVERSATION

Share your thoughts and questions in the comment section below. To get the latest news from PCM, follow @PCM on Twitter, join us on Facebook, or connect with us on LinkedIn. To get the latest news sent straight to your inbox, join our newsletter.