- How to make new stuff from your piles of obsolete tech
- Why your computer sucks
- 10 recession-proof IT skills
- Juniper execs share network vision
- 9-year-old plots his fifth Microsoft certification
Page 2 of 2
IANS is dispelling what Phillips says is age-old advice for enterprises when it comes to adapting to change. For instance, when compliance regulations came into play, savvy security teams were able to create new policies to comply, while also letting employees know why they were important. Same holds true this time around, said Phillips.
"We are finding some innovative awareness tactics that focus on these technologies because they are front and center. A Twitter campaign, or a Facebook campaign, a Linked In campaign, can all have real impact in terms of receptivity. The percentages are so low in terms of success of awareness campaigns, this is an opportunity to jump in."
3. Use social media access to raise security's positive profile within the organization
While the initial security reaction to new media is often to block, Phillips said most organization now need to consider that not only may allowing access be necessary, but also useful from an info sec perspective.
Also see Security Awareness Programs: Now Hear This!
"The advice we have given is, instead of just knee-jerk blocking everything, we find that this as an opportunity to record usage and activity among the employee base," said Phillips. "When the original data-loss-protection technologies were introduced, they were not in blocking mode, but in monitoring mode."
Phillips believes the new technology of social media gives information security what he calls "an interesting opportunity" to see how critical these technologies are to the enterprise.
"That kind of information is quite useful to other functions of the enterprise," he said "Sales, marketing, HR are all going to be interested and that raises information security's profile among management."
4. Be prepared for the next phase
As social media platforms come and go, some will ultimately become commonplace and integral to an enterprise. While creating entire new policies around social media doesn't make sense right now, at some point, said Phillips, it will become necessary for policies to be more specific. As it stands now, he said, he finds his clients are more comfortable with some mediums and with others; not so much. Most organizations find Linked In to be the most controllable and with the least potential for damage. But Facebook, with its security vulnerabilities, and the nature of its content, still makes many uncomfortable. Particularly, said Phillips, because many employees are not respecting that line between personal and enterprise.
"Because these technologies are so different, it is at some point we expect policies are going to have to get granular," he said. "Our sense is high-performing teams will have to create unique Facebook, Twitter, Linked In and Google Docs policies. And they are going to have to get that granular about what is appropriate and inappropriate with each tool.
"We will end up with an open environment, but we will end up with some asterisks that say, it's open, but not 100 percent open. For example, some might say: 'It is not appropriate to use the company's name on your Facebook profile.'
Rss FeedRss Feed
The Leader in Network Knowledge
Comment