Embed Size (px)
Citation preview
1
Managing IT and security Risks from Social Media in Your business
By Boris Agranovich
http://[email protected] Copyright © 2011 Global Risk Consult
2
Who am I?
Boris Agranovich: Founder at GlobalRisk community helping clients master risk,
adviser, Building Bridges Globally
http://[email protected] Copyright © 2011 Global Risk Consult
• more than 25 years of global experience in working with large & medium corporations in West & East Europe, Middle East, Asia Pacific across multiple sectors including Financial Services, IT, Consulting, Manufacturers and Distributors.
•Recently founded GlobalRisk Community – http://globalriskcommunity.com one of the world’s premier risk community
•Founder at GlobalRiskConsult, http://globalriskconsult.com
•Providing services in the area of risk management, business social networking and marketing
3
Agenda
http://[email protected] Copyright © 2011 Global Risk Consult
•Risks of social media
•IT/security risks
•Social media compliance policies, and some case studies.
•The need for effective strategies and policies
•Regulatory requirements on the use of social media.
•Where to start?
4
Social media means:
http://[email protected] Copyright © 2011 Global Risk Consult
• Loss of brand ownership. Can you cope?
• Technology available – but figure out strategy than pick right tools
• Educate internally, encourage behavioural shifts before going external
• Threads can create opportunities and new ways of engaging with people
5
Legal liability:
http://[email protected] Copyright © 2011 Global Risk Consult
• Third Party Statements• Defamation and False Light • False Advertising and Online
Disclosures• Privacy and Publicity • Cyberstalking • Intellectual Property • Trade Secrets • Recommendations and
References
6
IT/Security related risks
http://[email protected] Copyright © 2011 Global Risk Consult
1. Viruses/malware
• Phishing
• Click-jacking
2. Data Loss
3. Bandwidth Consumption
4. Productivity Loss
5. Non-compliance with record management regulations.
6. Brand hijacking and lack of control over content
7
Employee monitoring and pre-employment screening
http://[email protected] Copyright © 2011 Global Risk Consult
• Employers must strike a careful balance to avoid violating privacy rights
• What you know can also hurt you.
• Companies should obtain employee acknowledgment of policies dictating the extent to which activities may be monitored
10http://[email protected] Copyright © 2011 Global Risk Consult
Case study. How private is your email?
Based on the recent cases, your corporate policies including your employee manual, should include the following language:
• Email communication is not private;
• Email is to be used only for company business;
• Email communication is randomly and periodically monitored to ensure compliance;
11http://[email protected] Copyright © 2011 Global Risk Consult
Case study continued. The email policy should inform the
employee that the company policy:
• Specifically covers the use of cloud based email providers;
• Specifically covers social media companied that have internal email;
• Informs the employee that such communications may be monitored by the company
12http://[email protected] Copyright © 2011 Global Risk Consult
The need for strategies and policies
Don’t prohibit but mitigate:
• Security risks;
• Risk of misrepresentation;
• Infringement of intellectual property;
• Unauthorized disclosure of confidential information;
• Data privacy;
• Data leakage and identity theft.
14http://[email protected] Copyright © 2011 Global Risk Consult
Regulatory requirements on the use of social media
• Supervisory policies, procedures, systems and internal controls to monitor all electronic communications technology used by the party and its associated persons to conduct the business.
• Regulated parties are required to make and keep records of such use and consequently of all content sent or received regardless of the tools that are used to send it.
• There is no reason to exclude archiving of posts to social networking sites from this requirement.
15http://[email protected] Copyright © 2011 Global Risk Consult
What to do next?
• A real-time Web Defence
• Selective Social networking Controls
• Caching
• Policy Flexibility
16
Where to start (2).Collaborate & Share knowledge
http://[email protected] Copyright © 2011 Global Risk Consult
17
Social media compliance policies, some samples.
http://[email protected] Copyright © 2011 Global Risk Consult
● British Telecom - http://www.box.net/shared/static/llarpa9dnh.pdf ● Int. Fed. of Red Cross (IFRC) - http://www.box.net/shared/static/hrjk0nln59.pdf ● The Coca Cola Company - http://www.box.net/shared/static/1ifmdpdzb2.pdf ● UK CIPR - http://www.box.net/shared/static/fudf5fx1je.pdf ● WOMMA - http://www.box.net/shared/static/qxqj2zrd9v.pdf ● US FTC - Principles for Online Behavioral Advertising - http://www.box.net/shared/static/ssrv55sedo.pdf
● US CIO Council - SN Use by Federal Departments - http://www.box.net/shared/static/89149s00yu.pdf
Isaca Social Media: Business Benefits and Security, Governance and Assurance
Perspectives http://www.isaca.org/Knowledge-Center/Research/Documents/Social-
Media-Wh-Paper-26-May10-Research.pdf
18http://[email protected] Copyright © 2011 Global Risk Consult
Regulatory requirements on the use of social media
• ● Osterman - The Impact of New Communications Tools -http://www.box.net/shared/static/exvkqvcleu.pdf ● Osterman - The Need to Archive SN Content - http://www.box.net/shared/static/byobpxpzi7.pdf ● US - FINRA - Supervision of Electronic Communications -http://www.box.net/shared/static/odja4zxt08.pdf ● US - FINRA - Guidance on Social Media Web Sites - http://www.box.net/shared/static/75ytdooycl.pdf ● US - FINRA - Communications with the Public -http://www.box.net/shared/static/s16c8jzigp.pdf
19http://[email protected] Copyright © 2011 Global Risk Consult
Questions??
Resources:
RIMS magazine
Rob van Alphen’s presentation
Blue Coat. Solution brief: The Top Four Business Risks of Social media
How private is your e-mail by Lawyers RMKB
