1. SOCIAL MEDIA AND ENTERPRISE
SECURITY WHITEPAPER
Sarah Schleigh
Presentation and Paper can be viewed here:
http://www.slideshare.net/SchleighS

2. SOCIAL MEDIA APPLICATIONS
 Researching job candidates
 Connecting with clients and consumers – sales
 Market research – polling and surveying customers
to see what they want or need
 Networking – professionals at different firms can
network with each other if they share common
interests or job responsibilities and bounce ideas off
each other
 Communication dissemination – notices of
upcoming sales, or recent company
accomplishments (such as being voted #1 in a
customer service survey)

3. SOCIAL MEDIA THREATS
 Sites are frequently used by malicious individuals to
spread malware and viruses
 Hackers use social media sites to gather personal
information and attempt to guess passwords and
login information (both personal and work-related)
 Data leakage – intentional or unintentional
disclosure of confidential information on social
media sites – can cause severe reputational
damage and loss of customers
 Hard to monitor and control – unlike email

4. CURRENT STEPS BEING TAKEN TO MITIGATE
RISKS
 Daily updates to malware and virus detection
software
 Some companies limit users ability to download
plug-ins or applications from social media sites
 Some companies only allow certain users with a
business need to access social media
 Some companies provide training – particularly in
regards to confidential information
 The problem is many companies are not doing
everything they could be doing to mitigate social
media security risks

5. RECOMMENDATIONS
 Social Media Use Policy
 This policy preferably would be separate from the
normal internet use policy and/or code of conduct in
order to emphasize its importance
 Should spell out specific guidelines on what is
acceptable or unacceptable to post, what kind of activity
is acceptable, and what is expected of users
 Should also specifically spell out the consequences if
and when employees violate the Social Media Use
Policy
 This policy should be reviewed with new employees
immediately following their hire date and existing
employees should be required to review it at least
annually

6. RECOMMENDATIONS (CONT’D)
 Limit access to social media sites at work to only
those users who need access to it. Discourage
employees from using accessing their personal
social media accounts at work.
 Offer training regularly – this will provide employees
the opportunity to ask questions about what is and
is not acceptable and allow them to understand the
risks of social media
 Establish appropriate communication channels – in
between annual policy reviews and periodic
training, employees may have questions and it is
important that they know who to direct these
questions to and that questions are welcome

7. RECOMMENDATIONS (CONT’D)
 Have a dedicated team handle the corporate social
media accounts – if size allows. Recommended to
not leave this up to one person as a team may
catch more incidents of data that should not be
disclosed.
 Randomly monitor the activity of users who have
authorized access to social media at work
 Don’t forget about mobile devices! Firms should try
to stick to one kind of smartphone and one kind of
tablet to be issued by the company so that they do
not have to support many different kinds

8. RECOMMENDATIONS (CONT’D)
 General IT security improvements – password
management training, implement stricter password
requirements, use security tokens, use content
filtering technology and make sure that antivirus
and antimalware software is updated as frequently
as possible
 Less commonly used but still worth consideration is
the use to two separate networks – one for
employees’ personal activity and one for business
so that if malware/virus threats are downloaded
through social media they cannot impact the highly
important business network