Pitchrate | Security Challenges in Using Social Media

or log in with your favorite social network:

NOTE: If you don't have a profile and want to sign up with your social network, please click the appropriate icon in the sign up box!

Gary Bahadur

Gary Bahadur, CEO KRAA Security Gary is the founder of KRAA Security with over 15 years experience in the information security and technology industry. KRAA Security was founded in 2007 to address the security needs of companies in all industries through a combination of Managed Security Services a...

Category of Expertise:

Contents is empty


kraa security

User Type:



03/15/2011 02:54pm
Security Challenges in Using Social Media

Security Challenges in Using Social Media
By Gary Bahadur
Email: baha@kraasecurity.com
Website: www.kraasecurity.com
Social media sites have gained popularity in the past ten years as a medium to keep in contact with loved ones, business associates and friends. However, there can be drawbacks to the usage of said media when one is employed in certain career fields, such as the healthcare industry. Utilizing social media networks can inadvertently give way to the sharing of confidential patient information with people that may not have a need to know which would then cause the company to violate HIPAA Security Rule compliance. The compliance risks increase with uncontrolled social media utilization.
Social Media has become part of the user community several years ago. Today we have social media in the corporate environment. The main problem we have is how social media has evolved. It has been a bottom up approach. By bottom up I mean that the consumer has determined how to use a technology and the corporation is playing catch up. But the social norms that are appropriate for a consumer “product” are not appropriate in a corporate environment.
Social media applications are not just a part of one’s personal lifestyle; this has also become incorporated in the corporate climate. Many places use social media applications for marketing, file sharing, communication, and employee recruitment. While these applications can open up a great many doors for communication, some form of guidance or governance is necessary. Because banning the use of such sites is most likely unenforceable or impractical, a hospital or other such entity that must shield private information should at least ask or force their employees to adhere to some Social Media Policy guidelines.
We can take a lot of security requirement from traditional IT security practices. For instance, when utilizing social networking sites, one should use separate passwords for the different sites, as an individual can easily hack all of one’s accounts if they know the one password. A security breach of one account could snowball. Passwords should be complex and change every 90 days. Accessing social media sites should be over SSL and only from trusted network connections, not coffee shops especially for business purposes!
When looking at confidential information, apply the same security requirements. A company would let an employee send out confidential information to someone who didn’t have authority to read it, so when using social media sites, do not let your employees post information that is confidential. In order to block them from doing that, you have to have social media monitoring tools in place to actually know what information employees are posting on the Internet
Another thing one should not do is post his or her own identifying information publicly, such as date of birth, his or her social security number, or an employee ID number. If a site requires this information, 1) it is most likely not a reputable site, and/or 2) one could make something up or ensure that it is not going to be displayed in a profile that will be public. If your employees post too much personal information about themselves and your company, this could entice an attacker to try and gain access to your company with the information the employee has posted.
Some information may not be considered confidential; yet not posting these items to public social media sites is probably a good idea. This can include anything from rumors, to purchases the company plans on making, anything about the technology one’s company uses or will use, and any projects the individual may be working on. Develop and follow practical posting guidelines and do not share more information than is necessary in corporate social media activities.
If an employee’s personal posting about the company can be considered defamation or are targeting a customer or competitor, HR has to know to take action even if it’s difficult to measure the value of defamation. Laws already cover the social media pos


social media security, technology, facebook, twitter
Please note: Expert must be credited by name when an article is reprinted in part or in full.

Share with your colleagues, friends or anyone

comments on this article

Powered by: www.creativform.com