By nature, humans are social beings. We like to communicate through song, conversation, storytelling, poetry, and other means. One of the ultimate punishments for a human is solitary confinement. The act of being isolated from other humans can negatively impact the human brain and behavior.
Humans value structured and unstructured communication. Some of the most valuable conversations can happen at the water cooler, the break room, or following a meeting. It is no wonder online social networking communities are so popular. First adopted by teens and tweens, other generations have adopted the online social networking habit.
The new MySpace application for BlackBerry was downloaded 400,000 times
in its first week--a record breaker for the smartphone maker.
MySpace, Facebook, Meetup, Linkedin, and Plaxo are just a few of the online social networking sites used by millions of individuals to make connections, both personal and business related. While online social network communities provide an alternative form of business and personal communication, security and privacy impacts cannot be ignored. Some areas of concern include social engineering, disclosure of proprietary information, malicious code propagation, identity theft, privacy compromise, among others.
So what does a business do that wants to raise employee moral, attract a younger generation of workers, and utilize leading edge communication tools without exposing everything sacred to the business? (And, ignoring the issues is not the answer!) It adapts. The easy answers are to either allow use of publicly available social networks or simply deny and block their use.
Businesses need to overcome the initial reactions of fear, uncertainty, and doubt in order to address the issue. Online social network communities are simply communication tools. Just as a fax, written letter, email, and phone conversation can expose certain information, so, too, can inappropriate use of social networking sites. As a business, embrace the opportunity to engage your workforce and use this experience to bring your employees into the conversation on how to deal with the business and personal impacts of online social networking communities.
Why not create a community just for your workforce to discuss certain actions that may expose inappropriate information. Or, create a place where users can share best practices on how they are selectively choosing to share some information online, but not all. The Computer Security Institute (CSI) has released a series of guides that walks users through securing information posted to Facebook, MySpace, and LinkedIn. Why not create opportunities for employees to teach each other how to best leverage the online social networking tools to enhance the business?
It should be noted that even if you and your employees take all seemingly appropriate actions, compromises can and will occur. Users are still subject to the underlying security of the systems being used that are created and maintained by both social networking companies and other community users. So have a response plan for when the inevitable will occur. Remember, there is no such thing as 100% security.
Visit Wikipedia for a list of the most prevalent online social networking sites.
Ben Halpert, CISSP, is an information security researcher and practitioner and member of the Mobile Enterprise Editorial Advisory Board. Comments, questions and requests can be sent to him at firstname.lastname@example.org; please include SECURITY in the subject line.