Bookmark and Share

Social [Media] Security: The Impact of Social Media on Information Security

This table had a great discussion about social media security amidst representatives from a variety of vectors such as healthcare, nonprofit, B2B, and consumer retail. As social media gains traction, it also gains notoriety as a security nightmare. It has become a significant threat vector that all security teams have to factor in no matter the industry. For instance, the healthcare representative of the group explained that their organization doesn’t have a holistic platform to manage social media—they can only give their employees a list of “do’s and don’ts” to work with. However, the group agreed that social media has to be viewed from two aspects: how corporate uses it, and how the employees use it. There is a level of etiquette and guidelines for employees, but within corporate use, it can actually be more difficult. For organizations with dozens of branches around the country or around the world, each with their own social media presence, managing their use of social media can be tricky. Furthermore, some issues can be out of “insider” control—if an employee who manages the social media pages is hacked, the attackers can take control of a social media page and post on their behalf, impersonating the organizations through those pages. Last, this roundtable group noted that security teams these days are so incredibly busy managing insider issues, risks, perimeter defenses, and more, that they rarely have the manpower to spare to exclusively monitor social media accounts on a daily basis. As such, they had a question—are companies treating social media as a true threat vector? Are they factoring it into their security strategy, and locating the people who can monitor social media? Right now, it seems like most are not due to more critical concerns—but it is something that they should consider, and soon.