Social Networking Security - Page 2

This article will look at how best to manage the security issues social networking brings to business and if a company decides to stop staff using social networking how can it monitor this and avoid security breaches from threats left behind by computers that have been used to access social networks.

 By Simon Morris
Page 2 of 2   |  Back to Page 1
Print Article

How to tackle the risks:

There is no simple solution to manage these risks. Businesses can implement technical barriers to prevent any use of Twitter, Facebook or similar applications but then the business may have lost a valuable sales and marketing tool in its effort to protect its information security and privacy. Businesses should firstly have an Acceptable Use Policy that details how social networking sites and applications can be used. The policy should also define consequences for failure to comply as this can lead to the termination of employment and legal action. It will always be difficult to restrict what employees do on their personal social networking accounts so it is important for a business to protect its information based on a worst case scenario idea that employees will download malicious code and will divulge information they shouldn't.

It is crucial for organisations to carry out a risk assessment to establish which information is most critical to the business. They also need to evaluate how it might become vulnerable and how to protect it. Assessing current and future risk posed to the business is imperative so action can be taken and high level critical threats can be mitigated. They must also make sure their current infrastructure has the most up to date and application-aware security solutions (including both network and endpoint based solutions) to block any harmful files that may be accidently opened. Employees should receive education on the information security risks involved in their internet access and how they can guard against them - for example, only installing or running applications from trusted sources approved by the corporate IT department.

Many organisations are faced with large volumes of information when looking at their internal vulnerabilities. Pentura believes the most effective method of prioritising these vulnerabilities involves a number of key steps which Pentura has developed as a Vulnerability Risk Assessment (VRA) service. This includes: modeling and mapping the network and importing rules from multiple devices, defining the threat origins and classifying the assets based on importance to the business. This identifies the vulnerabilities presenting the greatest threat to the business, thus allowing remediation and protection of the most important assets. Remediation may involve patching endpoint systems, changing rules on routers or firewalls to prevent the threat from entering the network, or deploying new technology to address the threats. Pentura works with organisations in developing a security strategy to gain visibility of their current security toolsets, identifies their effectiveness, provides consultancy in policy tuning and understands what additional solutions may be needed to address areas not currently covered from a security perspective. These Risk Assessments have a proven track record of success, and in many cases, remediation of the top 30 – 40 threats has dramatically brought down the overall business risk.

Technologies have started to emerge that offer granular control of social networking functionality. Palo Alto Networks offer one such technology that is unique in the firewall marketplace. It allows businesses to gain user application usage visibility and affect a policy to control social networking site access from almost any aspect such as chat, email, apps and file transfer. As well as securing site access, companies that harness web 2.0 functionality for their own use should be mindful of ensuring their applications and website code is fully checked and written in a secure manner which can be validated. Last but not least, use common sense on the internet and in email, by taking an extra moment or two to think about what you've received or are about to do can mean the difference between looking at a seemingly harmless funny photo and risking critical business and personal information such as customer details, business plans, bank account details, all of which you don't want to be in the hands of anyone other than yourself or your business.

Pentura is exhibiting at Infosecurity Europe 2010, the No. 1 industry event in Europe held on 27th – 29th April in its new venue Earl's Court, London. The event provides an unrivalled free education programme, exhibitors showcasing new and emerging technologies and offering practical and professional expertise. For further information please visit www.infosec.co.uk

This article was originally published on Mar 5, 2010
Get the Latest Scoop with Networking Update Newsletter