The internet is perhaps the quickest growing platform we have ever seen. Social Media is a place where people meets together to share information. According to an ISACA Emerging Technology white Paper “Social Media Technology” involves the creating and spreading of content through social networks using the Internet”. A technology related to social media is web 2.0, a term defined by Tim:’Reilly and made popular after 2004.
Social media facilitate communication practices in organization that differ from those associated with traditional technologies like e-mail, teleconferencing. Intranets, decision-support, systems, and instant message. The use of social media technologies is proliferating at an incredible introduces many risks to the enterprise.
“Risk is a function of the likelihood of a given threat-source’s exercising a particular potential vulnerability, and resulting impact of that adverse event on the organization.” The organization should be aware of information posted about. It on social media which can also cause damage to organization. Risks connected to social media should be assessed and managed by the organization. Once risk is assessed it should be prioritized, so that critical risks are addressed as early as possible. The impact of risk can be addressed either by mitigation, Transfer, Avoidance and acceptance. Associated risk with social media should be assessed and managed, a risk management program may include.
Ø A corporate governance structure
Ø Policies and procedures around social media usage
Ø Social media training
Ø Due industries process for selecting and managing relationships with third-party providers of social media services
Ø Oversight and checking process
Ø Audit and compliance functions
Ø A program to confirm the effectiveness of social media program pace.
Recent investigation has shown 73 percent of salespeople using social media outperform those who don’t. Social Media comes with many advantages but also the assessment should begin by surveying the organization’s employees. How do employees social media for commercial purposes? How do employees use social media for personal purposes? What are employee’s understandings of social media risk? Further interviews with management and key employees who have participation with risk management will help determine the establishment’s risk and control landscape related to social media. Severity or risk should be evaluated based on likelihood and impact of the individual risk. Once information has been gathered, controls should be assessed to appreciate how they impact the risks of social media. Then consider residual risk with current controls in place. Gaps identified between the current control environment and desired environment can be used to initiate debates around areas that need improvement. Solutions should be established to strategically address the gaps in the current social media policy and reduce overall risk.
Some of risk related to social media that an organization should consider include.
Ø Compliance with regulatory requirements
Ø Reputational damage
Ø Data leakage
Ø Loss of intellectual property
Ø Malware attack
Ø Copyright infringement
Ø Privacy breach etc
Information is also an asset of organization. If information is leaked or this asset is breached, it may lead to financial loss to an organizational. It is personally experienced that information leakage is the most critical hazard to an organization and it should be highly prioritized risk. An organization reputation, Goodwill and brand are intangible assets. If this asset is impacted in negative manner, it may cause reputations of organization seriously damage or salvage. An organization should be aware of who is talking behind their back and talking about them, whether the discussion is positive or negative. Blogs and customer feedbacks are considered appropriate to the regard Data held by an organization may be at risk. This includes property information such as interior corporate data, contact list, and confidential data related to organization. Data Loss can include loss of intellectual property. Malware attack and is a wide topic of internet security related to virus activities and needs special treatment at organization level. There are many Antivirus software comes with the malware detection and treatment solution. Privacy is the ability of a person to selectively release personal information about them to whoever they wish. Security and confidentiality is required in order to protect privacy.
Control over publish data may be subject to the SOP (Standard operating procedure) of the social media site. Control addresses what the site can do with the data. If the organization does not own the social media site. Then what is published there is probably controlled by someone. Control of content is lost once it is published.
There are many solution which addressed the risk of social media Some Solutions/practices which are applied in order media risk are as follow
Encryption reduces the risk of unintentional data leakage in case your notebook, removable media or hard drive is stolen/lost, or upon the access of unauthorized users and applications.
NAC is sued to define the rules for accessing network WAN (Internet) from LAN (Within organization network). Care should be taken while giving the rights to use social media at organization level w.r.t their use.
Nowadays, where the communication devices are rapidly evolving and advancing like Bluetooth, infra, Wi-Fi and USB (FLASH DRIVE) and other storage media has become drastically easy. Centrally device control is one of the controls that may prevent information to pass on by organization.
Most of the solutions are also come with web control in addition to device control internet sites and access is centrally controlled in order to prevent social media risk within organization. Data is secured by giving limited access to web.
Thanks Don't Forget to Share :-)
Nyce Article Dear