Are Enterprises Equipped to Mitigate Social Media Security Risks?

Mar 15, 2018

Strangely, when we speak of cybersecurity, social networking becomes more of a curse than a boon. All those collaboration and productivity benefits lose focus and cyber criminals take center stage. Their most common ploy seems to be phishing, with objectives to initiate attacks, breach corporate information, introduce malware, or access the company network.

With so many touch points to exploit, hostile actors have expanded their focus to include extremely well financed private or even government organizations. Examples abound. And thus, in a recent Form 8K filing, retail giant Target acknowledged that firms incurred $252 million in costs due to data breaches in 2013 and a net of $162 million after insurance proceeds. Users too have suffered on this count – for instance, a data breach affected 1 billion Yahoo users.

Incumbent Compliance Standards Lacks Effective Security Policy

Technology adoption must keep pace with the regulatory requirements. In the fintech[1] sector, static content such as LinkedIn or Facebook profiles need documented pre-approval before posting. Also, Interactive content including stream of updates on Twitter must be supervised in addition to sampling compliance violations (FINRA regulatory notices 10-06 and 11-39).

[1] FinTech (financial technology) is anywhere technology is applied in financial services or used to help companies manage the financial aspects of their business, including new software and applications, processes and business models. https://www.computerworld.com/article/3225515/financial-it/what-is-fintech-and-how-has-it-evolved.html   

Lack of specialized tools that integrate with existing email compliance solutions often fails to capture social content automatically and store it securely on cloud-based servers.

Traditional Antivirus (AV) systems, which are built to stop signature based attacks, are helpful but have their limitations. These signatures can take months to develop and download to the AV endpoint.

Clearly, compliance requirements are not advancing as fast as hackers are.

Social Media Compliance is Necessary

While current security models are inadequate, the emergence of top-notch cybersecurity service providers is beginning to make a difference.

Thanks to them, there are certain posture assessments and remediation services to help organizations achieve compliance. Among these, Access Control Lists (ACL), Mobile Device Management (MDM), and Network Admission Control (NAC) provide layered access based on secure credentials. These solutions determine which users, systems, or processes are granted access to a specific device. MDM consists of a policy manager, gateway, and endpoint security, designed to provide identity and secure admission of mobile devices too.

Typically, NAC includes a policy manager, enforcement engine, and integrates with networking and directory credentials to determine who can access which networks and applications within an organization.  It also provides categorized access to prevent breach from non-authorized users.

The list goes on. Secure Web Content filtering can help control situations where users attempt to connect to sites which are against company policy. As such, users are rescued from being their own worst enemy.

Balancing Social Networking and Security

By now, you have probably realized that social networking has opened up avenues for perpetrators to go beyond what was possible years ago. This does not suggest that organizations stay out of the social media phenomenon. We would say a better option is to go full speed ahead with security strategies and continuously educate and train employees to champion this cause.

That is exactly what Cambridge University did. With over 260 social media accounts to protect, they created a social media policy to safeguard their online reputation. Its “living document” policy leverages monitoring and insights to keep the workforce aware of their various social networks.

For Cambridge University, this strategy worked and there is no reason why it should not work for other companies on the hunt for security solutions. Combine policies and the right security offerings, and you will be well on your way to making cybersecurity threats past history.

 

For more information please contact pcmsecurity@pcm.com  or visit www.pcm.com/security

Phil J. Mogavero
Vice President, Network Solutions
PCM

 

Aug 16, 2019

5 Reasons to Allow Your Staff to Work From Home

At PCM UK we recognise that our employees want the flexibility to work outside of the traditional nine-to-five setup and as a result, many of our staff have chosen to work from home for part of their working week. What are the main business benef...

Read More
Jul 30, 2019

Top 10 Cyber Security Considerations that every CIO or DPO should consider

If like many people, you are wondering how robust your cyber security is and you are not sure where to start, then good news, you are not alone! We understand how much of minefield cyber security can be, so the in-house experts at PCM have put tog...

Read More
Jul 22, 2019

How to improve team collaboration.

NEW WORKSPACES, NEW NEEDS Workspaces are changing. In fact teams are changing. Gone are the days of rows and rows of desks with workers tapping away like some sort of battery farm call centre. Workers today want more freedom and dynam...

Read More