A few stories that are making headlines today have me once again thinking about social networking as it pertains to privacy and security, both personal and corporate.
The first story, written by CSO news writer Antone Gonsalves, notes a recent controversy over the republishing of private Facebook status updates on the social networking/information-mash up site Storify.
The second piece of news pertains to questions surrounding upcoming changes to Facebook's search box. The new search tool, called Graph Search, will allow users to search for information via “naturally-phrased queries,” like "Restaurants my friends like" and "Photos of people from college," and get personalized results. Some privacy advocates say this could bring up otherwise buried information in profiles that was previously not possible to aggregate. Some argue it is information users would otherwise not share publicly if they knew it could be assembled this way. Also, there is no “opt out” option for Graph Search, so if we want to use Facebook, our information will have to be part of the Graph Search.
When social media sites, such as Facebook and Twitter, were starting to explode about four years ago, security leaders found themselves forced to consider the implications for their organizations’ security, privacy and reputation. Many banned use of social networking sites and blogging altogether, particularly at first. But as it became clear these sites weren’t going away, many companies have now put policies on the books as to how employees should be using social networking sites, and what information should and should not be shared when using Facebook, Twitter, Tumblr, LinkedIn and many of the other popular social media destinations.
Earlier this month, I wrote that research firm IDC predicts social networking will be a top priority for CISOs in 2013. A new report out today from Wisegate, an invitation-only, business-social-networking group comprised of CSOs and CISOs, also notes social networking is among the top concerns for CSOs this year.
From the Wisegate report:
Many organizations are seeing a blending of work and personal identities as employees use tools like Twitter, LinkedIn or Facebook when communicating with customers, partners and friends. Members note that there is a need for enforceable policies and procedures as well as awareness training to help control the type of information workers share on a personal level when it might be connected with work assets. For example, a worker might mention a work project, discuss business travel, or identify the name of his or her manager using social media. Such details can be used for spear phishing attacks and may potentially reveal confidential company information.
Where is your organization at with its social networking and social media use policies? It seems these sites, Facebook especially, make changes almost monthly that can impact what information is available and how easy it is to view. Are you treating your policy as a living, breathing document that needs regular care, review and changing? What have you added, removed or otherwise changed in recent reviews?
Feel free to check out and share these resources for creating and using social media policy in your organization: