• United States



Social networking: Just say yes

Apr 07, 20112 mins
Data and Information Security

We hear a lot about social networking as a security threat and productivity drain. But James Beeson, CISO of GE Capital, says that kind of thinking is all wrong.

Without question, there are big security risks attached to social networking, which we’ve covered extensively in such articles as “The 7 deadly sins of social networking.”

But in focusing on the dangers, Beeson thinks we’re overlooking some significant security advantages in embracing Twitter, Facebook, LinkedIn and the like.

“Social networking is actually helping with our security attention span,” he said. “My kids are more aware of the bad stuff out there. It’s giving us a much better digital trail. We are getting a much better baseline of user activity, which can help us understand the new normal so we can more effectively identify today’s abnormal activity.”

He noted the conundrum we face: Company leaders tend to see social networking as a waste of time that kills productivity. Digital natives find it essential for collaboration and efficiency.

But the digital natives are not going to turn back, so the older generation needs to “just say yes.”

“This is not a choice. You’ve already enabled the workforce whether you like it or not. We are already there,” he said. As examples, he said that:

-Texting and apps are overtaking voice

-PC and laptop sales are dropping

There are indeed risks, he said:

-End users can skip IT

-Productivity overtakes risk perception

-Malware is thriving and the target is growing

-There’s a proliferation of unstructured data

-Location-aware devices can be dangerous to personal safety

-Policy compliance gets trickier

-Access control is weak

Sign up today.

Get your morning news fix with the daily Salted Hash e-newsletter!

To bridge the gap, Beeson suggested executives start thinking like a digital native. “They think differently. They prefer texting to phone calls. They research things far differently than baby boomers did,” he said.

He also suggested the following basics:

-Have a policy

-Identify a champion: Get marketing and HR on board. You can put training videos on Youtube and use Twitter to more effectively communicate to the masses

-Teach data protection and personalize it

-Think through the regulatory policies and make adjustments to account for the social networking world

-Focus hard on data leakage prevention

“Embrace the change,” Beeson said. “Resisting will only increase your risk.”

–Bill Brenner