RISK OF SOCIAL MEDIA
The internet is perhaps the
quickest growing platform we have ever seen. Social Media is a place where
people meets together to share information. According to an ISACA Emerging
Technology white Paper “Social Media Technology” involves the creating and spreading
of content through social networks using the Internet”. A technology related to
social media is web 2.0, a term defined by Tim:’Reilly and made popular after
2004.
Social media facilitate
communication practices in organization that differ from those associated with
traditional technologies like e-mail, teleconferencing. Intranets,
decision-support, systems, and instant message. The use of social media
technologies is proliferating at an incredible introduces many risks to the
enterprise.
“Risk is a function of the
likelihood of a given threat-source’s exercising a particular potential
vulnerability, and resulting impact of that adverse event on the organization.”
The organization should be aware of information posted about. It on social
media which can also cause damage to organization. Risks connected to social
media should be assessed and managed by the organization. Once risk is assessed
it should be prioritized, so that critical risks are addressed as early as
possible. The impact of risk can be addressed either by mitigation, Transfer,
Avoidance and acceptance. Associated risk with social media should be assessed
and managed, a risk management program may include.
Ø A corporate governance structure
Ø Policies and procedures around social media usage
Ø Social media training
Ø Due industries process for selecting and managing relationships
with third-party providers of social media services
Ø Oversight and checking process
Ø Audit and compliance functions
Ø A program to confirm the effectiveness of social media program
pace.
Recent investigation
has shown 73 percent of salespeople using social media outperform those who
don’t. Social Media comes with many advantages but also the assessment should
begin by surveying the organization’s employees. How do employees social media
for commercial purposes? How do employees use social media for personal
purposes? What are employee’s understandings of social media risk? Further
interviews with management and key employees who have participation with risk
management will help determine the establishment’s risk and control landscape
related to social media. Severity or risk should be evaluated based on
likelihood and impact of the individual risk. Once information has been
gathered, controls should be assessed to appreciate how they impact the risks
of social media. Then consider residual risk with current controls in place.
Gaps identified between the current control environment and desired environment
can be used to initiate debates around areas that need improvement. Solutions
should be established to strategically address the gaps in the current social
media policy and reduce overall risk.
Some of risk
related to social media that an organization should consider include.
Ø Compliance with regulatory requirements
Ø Reputational damage
Ø Data leakage
Ø Loss of intellectual property
Ø Malware attack
Ø Copyright infringement
Ø Privacy breach etc
Information is also an asset of
organization. If information is leaked or this asset is breached, it may lead
to financial loss to an organizational. It is personally experienced that
information leakage is the most critical hazard to an organization and it
should be highly prioritized risk. An organization reputation, Goodwill and
brand are intangible assets. If this asset is impacted in negative manner, it
may cause reputations of organization seriously damage or salvage. An
organization should be aware of who is talking behind their back and talking
about them, whether the discussion is positive or negative. Blogs and customer
feedbacks are considered appropriate to the regard Data held by an organization
may be at risk. This includes property information such as interior corporate
data, contact list, and confidential data related to organization. Data Loss
can include loss of intellectual property. Malware attack and is a wide topic
of internet security related to virus activities and needs special treatment at
organization level. There are many Antivirus software comes with the malware
detection and treatment solution. Privacy is the ability of a person to
selectively release personal information about them to whoever they wish.
Security and confidentiality is required in order to protect privacy.
Control over publish data may be
subject to the SOP (Standard operating procedure) of the social media site.
Control addresses what the site can do with the data. If the organization does
not own the social media site. Then what is published there is probably
controlled by someone. Control of content is lost once it is published.
There are many solution which
addressed the risk of social media Some Solutions/practices which are applied
in order media risk are as follow
ENCRYPTION
Encryption reduces the risk of
unintentional data leakage in case your notebook, removable media or hard drive
is stolen/lost, or upon the access of unauthorized users and applications.
NETWORK ACCESS CONTROL
NAC is sued to define the rules
for accessing network WAN (Internet) from LAN (Within organization network).
Care should be taken while giving the rights to use social media at
organization level w.r.t their use.
DEVICE CONTROL
Nowadays, where the communication
devices are rapidly evolving and advancing like Bluetooth, infra, Wi-Fi and USB
(FLASH DRIVE) and other storage media has become drastically easy. Centrally
device control is one of the controls that may prevent information to pass on
by organization.
WEB CONTROL
Most of the solutions are also
come with web control in addition to device control internet sites and access
is centrally controlled in order to prevent social media risk within
organization. Data is secured by giving limited access to web.
Thanks Don't Forget to Share :-)
Nyce Article Dear
ReplyDelete