Canadian Security Connection

According to an Everything Channel study of CIOs, seven in 10 midsize CIOs are using social media technology for their businesses.

Although the survey found that midsize CIOs still use social media tools more for personal reasons (73.5 percent) than for business (69.9 percent), respondents also said that social media can help improve business networks and gather product ideas — that is, once they figure out how to use it.

Productivity and effieciency seemed to be the major concern…however,  I would argue that SECURITY needs to be on that list of  deciding factors when establishing and implementing a usage policy for these various social media tools.

Here is a good example of the increased ‘pressure’ from constituents with respect to using social media tools: 

“… we’re investigating on how to manage and monitor connections while maintaining security,” Gary Allen, CTO at the Amarillo Independent School District in Amarillo, Texas.

 Mr. Allen is investigating his organization’s future with social media, as …

the number of requests to incorporate it (social media) have increased.

To any of you in the same boat as Mr. Allen and his colleagues, here is a great whitepaper that should help provide some insight into implementing a security posture for these Web 2.0 sites.

Small businesses often assume that they are too tiny to catch hackers’ attention. But the truth is that hackers don’t care who you are. Most of the time, they use automated programs to exploit a flaw in some piece of common software used by millions and attack them en masse.

Read the rest of this article in the Wall Street Journal by Riva Richmond. Some good advice on how to protect your business.

Think about it… ever curious about those great watches at really cheap prices ? Or that TV converter that gets you a million channels for free ? Ok, if not you, I am sure you know of someone who has…

Infact, a study  released by the Messaging Anti-Abuse Working Group (MAAWG) confirms that 1 out of every 3 consumers admitted to responding to a message they suspected might be spam.

About two-thirds of the consumers surveyed considered themselves “very” or “somewhat” knowledgeable in Internet security. While most consumers use anti-virus software and over half said they never click on suspected spam, the survey also found that 21 percent take no action to prevent abusive messages from entering their inbox. A majority of consumers, 63 percent, would allow their network operator or anti-virus vendor to remotely access their computer to remove detected bots.

“Spamming has morphed from an isolated hacker playing with some code into a well-developed underground economy that feeds off reputable users’ machines to avoid detection. Consumers shouldn’t be afraid to use email, but they need to be computer smart and learn how to avoid these problems,” said MAAWG Chair Michael O’Reirdan.

Ideally, you want to ensure that you have security software that helps protect you from the inbound security risks, as well as protect your computer from any outbound risks such as a bot that is trying to ‘call home’ and transmit personal information it has garnered from your machine.

I recently attended a customer event where I presented a short overview of the Web 2.0 at Work study released by Websense.

Just to ensure everyone was on the same page with respect to what Web 2.0 was… I started by asking the audience for their definition of  Web 2.0.

Although only a few were brave enough to respond, just as when I ask about DLP, each one had a different definition… ranging from the generic ‘social networks’ to technical references such as ’Ajax’. We finally agreed upon the common denominator of ‘user generated content’.

Even though I felt like that kid in Jerry Maguire having the ‘did you know?’ conversation, it was interesting to see the reactions of each attendee once presented with some of the facts and stats on the prevelance of Web 2.0 and the security misconceptions.

Needless to say, the dialogue following my breakfast presentation was dominated by…’ I didn’t realize that !” or ‘if  I could do that, that would solve …’

Most if not all of the attendees knew that they needed an update in their security posture, but were unaware of how to address this shift from a technology perspective.

If are trying to figure out how to provide safe and secure access to sites like Facebook, Linkedin and others social media / web 2.0 sites, I recommend the following Best Practices document.

Web 2.0 is here to stay – we just need to adapt our security infrastructure and policies to better address it.

A key aspect to social media that many organizations sometimes forget is people power. With all of it’s business benefits, Social media needs real live people being social and active … in whatever Web 2.0 initiative you are embarking upon.

There are a few considerations every organization needs to consider when developing their blueprints for their own unique social media design. While there is no one-size-fits-all solution, there are few things you can plan for as you review the many options before you. (David Armano)

I would add a security component is also a ‘must consider’ prior to launching a web 2.0 initiative.

Read the rest of the blog post at Harvard Business.

Regardless of the social network(s)  you are using… the 7 Deadly Sins of Social Networking written by Bill Brenner on  CIO.com echoes my sentiments on posting information and/or pictures on Web 2.o sites such as Facebook, MySpace and others.

As  Paul V. de Souza, chief security engineer at AT&T puts it:

…one of the major rules when engaging in social networking is to be aware that your words belong in the public domain,”

Having sensitive data leaked out to the public can have serious legal and financial implications. Here’s a step-by-step guide  in ITBusiness.ca  that discuses how SMB’s can ensure data isn’t leaking, while keeping costs down.

Though small to midsize organizations may think they lack the financial or technology resources to implement a full-scale DLP rollout, deploying an effective DLP solution to protect essential information at a manageable cost of ownership can be easy if they follow the following four key steps

I suggest this because there is a delicate balance between ensuring that you are not compromising the level of security within your infrastructure, versus balancing your expenditures – both capital and operational. Compromising either of these can affect your bottom line.

Explore all options and solutions, and don’t feel like you need to compromise on quality and best of breed technology because of budgetary constraints. A perfect example of balancing your IT security needs while maximizing your dollars is using a hosted or “in-the-cloud” model. A hosted model by definition means that you pay for a service you require that is hosted by a third party – similar to a utility (electric, cable etc) – in this case your IT security or areas of it.

Here are the advantages of hosted services and things to look for in a hosted security solution… keep in mind, that though I write this with security in mind, the hosted model is available for many other applications…and depending on your need and budget, you may want explore this option for more than just your IT security needs.
Advantages:

1.    No need to buy hardware or software– the vendor ‘hosts’ all of the service and carries the burden of owning the software and hardware. (saves your capital expenditure and you can now use your operational dollars).