point
The Smart Techie was renamed Siliconindia India Edition starting Feb 2012 to continue the nearly two decade track record of excellence of our US edition.

Security Challenges in Using Social Media

Gary Bahadur
Wednesday, January 5, 2011
Gary Bahadur
Social media sites have gained popularity in the past ten years as a medium to keep in contact with loved ones, business associates and friends. However, there can be drawbacks to the usage of the said media when one is employed in certain career fields, such as the healthcare industry. Utilizing social media networks can inadvertently give way to the sharing of confidential patient information with people that may not have a need to know which would then cause the company to violate HIPAA Security Rule compliance. The compliance risks increase with uncontrolled social media utilization.

Social Media has become part of the user community several years ago. Today we have social media in the corporate environment. The main problem we have is how social media has evolved. It has evolved to become a bottom up approach. By bottom up I mean that the consumer has determined how to use a technology and the corporation is playing catch up. But the social norms that are appropriate for a consumer “product” are not appropriate in a corporate environment.

Social media applications are not just a part of one’s personal lifestyle; this has also become incorporated in the corporate climate. Many places use social media applications for marketing, file sharing, communication, and employee recruitment. While these applications can open up a great many doors for communication, some form of guidance or governance is necessary. Because banning the use of such sites is most likely unenforceable or impractical, a hospital or other such entity that must shield private information should at least ask or force their employees to adhere to some Social Media Policy guidelines.

We can take a lot of security requirement from traditional IT security practices. For instance, when utilizing social networking sites, one should use separate passwords for the different sites, as an individual can easily hack all of one’s accounts if they know the one password. A security breach of one account could snowball. Passwords should be complex and change every 90 days. Accessing social media sites should be over SSL and only from trusted network connections, not coffee shops especially for business purposes!
When looking at confidential information, apply the same security requirements. A company would let an employee send out confidential information to someone who didn’t have authority to read it, so when using social media sites, do not let your employees post information that is confidential. In order to block them from doing that, you have to have social media monitoring tools in place to actually know what information employees are posting on the Internet.

Another thing one should not do is post his or her own identifying information publicly, such as date of birth, his or her social security number, or an employee ID number. If a site requires this information, 1) it is most likely not a reputable site, and/or 2) one could make something up or ensure that it is not going to be displayed in a profile that will be public. If your employees post too much personal information about themselves and your company, this could entice an attacker to try and gain access to your company with the information the employee has posted.

Share on Twitter
Share on LinkedIn
Share on facebook