Home
Social Networking and Information Security
Gurpreet Dhillon, Editor-in-Chief of JISSec comments on Information Security issues related with Social Networking
Social Networking and Information Security
by Gurpreet Dhillon, JISSec Editor-in-Chief
I am really surprised to see how any organization could allow it's employees to use social networking at work. It simply amounts to standing in the corridors and chatting with folks. Not only the employee ends up wasting their own tome, but are also disruptive to rest of the organization. Social networking mediums, such as Facebook, confound the problem. Besides "hanging around in a corridor" they also run the risk of being "overheard" by outsiders.
The question that arrises is – to what extent should organizations allow the use of social networking. Well, technically it is possible to limit the potential damage there might be. A user can be prevented from going directly to the web while being connected to internal applications. However a technical solution of this sort will not work unless corresponding rules are created – rules that deal with sharing of information, personal responsibilities and linking formal responsibility to accountability. After all the buck needs to stop somewhere.
In the end whatever sophisticated technical solutions or rule structures that may be created, if users are not aware of the threats and made technically competent in managing the privacy setting within social networking sites, risk are abound. While social networking applications have changed the behavior of people, irresponsible use and excessive blabbing can run the risk of getting socially engineered to reveal intellectual property. The mere presence of employees on social networking sites makes public a range of rather personal affiliations.
Volume 20, Number 1
