Censoring Social Media to Reduce Risk

With the advent of social media, personal and professional identities are beginning to blend together. I am linked, I tweet and am face booked. I have my own space; I can Skype and even FaceTime. By accessing all these sites, my professional and personal lives seem to be getting in the way of each other. In fact, my personal and professional identities are melding. My friends know what I am doing at work, and my work associates can view my personal life. LinkedIn associates can find me on Facebook, and my Facebook friend reach out to me in LinkedIn. My social friends now know what organizations I belong to professionally and vice versa. Pictures of social events can be seen by work associates, and my Tweets appear on my Facebook and LinkedIn pages.

As a security professional, the blending of personal and professional identities is a concern. It creates new risks for both the individual and corporation identities. The combined social networks expose our personal lives to our corporate regulators, and our personal contacts and associations expose corporate entities to virtual risks related to passwords, proprietary information and network attacks.

The merger of an individual’s personal life and professional life exposes character information to the corporate entity more than ever before. Individuals do not always realize the impact of their social postings and how it can affect their job search or continued employment. Today, an employer can see who the applicant’s friends are, his/her personal interests, how much they party and with whom. HR can determine political persuasion from Tweets and get a very clear employment history from LinkedIn.

Access control is another concern when entwined within the social network scene. The merger of social and professional associations increases the potential for hackers to infiltrate corporate networks. All of us struggle with creating and remembering passwords for all of the sites, plus work systems. Often people use the same password for their social and professional logons. Hackers now target social networks to obtain passwords for bank accounts and other systems. And it is not uncommon for a hacker to sell stolen passwords for fraudulent purposes.

Additionally, there are persons out there who are interested in gaining access into corporations to hear about new products and obtain information on client lists. In today’s competitive marketplace, it is safe to assume that there is always someone looking to obtain information to give them a competitive edge. Hackers scan social networking sites to see the activity of employees that work in a targeted company. This new form of industrial espionage has allowed wrongdoers to easily collect information that in the past required theft or other crimes. Hackers are successful because social networkers, in an effort to impress or provide daily content, find themselves accidentally disclosing information about a product or customer.

Lastly, corporate IT departments have struggled with allowing employees to access social media sites during work hours and on corporate devices because of the chance of an employee downloading a virus or malware. Many people had clicked on an ad or notification that transmits a virus throughout the network or device. Some of these corporate attacks have intentionally targeted employees who work in specific corporations.

So how can we prevent identity compromise and unauthorized access into corporate networks? We all can help protect our personal and corporate identities by first looking at the passwords we use. In order to protect both our corporate and personal devices, network passwords should be different. For example, I have a separate single password for all of my social networks, one for my personal banking, etc. and one for my corporate systems.

For my Facebook and LinkedIn accounts I have reviewed and understand all of the security settings. Only my friends and personal contacts can see my entire profile. I never reference what I am doing at work, and I make sure that when I travel for work I do not “Check In” at any restaurant or place, except on social occasions. When I post, I do so to reference a particular article, or comment on an existing post.

I never, ever open a site or download from any social network, even if it is from a friend. If I am interested in it, I go to the website and check it out first, or I ask my friend about any problems with it. These few simple tricks can mean the difference between getting hacked, getting hired, promoting a virus and letting your competition know the next best thing your company is promoting.

Bernard J. Scaglione, CPP, CHPA, CHSP is the Director of Healthcare Security Services for G4S Secure Solutions. He has 30 years of experience in the healthcare security field including a Master’s Degree from Rutgers University School of Criminal Justice in New Jersey. Ben currently serves on the Board of the International Association for Healthcare Security and Safety (IAHSS). He served on IAHSS Education Council from 2005 until 2011. Ben is past Chairman of the ASIS International Healthcare Council and the Past President of the New York City Metropolitan Healthcare Safety and Security Directors Association. He has been a columnist for Security Magazine and contributing author for the Journal of Healthcare Protection Management. Ben was an adjunct faculty member at Pratt Institute in New York teaching engineers and architects in physical security. He taught at Interboro Institute in New York and at New Jersey City University. He was also an instructor at John Jay College Peace Officer Academy.

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.