Social media risks and controls
-
Upload
marc-vael -
Category
Social Media
-
view
105 -
download
1
Transcript of Social media risks and controls
![Page 1: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/1.jpg)
Marc Vael
Managing social media risks to an acceptable level
![Page 2: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/2.jpg)
![Page 3: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/3.jpg)
Definition of social media
The social interaction among people in which they create, share or exchange information and ideas in virtual communities and networks.
A group of Internet-based applications that build on the ideological and technological foundations of Web 2.0, and that allow the creation and exchange of user-generated content.
![Page 4: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/4.jpg)
Social media and technology
Social media depend on mobile and web-based technologies to create highly interactive platforms through which individuals and communities share, co-create, discuss, and modify user-generated content.
Social media introduce substantial and pervasive changes to communication between organizations, communities, and individuals.
![Page 5: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/5.jpg)
Example
![Page 6: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/6.jpg)
![Page 7: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/7.jpg)
![Page 8: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/8.jpg)
What makes social media social?
Social media differ from traditional or industrial media in many ways, including quality, reach, frequency, usability, immediacy, and permanence.
Internet users spend more time with social media sites than any other type of site. For content contributors, the benefits of participating in social media have gone beyond simply social sharing to building reputation and bringing in career opportunities and monetary income.
![Page 9: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/9.jpg)
What makes social media different?
• It’s very, very public • It’s amplified (one to many, many to many,
possibly millions) • It’s a continuous live conversation driven
by everyone. • It’s permanent (Twitter is now archived in
the U.S. Library of Congress) • It lacks much of the contextual information
of traditional media.
![Page 10: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/10.jpg)
![Page 11: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/11.jpg)
![Page 12: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/12.jpg)
Protiviti, 2013 IA Capabilities Needs survey
![Page 13: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/13.jpg)
Social media risksThreats and Vulnerabilities • Employee posting of pictures or information linking
them to the organisation Risks • Brand damage • Reputational damage • Legal contract damage Risk Mitigation Techniques • policy that specifies how employees may use organisation
related images, assets, and intellectual property (IP) in their online presence.
• awareness training and campaigns to inform employees on using social media sites
![Page 14: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/14.jpg)
![Page 15: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/15.jpg)
![Page 16: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/16.jpg)
Aanmaken van een vals sociaal media profiel leidt tot de volgende (gezamenlijke) juridische aanklachten:
1. Valsheid in informatica (artikel 210bis Sw.); 2. Belaging/stalking (artikel 442bis Sw.); 3. Laster en eerroof (artikel 443 Sw.); 4. Belaging via telecommunicatie (o.a. artikel 145 §3bis van de Wet van 13 juni 2005 betreffende de elektronische communicatie) 5. Aanmatiging van naam (231 Sw).
![Page 17: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/17.jpg)
![Page 18: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/18.jpg)
![Page 19: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/19.jpg)
Social media risksThreats and Vulnerabilities • Exposure to customers and organisation through fraudulent or
hijacked corporate presence Risks • Customer backlash/adverse legal actions • Exposure of customer information • Reputational damage • Targeted phishing attacks on customers or employees Risk Mitigation Techniques • brand protection firm scans & searches brand misuse. • periodic informational updates to customers to maintain awareness of
potential fraud and to establish clear guidelines regarding what information should be posted as part of enterprise social media presence.
• awareness training and campaigns to inform employees of the risks involved with using social media sites
![Page 20: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/20.jpg)
![Page 21: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/21.jpg)
![Page 22: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/22.jpg)
![Page 23: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/23.jpg)
![Page 24: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/24.jpg)
![Page 25: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/25.jpg)
![Page 26: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/26.jpg)
Social media risksThreats and Vulnerabilities • Mismanagement of electronic communications impacted by
retention regulations or e-discovery Risks • Regulatory sanctions and fines • Adverse legal actions Risk Mitigation Techniques • appropriate policies, processes, tools & technologies, training are in
place to ensure that communications via social media that may be impacted by litigation or regulations are tracked & archived appropriately.
• ensuring security protocols & audits are adequate • avoid publishing misleading tweets from consumers • depending on social media site, maintaining archives may or may
not be a recommended approach.
![Page 27: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/27.jpg)
![Page 28: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/28.jpg)
Once Upon a Time…
• Coastal photos taken by photographer Kenneth Adelman aspart of erosion documentation study
• Study commissionedby California Coastal Records Project and contained over 12,000 photographs later placed on Pictopia.com
• This image was descriptively named Image 3850
![Page 29: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/29.jpg)
The Streisand Effect is born• Barbara Streisand sued
photographer + sitefor invasion of privacyin 2003
• Photo was downloaded 6 times prior to suit (2 times by Streisand’s attorneys)
• Within a month of the lawsuit being filed, the photo was downloaded 420,000 times
• You can read the whole lawsuit at bit.ly/streisandlawsuit
![Page 30: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/30.jpg)
The Streisand Effect Irony
• “…the property is owned by an entity which cannot be traced, with any certainty, back to her.”
• “…Plaintiff’s living quarters are set back from the brink of the cliff…In fact, to catch a glimpse of [Plaintiff’s living quarters] one would have to walk a significant distance from the property either to the north or the south.”
• “…by entering the word ‘Streisand’ on the website’s own search engine, one is immediately taken to the detailed picture…”
![Page 31: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/31.jpg)
The Streisand Effect Case Outcome
• 45 page ruling against Streisand at bit.ly/streisandruling
• Court embarked on research from People Magazine (page 80 of March 9, 1998 issue) to California coastal history of the 1850s.
• The result:
![Page 32: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/32.jpg)
Social media risksThreats and Vulnerabilities • Introduction of viruses and malware to corporate network Risks • Data leakage/theft • “Owned” systems (zombies) • System downtime • Resources required to clean systems Risk Mitigation Techniques • antivirus & anti malware controls installed and updated. • content filtering technology to restrict or limit access. • controls installed on mobile devices such as smartphones. • social media policies & standards. • awareness training and campaigns to inform employees of the risks
involved with using social media sites. • regular audits
![Page 33: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/33.jpg)
Social media malware distribution
• Similar to other threats that can lead to downloading/ installing malware – Malicious ads – Clickjacking (“likejacking”) – Wall posts, inbox or chat messages with malicious
links from “Friends” (hijacked user account) – “My wallet was stolen and I’m stuck in Rome. Send
me cash now.” – Spam email pretending to be from social media
(facebook, twitter, linkedin) admins
![Page 34: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/34.jpg)
Social media malware distribution
URL Shorteners • bit.ly, TinyUrl, ReadThisURL, NotLong • Hides the true destination URL – no way to tell
where you’re going until you click!
http://www.hacker.com/badsite?%20infect-your-pc.html
is now
http://bit.ly/aaI9KV
![Page 35: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/35.jpg)
Social media malware distribution
3rd party apps • Games, quizzes, cutesie stuff • Untested by Facebook: anyone can write one • No Terms & Conditions: you either allow or you
don’t • Installation gives developers rights to look at
your profile and overrides your privacy settings!
![Page 36: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/36.jpg)
![Page 37: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/37.jpg)
Hollywood Celebrity iCloud picture incident
![Page 38: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/38.jpg)
![Page 39: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/39.jpg)
![Page 40: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/40.jpg)
OMG!
![Page 41: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/41.jpg)
![Page 42: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/42.jpg)
![Page 43: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/43.jpg)
![Page 44: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/44.jpg)
![Page 45: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/45.jpg)
![Page 46: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/46.jpg)
![Page 47: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/47.jpg)
Social media risksThreats and Vulnerabilities • Move to digital business model increases customer
service expectations Risks • Customer dissatisfaction with the responsiveness
received, leading to potential reputational damage for the organisation and customer retention issues
Risk Mitigation Techniques • adequate staffing to handle the traffic created from social
media presence. • notices with clear windows for customer response.
![Page 48: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/48.jpg)
Social media risksThreats and Vulnerabilities • Use of personal accounts to communicate work-related
information Risks • Privacy violations • Reputational damage • Loss of competitive advantage Risk Mitigation Techniques • policies address employee posting of work-related
information • awareness training and campaigns that reinforce policies.
![Page 49: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/49.jpg)
![Page 50: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/50.jpg)
![Page 51: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/51.jpg)
![Page 52: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/52.jpg)
![Page 53: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/53.jpg)
![Page 54: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/54.jpg)
![Page 55: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/55.jpg)
Moments
![Page 56: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/56.jpg)
• "Little do they know that the cheese was in his nose and that there was some lethal gas that ended up on their salami ... Now that's how we roll at Domino's."
• “We got blindsided by two idiots with a video camera and an awful idea … .”
![Page 57: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/57.jpg)
![Page 58: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/58.jpg)
![Page 59: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/59.jpg)
![Page 60: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/60.jpg)
Social media risksThreats and Vulnerabilities • Excessive employee use of social media in the workplace Risks • Network utilization issues • Productivity loss • Increased risk of defamation • Increased risk of exposure to viruses and malware due to
longer duration of sessions Risk Mitigation Techniques • awareness training and campaigns that reinforce policies • manage accessibility to social media sites via
– content filtering – limiting network throughput to social media sites.
![Page 61: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/61.jpg)
Social media risksThreats and Vulnerabilities • Unclear/undefined content rights to information posted to
social media Risks • Organisation’s loss of control/legal rights of information
posted to the social media sites • Unwanted contracts Risk Mitigation Techniques • legal & communications teams review user agreements for
social media sites that are being considered. • clear policies to employees and customers what information
should be posted as part of the organisation social media presence.
• (If feasible and appropriate) capability to capture & log all communications.
![Page 62: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/62.jpg)
Social media risksThreats and Vulnerabilities • Employee access to social media via organisation-supplied mobile
devices (smartphones, tablets, laptops,…) Risks • Infection of mobile devices • Data theft from mobile devices • Circumvention of corporate controls • Data leakage Risk Mitigation Techniques • route corporate mobile devices through corporate network filtering
technology to restrict or limit access to social media sites. • appropriate controls are installed & continuously updated on mobile
devices. • policies & standards regarding use of mobile devices to access social
media. • awareness training and campaigns to inform employees of the risks
involved with using social media sites
![Page 63: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/63.jpg)
By 2017, 40%
of enterprise contact information will have leaked into Facebook via employees' increased use of mobile device collaboration
applications.
![Page 64: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/64.jpg)
![Page 65: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/65.jpg)
“Not using social media in the workplace
is starting to make about as much sense as
not using the phone or email.” Ryan Holmes
![Page 66: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/66.jpg)
www.isaca.org/cobit
![Page 67: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/67.jpg)
![Page 68: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/68.jpg)
![Page 69: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/69.jpg)
Source: COBIT® 5, figure 15. © 2012 ISACA® All rights reserved.
![Page 70: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/70.jpg)
![Page 71: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/71.jpg)
Principles, policies & frameworks
![Page 72: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/72.jpg)
![Page 73: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/73.jpg)
![Page 74: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/74.jpg)
Protiviti, 2013 IA Capabilities Needs survey
![Page 75: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/75.jpg)
Protiviti, 2013 IA Capabilities Needs survey
![Page 76: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/76.jpg)
10 social media strategy questions1. What is the strategic benefit to leveraging social media? 2. Are all appropriate stakeholders involved in social media strategy
development? 3. What are the risks associated with social media and do the benefits
outweigh the costs? 4. What are the new legal issues associated with the use of social
media? 5. How will customer privacy issues be addressed? 6. How can positive brand recognition be ensured? 7. How will awareness training be communicated to employees and
customers? 8. How will inquiries and concerns from customers be handled? 9. Does the organisation have the resources to support such an
initiative? 10. What are the regulatory requirements that accompany the integration
of social media?
![Page 77: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/77.jpg)
![Page 78: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/78.jpg)
What to consider in a social media policy?• Who is going to manage social media in the organisation?
(consider a collaborative approach) • The nature of conduct that the employer seeks to protect
itself against • Who should such a policy apply to: the entire business or
levels within the business, suppliers, business partners contractors?
• The nature of control over social media use: a total ban, limited use, total accessibility?
• Authority limits or restrictions for use: is permission required, content pre-approval, who is responsible for such approvals?
• What can or cannot be discussed on social media forums ?
![Page 79: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/79.jpg)
What to consider in a social media policy?• What logos, icons, ideas can or cannot be published
on social media forums? • What disclaimers or other information must be
included when participating in a social media forum? • The nature of behaviour that is acceptable or
unacceptable? • When it is (not) acceptable to use or participate in a
social media forum? • Reporting any breach • Consequences of breach • Integration into existing policies.
![Page 80: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/80.jpg)
Review existing policies for social media implications• Code of Conduct / Ethics • Conflict of Interest • User agreements or term of use • Disclaimers • Linking agreement • License agreement • Logo use guidelines • Affiliation agreements
![Page 81: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/81.jpg)
![Page 82: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/82.jpg)
Advantages of a social media policy
• Provide guidelines for using social media: you can define what you consider appropriate
• Provide recourse as an employer if something does go wrong
• If you don’t have a policy in place you may find it hard to discipline staff for what you consider to be inappropriate use of social media
![Page 83: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/83.jpg)
Social media guidelines: in general
• Think about language & etiquette: nothing beats good manners
• Understand that every post is public: this is not a relationship between you & your computer!
• Consider information you are posting: is it confidential or private in any way?
• Think about consequences in terms of being “quoted out of context”
• Have systems in place for dealing with negative events.
![Page 84: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/84.jpg)
Social media guidelines: private vs public• Anything posted on social media should be
considered public – ie front page of the newspaper
• Know your privacy settings, especially on Facebook
• Be careful of “linking” private social media accounts to company accounts
• Share freely that which is public (and appropriate). • Think about location based social media
networking ie do you want your competition to know when you’re visiting clients?
![Page 85: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/85.jpg)
![Page 86: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/86.jpg)
Protiviti, 2013 IA Capabilities Needs survey
![Page 87: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/87.jpg)
Privacy basics
![Page 88: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/88.jpg)
Privacy basicsBasic principles: the Data controller
–collect & process personal data only when this is legally permitted
– respect certain obligations regarding the processing of personal data;
– respond to complaints regarding breaches of data protection rules;
–collaborate with national data protection supervisory authorities
Source: http://ec.europa.eu/justice/data-protection/
![Page 89: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/89.jpg)
Privacy basics• Personal data must be
– processed legally & fairly; – collected for explicit & legitimate purposes and used
accordingly; – adequate, relevant & not excessive in relation to the
purposes for which it is collected and/or further processed; – accurate & updated where necessary; – kept any longer than strictly necessary; – rectified, removed or blocked by the data subject if
incorrect; – Protected against accidental or unlawful destruction, loss,
alteration and disclosure, particularly when processing involves data transmission over networks.
Source: http://ec.europa.eu/justice/data-protection/
![Page 90: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/90.jpg)
Privacy basics & social mediaWho’s looking? • Parents • Friends & family • Friends of friends & family • Employers & co-workers • Customers • Universities • Marketing companies & vendors • Criminals & hackers • Government agencies • EVERYONE ELSE
![Page 91: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/91.jpg)
![Page 92: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/92.jpg)
Privacy basics & social media
![Page 93: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/93.jpg)
Privacy basics & social media
Dimensions • Privacy of Personal Communications • Privacy of Personal Data / Data Protection • Privacy of Personal Behaviour • Privacy of the Person Privacy concerns • Privacy-Abusive Data Collection • Privacy-Abusive Service-Provider Rights • Privacy-Abusive Functionality & User Interfaces
• Privacy-Abusive Data Exploitation
![Page 94: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/94.jpg)
Privacy basics & social media
DisincentivesImpediments
IncentivesStimulants
Attractors
Detractors
'turn-off' 'turn-on'
![Page 95: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/95.jpg)
![Page 96: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/96.jpg)
![Page 97: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/97.jpg)
Processes
![Page 98: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/98.jpg)
![Page 99: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/99.jpg)
![Page 100: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/100.jpg)
Social Media risk assessment
![Page 101: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/101.jpg)
Corporate governance : ERM = COSO
Organisational structure
![Page 102: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/102.jpg)
Roles involved in social media risk management
![Page 103: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/103.jpg)
![Page 104: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/104.jpg)
![Page 105: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/105.jpg)
Information
![Page 106: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/106.jpg)
![Page 107: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/107.jpg)
![Page 108: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/108.jpg)
Services, Infrastructure, Applications
![Page 109: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/109.jpg)
![Page 110: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/110.jpg)
![Page 111: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/111.jpg)
How much information?
![Page 112: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/112.jpg)
Social Media technological controls
• Technology can assist in policy enforcement, blocking, preventing or identifying potential incidents.
• Monitor social media via tools like Google Alerts, Social Mention, Twitter search,….
• Combination of web content filtering, which can block all access or allow limited access, and provide protection against malware downloads and end-user system antimalware, antivirus and operating system security to counter such attacks.
• A layered approach is optimal. • Tracking & reporting results
![Page 113: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/113.jpg)
Social Media technological controls
Electronic security • Viruses • False links • Spam • Phishing • Hackers • Web site security • Internet security • Electronic discovery
– Electronic information lasts forever
![Page 114: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/114.jpg)
Social Media technological controls
Personal security • Identity theft • Stalking • Cyber-bullying • Sextortion • Sexting • Predators
![Page 115: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/115.jpg)
Culture, Ethics, Behaviour
![Page 116: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/116.jpg)
Indicative Indicative Generation Birth-Years Age in 2014 Silent / Seniors 1910-45 70-100 Baby Boomers – Early 1945-55 60-70 Baby Boomers – Late 1955-65 50-60 Generation X 1965-80 35-50 Generation Y 1980-95 20-35 The iGeneration 1995- 0-20
The Generations of Computing Consumers
![Page 117: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/117.jpg)
Baby Boomers (50-70)• Handshake/phone, PCs came late, had to adapt to mobile phones• Work is Life, the team discusses / the boss decides, process-oriented
GenXs (35-50)• Grew up with PCs, email and mobile phones, hence multi-taskers• Work to Have More Life, expect payback from work, product-oriented
GenYs (20-35)• Grew up with IM/chat, texting and video-games, strong multi-taskers• Life-Work Balance, expect fulfilment from work, highly interactive
iGens (to 20)• Growing up with texting, multi-media social networking, networked games,
multi-channel immersion / inherent multi-tasking• Life before Work, even more hedonistic, highly (e-)interactive
The Generations of Computing Consumers
![Page 118: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/118.jpg)
The Privacy Attitudes of iGens
![Page 119: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/119.jpg)
The Privacy Attitudes of iGens
![Page 120: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/120.jpg)
The Privacy Attitudes of iGens
![Page 121: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/121.jpg)
The Privacy Attitudes of iGens
![Page 122: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/122.jpg)
0. People say 'the generation that has embraced 'reality TV' and Facebook see the world differently' ... 'Privacy is dead'
BUT 1. Young people are risk-takers, and 'have nothing to hide' 2. People become more risk-averse as they get older
and accumulate things that they want to hide 3. The big change has been the reach and the re-discoverability
of the text, the images and the video of youthful indiscretions 4. Many people have been exposed during 2005-12 5. As a result, iGens are more savvy about self-exposure 6. iGens will be more privacy-sensitive than their predecessors
The Privacy Attitudes of iGens
![Page 123: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/123.jpg)
Share appropriately
• Caution everyone about the information they share with family members.
• The greatest social media risks revolve around discussing: • company’s finances • strategies & goals • brand & trade secrets • proprietary research • unreleased advertising • personal information of employees or clients
• Different perceptions on social media communications – Unofficial communications (It’s private, isn’t it?...) – Ephemeral communications (Did we really say that?) – Anonymous communications (Catch me if you can!)
![Page 124: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/124.jpg)
Trust your gut feeling
• If you feel like you may have come upon information you are not authorized to have, err on the side of not using it.
• In other words: When in doubt, don’t. Once it’s out there, it’s out there forever.
• It’s truly better to be safe than sorry.
![Page 125: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/125.jpg)
When things look too good to be true
![Page 126: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/126.jpg)
![Page 127: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/127.jpg)
Be mindful about copyrights & trademarks
• Just because it is online, does not mean it is fair game.
• When in doubt, get permission to use another’s material.
![Page 128: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/128.jpg)
“More companies are discovering that an über-connected workplace is not just about implementing a new set of tools: it is also about embracing a cultural shift to create an open environment
where employees are encouraged to share, innovate and collaborate
virtually.” Willyerd & Meister, HarvardBusiness.org
![Page 129: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/129.jpg)
Ethical issues
Should you
friend
someone who
works for you?
Should you accept your
bosses’ friend request?
Should the company accept a jobstudent’s friend request?
How much should you research job applicants?
![Page 130: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/130.jpg)
People, Skills, Competencies
![Page 131: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/131.jpg)
Social media awareness and training programPersonal use in the workplace: • is it allowed? • nondisclosure/posting of business-related content • discussion of workplace-related topics • inappropriate sites, content or conversations Personal use outside the workplace: • nondisclosure/posting of business-related content • standard disclaimers if identifying the employer • dangers of posting too much personal information Business use: • is it allowed? • process to gain approval for use • scope of topics or information permitted to flow through this channel • disallowed activities (installation of applications, playing games, etc.) • escalation process for customer issues
![Page 132: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/132.jpg)
http://www.vvsg.be/Internationaal/Europa/Documents/FOD_Aanbevelingen%20gebruik%20sociale%20media_NL.pdf
![Page 133: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/133.jpg)
![Page 134: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/134.jpg)
![Page 135: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/135.jpg)
135
![Page 136: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/136.jpg)
![Page 137: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/137.jpg)
Social media costs
![Page 138: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/138.jpg)
![Page 139: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/139.jpg)
Social media ROI
1. Higher customer satisfaction and interaction through personalized webcare.
2. Know about (problems with) your new products and services faster.
3. Increase impact of own content. Without filter. 4. Strengthen your reputation. 5. Strengthen your relationships. 6. Strengthen your controls.
![Page 140: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/140.jpg)
Your social media controls are as strong …
… as their weakest link
![Page 141: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/141.jpg)
![Page 142: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/142.jpg)
![Page 143: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/143.jpg)
TWEETED
![Page 144: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/144.jpg)
![Page 145: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/145.jpg)
145
![Page 146: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/146.jpg)
![Page 147: Social media risks and controls](https://reader034.fdocuments.net/reader034/viewer/2022042615/55cdf9e4bb61ebdc5b8b4708/html5/thumbnails/147.jpg)
For more information… Marc Vael
President
http://www.isaca.org/ http://www.isaca.be/
Follow Marc Vael on Twitter http://twitter.com/marcvael
Join Marc Vael on Linkedin: http://www.linkedin.com/in/marcvael