Today i presented my thoughts at the Security Company SASIG event in Edinburgh. It turned out to be a useful debate and discussion about a range of organisations' approaches to Social Media and online security.
What was particularly surprising was the amount of correlation between what we are doing with policing and the approaches of other organisations including banking.
Since the Chatham House rule applied I will refer to generalities rather than specific comments from attendees
There seemed to be a number who ascribed to the following general challenges being faced by organisations with social media
In summary
There is a need to identify the Business benefits and disbenefits of use and also non-participation in social media
The challenge of creating an online corporate identity and retaining it.
Using social media to enhance both internal and external communications with staff and customers
Creating the right balance for personal empowerment
Designing or adapting to the most effective Social interaction
We had a useful discussion about the value of social media to corporate intelligence and the need to link it to existing non digital methods. In other words don't expect social media to replace other sources, more so to enhance and blend it's product. "Intelligence" translated as much to the commercial world as any public sector approach.
Clearly social media opens up a range of opportunities for the would-be attacker, whether internal or external, to cause damage to an organisation. Some ideas and issues discussed included
Know your enemy. Understand who would want to cause disruption and why. It could be an organised threat or it may just be a disgruntled employee or someone merely exercising their ability to use their skills for fun.
Strengthen the basics and in particular know what the internal rules are, and enforce them.
Identify the boundaries. Understand what people can do, build on creativity but be alive to loose cannons.
Spend time thinking about the next threat to your organisation or people. Consider what the impact might be on the next level of technology.
Put in place measures that will identify where people are leaking information, suspicious IP addresses for example.
We discussed the findings of the Legal and General Report, produced and trended in 2010
A valuable insight into risks associated with online social media and social engineering
http://www.legalandgeneral.com/_resources/pdfs/insurance/digital-criminal-2.pdf
Approaches to the more general issues associated with social media included
Building the existing security structures around the threat.
Being aware of comment about your organisation and addressing it whether positive or negative
Understanding the threat landscape and planning to change as the landscape changes
Engaging with customers and identifying their needs, wants and concerns at an early stage
The above represents a small selection of some of the discourse but the clear message for me was that literally, we are in this together. No agency, company or organisation, or sector has a monopoly on the best ideas. Only by sharing our thoughts suggestions and ideas across sector decides we will have an understanding of how best to relate to, respond to and benefit from social media.
A valuable lesson in avoiding the temptation to think that a single sector approach will always be the best.
The police service is arguably the most forward thinking of all public sector organisations in using social media effectively, particularly around community engagement.
ReplyDeleteFor people who are interested, I have summarised the way UK police services use Twitter here: http://www.russellwebster.com/Blog/?p=337 and how police services are becoming increasingly sophisticated at using social media for detecting crime here: http://www.russellwebster.com/Blog/?p=428