Today i presented my thoughts at the Security Company SASIG event in Edinburgh. It turned out to be a useful debate and discussion about a range of organisations' approaches to Social Media and online security.
What was particularly surprising was the amount of correlation between what we are doing with policing and the approaches of other organisations including banking.
Since the Chatham House rule applied I will refer to generalities rather than specific comments from attendees
There seemed to be a number who ascribed to the following general challenges being faced by organisations with social media
In summary
There is a need to identify the Business benefits and disbenefits of use and also non-participation in social media
The challenge of creating an online corporate identity and retaining it.
Using social media to enhance both internal and external communications with staff and customers
Creating the right balance for personal empowerment
Designing or adapting to the most effective Social interaction
We had a useful discussion about the value of social media to corporate intelligence and the need to link it to existing non digital methods. In other words don't expect social media to replace other sources, more so to enhance and blend it's product. "Intelligence" translated as much to the commercial world as any public sector approach.
Clearly social media opens up a range of opportunities for the would-be attacker, whether internal or external, to cause damage to an organisation. Some ideas and issues discussed included
Know your enemy. Understand who would want to cause disruption and why. It could be an organised threat or it may just be a disgruntled employee or someone merely exercising their ability to use their skills for fun.
Strengthen the basics and in particular know what the internal rules are, and enforce them.
Identify the boundaries. Understand what people can do, build on creativity but be alive to loose cannons.
Spend time thinking about the next threat to your organisation or people. Consider what the impact might be on the next level of technology.
Put in place measures that will identify where people are leaking information, suspicious IP addresses for example.
We discussed the findings of the Legal and General Report, produced and trended in 2010
A valuable insight into risks associated with online social media and social engineering
http://www.legalandgeneral.com/_resources/pdfs/insurance/digital-criminal-2.pdf
Approaches to the more general issues associated with social media included
Building the existing security structures around the threat.
Being aware of comment about your organisation and addressing it whether positive or negative
Understanding the threat landscape and planning to change as the landscape changes
Engaging with customers and identifying their needs, wants and concerns at an early stage
The above represents a small selection of some of the discourse but the clear message for me was that literally, we are in this together. No agency, company or organisation, or sector has a monopoly on the best ideas. Only by sharing our thoughts suggestions and ideas across sector decides we will have an understanding of how best to relate to, respond to and benefit from social media.
A valuable lesson in avoiding the temptation to think that a single sector approach will always be the best.
This is my personal blog for issues that I will make comment upon, my own views. Feel free to comment or connect with me. AQL commissioned Ambassador for the Yorkshire Humberside Cyber security Information Sharing Partnership To join follow www.ncsc.gov.uk/CISP
Thursday, 2 May 2013
Subscribe to:
Post Comments (Atom)
Popular Posts in last 7 Days
-
Ransomware Seminar 19th May 09.30-11.30 Ransomware is now one of the biggest threats to industry, charities, health and citizens. Fin...
-
I am helping Leeds University with a business Cybercrime Survey go to www.bit.do/cybersurvey to complete it or use the QR code. Many tha...
-
#SID2016 is a great opportunity for take schools to take stock and consider whether they are meeting current educational online requireme...
-
I know I have just done one blog but there is a phrase in it that I think needs a little explanation as I think it really does sum up the ch...
-
Following last week’s launch of The Cyber Security Breaches Survey which found that one in four large firms are experiencing a cyber br...
-
In the recent drive to create the Big Society there is a risk that we convince ourselves that this is an entirely new concept and so denigr...
-
Fancy climbing a hill at night to take part in an amazing spectacle and raise money for a fantastic charity? I ran a simi...
-
Many people are told when they call the police to report a fraud, especially a cyber based one that they should call ActionFraud or report ...
-
Having experienced a range of public violence in Btistol Bradford Birmingham and Harmondsworth I feel enabled to comment in support of the v...
-
The advice I was given at the start of blogging was to mix it up So what do I listen to at the gym, plug in, turn up the volume and rip it...
The police service is arguably the most forward thinking of all public sector organisations in using social media effectively, particularly around community engagement.
ReplyDeleteFor people who are interested, I have summarised the way UK police services use Twitter here: http://www.russellwebster.com/Blog/?p=337 and how police services are becoming increasingly sophisticated at using social media for detecting crime here: http://www.russellwebster.com/Blog/?p=428