Today i presented my thoughts at the Security Company SASIG event in Edinburgh. It turned out to be a useful debate and discussion about a range of organisations' approaches to Social Media and online security.
What was particularly surprising was the amount of correlation between what we are doing with policing and the approaches of other organisations including banking.
Since the Chatham House rule applied I will refer to generalities rather than specific comments from attendees
There seemed to be a number who ascribed to the following general challenges being faced by organisations with social media
In summary
There is a need to identify the Business benefits and disbenefits of use and also non-participation in social media
The challenge of creating an online corporate identity and retaining it.
Using social media to enhance both internal and external communications with staff and customers
Creating the right balance for personal empowerment
Designing or adapting to the most effective Social interaction
We had a useful discussion about the value of social media to corporate intelligence and the need to link it to existing non digital methods. In other words don't expect social media to replace other sources, more so to enhance and blend it's product. "Intelligence" translated as much to the commercial world as any public sector approach.
Clearly social media opens up a range of opportunities for the would-be attacker, whether internal or external, to cause damage to an organisation. Some ideas and issues discussed included
Know your enemy. Understand who would want to cause disruption and why. It could be an organised threat or it may just be a disgruntled employee or someone merely exercising their ability to use their skills for fun.
Strengthen the basics and in particular know what the internal rules are, and enforce them.
Identify the boundaries. Understand what people can do, build on creativity but be alive to loose cannons.
Spend time thinking about the next threat to your organisation or people. Consider what the impact might be on the next level of technology.
Put in place measures that will identify where people are leaking information, suspicious IP addresses for example.
We discussed the findings of the Legal and General Report, produced and trended in 2010
A valuable insight into risks associated with online social media and social engineering
http://www.legalandgeneral.com/_resources/pdfs/insurance/digital-criminal-2.pdf
Approaches to the more general issues associated with social media included
Building the existing security structures around the threat.
Being aware of comment about your organisation and addressing it whether positive or negative
Understanding the threat landscape and planning to change as the landscape changes
Engaging with customers and identifying their needs, wants and concerns at an early stage
The above represents a small selection of some of the discourse but the clear message for me was that literally, we are in this together. No agency, company or organisation, or sector has a monopoly on the best ideas. Only by sharing our thoughts suggestions and ideas across sector decides we will have an understanding of how best to relate to, respond to and benefit from social media.
A valuable lesson in avoiding the temptation to think that a single sector approach will always be the best.
This is my personal blog for issues that I will make comment upon, my own views. Feel free to comment or connect with me. AQL commissioned Ambassador for the Yorkshire Humberside Cyber security Information Sharing Partnership To join follow www.ncsc.gov.uk/CISP
Thursday, 2 May 2013
Subscribe to:
Post Comments (Atom)
Popular Posts in last 7 Days
-
In the recent drive to create the Big Society there is a risk that we convince ourselves that this is an entirely new concept and so denigr...
-
A few days ago the Register published an article about the waste of £20million pounds on Cyber Prevention. http://www.theregister.co.uk/2016...
-
So Saturday was the Big March. Anywhere between 300 and 500,000 peaceful protesters protesting. All magnificently managed by the Met suppo...
-
The Apple FBI saga The disagreement over Apple and the FBI has become a microcosm of the world of cyber and digital crime. Warrant...
-
Today we had an excellent day with Microsoft looking at a range of issues. They were helpful and challenging as were my staff. So despite wh...
-
Last week ACPO brought some people together to look at the way we are addressing Social Media. Or should we call it Social Networking? I wi...
-
Ransomware Seminar 19th May 09.30-11.30 Ransomware is now one of the biggest threats to industry, charities, health and citizens. Fin...
-
Having done the annual trip up the Mt Ventoux, I thought I would try out a route I have favoured for some time but not completed. The Tou...
-
Tomorrow is Safer Internet Day which focuses on keeping people safe online. That level of safety also applies to Business. Whatever size of ...
-
This week I attended a seminar on how to be a SIRO, Senior Information Risk Owner In other words how to protect the organisation from data a...
The police service is arguably the most forward thinking of all public sector organisations in using social media effectively, particularly around community engagement.
ReplyDeleteFor people who are interested, I have summarised the way UK police services use Twitter here: http://www.russellwebster.com/Blog/?p=337 and how police services are becoming increasingly sophisticated at using social media for detecting crime here: http://www.russellwebster.com/Blog/?p=428