Last week I became embroiled in an incident that played out on Twittter.
The details are not relevant here but suffice to say someone needed help and many wanted to give it.
It struck me then, and it strikes me now that there are a number of ways of taking a crisis from social media and getting Realtime support to resolve it
An obvious approach is 999 or 101 and contact the police fire ambulance Mountain rescue etc
The next could be just to go round and sort it yourself.
Another approach might be to exchange as much information as possible and hope someone online picks up the problem.
Others may chose not to seek help and perhaps just to watch and do nothing or just make abusive comments.
So the question I put to European colleagues last week was how should we manage this. I have already stated that a "twitter" squad is probably not required. After all Social Media is that, social not corporate. It may be privately owned but it acts as social space available to all subject to rules that are either company enforced or socially enforced. This is overlaid with legality as is every situation
So what could we do to make it easier to identify who needs help, why and get it to them.
Firstly there are barriers of confidentiality, balanced against urgency, there is a need to ensure that those who can help have the information they need to do the job. There is also the confidence that people have in the agencies or individuals concerned. I am not so naive to believe that every citizen holds all authorities in the highest esteem.
Would a simple way be to create a @999/@911 account that responders could follow, perhaps with a national identifier, eg @999UK and perhaps controlled access maybe
Over the next few weeks I will consult with colleagues on this issue and if you have read this and have a view please let me know by email, tweet or otherwise.
Thank you
This is my personal blog for issues that I will make comment upon, my own views. Feel free to comment or connect with me. AQL commissioned Ambassador for the Yorkshire Humberside Cyber security Information Sharing Partnership To join follow www.ncsc.gov.uk/CISP
Friday, 2 August 2013
Thursday, 2 May 2013
Social Media Together
Today i presented my thoughts at the Security Company SASIG event in Edinburgh. It turned out to be a useful debate and discussion about a range of organisations' approaches to Social Media and online security.
What was particularly surprising was the amount of correlation between what we are doing with policing and the approaches of other organisations including banking.
Since the Chatham House rule applied I will refer to generalities rather than specific comments from attendees
There seemed to be a number who ascribed to the following general challenges being faced by organisations with social media
In summary
There is a need to identify the Business benefits and disbenefits of use and also non-participation in social media
The challenge of creating an online corporate identity and retaining it.
Using social media to enhance both internal and external communications with staff and customers
Creating the right balance for personal empowerment
Designing or adapting to the most effective Social interaction
We had a useful discussion about the value of social media to corporate intelligence and the need to link it to existing non digital methods. In other words don't expect social media to replace other sources, more so to enhance and blend it's product. "Intelligence" translated as much to the commercial world as any public sector approach.
Clearly social media opens up a range of opportunities for the would-be attacker, whether internal or external, to cause damage to an organisation. Some ideas and issues discussed included
Know your enemy. Understand who would want to cause disruption and why. It could be an organised threat or it may just be a disgruntled employee or someone merely exercising their ability to use their skills for fun.
Strengthen the basics and in particular know what the internal rules are, and enforce them.
Identify the boundaries. Understand what people can do, build on creativity but be alive to loose cannons.
Spend time thinking about the next threat to your organisation or people. Consider what the impact might be on the next level of technology.
Put in place measures that will identify where people are leaking information, suspicious IP addresses for example.
We discussed the findings of the Legal and General Report, produced and trended in 2010
A valuable insight into risks associated with online social media and social engineering
http://www.legalandgeneral.com/_resources/pdfs/insurance/digital-criminal-2.pdf
Approaches to the more general issues associated with social media included
Building the existing security structures around the threat.
Being aware of comment about your organisation and addressing it whether positive or negative
Understanding the threat landscape and planning to change as the landscape changes
Engaging with customers and identifying their needs, wants and concerns at an early stage
The above represents a small selection of some of the discourse but the clear message for me was that literally, we are in this together. No agency, company or organisation, or sector has a monopoly on the best ideas. Only by sharing our thoughts suggestions and ideas across sector decides we will have an understanding of how best to relate to, respond to and benefit from social media.
A valuable lesson in avoiding the temptation to think that a single sector approach will always be the best.
What was particularly surprising was the amount of correlation between what we are doing with policing and the approaches of other organisations including banking.
Since the Chatham House rule applied I will refer to generalities rather than specific comments from attendees
There seemed to be a number who ascribed to the following general challenges being faced by organisations with social media
In summary
There is a need to identify the Business benefits and disbenefits of use and also non-participation in social media
The challenge of creating an online corporate identity and retaining it.
Using social media to enhance both internal and external communications with staff and customers
Creating the right balance for personal empowerment
Designing or adapting to the most effective Social interaction
We had a useful discussion about the value of social media to corporate intelligence and the need to link it to existing non digital methods. In other words don't expect social media to replace other sources, more so to enhance and blend it's product. "Intelligence" translated as much to the commercial world as any public sector approach.
Clearly social media opens up a range of opportunities for the would-be attacker, whether internal or external, to cause damage to an organisation. Some ideas and issues discussed included
Know your enemy. Understand who would want to cause disruption and why. It could be an organised threat or it may just be a disgruntled employee or someone merely exercising their ability to use their skills for fun.
Strengthen the basics and in particular know what the internal rules are, and enforce them.
Identify the boundaries. Understand what people can do, build on creativity but be alive to loose cannons.
Spend time thinking about the next threat to your organisation or people. Consider what the impact might be on the next level of technology.
Put in place measures that will identify where people are leaking information, suspicious IP addresses for example.
We discussed the findings of the Legal and General Report, produced and trended in 2010
A valuable insight into risks associated with online social media and social engineering
http://www.legalandgeneral.com/_resources/pdfs/insurance/digital-criminal-2.pdf
Approaches to the more general issues associated with social media included
Building the existing security structures around the threat.
Being aware of comment about your organisation and addressing it whether positive or negative
Understanding the threat landscape and planning to change as the landscape changes
Engaging with customers and identifying their needs, wants and concerns at an early stage
The above represents a small selection of some of the discourse but the clear message for me was that literally, we are in this together. No agency, company or organisation, or sector has a monopoly on the best ideas. Only by sharing our thoughts suggestions and ideas across sector decides we will have an understanding of how best to relate to, respond to and benefit from social media.
A valuable lesson in avoiding the temptation to think that a single sector approach will always be the best.
Subscribe to:
Posts (Atom)
Popular Posts in last 7 Days
-
In the recent drive to create the Big Society there is a risk that we convince ourselves that this is an entirely new concept and so denigr...
-
A few days ago the Register published an article about the waste of £20million pounds on Cyber Prevention. http://www.theregister.co.uk/2016...
-
So Saturday was the Big March. Anywhere between 300 and 500,000 peaceful protesters protesting. All magnificently managed by the Met suppo...
-
The Apple FBI saga The disagreement over Apple and the FBI has become a microcosm of the world of cyber and digital crime. Warrant...
-
Today we had an excellent day with Microsoft looking at a range of issues. They were helpful and challenging as were my staff. So despite wh...
-
Last week ACPO brought some people together to look at the way we are addressing Social Media. Or should we call it Social Networking? I wi...
-
Ransomware Seminar 19th May 09.30-11.30 Ransomware is now one of the biggest threats to industry, charities, health and citizens. Fin...
-
Having done the annual trip up the Mt Ventoux, I thought I would try out a route I have favoured for some time but not completed. The Tou...
-
Tomorrow is Safer Internet Day which focuses on keeping people safe online. That level of safety also applies to Business. Whatever size of ...
-
This week I attended a seminar on how to be a SIRO, Senior Information Risk Owner In other words how to protect the organisation from data a...