Social media threats are on the rise. In such a scenario, how should enterprises build a social media strategy?

We do see a growing trend wherein companies are adopting social media applications to improve collaboration between employees and partners and to build better relationships with customers.

Information is the most valuable asset to Indian enterprises. However, it is also the most vulnerable asset, since a data breach can impact an organisation negatively.

Today’s organisations need to manage risk proactively, protecting not just the infrastructure that data resides in, but also the information itself. Enterprises require a holistic information security and management strategy, which is risk-based and policy-driven, information-centric and operationalised across a well-managed infrastructure. Enterprises need solutions that can help them develop and enforce policies, manage systems efficiently, protect information and identities and protect the infrastructure.

Some of the best practices that companies can follow include:

Begin with a formal and well-understood policy for employees’ use of public sites like popular social networking portals.

Monitor managed and unmanaged endpoints, on or off the network

Notify employees when they try to send confidential data outside of the company

Like all corporate communications, define how to use social media and train employees regarding appropriate content to post

Identify and understand legal or regulatory requirements specific to your industry, and implement policies to address regulations that call for retention of social media content

Consider deploying an archiving solution that enables the automatic capture and retention of social media content, especially if your industry is highly regulated

Implement a data loss prevention solution to provide another layer of protection to prevent confidential and proprietary information from bleeding out of the company onto social network.

Enterprises should have a sustainable program that allows them to measurably reduce risk of a data breach, demonstrate regulatory compliance and safeguard customer privacy, brand equity and intellectual property.

With social networking growing exponentially, enterprises need to consider both the risks and opportunities presented by this phenomenon. Opening the doors to public sites also means facing the challenges associated with supervisory and data retention requirements. The good news is that tools exist to help organisations gain the real business benefit from these sites, where employees, customers, and partners increasingly interact, while balancing the inherent risks associated with their use.

In order to secure this new age, Symantec has been assembling a set of solutions that bring together identity and device security, information protection, context and relevance and the benefits from leveraging the cloud – the critical enablers of confidence in a connected world.

What are the various threats that you've observed over the use of social media?

As organisations increasingly share business related information on social networks to communicate with customers, partners and employees, the risk of publishing confidential information also increases.

We recently commissioned a survey to gauge the impact of corporate using social networking sites-the Symantec 2011 Social Media Protection Flash Poll.

The findings clearly indicate a growing trend amongst enterprises engaging in social media and falling victims to various related incidents that may result in serious consequences from reputation loss to loss of confidential information. In particular we would like to focus on:

The top three social media incidents the typical enterprise experienced over the last year:

Employees sharing too much information in public forums (46 percent),

The loss or exposure of confidential information (41%),

Increased exposure to litigation (37%)

Technology has a role to play here with solutions that can protect and archive the information making it recoverable in case of any regulatory /compliance need.  Information protection will need to go beyond just the current set up to integrate the new medium and automate the process to ensure better access controls.

It’s more important than ever for companies to have controls in place to capture social information to comply with open records requests, industry regulations such as the supervision requirements and the eventuality of an eDiscovery request.

How can organisations safeguard their confidential data and reputation while allowing access to social media?

Symantec offers recommendations to the organisations that plan to deploy social media. They are:

• Like all corporate communications, organisations must define how to use social media and train employees regarding appropriate content to post
• Organisations must identify and understand legal or regulatory requirements specific to your industry, and implement policies to address regulations that call for retention of social media content

Organisations must consider deploying an archiving solution that enables the automatic capture and retention of social media content, especially if your industry is highly regulated. Keeping this in mind, Symantec recently announced the availability of Enterprise Vault 10, the new version of its email and content archiving software that now features Symantec's data loss prevention technology. Another new feature of Enterprise Vault 10 is the ability to archive all social media interactions for compliance and eDiscovery purposes. This prevents data getting leaked outside organisations.