This article appears courtesy of www.cioupdate.com

Social media is now as common as a cup of coffee. Millions of people each day visit Facebook or Twitter, or spend their time blogging or "wiki-ing" (if that's really even a word!). If those people, however, are your employees, you have to take it seriously.

According to the Nielsen Company, business social networking is becoming one of the predominant ways that people interact and communicate with one another professionally. In February 2009, social networking sites eclipsed personal e-mail in global reach.

While social media can be a good communication tool, there are obvious concerns and risks for corporations whose employees use it. Siphoning precious bandwidth is one concern, which can happen when a large number of employees are sharing the latest YouTube video. However, there are higher risks to be concerned with, which include or could result in cyber security data breeches and costly downtime. Over 65% of these security concerns are associated trols in place to deal with an incident or
event once it is detected.

Finally, when you think about the perimeter, don’t just think about technology. There are also social and physical elements. For example, a clean desk policy and confidential waste program (shredding) will ensure that printed material is destroyed properly and unauthorised personnel cannot copy or take pictures of documents and post them on social media sites.

Compliance
Compliance is set up within an organisation to ensure that proper controls are in place to protect customer data and comply with regulatory requirements. It’s not an option – it’s about being held accountable for the safety and security of a company’s and its customers’ confidential information. If you’re a credit card issuer, you must be compliant with PCI regulations. If you’re a healthcare organisation, you must be HIPPA compliant.

At a minimum, it’s important to be compliant within your industry. But due to social media, there are new challenges relative to security infrastructures and breeches, and new areas of concerns for compliance.

Social media is a vehicle that social engineers use to gain information on a company that otherwise would not be available.

To protect a company, you have to go beyond just patch policy and management, and configuration management. It’s about ensuring that the security devices protecting your company are up to date. And while many Unix and Windows servers have robust patch and configuration management systems, many of the security controls are not up to date.

In the end, it’s important to implement controls, verify that they are working, and produce the evidence in a relative frequency. And be sure that you can quickly identify the breech or vulnerability and take swift action to mitigate the incident.

By looking at these four essential areas within a company and implementing a comprehensive security program that “makes it real” for employees, you’ll be protecting the company and its employees, and your risk factor will start to decrease. For now, treat social media with respect because it’s here to stay. Keep an open mind, address the issues at hand, and be thorough with a program that speaks clearly, fills the obvious gaps and outlines consequences.

— Jeff Sizemore is director Product Management at Forsythe. Cisco, Symantec and EMC all recently named Forsythe Partner of the Year. This article has been printed with prior permission from http://www.cioupdate.com./

To see more articles regarding IT management best practices, please visit www.cioupdate.com.