Data Destruction News
November 2010   VOLUME 6 ISSUE 9  
HOME
CONTENTS
Show Us Some Love and Vote for AccuShred
How to Protect Yourself From Medical Identity Theft
Ten Tips for Social Media Security
Probe: Prison Recycle Work Violated Safety Rules
Poll: Identity Theft Scarier than Internet Security
Federal Identity Theft Laws Put Employers At Risk For Heavy Penalties
Ten Tips for Social Media Security
Corporate Managers Express Concern About Information Age Security
by Klaus Majewski

Social media is growing in importance.According to Gartner, Inc. around 20 percent of business users will be usingthe so-called social networking services as their most important communicationtools by 2014. However, at the same time, IT and company managers are expressing growing concerns about security. 

Recent studies show that as many as 25% of companies have banned the use of social networks; whereas other sources set this figure as high as nearly 50 percent. Yet security concerns simultaneously limit the enormous potential that social media offers for marketing, sales and corporate communication. Stonesoft Corporation, a provider of integrated network security and business continuity solutions, shares ten tips that help organizations to use social media without compromising security. 

Ten tips for the safe use of social media:

1. Increase employee awareness - People can change the way they behave in social networks only if they are aware of the security risks. Therefore, organizations should inform their employees about the risks present in the social media and raise their awareness of the fact that even seemingly harmless information can reveal too much about the company or the person's private life. Providing continuous information about new threats and maintaining rules of conduct can further help with employee awareness. It is helpful to appoint a social media expert within the company who acts as a permanent contact for employees.   
    
2. Establish firm processes - Administrators need to remain up-to-date about the most recent risks on the Web. It is therefore advisable to establish firm processes that are systematically linked to daily workflows. For example, administrators should make sure to download the latest security updates. These seemingly mundane mechanisms enable IT administrators to identify network attacks in time or to avoid them altogether.  
 
 
3. Maintain a strong set of rules - With in-house guidelines, network administrators can define the network areas and applications that can be accessed by specific people at specific times. This makes it possible to control and monitor access to critical data, and to track such access at any time, which reduces the risk of information falling into wrong hands through unauthorised channels. Companies should also take compliance requirements into account. The important thing is to keep the policies up to date and adapt them to changing circumstances.
  
4. Block infected websites - Someone clicks on an infected website and downloads a Trojan - this can easily happen despite regular employee training. URL filters enable companies to block access to known malware and phishing websites, and this can also be applied to any other suspicious site on the Internet.  The filter function is kept continuously up-to-date by maintaining so-called blacklists and whitelists.
  
5. Use next-generation firewalls - Organizations should always keep their security technology up to date. For example, modern firewalls provide a comprehensive analysis of all data traffic. Deep traffic inspection makes it possible to monitor any type of data traffic, from Web browsing and peer-to-peer applications to encrypted data traffic in an SSL tunnel. In a process known as SSL inspection, the firewall decrypts the SSL data stream for inspectionand encrypts it again before forwarding the data to the network. This effectively protects workstations, internal networks, hosts and servers against attacks within SSL tunnels.  
 
6. Define access to business applications - Mobile users, partners and distributors often need to access a corporate network from the outside. Within this group, the use of social media can be monitored only on a very limited basis or not at all. This makes it even more important to assign the rights for defining all network access centrally, for example using an SSL VPN portal. At the same time, on the user level strong authentication via single sign-on makes the administrator's work easier. As a result, a single login enables users to access only the network areas and services for which they are authorised.  

7. Protect against vulnerability - Vulnerabilities present a special challenge to any network. In addition, attacks on vulnerabilities via the social Web services are increasing. An Intrusion Prevention System (IPS), such as StoneGate IPS from Stonesoft, can act as a protective barrier. An IPS automatically prevents attacks by worms, viruses or other malware. Once an attack has been identified, the IPS immediately stops it and prevents it from spreading in the network. The system also enables virtual patching of servers and services by securing threatened servers, which will then be patched during the next maintenance window. 
 
8. Securing the intranet - The intranet of every company contains highly sensitive information. These areas need to be isolated from the rest of the internal network by segmenting the intranet with firewalls. This enables the company to separate departments such as Finance or Accounting from the rest of the intranet and thereby prevent infections from penetrating these critical segments of the corporate network.  

9. Include mobile devices in the security policy - Many users navigate social web services with mobile devices such as laptops, PDAs and smart phones - the same devices they use to log into the corporate network. Administrators therefore need to include mobile devices in their security policies. This can be done, for example, with the assessment function, which checks the log-in device for the required security settings and for the presence of security-relevant software packages. This function checks, for example, whether the proper and latest host firewall is installed and whether both the operating system and antivirus software are up to date, as well as all patches. If one of these criteria is not met, the device is automatically denied access, or access may belimited. If necessary, mobile devices can be forwarded directly to a website containing the required updates. 

10. Use centralized management -Centralized management allows the administrators to manage, monitor and configure the entire network and all devices using a single management console. They can also view reports, for example about who has accessed which data at which time. This helps administrators to prevent attacks more effectively and to provide more efficient protection for applications at risk. At the same time, a central management console makes it possible to roll out and maintain standard security guidelines for the entire corporate network.  

"The increasing use of social media presents additional risks for corporate networks. Continuous employee training is limited in its ability to avoid new risks. On the other hand, internal network protection mechanisms that identify and terminate attacks in time are becoming more and more important. With a proper security strategy that combines employee training with the newest technologies, organizations of all sizes can benefit from the advantages of social networking," says Klaus Majewski, Vice President of Marketing at Stonesoft. 
 

While AccuShred was the first document shredding company to have profiles on Twitter, Facebook and LinkedIn, security - both in CyberSpace and in the Real World - remains our number one concern.  We are always cognizant of your privacy through our use of social media, and invite you to check out our profiles at www.twitter.com/accushred ; www.facebook.com/accushred ;www.linkedin.com/accushred.



[PRINTER FRIENDLY VERSION]
www.accushred.net or call (800) 747-3341
Published by AccuShred, LLC
Copyright 2010 AccuShred, LLC. All rights reserved.
Data Destruction News is sent to AccuShred customers and anyone who has expressed interest in our services. To stop receiving this newsletter, enter your email address in the subscription box appearing within the newsletter and choose the Remove option. Or, just click one of the links at the bottom of the email message.
TELL A FRIEND
Powered by IMN