- Social Media

Social Media Sites Pose Information Security Risk for Organizations

Organizations tend to attract best talent in the industry. Employees now expect flexible working hours, remote access, facility to work-from home, and access to social media sites. As such, businesses now face the challenge of providing anytime anywhere access to information. Therefore, organizations are now embracing new technologies such as cloud computing and enterprise 2.0 among others. However, information sharing must be secure to avoid disclosure of sensitive business information, unauthorized dissemination of customer information and leakage of business policies and practices. While access to social media sites facilitates networking, collaborations and establishing new contacts, they also pose information security risk for organizations.

The latest global information security survey by Ernst & Young has revealed greater use of third-party services and new technologies among organizations. While surveyed organizations are aware of the security risks involved, majority of them are not cognizant of their implications on information and have no plans to increase their expenditure on information security. Middle East and North Africa (MENA) region has witnessed increased customer interaction by government enterprises through Internet making them vulnerable to new security threats.

The increased use of mobile devices for official purposes has also raised concerns of data security. The proactive nature of businesses and transnational operations has created demand for remote access to privileged business information.

Privileged information may also be leaked by insiders by taking advantage of lax monitoring, security gaps and vulnerabilities in computer systems and networks. Generally, organizations conduct security evaluation through ethical hacking to understand the threats and to initiate counter measures. Organizations may allow restricted access to social media sites, restrict use of computers with privileged information to limited number of employees and improve monitoring mechanisms to protect information leakage.

However, organizations have no control on the devices used by the employees and other stakeholders at their end, while away from work. As such, there is a pressing need for expanding the information security framework to ensure privacy of customer information and security of privileged business information. information security professionals must update their skills and technical know-how to deal with the sophisticated threats in the IT environment.