Jason E. High
Cyber Threat Specialist
Infosec Island has an excellent article this morning by Eric Cissorsky – Social Media and Security in the Enterprise. This is an excellent, in-depth look at the various risks posed by allowing social media access in the workplace. While reading through the article may make executives more inclined to just “turn off” access to social media altogether, the article is really just designed to get you to begin to think in a more structured way about your attack surface.
Security is all about limiting or eliminating threats to assets. Because social media has become such an integral part of our lives, I think that we tend not to think about the wide variety of risks that these sites present to our enterprise. Rather than just having a blanket policy either permitting or denying access to social media, organizations need to take a methodical approach to quantify the risk versus the benefit. Then, implement a structured, granular policy permitting access where it makes sense and denying where it doesn’t. Rather than scaring organizations into denying access to all social media, this article should prompt them to take a very thorough look at their policy and ensure that it lines up with the security posture that they are trying to attain.