In our previous post we covered some of the important risks that could affect a corporation through internet access. Here we look at some of the ways you can reduce that risk. Of course, the best mitigation would be simply to block internet access for all employees however it’s unlikely that would be good for staff retention or morale. Besides nowadays many of us need web enabled applications and email simply to perform our job roles.
So if we accept that allowing access to the internet is inevitable then it’s important that users read and accept your internet usage policies. Also they should follow common-sense guidelines when they are online in order to reduce those security risks to a minimum. These should be distributed to all staff ideally before their user account is created and internet access granted. Also staff who work remotely or outside the physical location should be included too. This could be important because if they have access to a remote access server, their online activities will still be linked back to the corporate digital network. For example. users can access a VPN server like this to do things like watch BBC iPlayer from Spain or stream from digital media sites.
Educating users about the potential business risks and impacts associated with blogging and social networking. Raising user awareness is an essential partner to the organisations policy and standards and should ensure that the potential dangers are known to employees who may use such sites. This will also help employees in their safe use of such services when at home.
Avoiding problems with blogging and social networking sites A number of checks may be applied that will help organisations and their employees avoid problems:
- Verify if the organisation has a relevant policy and the extent to which this applies
- Ensure that Social Networking and Blogging risks are considered within the overall approach to information risk assessment and management
- When registering with a website, understand what you are signing up to and importantly what security and confidentially claims and undertakings exist
- Watch for add-ons i.e. additional features or applications that change the terms and conditions of what you have signed up for, or that may require changes to the security settings of your devices
Withhold personal details that you do not want to be made public
- Avoid loading work related information to blogging or social networking sites
- Examine carefully any email coming from social networking sites or contacts as these may be unreliable containing malicious code or be spoofed to look as though they are authentic
This list is not complete and indeed it’s almost impossible to keep up to date completely. However the general principles should apply through all technological changes and developments. It should be stressed wherever possible that all communications and opinions expressed online are clearly defined as belonging to the individual. Many companies actually insert disclaimers and text into their email footers and even on any text that is posted through a corporate proxy server. This means that any employee wherever they work will be included in this policy even if they worked from Australia through a VPN.