Facebook Feed

07/20/2010

Do you know the security settings on your electronic tools (toys)?

A Raccoon at Cologne ZooImage via Wikipedia

Blogging will be a little light this week as I'm focused on keeping a cabin of nine 8 & 9 year old boys from being carried into the deep woods by some of the fattest raccoons known to man.

This weekend one of the neighborhood boys started posting pictures from his new camera on Facebook.  With each picture was a caption underneath with CB#5551234567.

These new electronic devices whether for work or play are fantastic and loaded with a lot of features.  Unfortunately some of them have the features on by default so without knowing you can be sharing personal information without knowing.

With my focus on family this week I want to suggest that you take a quick look through the manuals for all of your electronic toys and tools.  And those for your family as well.

And as you acquire additional weapons in your electronic arsenal make sure you continue to look into the extra features for security and privacy settings.

It is one thing to knowingly share location or phone numbers.  It is something else entirely to not even know you are sharing with the world.

By the way this is one of the topics we'll be discussing at our Social Media Security lunch and learn on August 8th.  Want to learn about the Dangers of Social Media and How to Keep Yourself Out of Trouble?  Register soon, we'll have lunch, learning and networking with other busy professionals.

Enjoy the week!

Enhanced by Zemanta

Posted by at 08:01 AM in Events, Facebook, Information Security Basics, Secure Value | | Comments (0) | TrackBack (0)

| | |

06/24/2010

Social media security is a business policy issue NOT a technical security issue

Bowl of cloudsImage by kevindooley via Flickr

Social media security and risk management is a business and communication policy issue NOT a technical issue.  Assign responsibility to a business leader and not IT or information security staff.


This week at the Gartner Group's Security and Risk Management Summit, Gartner research director Andrew Walls dropped a contrary statement on the heads of the information security and risk management employees in his workshop.  Summarized (from reports on his presentation available on the Internet) he asserted that:

Information security professionals worried about malware, phishing, and information leakage who try to take control or block social media use by employees are treading into water that is similar to monitoring employee's home use of the telephone.

The malware, phishing and other attacks against the social media front are the same attacks that we see against email.  Logically, if we are going to block social media why are we not considering blocking email? (NOTE:  Because we need it to run and grow our businesses).

At the root of concerns about social media are concerns about its drain on employee productivity.  Employee productivity is not a charter concern for information security.  It is a management issue.

While the information security and risk management blogosphere lights up with arguments about whether Andrew Walls is on target or off his rocker I wanted to bring the discussion into the realm of the entrepreneur and emerging business management professionals.  

I think Walls is dead on.

Too many times I see a communications topic or business process topic turned into a technical topic because it involves technologies unfamiliar to the business manager. 

Twitter, Facebook, twits, followers, friends, fans, Zemanta, wiki, widgets  .... and so on sounds technical and something the CIO, IT manager or that smart young kid on the help desk should be working on.

But if I boiled it down to communications channels (Twitter, Facebook, LinkedIn, etc.), conversations (twits, posts, etc.) and customers (followers, friends, fans) you could have the conversation.  And you'd want to have the conversation if not control it altogether.

Though Walls' message was to information security and risk management professionals managers and leaders in the small and emerging business space need to get it.   The decision about social media is a business decision not a technical or a security decision. 

Here are some questions for discussion to help guide you in making that decision:

  • What conversations are appropriate for employees to be having with customers, prospects and the market in general online? 
  • What topics are out of bounds?
  • What information is considered secret, private and confidential? 
  • What information is regulated by government entities? How does that play into your social media policy (e.g. a doctor's office that allows friend connections from patients may be violating HIPAA)?
  • Can employees identify themselves as an employee of the firm?
  • Does that identification obligate them to certain behaviors? If they don't identify themselves as an employee does that expand their freedom?
  • How do you handle breaches of these policies? 
  • What else concerns you about social media?

Document your answers into a policy statement.  Formally share that statement with your employees.  Assign ownership of the policy based on which business unit makes the most sense (IT to monitor use on the company network, HR to manage discipline of violations, marketing or IT to monitor your brands exposure in online conversations, IT or information security to manage endpoint controls that help protect against malware, etc.)

And then use social media to run and grow your business.

Enhanced by Zemanta

Posted by at 10:20 AM in Committee Action, Compliance, Facebook, Information Security, Leadership, Online Business, Policy, Risk Management, Secure Value, Small Business | | Comments (2) | TrackBack (0)

| | |

05/27/2010

Facebook is making privacy changes, if it was your business would you?

Image representing Facebook as depicted in Cru...Image via CrunchBase

Faced with vocal and public customer complaints how would you respond if you were jeopardizing customer privacy?  Faced with customer silence on the topic would you change your practices if you knew you were jeopardizing customer privacy?

After consumer outcry that created a press and blogosphere frenzy, Facebook announced changes to its privacy stance this week.  As summarized by Facebook the changes include: ... three things: a single control for your content, more powerful controls for your basic information and an easy control to turn off all applications.

In response, some are saying "too little, too late" and others that they are well done and "dead simple"

I am not going to spend words here detailing the changes or commenting on their validity or effectiveness or advise you on a next action to take.  That's for another posting.

I wonder how my business would respond? many of my customers? you?

Now granted I wouldn't expect to be in the mess that Facebook created for themselves.  Would you?

But set aside the crazy viral success Facebook has had and the company is not any different than mine or yours.  Mark Zuckerberg's challenges are bigger, certainly, but not that much different than every other business out there.

Do something people want to buy.  Sell it to them.  Deliver it at less cost than you take in.  Enjoy the profit.  Innovate to make sure you still do something people want to buy.

Somewhere along that continuum Facebook decided that to innovate and monetize they needed to expose more users information.

(NOTE:  They've claimed the privacy settings prior to this latest round of "fixes" was not motivated on making more money.  Facebook needs to make money.  They've officially said that the privacy changes (the one's before these settings) that exposed their customer base were not money motivated.  But you have to wonder.  You have to think that every day they wonder how they are going to monetize this great creature they've created.   I'm skeptical but willing to give them the benefit of the doubt that it wasn't directly a driver, but improving product happens because companies must innovate to continue customer relationships which drives monetization .)

Facebook, without consulting customers (who are us the users or their advertisers? just asking.), made chnages to the settings that expose me and my friends, you and your friends and so on. 

And your business may be in the same boat.  You need to innovate.  You need to improve service, add more value, etc.  And someone in your company comes up with a great idea to innovate your business.  A bar decides to put patron photos on its Facebook page.  A doctor decides to move scheduling online.   And so on.  You implement without thinking the implications all the way through. Or checking with your customers.

These innovations expose customer privacy.  I'm supposed to be at work but I am at your bar.  My wife sees my appointment online for my bum shoulder which I've told her is healed (honey, Valley has a game this weekend and they need me, the shoulder is fine! Think I'm playing Rugby after that?).  

Our problems are smaller than Mark Zuckerberg's and Facebooks.  And our mistakes don't invite the commentary of privacy organizations, the public ire of our customers and the attention of government regulators (ok, for most of us never, for some mostly never). 

The mistake was public and the publicity forced a change.  So Facebook had the "advantage" of being called to task publicly and being given an opportunity to fix the problem. 

In my smaller world .. in your smaller world .... mistakes that get made aren't going to get that kind of attention.  They just might, in fact, go unnoticed.  But they might impact individual customers in a similar fashion.  In fact, some small business privacy mistakes might impact your customer (really, the shoulder is fine!) more than Facebook's would.

If you caught your mistake and your customer's didn't produce an outcry would you care? would you change?

Have you invested the time to think through how your practices might expose customer information? Perhaps innovations you have made ....  to outsource processes, to automate transactions and ordering, to tailor marketing campaigns, to lower costs ... to solve that critical problem that is between you and more profit ...  created a privacy exposure for your customers.

If you discovered the problem would you change? 

Related articles by Zemanta
Reblog this post [with Zemanta]

Posted by at 06:07 PM in Competitive Advantage, Ethics, Facebook, Innovation, Leadership, Online Business, Secure Value, Security in the Business News, Small Business, Social Media | | Comments (0) | TrackBack (0)

Technorati Tags: , , ,

| | |

05/14/2010

Are your controlling your privacy on Facebook the way you want it?

A lowercase f with a rectangle underneath.Image via Wikipedia

Facebook has gotten batted around in the press and blogosphere this week.  Facebook made some decisions regarding its privacy stance, implementation of "privacy features" and some special personalization features that have turned out doing a better job of exposing people than keeping their information private.  Some bad decisions that have eroded consumer trust and .. go figure .. Facebook is under then gun and working hard to secure value.

If you are using Facebook to promote yourself professionally or to promote your business you need to invest some time understanding the issue.

I spent some time reviewing the deluge of Facebook privacy articles out there.  Here are some of the standouts.  Read through them and in no time you should have a basic understanding of the Facebook privacy issues and a quick list of things to do to protect yourself.  Did I miss any good articles?  Please drop a comment and let me know.

"Price of Facebook Privacy? Start Clicking" appearing in the May 12 New York Times.

This article provides a good amount of background as well as some shocking numbers.  Riddle me this: Which document has more words, the U.S. Constitution or Facebook's Privacy Policy?

A companion article and accompanying graphic in "Facebook Privacy: A Bewildering Tangle of Options" illustrate the point clearly.


It wouldn't be fair to not let have Facebook have their say. They do publish a Facebook privacy policy.

"7 things to stop doing now on Facebook" appearing in the June 2010 edition of Consumer Reports magazine.

  • Using a weak password (See my take on strong passwords)
  • Leaving your full birth date in your profile
  • Overlooking useful privacy controls
  • Posting your child's name in a caption
  • Mentioning that you'll be away from home
  • Letting search engines find you
  • Permitting youngsters to use Facebook unsupervised

"Facebook’s Instant Personalization Is the Real Privacy Hairball" by Liz Gannes of GigaOM lays out the issues along with a suggested correction regarding the Facebook Instant Personalization feature.

Again, if you have an article that adds value to this list, please let me know.

Related articles by Zemanta
Reblog this post [with Zemanta]

Posted by at 08:05 AM in Facebook, Privacy, Secure Value, Social Media | | Comments (0) | TrackBack (0)

Technorati Tags: , , ,

| | |

My Photo

About

TypePad Profile

Get updates on my activity. Follow me on my Profile.

Categories

Twitter Updates

    follow me on Twitter
    Blog powered by TypePad
    Creative Commons Attribution-ShareAlike 3.0 Unported