Posted by: Rachael King on May 17

As more employees start to use Twitter and Facebook, executives are becoming increasingly concerned with the message their digitally savvy workers are conveying to the public. A new survey from Deloitte underscores the growing role of social networks and the dilemma they present for corporations that spend huge amounts to burnish their image. The professional services firm found that 60 percent of the executives interviewed believe they have a right to know how employees portray themselves and their organizations. Employees, on the other hand, bristle at the thought that employers would monitor their online activity. Overall, about 53 percent say their social networking activities should not be any concern of their employer, although about 74 percent recognize that social networks make it easier to damage a company’s reputation.

Few companies have given employees guidelines about how to use social networks. “We found a high percentage of employers who are thinking about what they should do but not a high percentage of employers who have concluded what those procedures and policies should be,” says Deloitte Chairman Sharon Allen.

Some news organizations have issued guidelines but there’s little agreement about what those rules should be. Last week, my colleague Diane Brady wrote about The Wall Street Journal’s ground rules for how employees should use social networking sites such as Twitter. Editor & Publisher noted that the WSJ guidelines included the warning that “business and pleasure should not be mixed on services like Twitter.” Editor & Publisher followed up with a report on how different newspapers have issued a variety of guidelines and quoted this policy from the Los Angeles Times, “Assume that your professional life and your personal life merge online regardless of your care in separating them. Don’t write or post anything that would embarrass the LAT or compromise your ability to do your job.”

As a reporter and an employee, I often think about what is appropriate to tweet. In my case, my Twitter account started out as a personal account and I kept it private. I didn’t use my own name for fear that my editors might not like it. While reporting a story about how companies were using Twitter for branding purposes, a number of sources convinced me to take my account public to get the most value out of Twitter. Shortly after that, John Byrne, the editor-in-chief of BusinessWeek.com joined Twitter and then published a blog post listing all the BusinessWeek writers and editors on Twitter. I feel really fortunate to work for a news organization that embraces Twitter and actually encourages reporters to use it.

Having my editors and colleagues follow me on Twitter and Facebook probably makes me more cautious. But, I’m not yet ready to abandon my personal life when I tweet. My personal life is tame and I figure if people know I have a family and a dog or that I’m a geek who saw Star Trek on opening day, it doesn’t compromise my ability to be a reporter. I hope it makes me seem human and approachable.

What do you think? Should employers have a say in what workers share on social networking sites?

Entire Article

Popularity: 62% [?]

 

One of the world’s leading Internet security organizations today warned businesses and governments to prepare for a surge in sabotage, thefts and other cyber-attacks by insiders as disaffected employees retaliate in the wake of the global depression.

New York, NY/ London, UK (PRWEB) May 21, 2009 — The massive web of internet systems on which commerce, finance and government now depend faces insider attacks on an unprecedented scale as alienated victims of the global depression resort to sabotage and fraud for revenge and gain, the world’s leading cyber security organization warned today.
As members of FIRST, the Forum of Incident Response and Security Teams, prepared to gather in Japan for their annual conference, its senior officers joined forces to urge organizations large and small to redouble their vigilance and step-up protection measures, saying that many were ill-prepared for an onslaught which could prove calamitous.

“One of the greatest security threats of our times is from insiders, as organizations lay off tens of thousands of workers,” said Scott A. McIntyre, FIRST steering committee member and representative of the Netherlands-based KPN Computer Emergency Response Team (CERT).
“People know the axe is coming, and the longer employers prolong the swing of that axe the more danger they expose themselves to – either from sabotage or data theft. An employee who thinks he or she is for the chop can start fouling up systems which are critical to the organization, or decide to take an unauthorized pay-off by stealing a mass of data – for example the credit card details of thousands of customers – or do both.”

 One of the greatest security threats of our times is from insiders, as organizations lay off tens of thousands of workers �
 You simply must have thorough exit and monitoring plans in place, and these need to be very specific when you’re dealing with employees who had any kind of access to critical systems or data. You have to make sure that under no circumstances can a departing member of staff take any sensitive information out of the organization. �
 The threat from insiders is simply not the same as the threat that most companies consider when preparing their security and recovery plans �
 It’s a totally different order of threat, and it requires a different way of thinking. �
 Right now we’re heading into a dark place where law enforcers and internet security experts are going to have to forget differences of approach and collaborate hard to find a methodology which ends cyber crime fast and still brings criminals to justice �
 Never has there been such overwhelming support from sponsors at this point in the conference cycle �
 It shows that during these troubled and threatening times, companies recognize the need to support our vital work in preserving global information security. �
Fellow steering committee member Yurie Ito, Director of JPCERT/CC, Japan cautioned:
“Don’t think you’re safer once the employee is laid off and outside the wall. A lot of these people know how the systems work – they have the keys to the castle and they know where the secret doors are. Even when companies think they have taken the necessary steps by removing ID and changing passwords these people have the knowledge and skill that means they still pose a threat. They are extremely dangerous.”

London-based Tom Mullen, Security Chief for Telco giant BT, cited a number of precautions which organizations must now take as a matter of urgency.

Exit procedures should be scrutinized and re-scrutinized, especially for employees whose severance was involuntary. “You simply must have thorough exit and monitoring plans in place, and these need to be very specific when you’re dealing with employees who had any kind of access to critical systems or data. You have to make sure that under no circumstances can a departing member of staff take any sensitive information out of the organization.”

Particularly vulnerable to alienated insiders were any organizations which relied on single security systems or electronic systems only.
Security had to be “layered” to prevent any one individual or group getting too far and too extensively inside internal and external networks – and it was crucial that electronic systems were always backed up by physical security and personnel security controls.

“The threat from insiders is simply not the same as the threat that most companies consider when preparing their security and recovery plans,” warned FIRST’s Steering Committee chair, Derrick Scholl.

“Many organizations focus on their entry points and regular recovery mechanisms. How is somebody going to get in, what might they steal, and in the worst circumstances, how to restore from backups if outsiders do break in and crash something.

“Sure, an insider is capable of stealing corporate secrets, or customer lists, or destroying computers, but their potential for harm is far worse. Imagine a software company where an insider has the ability to change code in the product without being detected. What if they can also change the backups, or if the changes aren’t detected until new backups are made?

“What if the insider altered design documents, or tampered with customer orders? Or ripped out hard drives and corrupted systems just as a big corporation was about to issue its quarterly bills to hundreds of thousands of customers?

“It’s a totally different order of threat, and it requires a different way of thinking.”

Interpol is among the latest organizations to sign up as a sponsor for the 21st Annual FIRST conference, which is being staged June 28-July 3, 2009, at the Hotel Granvia, Kyoto Station, Kyoto, Japan.

Vincent Danjean, Chief of Interpol’s Information Security Incident Response Team, will be a keynote speaker. He says Interpol predicts that levels of cyber attacks and attempted frauds will go on increasing.

Peter Allor, who is IBM Internet Security Systems’ Senior Security Strategist, Cyber Incident & Vulnerability Handling, Program Manager Office of the CTO, and FIRST’s director of conference liaison, welcomed Interpol’s decision to join the list of sponsors.

“Right now we’re heading into a dark place where law enforcers and internet security experts are going to have to forget differences of approach and collaborate hard to find a methodology which ends cyber crime fast and still brings criminals to justice,” he said.

At past conferences law enforcers and FIRST teams had admitted that collaboration was being impeded by opposing approaches: the priority for internet security practitioners was to prevent attacks or eradicate them as soon as launched; law enforcers wanted to let attacks unfold so detectives could track down the perpetrators.

“But top figures from law enforcement agencies like the US Secret Service, the FBI, Japan’s police force and Britain’s Serious Organized Crime Agency have told us they can’t mount a real fight against cyber-crime without help from emergency response and security teams, so we’re very happy – and honored – that Interpol are now confirming FIRST’s pre-eminence in the field by coming on board.”

Interpol joins, among others, Cisco Systems, Sun Microsystems, Google, BT, and Hitachi on a sponsors list for 2009 which has attracted more big names than ever before in the 21-year history of the FIRST conference.

“Never has there been such overwhelming support from sponsors at this point in the conference cycle,” said Derrick Scholl. “It shows that during these troubled and threatening times, companies recognize the need to support our vital work in preserving global information security.”

Founded in 1990, FIRST consists of internet emergency response teams from more than 200 corporations, government bodies, universities and other institutions from across the Americas, Asia, Europe and Oceania. It leads the world’s fight-back against cyber-crime, sabotage and terrorism, and also promotes co-operation between response teams and law enforcement agencies.

Entire Article

Popularity: 57% [?]