Tag Archives: Social Media

CrowdControlHQ: “IT directors ignore social media risks at their peril”

Marc Harris (Chief Technical Officer at CrowdControlHQ) examines the issues facing IT directors from the use of social media.

Many IT directors operate their own personal Facebook and LinkedIn accounts. However, when it comes to corporate social media they pass responsibility for management of same to the Marketing Department. Are they doing so at their peril?

Let me start with the elephant in the room, namely the role of the IT director. After an extensive IT career in the media, telecommunication and technology sectors recent experience has led me to conclude that social media needs to be firmly at the top of the priority list of every IT director.

In my current role, I see at first hand the impact of reputational damage realised by both internal and external sources through the use of social media, and find it surprising how few IT directors are willing to discuss the issues or attend conferences on the subject. Perhaps they feel an unwelcome interference or ‘elbowed out’ by this new communication channel which has evolved extensively under the umbrella of marketing?

In future, the organisations succeeding in the social media space will have Marketing and IT Departments working seamlessly together to tackle the issues. The ‘DNA’ of IT makes it the most qualified department to deal with some of the risk issues that surround social media, so why isn’t it more involved?

Today, social media is being used in every aspect of business, from the Boardroom right through to the delivery of customer service. By its very nature, social media is a collective responsibility. Not surprisingly, its reliance on ‘collaboration’ has in some instances manifested itself as ‘sharing’ responsibility for posting of content… and even the sharing of passwords!

New rules now apply

I once overheard a social media officer quite gleefully boasting the fact that they had the Twitter login to hand for their company chairman. When challenged, the officer admitted that he was ‘The Chosen One’. If he was off sick that was it – no tweets or updates! Worse still, if he left the organisation he had the power to bring the place down tweet by tweet.

This is the stuff that would have kept me awake at night as an IT director, yet in a world powered by social engagement new rules seem to apply.

Marc Harris: CTO at CrowdControlHQ

Marc Harris: CTO at CrowdControlHQ

Recent research also reported that a scarily large number of employees still use the dreaded Post-It note to record their login usernames and passwords, stuck to walls, desks and even the computer screen. Apparently, we’re not coping well with the need to access everything online from social media to our weekly shop and fear our mobile devices could be pinched. We’re reverting to pen and paper, it seems.

This practice can only end in tears. There have now been too many examples of ‘rogue’ tweets, no audit trail of who posted them (or why) and organisations – who, frankly, should have known better – being left rosy cheeked, so why is this practice still so rife?

Why would an employee, with their job on the line, ‘fess up’ when they know that at least 15 other people had access to the account that day?

I also believe that few IT Departments have a handle on the number of users across their ‘official’ social media accounts, let alone a log of which password protocol they are using, how they are accessing the site or posting.

Need to look both ways

We cannot just blame the employees. Even organisations with the most robust and celebrated IT protocols let themselves down when it comes to simple issues such as data storage. I suspect very few IT directors are crystal clear about where their marketing communications teams are storing their social media campaigns, let alone harbour an understanding of the conversations from the past that they may need to reference in the future or where they keep their notes about their customers linked to these campaigns.

I would hazard a guess that many IT Departments are breaking their own compliance and governance issues when it comes to social media.

Today, there’s no need to share passwords. The social media ‘savvy’ have cottoned on to tiered password access, with both the IT and Marketing Departments having an ‘on/off’ switch to give them instant control in times of crisis. If IT is involved in the installation of a Social Media Management Solution (SMMS) they can see exactly who is plugged into the system, where accountability lies and who they need to train and develop to uphold the security protocols needed in order to keep an organisation’s reputation intact.

Within the scope of most IT budgets a SMMS will be a drop in the ocean but will address these major issues. Any smart IT director will already be looking at a SMMS if there isn’t already one in place. Such a system gives control back to the organisation. All passwords are held in one place such that accounts are not owned by individuals but by the company. The right system gives an organisation the ability to moderate content at a senior level. In turn, the risk of misuse or mistakes can be eradicated.

A SMMS also takes care of the practical management issues. I fear that some organisations are taking a step backwards in terms of their technological evolution, reverting to time-wasting, ineffective manual processing of social media (eg multiple logins to different social media platforms rather than using readily available tools for automation and effectiveness).

The message is clear. IT directors ignore social media at their peril. When it comes to corporate social engagement, it’s time for them to wake up, check and challenge.

Advertisements

Leave a comment

Filed under Risk UK News

FT Remark and Wipro survey reveals firms may be missing opportunities to fortify business process resilience

A new report compiled by FT Remark and Wipro confirms that business process resilience is mission-critical, but also highlights that companies may well be missing opportunities to fortify themselves.

In the global survey of 330 C-suite executives, nearly all respondents (98%) agree that technology risk management is important or very important to the overall running of their firms, while 84% feel their firms’ technology risk management programmes add value.

However, 35% describe their firms’ spending on technology risk management as ‘focused on the next year’, with a further 17% working on a ‘project-by-project basis’.

Less than half (41%) describe their company’s spending as ‘focused on the long-term’. In addition, only 15% of those surveyed state that decisions on technology risk management are made at Board level, even though system failures have implications that reverberate throughout a given business’ ecosystem.

The FT-Remark/Wipro report entitled ‘Building Confidence: The Business of Resilience’ seeks to identify how businesses are rising to the challenges that technology presents, and how they are making their operations more resilient in the process through strategies, investments and partnerships.

According to a new report from FT Remark and Wipro, business process resilience is absolutely mission-critical, but companies may be missing out on opportunities to fortify themselves

According to a new report from FT Remark and Wipro, business process resilience is absolutely mission-critical, but companies may be missing out on opportunities to fortify themselves

“In developing resilience plans, businesses should consider the full range of their operations, from customers to third party suppliers,” explained Nick Cheek, managing editor at Remark (which is part of the Mergermarket Group). “Businesses should also concentrate on making themselves agile and modular so that they can minimise the impact of negative events.”

Data is power

Technology has realised fantastic opportunities for businesses of all sizes. Data is power: the more businesses can understand about their customers, partners and products, the more agile and effective they can be.

“Firms should think of business process resilience in the broader sense,” stated Alexis Samuel, global managing partner at Wipro Consulting Services. “Rather than being considered fodder for CIOs or CTOs, corporates should view these issues as Board-level ones that have far-reaching implications for disparate business arms.”

Balasubramanian Ganesh, CEO for the Products and Solutions business at Wipro, added: “Over the years, the level of investment has not kept pace with that required to address inherent and emerging risks when it comes to the provision of services to customers. The aggregate impacts of this under-investment, accompanied by an increase in customer expectations, have created risks to services which are no longer acceptable. Such risks will typically need to be addressed by a significant and sustained programme of investment.”

Additional key findings of the report

• At 65%, the largest share of respondents state that integrating new technologies with old is one of their biggest challenges. This is followed by projects being too difficult or complex (52%)
• The most pressing area of concern over the next 12 months is business continuity and disaster recovery planning, with respondents rating this at 4.09 on a scale of 1 to 5 (where 1 is not at all important and 5 is very important)
• Regarding social media, 74% of respondents say that reputational or brand damage is a potential pitfall
• For those who agree that technology risk management adds value, 72% say that it does so by increasing customer satisfaction or confidence
• When thinking about business process resilience, 88% of respondents consider their own firm with only 65% thinking about their customers

‘Building Confidence: The Business of Resilience’ identifies key trends in business process resilience (defined as a firm’s ‘ability to cope with change, both expected and unexpected’), particularly in relation to managing technology risk.

With globalisation and hyper-connectivity, resilience is being taken very seriously at Board level and external consultants are being brought in to bridge the skills gaps that exist as new technologies emerge.

For the purposes of the report, FT Remark interviewed 330 C-suite executives from corporations with an annual turnover of US$500 million or greater. The interview pool was comprised of 113 respondents from Europe, 100 respondents from the USA, 80 respondents from the Asia Pacific region and 37 respondents from Africa.

To qualify for participation in the study, respondents must have allocated budget to technology risk management in the past two years or have plans to do so in the coming year.

Leave a comment

Filed under Risk UK News

“Beware what you share” warns new CIFAS guide on social media usage

People are being warned by CIFAS – the UK’s Fraud Prevention Service – of the consequences of sharing too much information on social media platforms.

‘Beware What You Share’ is a new publication designed to highlight the often unexpected dangers of posting too much information online through social networking sites such as Facebook. From pointing out what a fraudster will see when someone posts their holiday details through to understanding privacy settings on popular social networking sites, ‘Beware What You Share’ points out some of the common dangers and encourages individuals to think about how information might be used by those who are not in their close circle of friends or family.

“With a new academic year in its infancy, and the festive season looming large on the horizon, the latter part of the year is invariably one where younger people, for example, will be meeting new acquaintances and creating friendships that will last a lifetime,” stated Richard Hurley, communications manager at CIFAS.

“Social media is now an essential part of that whole process, of course, but in the same way that you wouldn’t advertise all of your personal details in the pub to a group of people you have not long known, you also need to be very careful that you don’t share far too much information in the online space.”

CIFAS is urging people to be aware in terms of the information they post on social media platforms

CIFAS is urging people to be aware in terms of the information they post on social media platforms

The second publication in a planned series designed to educate young people about fraud and how to protect themselves, this new document has already been sent to universities and colleges and is available online.

The aim is not to stop social media from being used, but rather to educate young people around the potential risks they’ll face by effectively ‘living their life in public’. The guide contains eight examples of ‘seeing what a fraudster might see when looking at your social media profiles’, from highlighting that someone is away from home and that their house is empty through to where they work and details of those companies with which they have online accounts. Each small piece of information can be used to create a much larger picture, in turn increasing an individual’s chances of falling victim to fraud.

“Ask yourself, would you reveal all of this information in one chat in the pub?”

“The pressures on young people – to fit in, to socialise, to make friends and so on – are immense,” added Hurley. “Social media is undoubtedly the easiest way to do all of this, but it’s worth remembering something. Would you – in a pub, with people you were only just getting to know – tell them all about your address, holiday plans, shopping habits and the rest? No. You would not open yourself up so quickly.”

Hurley concluded: “‘Beware What You Share’ highlights very succinctly how putting too much information online is the equivalent of telling a stranger everything about yourself at a first meeting. The majority of people are, of course, simply wanting to connect and be friends, but individuals need to be aware that there are some people who are just waiting to use any information that’s revealed.”

CIFAS provides the UK’s most comprehensive databases of confirmed fraud data as well as an extensive range of fraud prevention services to over 300 organisations operational across the public and private sectors.

Member organisations share information in order to prevent fraud and emanate from a variety of sectors including banking, grant giving, credit card provision, asset finance, retail credit, mail order and online retail, insurance, telecommunications, factoring, share dealing, vetting agencies, contact centres and insurance brokering sectors.

Leave a comment

Filed under Risk UK News

Office of Surveillance Commissioners issues warning over social media snooping

The Office of Surveillance Commissioners (OSC), led by Chief Surveillance Commissioner The Rt Hon Sir Christopher Rose, has published its Annual Report for 2013-2014. Emma Carr (director of Big Brother Watch) highlights some of the main points.

*Intrusive surveillance authorisations have increased from 362 to 392
*Directed surveillance by law enforcement agencies (LEAs) has increased from 9,515 to 9,664
*Directed surveillance by public authorities (PAs) has decreased from 5,827 to 4,412
*Active LEA covert human intelligence sources: 4,377 were authorised, 3,025 remain authorised
*Active covert human intelligence sources (non-LEA): 53 were authorised

The Commissioner notes that the information included in the 2013-2014 Annual Report is for 100% of LEAs and 96.6% of all other PAs. However, Sir Christopher Rose notes: “I am once again slightly disappointed that a few public authorities appear to treat my request for statistical returns as an option” and that: “I have therefore decided that, as from next year, those public authorities which have failed to respond within the set deadline will be named in my Annual Report.”

The Commissioner also raises the fact that there have been a number of occasions where senior officers have failed to meet with inspectors. These comments would therefore indicate that among some LEA and PAs there’s a potential problem of the OSC not being taken seriously.

The Commissioner also notes that, since the Protection of Freedoms Act 2012 was introduced, there has been a “downward trend” in the number of applications made and authorisations granted which “may or may not be attributable to this enactment.”

Emma Carr: director of Big Brother Watch

Emma Carr: director of Big Brother Watch

The Commissioner raises concerns about the lack of a common approach from councils towards the authorising process now that it’s controlled by Magistrates. He goes on to warn that “the knowledge and understanding of RIPA among magistrates and their staff varies widely.” The Commissioner notes that there’s certainly a need for “adequate training or magistrates” and their colleagues.

Worryingly, the Commissioner cites two examples of inappropriate authorisations: one having granted approval for activity retrospectively, and another having signed a formal notice despite it having been erroneously completed by the applicant with details of a different case altogether.

Social media and covert investigations

One of the most interesting sections of the report relates to the use of social media for covert investigations by PAs. The Commissioner states that he “strongly” advises all public bodies to put in place proper policies designed to deal with social media investigations due to a lack of demonstrable understanding of the law from some workers involved in investigations.

The report states that: “In cash-strapped public authorities, it might be tempting to conduct online investigations from a desktop as this saves time and money and often provides far more detail about someone’s personal lifestyle, employment and associates, etc, but just because one can does not mean one should.”

While long overdue, the Commissioner is absolutely right to acknowledge that many PAs around the country may well be covertly gathering intelligence from social media sites on an illegal basis.

RIPA 2000 was created while Google was still in its infancy and social media sites like Facebook and Twitter didn’t exist. It would therefore be ridiculous to expect that the legislation would allow the use of the Internet to proportionately investigate crimes while ensuring that safeguards are in place to protect the public’s privacy.

A far more open discussion about what data should be monitored – as well as whether the legal framework is truly fit for the digital age – is now required.

Leave a comment

Filed under Risk UK News

Brits feel unsafe on social networks yet still admit to ‘over-sharing’ information

According to Kaspersky Lab’s latest research, most of us (73% of Europeans) now use more than one device to access social networks, even though an overwhelming 75% consider social media to be unsafe.

An international survey of consumers has found that as many as 17% of Brits confess to “sharing more than they probably should” on social media, leaving them at risk of losing valuable personal data to cyber criminals intent on identity theft and other crimes.

A growing social security risk is individual account hacking and then targeting the personal data of the victim’s contacts. Four in ten Brits (38%) can’t tell when an online friend’s account has been hacked, so it’s not surprising that one in six (14%) haves been stung into clicking on a dangerous link in a hacked account.

Without adequate protection, the more you post, the more vulnerable you are.

A growing social security risk is individual account hacking and then targeting the personal data of the victim’s contacts

A growing social security risk is individual account hacking and then targeting the personal data of the victim’s contacts

Mobile devices: attractive targets for online criminals

“The average household in Western Europe has more than five Internet-connected devices, including two smartphones or tablets, and these mobile devices have become the new standard tool for browsing, interacting and shopping online,” said David Emm, senior security researcher at Kaspersky Lab.

“However, despite using these devices to access the same Internet as traditional computers, many users don’t think they require the same fully-fledged protection. Mobile devices – especially those without security protection – are increasingly attractive targets for online criminals.”

In response to the growing risk, Kaspersky Lab is launching a new multi-device version of Kaspersky Internet Security. The security software provides real-time protection for multiple Windows PCs, Macs, and Android smartphones and tablets, all with a single licence. Users can apply the award-winning Kaspersky Lab security to any combination of devices.

Key features of Kaspersky Internet Security – Multi-Device include: Safe Money, Automatic Exploit Prevention (to stop the criminals reaching you through weaknesses in popular programmes), ZETA Shield (designed to scan incoming e-mails and the attachments they contain) and a ‘Trusted Applications’ mode designed to protect financial and personal data on all internet-connected devices.

“Without protection, PCs, Macs, tablets and smartphones are all susceptible to Internet threats,” said Emm. “Tablets and smartphones in particular, being small and lightweight, are the most vulnerable to loss and theft – along with the personal data stored on them. With award-winning Kaspersky Lab technologies, Kaspersky Internet Security – Multi-Device optimises security for each device, providing real-time protection against all Internet threats.”

Kaspersky Internet Security – Multi-Device is supplied in three and five-device versions and will be available at http://www.kaspersky.co.uk from 10 September 2013 at a cost of £49.99 (three-device) and £59.99 (five-device).

Leave a comment

Filed under IFSECGlobal.com News