Getting secure with social networks
Microsoft UK’s chief security adviser and ex-FBI agent gives straight-talking IT security advice
Microsoft UK’s chief security adviser and former FBI agent Ed Gibson gives some straight-talking IT security advice
Entrepreneur Armondo Ruffini’s Growing Business guest blog on online social networks highlights another area where the internet can enhance successful business practice. The statistics he cited from the Evening Standard, on the growth of social networks in the workplace were particularly interesting, as they actually came from a Microsoft study looking at the phenomenon – a study focused on IT security.
Our data also showed how social networks offer cyber-crime a new avenue for identity theft as well as the opportunity to create havoc by spreading computer viruses. With all the recent reports on the security problems caused by digital information, it’s quite clear that as a society, we’re still coming to terms with the risks of the digital age.
What does this mean for your business? When faced with these threats, should you follow the conventional route of stopping yourself and employees from using technologies such as social networks? Possibly, but with the right security policies, possibly not. The problem is there’s a vacuum on IT security advice.
From a business perspective, security may look difficult but it’s not impossible. In certain instances it may even be free or far less expensive than you imagined just by engaging features and processes you already have within your technology. To be sure, it is but a risk decision and one that must be made (remember, no decision is still a decision). It requires a mandate from the top and must be positioned as enabling the business to do more with less risk.
Never is this more important than in small and growing businesses like yours. Let’s face it, in contrast to large-scale enterprises that will likely have a whole department dedicated to IT and security, resources like these aren’t viable for everyone. What it comes down to is applying our real world mentality towards risk to our behaviour in the digital world. You wouldn’t knowingly lock doors on the company premises and then leave all the windows wide open.
Last week I was involved in a demonstration where we performed a couple of real life security hacks to show how cyber criminals operate. One demo highlighted how a company with a strong IT security system in the office became exposed when an employee went home and accessed an unsecured wireless network with a company laptop. Point being, if you have something of value in your IT, cyber criminals will stop at nothing to get to it. That’s why we cannot become complacent, especially when everything seems to be okay.
IT security is about people, process and technology – in that order. When you can get people to be security conscious, you can shape strong policies supported by solid technology and increase the value the Internet can bring to your business. But IT security must be real, and it must be something more than ‘here’s another new company initiative’; it must be personal. There are numerous resources available to you today to ensure you can realise this value such as the UK Government / private online safety campaign www.getsafeonline.org. In the mean time, as an absolute base-level, I recommend ensuring your IT security covers the following 10 easy steps:
Install virus protection
Set up a firewall
Ensure your software is up-to-date
Use strong passwords
Ensure physical security
Take special care of laptops
Connect remote workers securely
Lock down wireless networks
Browse the web defensively
Backup, backup, backup