Presentation is loading. Please wait.

Presentation is loading. Please wait.

Social Networking: What You Don’t Know Can Hurt You Jim Hilsenrod.

Published byPerry Elms Modified over 9 years ago

Similar presentations

Presentation on theme: "Social Networking: What You Don’t Know Can Hurt You Jim Hilsenrod."— Presentation transcript:

1 Social Networking: What You Don’t Know Can Hurt You Jim Hilsenrod

2 Agenda Intro About Actiance Social Media on the Rise Benefits of Social Media Understanding the Risks Applicable Regulations Anecdotes Applying Appropriate Controls Wrap-up Confidential and Proprietary © 2011, Actiance, Inc. All rights reserved. 1

3 About Actiance Confidential and Proprietary © 2011, Actiance, Inc. All rights reserved. 2  Enable the New Internet – 4,500+ Web 2.0 apps, Unified Communications, Social Networks  Global operations – USA, EMEA, India, Asia/Pacific  Market Leader – 9 of the top 10 US banks – Top 5 Canadian banks – 3 of the top 5 energy companies  Broadest Partner Ecosystem – Technology alliances

4 Social Is Booming Confidential and Proprietary © 2011, Actiance, Inc. All rights reserved. 3 Social Networking Social Collaboration Social Publishing Social Feedback

5 Upside of Social Media Generate buzz and increase visibility Strengthen customer relations Build an additional revenue source Extend your brand Confidential and Proprietary © 2011, Actiance, Inc. All rights reserved. 4

6 Risks of Using Social Media and Web 2.0 Data Leakage Personal Information Intellectual Property Credit Card, SSN Client Records Incoming Threats Malware, Spyware Viruses, Trojans Inappropriate Content Compliance & eDiscovery SEC, FINRA HIPAA, FISMA SOX, PCI, FSA FRCP- eDiscovery FERC, NERC User Behavior Employee Productivity Bandwidth Explosion Every employee is the face of business Confidential and Proprietary © 2011, Actiance, Inc. All rights reserved.

7 Web 2.0 & Social Networks Regulation & Compliance SEC and FINRA Obliged to store records and make accessible. Public correspondence requires approval, review and retention. Extended to social media. http://www.finra.org/Industry/Issues/Advertising/p006118 Gramm-Leach-Bliley Act (GLBA) Protect information, monitor for sensitive content, and ensure not sent over public channels (e.g., Twitter) PCI Ensuring cardholder data is not sent over unsecured channels AND PROVING IT Red Flag Rules Prevent identity theft. Protect IM and Web 2.0 from malware and phishing when users are more likely to drop their guard. FRCP (eDiscovery) Email and IM are ESI. Posts to social media sites must be preserved if reasonably determined to be discoverable. http://blog.twitter.com/http://blog.twitter.com/ Sarbanes-Oxley (SOX) Businesses must preserve information relevant to the company reporting. RegulationSocial Network and Web 2.0 Impact Confidential and Proprietary © 2011, Actiance, Inc. All rights reserved.

8 Real-Life Anecdotes Citibank Deloitte Financial Northshore Bank Online Banking Confidential and Proprietary © 2011, Actiance, Inc. All rights reserved. 7

9 So who’s using Social Media? And Why?  Sales & Marketing  Promotions  Advertising  Branding  HR  Background checks  Recruiting  Scientists & Researchers  Information exchange  Collaboration  IT  Investigation of security breaches Confidential and Proprietary © 2011, Actiance, Inc. All rights reserved.

10 Social Networking: Balancing Benefit & Risk Risks & Challenges  Employee productivity – Control who can access what, when, and for how long  Content security – Introduction of malware  Brand and reputation protection – Allow “approved corporate posters” to self-moderate – Moderate posts from unapproved corporate posters  IP/Information Leak Prevention/NDA compliance – Sensitive, confidential term dictionary matching – Stop contract staff accidentally leaking your secrets – Quarantine posts for moderation by a reviewer – Quick deployment, no desktop touch  Compliance with regulation (e.g., FINRA, PCI) – Archive content – Stop credit card number patterns – Control specific content Confidential and Proprietary © 2011, Actiance, Inc. All rights reserved.

11 Appropriate Controls: The Basics Who needs controls applied?  Users within your organization - HR, Marketing, Sales, IT? How do I apply these controls?  Are there tools available? Where do I get started? Confidential and Proprietary © 2011, Actiance, Inc. All rights reserved. 10

12 Appropriate Controls: The Specifics Confidential and Proprietary © 2011, Actiance, Inc. All rights reserved. 11 Identity managementEnsure that all the different logins of an individual link back to corporate identity Activity controlPosting of content allowed for marketing but read-only for everyone else Granular application controlEmployees can access Facebook, but not Facebook Chat or Facebook Games Anti-malwareProtect network against hidden phishing or Trojan attacks Data leak preventionProtect organization from employees disclosing sensitive information ModerationMessages posted only upon approval by designated officer Logging and archivingLog all content posted to social networks Export of dataExport stored data to any email archive or WORM storage IssueControl Requirements

13 USG: Enable the ‘New Internet’ URL Filtering Anti-Malware Anti-Virus Unified Policy Management AD Integration, Company/Group/User, Time of Day, Bandwidth Application Control & Security Application Enablement Application Control Engine Reporting Public IM Web 2.0 & Application Control Socialite Web 2.0 Enablement Confidential and Proprietary © 2011, Actiance, Inc. All rights reserved.

14 USG: Visibility & Control of More Than 4,500 Applications Social Networking914 Instant Messaging255 IPTV76 Remote Admin Tools41 P2P166 VoIP96 Web Conferencing55 Commercial Monitoring Software215 Anonymizer32 Webmail32 4500 + CategoryNumber Example Confidential and Proprietary © 2011, Actiance, Inc. All rights reserved.

15 SaaS Infrastructure Fully Redundant Architecture End-to-End Failover Fully Redundant and Mirrored Database Extensive Network and Application Monitoring and Alerting Confidential and Proprietary © 2011, Actiance, Inc. All rights reserved.

16 Questions Jim Hilsenrod jhilsenrod@actiance.com

Download ppt "Social Networking: What You Don’t Know Can Hurt You Jim Hilsenrod."

Similar presentations

Unified Communications Bill Palmer ADNET Technologies, Inc.

Unified Communications Bill Palmer ADNET Technologies, Inc.
By HAIDER I MOHSIN Securing Confidential Data with Data Loss Prevention Systems.

By HAIDER I MOHSIN Securing Confidential Data with Data Loss Prevention Systems.
Barracuda Message Archiver

Barracuda Message Archiver
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.
Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –

Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –
Information Security Awareness Training

Information Security Awareness Training
Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.

Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.
Presented by: Dan Landsberg August 12, 2011. Agenda  What is Social Media?  Social Media’s Professional Side  Benefits of Social Media  Regulatory.

Presented by: Dan Landsberg August 12, Agenda  What is Social Media?  Social Media’s Professional Side  Benefits of Social Media  Regulatory.
Security Controls – What Works

Security Controls – What Works
Welcome to New Hire Orientation Information Security

Welcome to New Hire Orientation Information Security
CallingSharingMessagingPresenceMeetingsPeople Services DevicesAppliances Manage PSTN Servers and Services 3 rd party ecosystem.

CallingSharingMessagingPresenceMeetingsPeople Services DevicesAppliances Manage PSTN Servers and Services 3 rd party ecosystem.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
McGraw-Hill © 2008 The McGraw-Hill Companies, Inc. All rights reserved. Chapter 8 Threats and Safeguards Chapter 8 PROTECTING PEOPLE AND INFORMATION Threats.

McGraw-Hill © 2008 The McGraw-Hill Companies, Inc. All rights reserved. Chapter 8 Threats and Safeguards Chapter 8 PROTECTING PEOPLE AND INFORMATION Threats.
Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.

Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.
Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.

Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.
Security Guidelines and Management

Security Guidelines and Management
© 2004-2014. Centrify Corporation. All Rights Reserved. Unified Identity Management across Data Center, Cloud and Mobile.

© Centrify Corporation. All Rights Reserved. Unified Identity Management across Data Center, Cloud and Mobile.
Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.

Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.

Similar presentations

Ads by Google