IMGCAP(1)]Information security gurus and marketing professionals are often at odds with each other in the business realm.
Marketing used to be primarily a print and face to face business function, but thanks to the overhaul of standard marketing strategies, marketing has grown new roots on the web and has found itself buried deep within social networking sites like LinkedIn, Facebook and Twitter.
Michael Brooks, publisher and creator of The South Magazine, states, It is not a case of whether we will use them [social media sites]; it is how extensively we will and how much time we will invest into each. We look forward to these social medias developing further in order to make this type of outreach more of a science.
The need for businesses to have an online footprint is critical to reach the masses in todays competitive environment, but the potential loss of client data and the security threats it poses to your network are daunting. When the request for access to these social networking sites stems from an authentic business need, where do companies draw the line between marketing savvy and data security?
How do we, the paranoid information security folks, establish reasonable rules and boundaries? It seems that everyone within a company managers and subordinates alike have multiple social networking accounts. What prevention methods will be used to ensure our company or clients data isnt compromised? Who is going to monitor our companys Facebook account for appropriate business content while assuring client anonymity?
With network security always on the forefront of my mind, my initial thought was to shut it all down, block the popular social networking sites while on our domain. Why allow users to put our network at a higher risk of exposure to phishing attempts, spam and drive-bys from various extracurricular website activities? What happens when your users are home, on their personal computers, posting what they had for breakfast and griping about the daily grind at the office?
My suggestion is this: assess what level of risk your firm is willing to accept when using social media as a marketing tool, and establish a firm-wide policy on social networking. Outline the consequences of non-compliance and then enforce it. This wont be a one size fits all scenario. Be aware that staff members at all levels are diving head first into these sites with little knowledge of the threats that await them.
Educate your users. Even your most well-seasoned executive probably has a Facebook account that is potentially exposed. Encourage users to err on the side of caution when posting personal information and data that might reveal confidential client or company information. Employers should clearly identify what information is to be kept undisclosed or confidential.
Finding the acceptable level of risk that still allows participation in the burgeoning growth of social networking in the business realm is the key to a symbiotic relationship between your Paranoid Information Security Staff and your Go Get Em Marketers.
Crystal Craven is a hosted services consultant at Xcentric with 10 years of experience in the information technology industry, ranging from the DoD to the accounting sectors. From 2008-2010, she served as president of the Information Technology Professionals Association of Savannah and as president of the Creative Coast IT Connection. She has also served on the board of the Industrial Advisory Committee for Armstrong Atlantic State University's Computer Science Department. She can be reached at
