Messaging Newswire
Follow Us on Twitter
Facebook Page
Google Plus Page
RSS feeds
Eye on Messaging
Next Up, Social Media Law
Widgets & RSS FeedsMore and more today, for the corporate user, social networking is giving way to social business, and along with it, experts predict, will be specific social media law and regulations.
A recent eWeek article, IBM Gets Down to Social Business, points to how “Social networking, and its social-business offspring, has become a fashionable field of study at universities. Student projects often focus on using social networks to solve everyday and business-related problems.” The story notes how students are using social-business projects for their master’s thesis.
As social networking becomes more tightly woven into business processes, it is no surprise that greater regulation is anticipated. Well known legal firm Morrison & Foerster (MoFo) recently launched a new blog called Socially Aware, “to help companies understand the legal implications of social media use – including privacy protection for workers’ Facebook musings, securities laws governing blog postings, or the confidentiality of instant messaging.”
This blog may sound familiar, as it is a companion to the firm’s Socially Aware newsletter. While it is still emerging, social media law is a high interest area for Fortune 500 companies. Morrison & Foerster’s Social Media Practice Group says it advises companies and financial institutions across industry sectors on social media law, regulation and policy affecting privacy, data security, intellectual property, employment, securities, advertising, defamation, online contracting, user-generated content and use of social media in the workplace.
According to the blog, there will be “an explosion of employment law disputes involving social media this year.” John Delaney, a founding editor of Socially Aware and co-chair of Morrison & Foerster’s Social Media Practice Group, believes everyone from Fortune 500 companies to mom-and-pop neighborhood stores are rushing to embrace social media, and says the medium is perhaps the greatest tool for reaching customers since the creation of the World Wide Web.
Delaney warns however, “Corporate users of social media need to be aware of emerging intellectual property, privacy, employment law and other legal risks associated with social networks. This is an area where implementing a few protective measures today will help a company avoid expensive legal headaches in the future.”
In 2012, companies that have been slow to adopt social media, MoFo expects, will begin to do so. Notes a blog entry, “We will see even the most conservative Fortune 500 companies adopting internal, company-wide social media platforms of the type offered by Jive, NewsGator and SocialText. In 2013 and beyond, we’ll be seeing a new generation of privacy, employment, defamation and other legal claims arising out of these enterprise social platforms.”
It won’t be just companies that will experience an increase in social media law activity. MoFo says that regardless of Facebook’s recent settlement with the FTC over its data collection practices, the firm anticipates still further privacy law headaches for social media companies. “Many social media providers, anxious to justify astronomical valuations, are undoubtedly feeling pressure to make more aggressive use of personal information collected from customers.” MoFo predicts we will witness much more in 2012, especially by European regulators.
Even though social media law is not “new” — just look at the blog’s interesting Key Moments in Social Media Law that begins with an entry for 1984 — it is clearly building in complexity, especially as it pertains to privacy and content ownership rights.
SMBs Need Email Archiving Too, Five Common Mistakes to Avoid
Increasing regulation and litigation mean that email archiving is becoming essential for companies of all sizes and in all industries—not just for finance, health care, and government. Deborah Galea, COO and co-founder of Red Earth Software recently shared with me five common mistakes that SMBs make when thinking about email archiving
Mistake One: Thinking small companies do not need an email archiving solution. Civil litigation can hit any company at any time, and if you cannot provide emails during the eDiscovery process, you could get hit with major financial sanctions. It’s also important to archive emails in the event of any sort of employee dispute, such as a layoff or a firing. Protect your company and make sure to have an email retention policy in place.
Mistake Two: Putting off implementing an email archiving system to save on costs. Although there are certainly a lot of expensive email archiving systems out there, more cost effective solutions are now becoming available. Cost is really no excuse anymore for not having an email archiving solution in place.
Mistake Three: Having only one employee knowledgeable about the system. Employees come and go and you don’t want only one person, such as a lone IT manager, knowing how to update and troubleshoot the system. Make sure all employees are aware of the email retention policy and make sure more than one person is able to use it effectively.
Mistake Four: Not having a data map. It is important to know what kind of electronic data your company has, where it is located and how to access it. Any company, large and small, should have an eDiscovery data map (view sample data map) to ease eDiscovery requests and to help meet retention guidelines.
Mistake Five: Not regularly testing or updating the system. An email archiving solution is useless if it has any downtime or is out-of-date. Make sure that the system is spot-checked regularly and remember that this is not a “build it and forget it” project.
As Galea notes: “Even just a few years ago, many companies had no idea what email archiving entailed. Fast forward a few years and most companies know that they need to have an email archiving solution in place.”
Whether you are moving from knowing you need an email archiving system to actually implementing one or if you already have one, these five common mistakes are good review for us all.
User Education Key Element in Messaging Security Strategy
Do your users take IT security seriously? A recent poll would indicate many workers do not. This trend is not exclusive to the U.S with the poll including respondents from around the globe. What the poll reflects is that employees look to IT to be the responsible ones, and in today’s climate of sophisticated attacks, speed and connectivity, it really should be in every employee’s job description to adhere to security policies and be a part of protecting the company from outside threats.
The poll was conducted earlier this fall by Avira, a German antivirus software company and published last week. The company asked three questions under the heading of: How careful are you when it comes to IT security in your company? There were 991 respondents with the majority (717) of the respondents being either German, English or Russian speaking.
1) We have strict and detailed policies for IT security and the entire company takes care to follow all the policies in order to protect the company - 38.95 percent of the respondents who answered this question agreed.
2) We have security policies, but I don’t think anybody cares if we follow the policies or not - 35.42 percent of the respondents who answered this question agreed.
3) I don’t think about IT security at all; our system administrators are responsible for security so it’s not my concern. - 25.63 percent of the respondents who answered this question agreed.
The employee attitude of question two and three is essentially saying to IT, “it’s not my job.” This is where the need for employee education becomes more critical.
Hopefully, most organizations these days have published messaging policies that cover everything online - from mobile, to social media, to email and Web. Providing that is in place, making sure that employees are more aligned toward that question one camp (“… the entire company takes care to follow all the policies in order to protect the company”) takes effort.
“When we see that less than 40 percent of workers take IT security seriously while at work, we know there is more to be done when it comes to educating people about IT security,” said Sorin Mustaca, data security expert at Avira. “Holding regular employee sessions to address the importance of staying vigilant while at work to make sure nothing happens to the corporate or small business network is equally important.”
Recommendations for Employee Education
Mustaca believes that using recent scary statistics of all the bad things out there to try to make employees get on board is not the best tactic. As he thinks the impression would be fleeting and soon forgotten.
Instead Mustaca says, “I can imagine some live sessions demonstrating how malware gets into computers and how users like themselves get infected (the attack vectors). We have malware today that comes via email, gets dropped by simply visiting a web site, gets transmitted via Instant Messaging or gets transmitted because of a vulnerability in a software. It is important to show them also the effects of such an infection. Many malware these days steal or encrypt documents, install keyloggers, steal banking information and so on.”
Phishing is another area that employees need to better understand. Mustaca recommends describing how many methods to get phished exist. “Any user should be able to identify a phishing web site, because this can affect them also when they are home.”
Big company-wide sessions are not ideal believes Mustaca. He recommends that educational sessions be small so that employees are able to concentrate on the facts and ask questions. He also thinks it is very important that the sessions have mixed participation from people with various backgrounds. “This way it can be seen that anyone can be hit if he or she doesn’t pay attention.”
Today, employees are expected to perform tasks at heightened speeds. This has created a daily routine that means employees may take more risks with company information and simply be too busy just getting through their day to pay much attention to company policy or IT security.
Mustaca notes that while he understands people see computers as tools to do their jobs, “I am disappointed to see that a quarter of the users who took the survey are completely ignoring the importance of IT security. If all who access the Internet would fulfill some minimum security requirements then the online world would be a much safer place.”
Unfortunately, many outside of IT do not take messaging security seriously, but perhaps with ongoing user education and smaller-sized training sessions, progress can be made toward enlisting every employee to follow IT security policies.
Privacy and Social Networks; LinkedIn Almost Doubles in a Year
Messaging, both professionally and personally, would not be complete these days without including social networks. Even those earlier resisters are now relenting and joining social media networks. In Q2 of this year, LinkedIn claimed that membership had climbed from 61 million to 116 million in the span of one year, while reporting revenues of $121 million, which is a 120% increase from revenues posted last year, according to The Radicati Group. The steady growth of social networks, with Facebook clearly leading the pack, parallels the incredible growth of email of days gone by, and just as email became a target for malware and other ills, social networks today are experiencing an increase in threats to security and privacy.
Even though Facebook has been under scrutiny for its privacy policies, people still come to the site in droves. In a recent study by Barracuda Labs, researchers found that one in five people has been negatively affected by information that was exposed on a social network. But is this enough to drop the social network as a messaging medium? No, as another finding points out, ease of use and friends using the network are almost equally valued to privacy and security concerns.
And are companies concerned about security or privacy when employees are online? Of the hundreds that participated in the survey, 86 percent felt that employee behavior on social networks could endanger company security. However, only 31 percent of respondents reported limitations on Facebook. LinkedIn was the least blocked in the workplace at 20 percent of respondents stating limitations being experienced.
Malware is creeping up more and more in social networks, of the survey respondents, one in four has received a virus or malware on a social network. “Social networks are a significant part of how we communicate with one another. At the same time, the dangers associated with social networking have climbed exponentially”, warns Dr. Paul Judge, chief research officer and vice president for Barracuda Networks. “The fact that nine out of 10 users already have been attacked proves that attackers are taking over social networks.”
This is an area of particular interest to Barracuda Labs, as earlier this year the company launched Profile Protector, a free service that protects social networking users against malicious threats on Facebook and Twitter. For more on the visual report, download The 2011 Social Networking Security & Privacy Study or simply view the beautiful graphics accompanying the information.
October is National Cyber Security Awareness Month. Reports such as this one are good to share with your users and executives. As always, safe messaging.
Cyber Attacks and Safeguarding the Internet
Homeland Security Secretary Janet Napolitano recently
stated that we might be able to keep our shoes on while going through airport
security checkpoints in the near future. It seems there is technology on the
way that will allow for that. Technology has been responsible for many wonders
that improve our lives or at least make things easier. The promise of the
Internet was one such stride. But according to a recent comment by Napolitano,
while the U.S. is ‘categorically safer’ since 9/11, cyber-terrorism is now at
the top of the security concern list.
In today’s world there is a wide range of online threats to safeguard against
— identity theft, fraud, hackers, spam, viruses and spyware all come quickly to mind.
But the persistent threats that have been experienced this year by RSA,
Lockheed-Martin, Google, Sony and a host of other well-known brands and companies make us wonder just how
vulnerable are we?
Some experts are claiming that cyber warfare will replace traditional warfare.
All that has transpired recently makes that seem less far-fetched than the
general populace might have thought a few years ago.
Did you read the interesting interview conducted by Cisco’s Jason Lackey with
ex-Anonymous hacker known as SparkyBlaze? If you have only read excerpts the
full reading is illuminating. For me getting a sense of what is “ethical” and what is not to
this 20-something-year-old was revealing. He gives advice too, which very much
parallels what security companies have been saying for years. If you missed
these 14 points, here they are again direct from SparkyBlaze:
- Deploy defense-in-depth
- Use a strict information security policy
- Have regular audits of your security by an outside firm
- Use IDS or IPS
- Teach your staff about information security
- Teach your staff about social engineering
- Keep your software and hardware up to date
- Watch security sites for news on computer security and learn what the new attacks are
- Let your sysadmins go to defcon ;D
- Get good sysadmins who understand security
- Encrypt your data (something like AES-256)
- Use spam filters
- Keep an eye on what information you are letting out into the public domain
- Use good physical security. What good is all the [security] software if someone could just walk in and take [your “secure” systems]?
If, like me, you sometimes take for granted all we know about security in messaging and computer security in general, the rest of the world is now starting to wake up to it. The topic is becoming of interest to a wide range of lay-people, let alone legislators and government officials. This current trend has elements of mystery, intrigue, conspiracy and drama. Indeed, a colleague recently brought to my attention a detailed Vanity Fair magazine article that makes some of the recent exploits sound like one big spy novel. What’s the old saying? May you live in interesting times. Well, we sure do.
Data security today, and really for some time now, is no longer just a sys admins job. It is not just a “set it and forget it” appliance. Securing an organization is a complex, on-going battle that needs to be waged with regularity, education and solid company policies. And it isn’t cheap, but it is worth it.
