The social media boom has prompted investment bank Investec to implement policies to manage risks such as an insider threat to information security by its staff.
According to David Cripps, information security officer at Investec, staff members are one of the biggest threats to a company but the problem is no organisation or company can hold back the flow and use of social media. Instead, it is better to put policies and technologies in place to manage it.
Even with the risks, researches have shown that only one third of companies have policies regarding the use of social media.
It is important that companies control the use of social media by means of policies and technology to make sure that no sensitive data is leaked out to an audience of more than three billion people.
This is the reason why Investec has a social media policy in place so that the staff would know their responsibility every time they post something online. Controlling by means of technology should be the last resort of companies, according to Cripps.
In Investec’s case, monitoring is done by a granular firewall that limits social media activity based on the role of the user in the company.
The company believes though to make social media work at work is by having a complete policy and keeping the staff aware.
- Only one third of companies have policies regarding the use of social media
David Cripps, Information Security Officer at Investec: “Staff members are probably one of the biggest threats. There is no way organisations can hold back the flow of social media, so it is better to put policies and technologies in place to manage it. Making it personal by getting people to think about their own families’ use of social media helps highlight and explain the risks.”
Earlier this month, I was invited by Linkedin UK and the Financial Services Forum to chair a discussion panel on social media in financial services. I started with ‘banks can’t do social media‘: I launched Visible Banking back in February 2007, and here we are, at the end of 2012, and financial institutions are still talking about risk, social media guidelines, and internal social media policies… Whereas financial services firms should now focus on capturing and leveraging the ‘Voice of their Customer‘ via crowdsourcing.
Invest here demonstrates how important it is for employers to educate their staff and make them realize the impact of an ‘innocent’ tweets or facebook comment. I appreciate that, but I have to say that travelling as much as I do, there is not one flight or one train journey where I don’t hear sensitive conversations or get a glimpse of confidential powerpoint slides on a fellow passenger’s work laptop.
And fundamentally, you want to empower your employees, to turn them into your best brand ambassadors. And if even if you restrict facebook or twitter access on your intranet, you surely aware that most people use their personal smartphone to post updates all through the (working) day… Any thoughts on this? Do you know about a ‘silver bullet’ to get rid of internal threats once and for all?
Join the conversation here or on our Facebook page.