Is Social Media Destroying Your IT Governance Framework?
As a business or as an individual, you may already have IT governance concerns about the amount of information available online about you. Many of the most high profile hacking cases in the news in recent years have not come about through complex network reconfiguration, but rather through using information freely available online and accessible through social networking.
The Six Ways We Make Ourselves Vulnerable
The temptation to be as open and transparent as possible can be strong when interacting with a social networking site, but ask yourself if you’ve ever done any of the following items in this list. We think you may find yourself a little concerned:
Providing your telephone number or home town in your public contact details.
Posting your birth date in your public details.
Putting your children’s names or schools online.
Posting that you aren’t at home.
Using a simple password or re-using one between several websites
Not turning on privacy controls.
While any one of these may seem simple, consider for example the sorts of questions that websites provided by banks, or your email provider, ask in the event of you forgetting your password. Questions about family members, pets or significant places and events are common. What then is the IT governance issue? When you are posting that kind of information online regularly, the value of that information becomes compromised. Indeed, you could argue that the more information that you post online about yourself, the more likely you are to become a target for opportunistic hackers. This is bad enough when dealing with personal accounts, but what about the effect on business?
Just how serious an issue is this?
So far, for employers, most of the attention has been on people bringing disrepute on their work places through inappropriate comments on social networking sites. These are not the only risks that need to be assessed as part of your IT governance processes however. While there are many good reasons for both individuals and businesses to use social media, the risks are considerable. Even seemingly innocuous information can provide surprising leverage. The accessing of Sarah Palin's email, for example, was achieved by resetting the password on her account. The information requested was her ZIP code, her birth date and information about where she met her spouse – all of which information was easily found by using a search engine and looking for publically accessible information.
In this case, the unauthorized access revealed that work-related emails were being sent and received through the private account. A number of studies highlight that she is not alone: many people tend to blur work and personal email use like this. In addition, most people have a tendency to re-use their passwords for both work and online resources. Exerting effective IT governance over these practices takes time and education: after all, while many social networks have begun to provide additional safeguards they are less than effective if your staff is busy posting compromising information for the world to see.