Websense protects organisations from cyber threats due to social media

BANGALORE, INDIA: Companies wouldn't want to completely block access to social media, as websites such as Facebook, LinkedIn, Twitter and others have become very important business tools.

However, the use of social media can also be bad for business due to the involvement of some well known security risks such as data theft and malware infections, and employees can even be exposed to inappropriate content. WebsenseInc. deals in protecting organisations from the latest data breaches, intellectual property theft and enforces security compliance and best practices.

At a low cost of ownership, Websense TRITON comprehensive security solutions unifies web security, email security, mobile security and data loss prevention (DLP). The information security products of Websense are integrated to simplify product management and product upgrades.

More than 100 researchers at the Websense Security Labs discover and investigate advanced threats and publish their findings on an award-winning blog and in an annual threat report, ensuring that both its product development and the world at large are kept informed. Working from different locations worldwide, Websense monitors web email, instant messaging and other channels for the latest threats.

With business expertise in the areas of sales, marketing, corporate strategy and public relations, Surendra Singh, regional director, India & SAARC, Websense, has over 16 years of high technology management and field experience. Here, he talks about how organizations can empower the safe and secure use of social media.

CIOL: Social media that is used as a business tool for an organization can expose it and its employees to inappropriate content and data loss. What are the different ways in which this could happen?

Surendra Singh: Social media is now considered an integral element to an organization's ability to achieve its business objectives, but there are security risks created by employee usage of social media tools. The blending of the social and work environment does create risk because devices the organization does not own are on the network and the exchange of content among employees cannot be controlled.

With social media, cybercriminals make use of blended web and email threats to employ lures which rely either on human curiosity or seemingly typical trustworthy content. They also use this to track their potential victim's behavioral patterns. Social media provides cybercrime user profile information for spear-phishing and customized lures that the employees are more likely to accept.

The employee use of social media can also be an entry point for malware, and can be a channel for losing confidential corporate information. Potential threats do exist because social circles provide a trusted attack position for cybercrime between friends when account credentials are compromised.

Lures and dynamic web links can quickly infect friends and then infect their social circles. Whether accidental or malicious, sharing of data is fast and effortless with social media. Without the right security tools, employees can easily post or send documents or images that contain sensitive information making it all the more vulnerable to data loss.

CIOL: What advice would you give organizations that use social media as a business tool?

SS: Organizations would not want to completely block employees from accessing the social web, because it can be good for business. Blocking or ignoring social media is simply not an option. Even with the associated security risks, social media presents a large business opportunity for collaboration, reduced expenses, and more efficient processes. While organizations believe that bandwidth has been diminished due to social media, companies that block social media are in danger of being left behind.

 

We recommend three must-haves for securing the social web:

Beefed up Acceptable Use Policy (AUP) controls: In today's social web, blocking URLs just doesn't cut it anymore. You need real-time content classification technology that scans page content in real time, as the user accesses it, controlling not just the entire page, but discrete portions of content as well as applications used within it.

Real-time security scanning for malware: The social web is built on a dynamic, script-based platform, and so is the modern malware that lives within it. Like real-time content classification used for AUP control, enterprises need to be able to scan for malware in real time.

Accurate data detection for data loss prevention (DLP): With users' ability to share content comes the risk of theft and loss of data. Your first instinct might be to block all posts to Facebook, but this erodes your business's utility of the application. A more effective way is incorporating accurate data detection and contextually aware controls for DLP allowing you, for instance, to prevent sensitive customer information from being uploaded to social networking, personal email or storage sites, while still allowing the same data to be posted to your trusted CRM site.

Apart from this, we also recommend employee education which is fundamental for securing social web. The human element is incredibly important and the employees need to know about how their social media usage could impact the company. For example, how posting something inappropriate could breach company security and hurt its reputation.

CIOL: Why do you think social media has become such an important business tool? Do you think that more organizations should start using social media in order to meet business goals?

SS: With social networking platforms such as Facebook, LinkedIn, Twitter and other social media, enterprises can build, manage, and measure brand presence. Enterprises today seek to leverage a social Web presence for their businesses. Social networking sites have become essential business tools. Savvy businesses are using blogs, social networks, video-on-demand (VoD), wikis and other vehicles to quickly share information with their target audiences. The result can be greater brand awareness and an enhanced image in the marketplace.

Social media can also play an important role in gathering intelligence directly from an organization's target audience to help improve products, services and other areas of their business.

As social media technology and the security for these tools continue to evolve, organizations will realize even more benefits.

CIOL: What are the policies that govern the use of social media tools in the work place? If such policies exist, why do you think that organizations are still prone to security risks?

SS: Organizations need to create a social media AUP, which is a comprehensive policy with detailed guidelines for all employees and contractors who use social media tools in the workplace. The policy should address the risks and the security procedures that should be followed.

The reason that organizations are still prone to security risks is that even if they have a policy to address the acceptable use of social media in the workplace, the organizations either do not enforce it through security technology or they are unsure of it. The key reasons for not enforcing these policies are lack of governance and oversight; other security issues are a priority and insufficient resources to monitor compliance with the policy. Besides, there has been a lack of real-time content security, which analyzes information in real-time as it is created and consumed.

Added to this is the organisations inability to look beyond signature and fixed-policy web technologies like anti-virus and firewalls.

CIOL: What are the uses of enabling security technologies to reduce or mitigate social media risks?

SS: While some organizations use certain technologies like anti-virus/anti-malware, endpoint security, and identity and access management to mitigate security risks due to social media, these traditional defenses do not provide appropriate threat protection.

What they need is secure web gateways with real-time content analysis and data loss prevention that can block advanced malware and data theft attacks, many of which seek entry through social media.

The dynamic social web requires an IT security defense that goes beyond signature and fixed-policy web technologies (like anti-virus and firewalls). Social media require real-time content security, which analyzes information in real-time as it is created and consumed.

CIOL: Do you think most organizations that use social media as a business tool are aware of the security risks involved? If not, how can they be convinced that it can be a very real threat to the organization?

SS: The Global Survey on Social Media Risks conducted in the year 2011 among IT & IT Security practitioners by Websense reveals a dangerous gap in corporate social media security. As per this survey, 63 percent of more than 4,000 respondents in 12 countries said that social media in the workplace represents a serious security risk, yet only 29 percent report having the necessary security controls in place to mitigate it. While 73 percent of respondents identify secure web gateways as an important way to reduce social media threats, a full 27 percent, more than one quarter, still don't.

Organizations need to realize that sites like Facebook, Twitter, YouTube, and LinkedIn change too rapidly to rely on traditional background analysis and security software update cycles. The dynamic social web is qualitatively different from the older static web. It requires an IT security defense that goes beyond signature and fixed-policy web technologies, such as antivirus and firewalls, because while they are necessary defenses, they are not sufficient. Businesses need to develop social media acceptable use policies, set appropriate quotas, and most importantly, use security that examines the content and context of social media sites in real time.