Tag Archives: risk

Risks Of Using Social Networking In Business

Social Networking sites such as Facebook, Myspace and Youtube have gained popularity among the younger population. Sites such as LinkedIn, Plaxo and Xing have followed quickly in their footsteps to provide the business friendly social network opportunities.

More recently, companies large and small are exploring ways to use social network site to support and improve sales (Youtube), to find new employees and business partners (LinkedIn) or to monitor their performance and respond to critics (Yelp and increasingly Facebook and Twitter).

However, for information security experts commissum.com, businesses looking to embrace these social media channels and tools in their business need to understand and calculate the benefits and risks before engaging them.

To consider the risks of using social media for your business consider the following:

Be careful using social media for employment vetting purposes for the same reasons that employers should not ask about religion, preferences, age, race etc.

Once a business takes the step of using social media, they are opening up a channel that in most cases you have very limited control of; in fact almost handing over control to the public. How would the business deal with both fair and unfair criticisms and opinions expressed on social media websites and how could its reputation be affected?

Would your employees know what business information can be disclosed on social media websites and could the business therefore be at risk of involuntary information leakage?

Could information on the size, structure of the business and operational details such as IT infrastructure details be used for initial data gathering activities for targeted attacks?

Could the business IT infrastructure be vulnerable to malicious software downloaded from social network sites?

And lastly consider whether the business should monitor the activities of its employees to ensure that security is maintained and resources are not being wasted by social networking activities.

“The risks of using social media encompass all aspects of the business; legal, employment, technical, operational and reputation”, according to a commissum spokesperson.

Via EPR Network
More Internet & Online press releases

GRC (Governance, Risk and Compliance) is a recent acronym that has quickly spread among the senior management community around the world

Initially this was sparked by the fallout from a number of major corporate governance scandals, including those affecting Enron, Tyco and WorldCom; all of which led to the enactment of the US Sarbanes-Oxley Act and the concept of a more holistic view of Governance, Risk and Compliance. Interest has also grown rapidly in the UK as legislation and compliance requirements have increased.

Traditionally, most organisations ensure compliance with legislation, regulations and standards by instructing each department to determine the requirements for compliance and specify actions and controls to achieve this. Organisations will therefore have a number of organisational departments for business continuity (possibly aligning with BS25999), for IT security (in many cases aligning with ISO27001), for quality management, etc.

They will certainly have risk management carried out by these various departments, all identifying risks and controls and also individually reporting on these. Managing all of this and pulling it all together into a coherent picture upon which business decisions can be made and priorities can be based in an efficient and effective way is a complex challenge.

commissum’s Principal Assurance Consultant André Coner noted that as the number of legislation, regulatory and compliance requirements increases, the number of departments involved also increases, each defining their own controls and measures. This silo approach causes each department to “re-invent the Wheel”, wasting valuable time and increasing costs while introducing duplication, redundancy and confusion.

commissum’s approach to Unified Governance, Risk management and Compliance creates a common source of information. It creates a common model of the organisation; a unified methodology for managing risk, controlling deficiencies and measurement.

Via EPR Network
More Internet & Online press releases