Social (Networking) Security
After a prospective subcontracting deal at a major manufacturer was leaked through social media, affecting the stock price of both companies, Roger Traversa, an attorney in corporate compliance and privacy at Arjont Group in Philadelphia, was called in. His firm specializes in advising businesses on privacy risks, and he says the same rules apply to businesses big and small--and in fact, the results of social media outbreaks can be even more dire on the small side.
"For smaller companies, leaks can be make or break," Traversa says. "Losing one competitive advantage or one trade secret can really damage your business."
A recent survey by information security company Websense found that 57 percent of data-stealing attacks come via the web, and that many posts on social media may qualify as proprietary data or violations of health care or credit-card company regulations. Forty-seven percent of survey respondents reported that users in their organizations try to bypass company web security policies.
How can you prevent employees from spilling the beans in a status line or tweet? First, Traversa says, define what information is confidential. "You may think it's obvious, but you need to be clear to your employees about what information you consider proprietary or a trade secret," he says.
It is also a good idea to have new employees sign confidentiality agreements that instruct them about the company's privacy guidelines. Consult your legal counsel or a legal consultant to guide you in drafting a document that will protect your company. Also, he says, insist that any company-related blog posts or other social media posts be approved by a specified person or department in your organization.
Finally, Traversa says, work with an online clipping service or information monitoring company to spot information about your company that could potentially be harmful. If that's not possible, he says, monitor employee blogs and search for keywords about your industry and topic areas you're trying to protect, in addition to the specific name of your company. That will help you spot leaks that don't use your brand name, but still hold valuable information.