Execs think social is risky, yet will watch porn on a work computer
When it comes to social business, Gartner believe executives go through six stages, each with its own distinct attitude. The second stage identified by analysts Anthony Bradley and Mark McDonald is one of fear.
Fearful organizations see social media as a threat to productivity, intellectual capital, privacy,management authority, regulatory compliance and a host of other things, and often discourage and even prohibit its use.
Risk was also the topic of an Altimeter report published by Charlene Li last summer. The report saw a number of risks outlined, most of which touched on the problems that emerge when executives publish things online. We’re talking things such as releasing confidential information or posting inappropriate content on Twitter.
One risk that wasn’t touched on by the report, and probably with some justification, was watching pornography on company time. I mean you’d have to be mad to do that, right? Well, it seems a whole lot of senior executives are mad, for research conducted by ThreatTrack Security found that 40% of security professionals had found a device used by senior leaders on their company network that contained malware downloaded after visiting an adult website. The rate was nearly as high as the number of computers infected after clicking on a dubious link in an email.
ThreatTrack CEO Julian Waits Sr. said that while it is discouraging that so many malware analysts are aware of data breaches that enterprises have not disclosed, it is no surprise that the breaches are occurring.
“Every day, malware becomes more sophisticated, and U.S. enterprises are constantly targeted for cyberespionage campaigns from overseas competitors and foreign governments,” Waits said. “This study reveals that malware analysts are acutely aware of the threats they face, and while many of them report progress in their ability to combat cyberattacks, they also point out deficiencies in resources and tools.”
Of course, this isn’t to play down any risk that comes with using social media, merely saying that such things need keeping in perspective to ensure that the baby isn’t thrown out with the bathwater. Altimeter produced some handy tips on how to produce a risk management plan when you are becoming a social business, which I’ve summarised below.
- Identify the risk- First things first you have to identify the risks you face. These could be a risk to your brand, a leaking of confidential information, legal violations or identity theft. Altimeter found that the most common threat was to a companies brand, but if you investigate potential sources of risk you may come up with something more specific to your own situation.
- Assess the risk - Next you have to assess how likely that risk is to do you damage. It’s basically a bit of probability analysis. Couple up the likelihood of a risk happening with the damage it would do if it did occur to give you a decent understanding of the risks you face and the damage they can do.
- Manage and mitigate the risk – The next step is to deal with the risk. You might be able to eliminate it completely (unlikely) or you might be able to reduce the odds of it occurring, or indeed mitigating the damage should the worst materialise. Common strategies here include providing outstanding training on how staff should behave on social media and what you expect from them when they use it.
- Monitor and evaluate the risk – As with most things like this, you should never be completely satisfied, so the final step is to regularly review and regulate their existing risk strategies to take account of both the success of the current strategy and the changing landscape within which they operate.