Risk Management

Posted on April 9, 2011

Greetings!

 

This month we are back to Risk Management.   How businesses market themselves continues to evolve and Social Networking is the new horizon for many.  This article embraces the fact that  Social Networking is good for business.  The goal of this article is to bring awareness of potential risks and some ideas of how to mitigate these lurking problems.
 
Social Network 

Make Social Networking Sites Work for Your Workplace

 

Facebook recently celebrated 500 million accounts. Facebook is expected to reach 1 billion accounts within the next 12 months. The 500 million milestone for Facebook evidences the social networking explosion.

At the same time, a survey earlier this year revealed that employees are much more motivated to protect their own data security than data belonging to their employer. Thirty-six percent of users said that loss of personal information was their top concern about computer viruses while only 29 percent expressed concern for loss of corporate data.

According to at least one expert, IT administrators need to weigh the rampant risks associated with social network sites. Here are some of the risks social networking sites can present:

*       Phishing - when hackers leverage personal information found on social networking sites to coax victims into releasing proprietary or confidential employer information.

*       Games - Flash technology such as Adobe adds animation, video, and interactivity to Web pages and is frequently used for advertisements and games. However, the technology is accused of creating security holes and crashing computers. In fact, a major provider of network security predicts that Adobe software, especially Reader and Flash, will be the primary target for attacks. For this reason, many experts are recommending against Flash-based gaming.

*       Wireless Devices - Employers face additional risk from proprietary information disclosure or information leakage. This may occur when employees use wireless devices to access a corporate network and social networking applications.

*       Bandwidth Consumption - Employers with large concentrations of users may experience significant impact on their networks because of the excessive use of social media. Facebook games allow for active concurrent connections that lead to memory and bandwidth consumption across the network. "Facebook's 500 Millionth Member Highlights Risks to Corporate America," www.prnewswire.com (Aug. 2, 2010); Tim Wilson, "Employees Put Personal Security Interests Above Company's Survey Says," www.darkreading.com (May 11, 2010).

Commentary and Checklist

In the new era of social networking sites, employers face a balancing act between obvious benefits and inherent risks.

The marketing value of social networking is tremendous especially for sales and marketing personnel staying in touch with their clients and picking up ideas for new products and services. From a recruiting standpoint, social networking sites provide free job networking and provide insight into candidates. And, for younger generations entering the job market, social networking is part of their everyday life.

On the flip side of these benefits, social networking sites bring risks of viruses and malware attacks on top of the risks described in the article above. Added to the risk of social networking is the lack of concern by employees for the safety of employer information.

Network safety policies and procedures can help cut down on employers' risks. For example, employers should ensure that employees do not use their work email for personal use and should educate employees on Phishing techniques. In addition, employers should educate their workforces on the risk and severity of spam and malware attacks as well as the potential risks associated with Flash-based games.

Permitting Facebook use, but not permitting some of the value-add services of Facebook, like games, is a reasonable middle ground.

Finally, employers should also distinguish between employees that need to use social networking sites for their job and determine precisely how employees can use the sites for their work based on the value they bring to the organization.

This Site offers a computer usage policy free to registered organizations. Human resource and legal personnel will find this policy under Model Policies in the Knowledge Vault.

Here are a few points to keep in mind when drafting a basic computer usage policy for your organization.

*       Develop a computer usage policy that prohibits participation in pornographic activities, email theft, cyberstalking and all other illegal behavior.

*       Prohibit the uploading of any unknown or not expected attachment, even from known persons, until IT clears the attachment.

*       Make certain that the policy eliminates any expectation of privacy by your employees.

*       Train all supervisors to enforce the policy.

*       Follow your policy and procedures and thoroughly investigate any complaints or reports of improper use.

*       Periodically conduct random reviews of how employees are adhering to the policy.

*       Consistently enforce your computer usage policy.

*       Report any knowledge of participation in illegal behavior, like the downloading or storing of child pornography, to the appropriate authorities.


Reprinted from "The Loss Prevention Journal" published on August 30, 2010 by The Chubb Insurance Group.

 
 
 
The team at Riviera is always available to help you get the most out of your Property & Casualty programs.

 

Sincerely,

 


Christopher Hill

Riviera Insurance Services
Posted in Insurance, Risk Management | Comments Off