Corporate response to the influx of Web 2.0 technologies is as varied as companies themselves. Here are some tips for developing security policies and practices that best fit your company, from restrictions on social sites to rules on mini devices and instant messaging. Plus, we offer expert tips for communicating these new Web 2.0 policies to workers.
HOW TO: Guard corporate secrets in a Web 2.0 world
There’s no surefire way to completely eliminate the risk of information leakage in a blogging environment. Due diligence requires an approach that involves defense, detection and deterrence:
- Re-evaluate whether you need to update your antivirus and malicious-code protection for Web traffic. Consider a combination approach recommended by Gartner Inc. that involves antivirus software, URL filtering, application controls, Web site reputation services and safe search technologies.
- Establish a blog oversight committee — a group of fellow-employee bloggers who are committed to promoting blogging within the company and making sure the company’s interests are served.
- Update acceptable-use, ethics, trade-secret and other employee policies to deal with blogs and community sites like MySpace and YouTube.
- Consider whether to deploy content monitoring and filtering technology, and update your URL filtering tools.
HOW TO: Protect your network and your data from mini devices
One of the biggest threats to network and data security today comes from mini devices. Ironic? Yes. Insurmountable? No. Start with these action items to deal with this threat:
- Establish a corporate policy that specifies who can use which devices and under what circumstances.
- Take a look at what you have. Account for corporate-owned devices, and determine whether workers are using personal devices at work. Evaluate whether your antivirus software can adequately protect your network from malware coming from those devices.
- Back up policy with technology. Allow only corporate-owned devices onto your network. Consider using applications that block nonauthorized access to USB ports. Implement sound data-protection policies that include the encryption of sensitive data, so if a mini device is lost, the data isn’t compromised. If needed, upgrade your software to block malware from mini devices.