There are companies that have their entire organisation's staff connected on LinkedIn, inviting someone to reverse-engineer the entire company anemogram and launch a corporate attack on the business.
This is according to Mike Silber, regulatory lawyer and GM of regulatory policy at Neotel, speaking on the security and governance risks of social networks at the recent ITWeb IT Governance, Risk, and Compliance event held at The Forum, in Bryanston.
Silber took the opportunity to highlight the impact of social networking on the business, indicating that even with malware protection warnings and corporate blocking, employees find a way to circumnavigate these blocks to access social networks.
“Employees who have access to a 3G device use it in the office to go onto Facebook, threatening the entire corporate firewall,” he stated. This places companies at risk of internal infections and data leaks.
Silber noted that people often share too much information about their personal lives on social networks. He suggested that companies create policies about social networking and what employees can say about their company.
“If they don't mention where they work or who they work for, that's one major threat that has been eliminated,” he opined.
Network police
Many companies resort to an outright ban of social networking, said Silber. However, this leads to employees circumnavigating these blocks, resulting in abuse of the network, he added. Corporate monitoring of what staff members do on the corporate network is another option.
To this end, corporates must familiarise themselves with the Regulation of Interception of Communications and Provision of Communication-related Information Act, or RICA. “Ninety-nine percent of monitoring is interception in terms of RICA,” he explained, which, according to section six of the Act, allows companies to intercept during the normal course of business, known as business purpose exemption.
The business purpose exemption is used for two main purposes: health and forensic, explained Silber. Health purposes involve security and maintenance and require continuous monitoring. Forensic purposes involve occasional and covert investigations of fraud, corruption, or breach of policy.
In closing, Silber warned companies that failing to comply with RICA could result in fines of up to R10 million, or two years' imprisonment.
Share
