In Chapter 6, we outlined a number of processes that need to be present in your social media security policy. In actually managing your tools to enable secure utilization of social media, you are faced with the same challenges that you face with any other tools you use for other security activities, such as monitoring for malware or Trojans. You can utilize these tools to track “Where” this information is being used. From an internal perspective, you can track “Where” employees visit and the sites they use to post information.
Since just about every social media site will be accessed via a web page (even internal wikis), URL filtering is a necessary component in your toolkit to monitor, block, and report on employee activity. (Sites like Foursquare.com are a bit different for now, being mobile application driven.) Utilizing technology for external web filtering does serve a dual purpose because you can use URL filtering to manage incoming data as well. By controlling what data leaves your network and what data is inbound, you have some granular control over employee activity.
The key component of URL filtering is to require employees to go through a proxy server for outbound connections. You can control where the employees are allowed to go with the proxy, stop Trojan horse attacks from sending out data to a hacker website, and monitor what employees are doing. You can use free tools such as Squid Proxy (http://www.squid-cache.org/) and commercial tools such as McAfee WebWasher. You can create your block list and continuously monitor for employees trying to access inappropriate sites and, therefore, enforce your social media policy.
The added benefit of filtering inbound links comes from stopping hacker programs that try to take advantage of an employee clicking a link on a malicious website and installing code on the employee’s machine. Whenever any code tries to execute via the browser, the URL filter can analyze it and block it, if necessary. Protecting against malicious pages on some social media sites is just another part of your overall security strategy. According to the Verizon 2010 Data Breach Investigation Report (http://securityblog.verizonbusiness.com), malware attacks are a significant portion of all attacks, as shown in Figure 13-2. If you can block employees from going to malicious social media sites or stop them from installing infected apps like those that might be distributed within Facebook, you will reduce malware infections on your systems.
Social media monitoring tools help you search and analyze data. You have to automate the methods of cleaning and categorizing the social media data because there is too much data to do this manually. By selecting the best search terms, you can find the conversations that impact your company negatively and positively. Each social media application will have some of the information you need. Correlating all the different mediums in which your employees and customers communicate will provide the complete picture of what you have to monitor. As we discussed in Chapter 2, your tool assessment process has to correlate your technologies to the function needed to monitor and report on social media activity. The IT department is responsible for managing the monitoring applications as it does with most other applications a company uses. As an example, you can categorize your tools as shown in Table 13-2.
With these tools, it doesn’t matter “When” employees are being monitored on the job. The challenge is using the right tools to monitor when they aren’t at the office but post information you need to know about. Table 13-2 gives you some tools you need in order the address the “How” portion of monitoring your employees. There are internal tools and cloud-based tools that give you the capabilities necessary to manage and protect your company’s intellectual property from employees who may be inappropriately sharing it. Having these tools in place ensures that you address the following key points of monitoring:
Identify the types of information that might be relevant or useful, such as your company and brand names, competitors, your research & development project code name, or even confidential filenames
Create (and constantly modify) filters to sift out the majority of unimportant, noninsightful data, for instance, filter by
Region or subject for influencers
Specific combinations of terms such as “company name” + lawsuit
Event your company is holding
Hashtag
Location, such as country-specific searches
Community or specific platform
Specific language
Public news articles
Identify stakeholders for different data sets; this will mostly apply to Marketing, Legal, and Human Resources
Identify the most useful ways to report to each stakeholder. For instance, Marketing is concerned with the number and location of website hits after a new ad campaign is launched, but IT might be concerned with an uptrend in attacks against the company Internet IPs when that same new ad campaign is launched if it offended some group of people.
Define clear steps for follow-up processes for the data you uncover (see “Incident Management” later in this chapter).