Monitoring and Management Tools
While data loss management tools serve to prevent possible information leaks by company employees, monitoring and management tools act to identify recently published information that may be of interest to the company. By monitoring the publication of mentions related to keywords and phrases, it is possible to identify where these mentions have been posted so you can more fully understand the context in which they were published.
Even though these systems may point to potential security breaches and policy violations, gaining a full understanding of the context around which these mentions occurs is always necessary, as discussed in Chapter 11. For example, it may be entirely legitimate and laudable for company staff to adopt an apologetic and humble tone in public communications in cases where individual customers feel they have been wronged.
CAUTION
Monitoring systems generally return very specific conversations and transactions without providing the larger communication context, which may have to do with longer news cycles and events. When using monitoring systems, don’t be too quick to judge and always give others the benefit of the doubt; individuals deserve a chance to be heard before they are condemned for alleged misdeeds.
Monitoring Mentions
Over 150 solutions and counting exist for monitoring mentions online, including free and paid services. Some of the free services include Google Alerts, HowSociable, Addict-o-matic, Livedash, StatsMix, Buzzstream, Samepoint, Trendrr, and Social Mention. Figure 15-2 shows activity for “KRAA Security” using HowSociable. As you can see, a paid professional version is also available.
Figure 15-2 HowSociable monitoring “KRAA Security” mentions
Compared to free services, paid systems offer more advanced features, including more powerful customization options, more robust reporting facilities, better customer support, integration into company platforms and workflows, and more privacy. Paid services range widely in price. A paid service will provide additional functions that many of the free services do not have. They also may report the same data but have more developed tools around the functionality and display of that data. Several of the paid services include SocialMetrix, Heartbeat, Radian6, Brandwatch, Biz360, WhosTalkin, VocusPR, Sprout Social, BuzzLogic, Scout Labs, Meltwater, Reputation.com, My BuzzMetrics, Trackur, Dow Jones Insight, and Alterian SM2. Some of the paid services include free trial periods.
NOTE
For an updated listing of monitoring tools, including reviews, please consult our website: http://securingsocialmedia/onlinemonitoring.
Monitoring solutions provide a full set of features that continuously evolve as social media tracking becomes more sophisticated. These new tools are designed to facilitate teamwork among staff assigned social media responsibilities, including such functions as:
Monitoring keyword and phrase mentions across millions of blogs and social media platforms
Boolean search capability and filtering of mentions by geography and language
Authority tracking and key influencer identification and following
User management and user activity logging
E-mail notifications and alerting for predetermined incident types
Filtering by content source and social media platform
Community interaction and publishing features
Daily, weekly, and monthly digests of activity
Some brands, including Gatorade and Dell, have created social media management control rooms that display a wide set of monitoring dashboards and trackers. Community management and customer support staff spend their day observing the conversations online and responding when appropriate. They also act proactively in coordination with Corporate Sales, Marketing, IT, and PR objectives, and serve as the eyes and ears of the company by providing immediate feedback from the community. We expect these types of control centers to proliferate among top consumer brands that experience a high degree of customer mentions online. You can read more about Dell’s Social Media Command Center in the case study.
Monitoring Employees
Security managers don’t like to talk about it, but one of the greatest threats to business computer systems, networks, and data isn’t from hackers or competitors. It’s from employees, partners, and other trusted insiders with authorized access to a company’s networks, systems, and proprietary information.
—George V. Hulme, Information Week2
2 George V., Hulme, “The Threat from Inside,” InfoWeek (April 14, 2003), http://www.informationweek.com/news/8900062.
Do you know which employees spend the most time on social media websites and applications while at work? Which ones spend their day on Facebook chat and instant messaging applications? Which employees are divulging sensitive company information through seemingly innocuous or offhand remarks made online?
By implementing tools that help you answer these questions, such as Specter Pro or Radian6, which Dell uses, you will also be acting to increase employee productivity by eliminating wasteful activities, enhance the company’s ability to conduct investigations and catch wrongdoers, enforce your organization’s acceptable use policy and standards, reduce legal liability, reveal false accusations, and protect the corporation from insider theft and data leaks.
As mentioned earlier in this book, employees should have no expectation of privacy when using company resources. As discussed in Chapter 3, the U.S. Supreme Court ruled in favor of companies being able to monitor their employees. Other countries may have a different legal stance, and you should be aware of local country data privacy laws and human resources laws when doing business in those countries. For its own business continuity protection, a company must reserve the right to investigate any information with the company’s systems. Also, potential situations involving court orders, subpoenas, lawsuits, and legal discovery requests may require access to personal files. The IT department is responsible for collecting, archiving, and providing access to electronic records, in collaboration with the company’s attorneys and senior executive team.
What are the most common types of activities that employee monitoring tools uncover? The possible breaches range widely, including the following and more:
Participating in communication that breaks corporate policy or is unlawful
Divulging too much information about the company in social networks
Installing unauthorized social media applications on corporate computers and smartphones
Mentioning corporate brands or displaying logos in unauthorized ways
Using other peoples’ passwords to access online resources
Viewing illegal websites
Spending too much time on social platforms for personal reasons
The fear of being caught is perhaps the best deterrent to employee misbehavior. By establishing a competent and credible monitoring system that you clearly explain to employees, you are acting both ethically and responsibly in ensuring a productive and professional online experience. The log management tools and monitoring tools listed previously, such as EventTracker or LogRhythm, provide key capabilities for employee monitoring including:
Collecting a persistent record of employee activities online, including URLs visited, applications used, and time spent
Creating impartial proof through secure transmittal, central storage, and observance of best practices and security industry standards regarding evidence collection
Preventing unauthorized access to reading and editing of archived recordings to protect integrity
Sending real-time notifications of predetermined security incidents and breaches
A word of caution may be in order here. It is possible to go overboard in employee monitoring and create an environment that decreases morale and even creates a “hostile workplace,” which may subject the company to lawsuits. Avoid situations where employees feel harassed by too stringent monitoring policies that curtail their ability to work comfortably. Ultimately, your company’s intellectual capital may decide to walk out the door on their own two feet.
The implementation of monitoring tools for online mentions and for tracking employee activities on the Web comes at a financial and human resource cost. It takes money and time to integrate and maintain monitoring systems.
The Use of New Social Media Tools by Employees
By now, most of your employees have at least created a profile on a social network, and many of them are maintaining an active presence on one or more of these networks for personal or professional reasons. As these social networks grow their user base and evolve their feature sets over time, new ecosystems of partnering services emerge to plug into these social networks. Between the new services offered by the networks and those offered by third-party companies, people are being tempted to use an ever-growing number of applications that facilitate their social networking. These new tools, which are often created by lone developers or by small firms, will invariably contain security flaws in their early versions. It is, therefore, important to understand that employees will attempt to use new social media tools, and that these tools may present new security threats to the corporation.
Some tools, such as HootSuite, a Twitter management dashboard, are run primarily from within the browser. Other tools are downloaded and executed as executable files on PCs or as disk image (DMG) or Mac installer package (PKG) files on Mac OS X systems. Other applications may run within Adobe Air or Microsoft Silverlight rich Internet application platforms. Finally, there are countless social networking applications available through smartphone operating systems, including Android, Symbian, Blackberry phones, and the iPhone, as well as tablets.
As discussed earlier in the book, the policies you create should clearly outline what software and services employees are allowed to use. This includes applications that may need to be installed or cloud services that need no installation but could still pose a threat to the environment. Each service and application should be authorized and then monitored with the tools we have just discussed.