Index
A
Acceptable Use Policies, 25
activists. See hacktivists
advertising campaigns
legal compliance issues for, 225–226
rapport with customers in, 212–213
alerts. See also Google Alerts
creating, 289–291
linking log files to, 272
Social Mention, 43, 232–233, 291–293
using for content, 271
American Medical Response of Connecticut (AMRC), 289
analysis. See auditing
Ann Taylor blogging gifts, 143
Anti-Cyber Squatting Protection Act, 247
Apple security leaks, 61–62
applications. See also externally hosted applications
developing and testing internal, 197–198
list of tools, 322–325
managing in-house social media, 110–112
monitoring online mentions, 274–276
next generation of Internet, 312–314
security for externally hosted, 113–116
ArpON, 96
assessing social media strategies
changes in authentication systems, 306
checking sources, 305
implementing strategies, 303
maintaining reputation management, 307–309
modifying management and policy, 304
reviewing improvements, 298–302
tracking anonymous attacks on brands, 306–307
vigilance in using strategies, 304
assessment. See social media assessment process
assets. See utilization of resources and assets
attacks. See also hacking; hacktivists; negative campaigns
educating employees about, 121–122, 158–159
malware, 242
monitoring potential, 227
social media hacking, 92–94
stealing reality, 94–95
Twitter attack on Southwest brand, 156–158
auditing
current social media strategies, 18
developing threat landscape, 8
identifying security gaps, 12–13
internal and external controls, 11, 200–202
securing customer data, 11–12
social media initiatives, 10
authentication
applying for in-house social media, 111, 112
changing systems for, 306
requiring e-mail, 99
backup and recovery strategies, 38
banning social media at work, 227–228
baseline reputation data, 291–293
best practices. See also social media security policy
evolution of security, 106
sample security policy for, 127–134
Biffano, Pedro Lopez, 314
Bit.ly, 59
blocking intellectual property use, 170
Blogger.com, 209
blogs
copyright infringement on, 199
FTC regulations for, 143–144
military use of, 188–189
searching with Google Blog, 258–259
security policies regarding, 109, 111–112
threats via, 71
unauthorized reprinting of, 238–239
botnets, 74
brand attacks
assessing potential damage of, 86
attempts to ruin brand, 207
by competitors, 317
hacking as, 68–69
responding to, 156–159
tracking anonymous, 306–307
types of attackers, 72
brands. See also brand attacks
attempts to ruin, 207
creating management plan for, 191–192
defined, 206
management control rooms for, 150–151, 266–267, 276
monitoring data for, 287
potential loss of control, 315
role of brand evangelists, 152
training employees to advocate, 54
British Petroleum (BP), 4–6
Buckly H. Crispin v. Christian Audigier, Inc. et al, 62
budgets. See also monetary considerations
determining social media, 34–36, 254–255
implementing security with limited, 256–260
improvement checklist for, 264
including social media tools in, 186
security, 34–35
solving security with big, 260–262
Burger King, 223–224
business continuity plans, 38
businesses. See organizations
C
California Highway Patrol (CHP), 284–286
capabilities
assess technical, 28
mapping, 166–167
Catsouras, Nikki, 284–285, 286
CBT training, 263
cease and desist letters, 210–211
Chilling Effects Clearinghouse, 210–211
clickjacking, 68
cloud computing
cloud-based applications, 29, 30
risks in, 38–39
Comcast, 207
communications. See also blogs; content; intellectual property
disseminating policy changes, 280
laws regulating financial, 225–226
safeguarding, 12
telling employees about operating strategies, 193–194
community management
functions across departments, 152–153
resources and tasks in, 150–152
Community Manager
coordinating with other departments, 120–121
directing cross-functional teams, 154
disseminating social media policy, 158–159
hiring and training, 138
interfacing with other departments, 119–120
managing medium company challenges, 148–149
modifying Facebook privacy settings, 147–148
new tasks for, 118–119
organizing policy team, 125
responsibilities of, 144–153
sharing responsibility for Operations Management strategy, 189–190
small business challenges for, 146–148
training, 154–155
updating and managing security policy, 123
using reputation data, 293–294
working with IT, 118–121, 123, 145–146, 155
competitors
brands attacks by, 317
corporate espionage by, 89
monitoring online sentiment for, 13–14
profile as IT attacker, 72
reputation threats from, 83
compliance
Human Resources responsibilities for, 222, 225–227
reviewing laws effecting operations, 199–200
confidentiality breach
defined, 110
focusing monitoring on, 227
occurrences of, 195
content
alerting systems for, 271
contacting owners of damaging web, 208
lifespan of social media, 207, 285
longevity of negative, 207
removing from Web, 207, 208–210
control of brand message, 315
controls
auditing internal and external, 200–202
cost of implementing application, 182–184
directing keyword search engine results, 211
resource security, 163–164
Cooks Source magazine, 238–239
copyrights
assessing company’s, 27, 31–32
educating employees in, 173–175
fair use doctrine and, 175
improvement checklist for, 175
managing and protecting, 248–249
measuring protection of, 33
tracking loss of copyrighted material, 171–173
utilization categories for, 240
corporations. See organizations
“Cost of a Data Breach” (Ponemon Institute), 178–180
crisis management, 216
customers
establishing rapport with, 212–213
reputation threats from, 83
reviewing comments with Google search, 50–51
threats to corporate social media by, 73
cyberstalking
corporate, 97–99
defined, 96
D
dangers of social networks
defenses against, 99–100
example of Firesheep hacking, 92–94
logon from unsecured networks, 92–93, 96, 197
personal security and data scraping, 100–102, 317
stealing reality, 94–95
data. See also data loss
checking online sources, 305
correlating employee, 99
developing comparative reputation, 291–293
false, 89
future risks for, 315–316
keeping usage trend tracking patterns, 271–272
learning to protect customer, 142–143
levels of security for, 173
maintaining log files, 272–273
methods for protecting, 270–273
storage of, 37–38
tools for monitoring, 243–245
vulnerability of social media, 102
data devaluation, 75
data loss
from attacks, 82
cost study on breached data, 178–180
costs of, 180–182
preventing intellectual property, 170–173
tracking, 171–173
Data Loss Cost calculator, 181, 183
Data Loss Prevention (DLP) tools, 162, 163, 270–273
Data Protection Acts, 239
data storage
developing backup and recovery strategies, 38
understanding where social media activity stored, 37–38
DataLossDB.com, 180
defamation
about, 88
claims by employee of, 109
focusing monitoring on, 227
requesting content removal in, 208–210
Dell, 266–267
denial of service, 111
Digital Millennium Copyright Act, 247
discrimination claims, 109
documenting policies, 263
downtime from attacks, 82
E
e-mail cyberstalking, 99
E-SIGN Act, 226
education. See training
Electronic Communications Privacy Act, 239
employees. See also firing employees; monitoring employees; training
blocking access for terminated, 196
checking on prospective, 230–231
codes of conduct and media use for, 21, 25, 117–118
communicating operating strategies to, 193–194
criticizing employers online, 241
dedicating to monitoring media, 53–54
digital literacy training for, 32
educating in social media risks, 102
empowering to use social media, 54
identifying regulations and requirements for, 141–144
learning to protect customer data, 142–143
least-privilege access for, 196
outlining security policies for, 109–110
privacy rights of, 195, 224–225, 239
profile as IT attacker, 72
reputation management in posts of, 288–289
reputation threats from, 83
running background checks on social media for, 222
stalking company, 98
teaching PCI standards, 141–142, 173
threats to security from, 81, 276
tracking social media usage, 279–281
training, 121–122, 155–159, 263
use of new social media tools, 278, 309
where to monitor, 240
encryption, 114–115
enforcing
social media policies, 170–171
strong passwords, 112
externally hosted applications. See also Facebook; Twitter
auditing controls on, 13–14, 201–202
costs of implementing controls on, 182–184
lack of control over, 108
managing security for, 113–116
policy checklist for, 115–116
F
F-Secure, 115
accessing and modifying privacy settings for, 147–148
downloading information from, 191
Firesheep hacking on, 92–94
hacking of, 18–19
managing in-house security for, 113–116
protecting against malware installations on, 165
risks associated with, 59
fair use doctrine, 175
Federal Electronic Communications Privacy Act, 246
Federal Trade Commission (FTC)
enforcing social media use, 143
Safeguard Rules, 269
financial loss from social media attacks, 81–82
firing employees
media postings as grounds for, 139, 223–225, 230
Termination policy for, 25, 80
using social media to build case for, 230
Fox News hacking incident, 68–69
free security tools, 254, 322–325
future trends
competitor’s brand attacks, 317
defenses for, 319
erosion of privacy, 316
geolocation targeting, 316
inconsistent international regulations, 318–319
loss of control, 315
next generation of Internet applications, 312–314
ownership of social media data, 317–318
product and data threats, 315
threats, 314–319
G
Gatorade, 150–151
geolocation targeting, 316
Gismodo, 61–62
Global Brain, The (Russell), 314
Google Alerts
creating, 289–290
setting up, 55
Google Blog searches, 258–259
Google Insights for Search, 259–260
Google Trends, 257–258
Gramm-Leach-Bliley Act (GLBA), 269
H
hacking. See also hacktivists
impact of Zynga, 28
MasterCard, 48–49
political, 68–69
profile of hackers, 72
Zuckerberg’s Fanpage, 18–19
hacktivists
about, 68–69
reputation threats from, 83
retaliating against MasterCard, 48–49
HBGary Federal, 307
HIPAA (Health Insurance Portability and Accountability Act)
data loss and, 180
ensuring compliance with, 225, 226–227
handling violations of, 79–80
operational monitoring of, 269
training employees in, 173
hiring
Community Manager, 138
running social media checks before, 222, 230–231, 239
historical reputation data, 291–293
HowSociable, 275
HTTPS Everywhere, 114–115
Hulme, George V., 276
Human Resources department. See also Community Manager; firing employees; monitoring employees; training
assessing social media plans, 10
banning social media at work, 227–228
basing worker’s termination on monitoring, 230
checking on prospective employees, 222, 230–231, 239
compliance responsibilities for, 225–227
creating public policy, 235
defining Community Manager role, 144–146
developing social media training, 153–159
disseminating social media policy, 158–159
employment laws and social network profiles, 154
examples of unleveraged, 5
focus of monitoring, 227
hiring and training Community Manager, 138
identifying employee regulations and requirements, 141–144
impact of policies on security, 25
improving monitoring, 235–236
information gathering phase for, 24
inventory of assets and tools in, 11
JAG’s improvements in, 140–141, 299
key challenges of, 138
monitoring by, 223–225
postings and firing of employees by, 139, 223–225
providing employee media guidelines, 117–118
setting social media security policies, 21–23
setting up monitoring requirements, 232–234
threat assessment for, 80–81
working with Community Manager, 118, 119
Human Resources Matrix, 9, 299
H.U.M.O.R. matrix. See also specific matrix components
assessing security with, 19–20, 26–27
assessing strategies with, 15
defined, 9
Human Resources Matrix, 9, 299
measuring improvement with, 298–302
Monetary Considerations Matrix, 9, 35–36, 301
Operations Management Matrix, 40
Reputation Management Matrix, 9, 44, 290, 302
threat assessment using, 80–85
Utilization of Resources Matrix, 9, 27–33, 300
I
ICANN’s Uniform Domain Dispute Resolution Policy, 247
IceRocket, 42
identity theft
social media and possibility of, 7
steps for countering, 100
implementing social media strategies
adapting to changing authentication systems, 306
challenges in, 303
checking sources, 305
dealing with changes, 304
improvement checklists
assessing social media, 15
budgeting process, 264
employee use of social media, 102
intellectual property and copyright protection, 175
online reputation management, 63, 294
reputation, 217–218
security strategy analysis, 45
social media security policy, 135
threat assessment, 90
incident management
managing crises, 216–217
steps in, 249–251
types of, 249
violations of intellectual property, 247–248
inconsistent regulations, 318–319
Information Technology department. See IT department
infringement of copyrights
assessing policies on, 27
protection of blogs, 199
instructor-led training, 263
intellectual property. See also blogs; content; copyrights
assessing company’s policy on, 27
creating management plan for, 191
determining risks to, 30–31
improvement checklist for, 175
measuring protection of, 33
monitoring, 246–248
ownership of social media data, 317–318
preventing loss of, 170–173
technologies protecting, 31
theft of, 247–248
threat assessment for, 81
utilization categories for, 240
Internet. See also social media; websites
credibility of online data, 305
inconsistent international regulations for, 318–319
Internet Protocol version, 6, 313
next generation of applications, 312–314
inventory of technology, 28, 166
IT (Information Technology) department
analyzing security for, 10
assessing risks of cloud resources, 38–39
creating technology assessment, 27, 28–30
defenses against social network dangers, 99–100
detecting threats in social media, 70
determining social media budget from, 34–36
evaluating and setting social media policies, 22–23
impact of policies on security, 25
information gathering phase for, 24
inventory of assets and tools in, 11
participating in copyright protection, 171–173
protecting data, computers, and laptops, 190–191
providing network management plans, 194–195
restrictions protecting networks, 95–96
safeguarding communications, 12
securing customer data, 11–12
sharing operations responsibility, 189–190
working with Community Manager, 118–121, 123, 145–146, 155
J
JAG Consumer Electronics
about, 19–20
baseline monitoring by, 233–234
budgeting at, 255
evaluating use of technology, 165–169
expense of implementing controls, 182–184
Human Resources improvements by, 140–141
implementing operational guidelines at, 267–268
improving reputation management for, 288
incident management for, 249–251
information gathering phase for, 24
measuring utilization of resources and assets, 32–33
Monetary Considerations Matrix for, 35–36
monitoring customers of, 49
Operations Management Matrix for, 40–41, 189
Reputation Management Matrix for, 44, 290, 302
reviewing improvements in strategies, 298–302
social media security policy for, 108
threat assessment for, 69
upgrading capabilities at, 246
using H.U.M.O.R. matrix for, 19–20, 26–27
K
Knowem, 191
L
laws. See also copyrights; regulations
applying to monitoring, 246–247
effecting operations, 199–200
impacting social media, 225–226
inconsistent Internet regulations, 318–319
social network profiles and employment, 154
state intellectual property, 247
least-privilege concept, 196
Legal department. See also laws
influencing security policies, 25
information gathering phase for, 24
inventory of assets and tools in, 11
laws affecting corporate operations strategy, 199–200
participating in responses to threats, 63
steps for protecting reputation, 210–211
libel, about, 88
Lithium, 262
location-based services
cyberstalking using, 97–98, 314
malicious uses of data scraping, 100–102, 317
monitoring, 57–58
risks of geolocation targeting, 316
threats to, 89
log files, 272–273
logons from unsecured networks, 92–93, 96, 197
logos, 206
Lord, Bob, 147
M
malicious applications
challenges of stopping, 68
Trojan horse applications, 115, 122, 165
Marketing department
dealing with crises, 42–44
defining Community Manager role, 144–146
determining social media budget for, 34–36
establishing rapport with customers, 212–213
impact of policies on security, 25
information gathering phase for, 24
managing leaks, 61–62
participating in copyright protection, 171–173
re-using material posted in social media, 174
reviewing social media platforms for, 10
working with Community Manager, 118, 123
MasterCard, 48–49
McNeil Consumer Healthcare, 212
meetup threats, 72
MentionMap, 145
MerchantCircle, 254
microblogging threats, 72
mobile devices. See also location-based services
collecting data from, 317
threats via, 72
monetary considerations
assessing potential damage, 86
budgeting improvement checklist, 264
budgets for social media, 34–36, 254–255
calculating costs of data loss, 180–182
cost savings of social media, 313
costs of data breaches, 178–180
evaluating threats and countermeasure costs, 184–185
expense of implementing controls, 182–184
finding free security resources, 254, 322–325
H.U.M.O.R. matrix for, 9, 35–36, 301
impact of BP’s oil spill, 5
implementing security with limited budget, 256–260
role in security policy, 124
solving security with big budgets, 260–262
threat assessments and, 81–82
training costs, 263
Monetary Considerations Matrix, 9, 35–36, 301
monitoring. See also monitoring employees
choosing what to monitor, 240
creating baseline requirements for, 232–234
credibility on social media, 54
customer comments, 50–51
data for brands, 287
developing reporting metrics for resources and assets, 251–252
focus of, 227
how to accomplish, 241
improving, 235–236
intellectual property, 170, 171, 246–248
legal limits of, 224
limitations of, 95
location-based services, 57–58
online reputation, 62–63, 289–291
paid services for, 260–262
problems for, 51–53
third-party services for, 126
types of operations, 268–269
who to monitor, 239
monitoring employees
checking on prospective employees, 230–231
firing employees based on postings, 139, 223–225, 230
monitoring operational risks, 37
tracking employee usage, 279–281
use of social media, 48, 58–61, 199–200, 228–229, 239–241
when to monitor employees, 241
where to monitor employees, 240
N
National Association of Securities Dealers (NASD), 269
National Institute of Standards and Technology (NIST) standards, 106
National Labor Relations Act, 247
National Labor Relations Board (NRLB), 289
National Vulnerability Database, 121
negative campaigns
against Nestlé, 31–32, 60–61, 207
effect on United Airlines stock, 41
erroneous claims on Taco Bell fanpage, 54
hacking of Facebook, 18–19
launched against Wal-Mart, 50–51, 52
MasterCard hacking incident, 48–49
sentiment against Groupon, 43
Southwest Airlines, 156–158, 207
when to combat, 53–54
network management plans, 194–195
nonprofits. See organizations
O
online reputation management (ORM)
applying to employees, 288–289
case study in, 284–286
checklist for improving, 294
defined, 286
developing comparative data for, 291–293
improving JAG, 288
issues in, 284
maintaining, 307–309
proactive role in, 319
setting up monitoring systems, 289–291
using reputation data, 293–294
open source applications, 29, 38–39
Open Source Vulnerability Database, 121
Operation Payback, 48
operations. See also Operations Management strategy
about strategies for, 188
alerting systems for content, 271
assessing operational risks, 37–38, 86
criticism of BP’s, 6
Dell’s policies for, 266–267
disseminating policy changes, 280
H.U.M.O.R. matrix for, 9, 40, 301–302
improvement checklist for, 202, 281
including employee monitoring in, 276–278
information gathering about, 39–40
maintaining log files, 272–273
methods for data loss protection, 270–273
military uses of social media, 188–189
monitoring for, 266, 268–269, 274–276
risks in cloud or open source technologies, 38–39
role in security policy, 124
staying up with social media news, 280–281
threat assessment to, 82
tools for monitoring and managing, 273–278
tracking employee usage, 279–281
usage trend tracking patterns, 271–272
Operations Management Matrix, 9, 40, 301–302
Operations Management strategy
about, 189
access to software tools, 195–197
auditing internal tools and social media, 200–201
communicating operating strategies, 193–194
creating asset management plan, 190–192
developing and testing internal applications, 197–198
improving, 202
laws affecting, 199–200
maintaining physical security, 193
network management plans, 194–195
providing security awareness training, 192–193
roles and responsibilities for, 189–190
organizations
analyzing social media risks, 8, 9–13, 76, 77
assessing copyright safety, 27, 31–32
assigning policy team for, 125
best defense for future trends, 319
budgeting for security, 34–35
business continuity plans for, 38
calculating costs of data loss, 180–182
challenges to medium-sized, 148–149
combating negative campaigns, 53–54
coordinating security policy components for, 116–117
corporate cyberstalking against, 97–99
costs of implementing controls, 182–184
creating own social network, 213–215
crisis and incident management for, 216–217
evaluating technology use, 165–169
evaluating threats and response costs, 184–185
identifying social media security gaps, 12–13
implementing policies for large, 149–153
in-house support services for social media, 38
influence of social media on, 312–314
internal security threats in, 58–61
learning collaborative use of resources, 164–165
maintaining credibility in social media, 54
managing reputation attacks, 204–206
media challenges in small business, 146–148
operational assessments for, 36–41
physical security in, 193
protecting data and computer equipment, 190–191
questions about operations, 39–40
responding to threats, 68, 76–80, 83, 86–88
reviewing current practices, 21–23
securing customer data, 11–12
writing security policy guidelines, 107
ORM. See online reputation management
ownership of social media data, 317–318
P
passwords
defending user, 99
enforcing use of strong, 112
managing company Facebook account after terminating employee, 196
PCI (Payment Card Industry) standards, 141–142, 173, 269
personal information, data available on social media, 98, 99
Pew Internet & American Life Project, 319
phishing
about, 75
educating employees on, 122
steps for countering, 100
physical security considerations, 193
Pirsig, Robert, 212
plagiarism checkers, 171, 172, 248–249
policies. See also social media security policy
developing public, 235
disseminating changes in, 280
employee Acceptable Use, 25
Human Resources management of public, 235
Ponemon Institute, 178–180
postings
firing employees based on, 139, 223–225
managing company reputation in employee, 288–289
tools for monitoring public, 185
collection of device data, 317
corporate rights to, 61–62
countering identity theft and phishing attacks, 100
crossing the line in employee monitoring, 224–225
future erosion of, 316
handling violations of HIPAA, 79–80
SEC guidelines for financial advisors, 269–270
securing customer data, 11–12
social media and lack of, 7, 101–102
training employees to protect customer, 142–143
when using company-provided computers, 195, 239
products. See also brands
future risks for, 315
losing control of brand message, 315
public. See also customers
managing policy for, 235
monitoring, 48
public relations
dedicating to monitoring media, 53–54
Nestlé’s misstep in, 31–32, 60–61
R
Radian6, 261
registering brand name, 192
regulations
assessing standards and risks for, 37
effecting financial communications, 225–226
FTC blogging, 143–144
identifying employee-specific, 141–144
inconsistent international, 318–319
types of regulatory breaches, 109
remediation, 308–309
reporting
developing metrics for resource, 251–252
importance of social media, 308
managing IP data loss with, 170
requesting SAS 70 reports, 193, 198
reputation. See also online reputation management
assessing and managing, 41–44, 83–85, 207–208
attacks on brand equity, 204–207
contacting post authors and domain owners about content, 208
controlling keyword search engine results, 211
creating own social network, 213–215
damage to BP’s, 6
detecting fake profiles, 56–57
developing comparative data on, 291–293
effect of hacking on MasterCard, 48–49
example of damage to, 284–286
H.U.M.O.R. matrix for, 9, 44, 290, 302
improvement checklist for, 217–218
incident management for, 216–217
influence of disparaging videos on, 71
legal recourse to protect, 210–211
managing crises, 216
monitoring brand equity, 287
monitoring online, 13–14, 50–51, 55–58
paid monitoring services for, 262, 286–287
qualitative approaches to managing, 212
registering brand name, 192
requesting content removal, 208–210
security policy and protection of, 124
Reputation Management Matrix, 9, 44, 290, 302
Reputation.com, 262
resources. See utilization of resources and assets
response plans
creating for security policies, 125–126
developing to social media threats, 86–88
requirements needed for, 308
training employee responses to brand attacks, 156–159
Russell, Peter, 314
S
Salesforce.com, 313
sample social media security policy, 127–134
search engine optimization, 211
Securities Exchange Act, 226
Securities Exchange Commission (SEC), 269–270
security. See also privacy; security strategy analysis; social media security policy
analyzing IT, 10
assessing operational risks, 37–38
changes introduced by social media, 6–7
considering organization’s physical, 193
corporate budget for, 34–35, 256–262
easy-to-hack passwords, 98
employee threats to, 276
evolution of best practices, 106
finding free resources for, 254, 322–325
impact of social media policies on, 25
importance of user education for, 173–175
internal threats to, 58–61
issues for large organizations, 152
IT defenses against social network dangers, 99–100
levels of data, 173
measuring with H.U.M.O.R. matrix, 19–20, 26–27
monitoring customers for, 52–53
protecting user sessions, 96
responding to unintended information leaks, 61–62
safeguarding communications, 12
Threat Management Lifecycle, 76–79
Security Director, 121
security strategy analysis
evaluating human resource policies, 21–27
improvement checklist for, 45
monetary considerations, 34–36
reputation management, 41–44
reviewing use of resources and assets, 27–33
understanding operational risks, 36–41
using H.U.M.O.R. matrix for, 19–20
self-hosted applications, 110–112, 200–201
sessions
managing in-house social media, 111
protecting user, 96
Sherrod, Shirley, 71
slander, 88
Social Development Ministry Authority of Auckland, 139
social media. See also social media assessment process; social media security policy; and specific media
assessing current policies for, 10, 21–23
available information on, 97–99
background checks using, 222, 230–231, 239
banning at work, 227–228
building termination case with, 139, 223–225, 230
changing security, 6–7
collaborative use of, 164–165
costs of controls for, 182–184
creating own, 213–215
data devaluation via, 75
detecting fake profiles, 56–57
empowering employees to use, 54
enabling encrypted communications for, 114–115
identifying security gaps in, 12–13
impact of policies on securing, 25
in-house support services for, 38
laws impacting, 225–226
list of tools, 322–325
logon from unsecured networks, 92–93, 96, 197
military use of blogs, 188–189
monitoring use of, 58–61, 199–200, 228–229
need for security with, 4
online publications about, 280–281
ownership of data on, 317–318
policy checklist for, 115–116
qualitative approaches to reputation management, 212
re-using material posted in, 174
requesting SAS 70
responding to brand attacks on, 156–159
social networking worms, 73–74
stopping malicious apps in, 68
understanding where stored, 37–38
violations of privacy, 7
worms in, 73–74
social media assessment process
creating competitive analysis, 13–14
developing organizational analysis, 8, 9–13
improvement checklist for, 15
using H.U.M.O.R. matrix, 9, 15
social media control rooms, 150–151, 266–267, 276
social media security policy, 106–135
addressing “what if” scenarios, 61–62
applying H.U.M.O.R. Matrix to, 123–124
characteristics of effective, 108
codes of conduct and use, 117–118
coordinating components of, 116–117
Dell’s, 266–267
detailing for in-house social media, 110–112
determining response to, 125–126
developing, 125–126
developing public policy in HR, 235
disseminating changes in, 280
employee security training, 121–122
enforcing, 170–171
evolution of best practices, 106
identifying employee regulations and requirements, 141–144
improvement checklist for, 135
managing externally hosted applications, 113–116
measuring improvements in, 298–302
putting in place, 100
regulatory and legal requirements, 109–110
role of Community Manager in, 118–121
sample, 127–134
types of employees addressed, 138
UAE guidelines for, 107
updating and managing, 123
Social Mention, 43, 232–233, 291–293
social profiles
data scraping of, 100–102, 317
detecting fake, 56–57
employment laws and, 154
SocialCast, 233
SocialGO, 213–214
sock puppets, 188
Southwest Airlines, 156–158, 207
spyware, 68
St. Mary’s Hospital, 180–182
stealing reality, 94–95
T
TCP session hijacking, 95
teams
developing social media, 153–154
directing cross-functional, 154
organizing policy, 125
technology. See also tools
application risks to assess, 29
assessing needs for, 27, 28–30
changing, 89
evaluating organization’s use of, 165–169
measuring utilization of resources, 32–33
needed by Community Manager, 144–145
protecting intellectual property, 31
security threats of new social media tools, 278
threat assessments of, 81
types of monitoring tools, 55–58, 243–245
using paid monitoring services, 260–262
utilization categories for, 240
Telephone Consumer Protection Act, 225
Telephone Records and Privacy Protection Act, 224
testing internal applications, 197–198
types of intellectual property, 247–248
third-party services
monitoring services, 126, 274–275
reputation management, 286–287, 290
Threat Management Lifecycle, 76–79
threats. See also dangers of social networks; data loss
about, 68
analyzing corporate risks, 76, 77
assessing potential damage, 68, 85–86
assessing with H.U.M.O.R. matrix, 80–85
attacks by competitors, 317
defined, 8
employee security, 276
erosion of privacy, 316
evaluating countermeasure costs, 184–185
evolving nature of, 314
example of threat management, 79–80
future trends for, 314–319
geolocation targeting, 316
improving assessment of, 90
inconsistent regulations as, 318–319
loss of control as, 315
ownership of social media data, 317–318
potential attackers, 72
product and data threats, 315
Threat Management Lifecycle, 76–79
tools
auditing internal and external, 200–201
available on limited budget, 256–260
budgeting for social media, 186
data logging, 273
Data Loss Prevention, 162, 163, 270–273
determining access to software, 195–197
employees’ use of new social media, 278, 309
Knowem, 191
list of social media, 322–325
MentionMap, 145
monitoring online reputation, 14, 55–58, 232–233
needed by Community Manager, 145–146
plagiarism checkers, 171, 172, 248–249
services for big budgets, 260–262
types of monitoring, 243–245
training
about intellectual property policies, 170
brand advocates, 54
community managers, 154–155
developing strategies for, 153–154
digital literacy, 32
employees, 155–159
essential in resource security, 164
need for digital literacy, 32
protection of customer data, 142–143
responses to brand attacks, 156–159
security and security awareness, 121–122, 192–193
teaching PCI standards, 141–142, 173
users to recognize Trojan horse attacks, 122
Traverse Legal website, 7
Trojan horse
educating employees on, 122
installing from Twitter message, 115
protecting against, 165
Truth-in-Lending/Truth-in-Savings Acts, 225, 226
inappropriate use of, 162–163
managing in-house security for, 113–116
threats from tweetups, 72
Trojan installations from message in, 115
TwitJobSearch, 231
U
Unfair and Deceptive Acts or Practices Act, 225
United Airlines, 41
United Arab Emirates (UAE), 107
updates, monitoring security of new software, 146
displaying long or short, 59
hijacking with embedded malware, 59
usage trend tracking patterns, 271–272
users
stealing reality from, 94–95
threats to corporate social media by, 73
validations defending, 99–100
utilization of resources and assets. See also intellectual property about, 162
assessing technology needed, 27, 28–30
case study in mishandled content, 238–239
collaborating for, 164–165
copyright protection, 27, 31–32, 248–249
creating reporting metrics for, 251–252
detecting intellectual property theft, 247–248
educating employees in, 173–175
H.U.M.O.R. matrix for, 9, 27–33, 300
inappropriate use of resources, 162–163
incident management steps, 249–251
intellectual policy in, 27, 30–31
measuring, 32–33
preventing data loss, 170–173
reviewing use of, 27–33
role in security policy, 124
safeguarding trademarks, 5
security controls for, 163–164
technology mapping steps, 28, 165–169
threat assessments of, 81
types of, 27
Utilization of Resources matrix, 9, 27–33, 300
V
videos
firing after posting defamatory, 223–225
threats via, 71
vulnerabilities
of social media data, 102
tracking, 121
W
Webcopyplus, 31
websites
Google searches monitoring customer comments, 50–51
list of social media tools, 322–325
requesting content removed from, 208–210
web scraping of, 74
Wikipedia, 209–210
WordPress
checking for updates on, 146
manual security updates for, 149, 150
as open-source application, 29
Y
Yorktown School District case, 223
Z
Zen and the Art of Motorcycle Maintenance (Pirsig), 212
Zynga, 28