People Hacking

with Social Media

Reg Harnish, CISSP, CISM, CISA Chief Security Strategist

GreyCastle Security

November 15, 2012

Copyright NBC All Rights Reserved

• Who am I?

• Who is GreyCastle Security?

• What are we doing here?

Introduction

Social media security challenges

rharnish@greycastlesecurity.co

m

What’s in an e-

mail address?

People are not awesome Copyright Universal Pictures All Rights Reserved

People who care: here

they are

Compliance regulations

Social media horror stories

Social media security solutions

1. Operationalize security

2. Implement

a policy

3. Train relentlessly

4. Test relentlessly

“Everybody has a plan

until they get punched in

the face.” – Mike Tyson

5. Plan for the worst

Final thought

27

Social Media: Old Rules, New Game

About Dowling Law, PLLC

• Dowling Law, a labor and employment boutique firm,

provides strategic legal advice and representation to

private-sector employers in Tech Valley and across New

York State.

• Joanmarie M. Dowling, Esq., is an attorney and founding

member of Dowling Law. Joanmarie counsels and

represents employers of all sizes, with a special focus on

small to mid-size companies and not-for-profit employers.

Joanmarie also currently serves as Vice President of the

Capital Region Human Resource Association.

The Applicant

You are about to hire a new

salesperson.

Before you make an offer,

should you:

conduct an internet search

for the applicant’s name and

background information?

check the applicant’s

Facebook, LinkedIn, and

other accounts?

request the applicant’s

social media account user

names and passwords?

The Salesperson

One year later, your assistant informs you that your

salesperson recently set up a website with your

company’s name and logo prominently displayed.

On that website, he has been complaining about your

company and its commission plan - and insulting

your management style as “boorish” and

“incompetent.”

The Salesperson Strikes Again

This same salesperson has been

posting derogatory comments about

your assistant on his Facebook

page.

She believes he is retaliating against

her because she refused to go out

with him.

On the Way Out the Door

Before you even had an opportunity to speak with your salesperson, you

receive a terse email from him, advising you that he is leaving your

company effective immediately. You breathe a sigh of relief… but your

relief is short-lived.

The next day, you see that your former salesperson is soliciting your clients

for a competitor, using LinkedIn contacts and Twitter followers you helped

him develop while he was your employee.

Are those contacts and followers property of your company?

Would communication to these contacts violate your former

salesperson’s noncompetition and nonsolicitation agreement?

35

Social Media: Old Rules, New Game

About Dowling Law, PLLC

Dowling Law, a labor and employment boutique firm, provides

strategic legal advice and representation to private-sector

employers in Tech Valley and across New York State.

Joanmarie M. Dowling, Esq., is an attorney and founding member

of Dowling Law. Joanmarie counsels and represents employers of

all sizes, with a special focus on small to mid-size companies and

not-for-profit employers. Joanmarie also currently serves as Vice

President of the Capital Region Human Resource Association.

The Applicant

You are about to hire a new

salesperson.

Before you make an offer, should

you:

conduct an internet search

for the applicant’s name

and background

information?

check the applicant’s

Facebook, LinkedIn, and

other accounts?

request the applicant’s

social media account user

names and passwords?

The Salesperson

One year later, your assistant informs you

that your salesperson recently set up a

website with your company’s name and logo

prominently displayed. On that website, he

has been complaining about your company

and its commission plan - and insulting your

management style as “boorish” and

“incompetent.”

The Salesperson Strikes Again

This same salesperson has

been posting derogatory

comments about your

assistant on his Facebook

page.

She believes he is

retaliating against her

because she refused to go

out with him.

On the Way Out the Door

Before you even had an opportunity to speak with your salesperson, you receive a

terse email from him, advising you that he is leaving your company effective

immediately. You breathe a sigh of relief… but your relief is short-lived.

The next day, you see that your former salesperson is soliciting your clients for a

competitor, using LinkedIn contacts and Twitter followers you helped him develop

while he was your employee.

Are those contacts and followers property of your company?

Would communication to these contacts violate your former salesperson’s

noncompetition and nonsolicitation agreement?

Social Media Security November, 2012

Social Media Security and Human Resources

Pinnacle Human Resources, LLC

Social Media Security November, 2012

About Pinnacle Human Resources, LLC

Pinnacle’s staff is comprised of certified Senior Professionals in HR (SPHR) from the Certification Institute in Princeton, NJ and Masters in Education. Pinnacle employes over a dozen HR Professionals plus partners within a network of independent consultants to increase bandwidth.

Rose Miller is the President of Pinnacle Human Resources with over 25 years experience in strategic human resources management. Rose recently was awarded HR Leader of the Year from the Albany Chapter of the Society of Human Resources Management (SHRM)!

Rose Miller, SPHR/Owner rmiller@pinnaclehrllc.com

7 Century Hill Drive, Latham, NY 518-486-8151

www.pinnaclehrllc.com

Social Media Security November, 2012

Changes in the Workplace

Technology & Social

Media has Changed the

Way We Work

Pros and Cons

Social Media Security November, 2012

Management Concerns

New Policies Need to be

Developed

Multi-generational Issues

Answers May Be Complicated

or Not Yet Available

Social Media Security November, 2012

Company Facebook

– Car Dealership

• The salesman, the cashier

and a third party on

Facebook

Social Media Security November, 2012

The Importance of Employee Communications

The result of poor communications

– Architect Firm

• What happens when

terminations are not

explained properly

– Engineering Firm

• Misuse of Smartphone, skype,

and email equal harassment

Social Media Security November, 2012

Supporting Technology, Communications & Social Media Policies

Reading and Understanding Policies

Communicating Expectations- No Privacy

Background Checks and Monitoring Social Sites

Reporting Claims and Supporting Claims

Developing Performance Measures

Recording Hours Worked

Checking for Abuse of Technology

Collection of Signed Acknowledgements

Social Media Security November, 2012

Effective Supervision

Being a Good Example

Communicating Policies

and Following Procedures

Communicating Standards

Monitoring Performance

Training