People Hacking
with Social Media
Reg Harnish, CISSP, CISM, CISA Chief Security Strategist
GreyCastle Security
November 15, 2012
Copyright NBC All Rights Reserved
• Who am I?
• Who is GreyCastle Security?
• What are we doing here?
Introduction
Social media security challenges
People are not awesome Copyright Universal Pictures All Rights Reserved
People who care: here
they are
Compliance regulations
Social media horror stories
Social media security solutions
1. Operationalize security
2. Implement
a policy
3. Train relentlessly
4. Test relentlessly
“Everybody has a plan
until they get punched in
the face.” – Mike Tyson
5. Plan for the worst
Final thought
27
Social Media: Old Rules, New Game
About Dowling Law, PLLC
• Dowling Law, a labor and employment boutique firm,
provides strategic legal advice and representation to
private-sector employers in Tech Valley and across New
York State.
• Joanmarie M. Dowling, Esq., is an attorney and founding
member of Dowling Law. Joanmarie counsels and
represents employers of all sizes, with a special focus on
small to mid-size companies and not-for-profit employers.
Joanmarie also currently serves as Vice President of the
Capital Region Human Resource Association.
The Applicant
You are about to hire a new
salesperson.
Before you make an offer,
should you:
conduct an internet search
for the applicant’s name and
background information?
check the applicant’s
Facebook, LinkedIn, and
other accounts?
request the applicant’s
social media account user
names and passwords?
The Salesperson
One year later, your assistant informs you that your
salesperson recently set up a website with your
company’s name and logo prominently displayed.
On that website, he has been complaining about your
company and its commission plan - and insulting
your management style as “boorish” and
“incompetent.”
The Salesperson Strikes Again
This same salesperson has been
posting derogatory comments about
your assistant on his Facebook
page.
She believes he is retaliating against
her because she refused to go out
with him.
On the Way Out the Door
Before you even had an opportunity to speak with your salesperson, you
receive a terse email from him, advising you that he is leaving your
company effective immediately. You breathe a sigh of relief… but your
relief is short-lived.
The next day, you see that your former salesperson is soliciting your clients
for a competitor, using LinkedIn contacts and Twitter followers you helped
him develop while he was your employee.
Are those contacts and followers property of your company?
Would communication to these contacts violate your former
salesperson’s noncompetition and nonsolicitation agreement?
35
Social Media: Old Rules, New Game
About Dowling Law, PLLC
Dowling Law, a labor and employment boutique firm, provides
strategic legal advice and representation to private-sector
employers in Tech Valley and across New York State.
Joanmarie M. Dowling, Esq., is an attorney and founding member
of Dowling Law. Joanmarie counsels and represents employers of
all sizes, with a special focus on small to mid-size companies and
not-for-profit employers. Joanmarie also currently serves as Vice
President of the Capital Region Human Resource Association.
The Applicant
You are about to hire a new
salesperson.
Before you make an offer, should
you:
conduct an internet search
for the applicant’s name
and background
information?
check the applicant’s
Facebook, LinkedIn, and
other accounts?
request the applicant’s
social media account user
names and passwords?
The Salesperson
One year later, your assistant informs you
that your salesperson recently set up a
website with your company’s name and logo
prominently displayed. On that website, he
has been complaining about your company
and its commission plan - and insulting your
management style as “boorish” and
“incompetent.”
The Salesperson Strikes Again
This same salesperson has
been posting derogatory
comments about your
assistant on his Facebook
page.
She believes he is
retaliating against her
because she refused to go
out with him.
On the Way Out the Door
Before you even had an opportunity to speak with your salesperson, you receive a
terse email from him, advising you that he is leaving your company effective
immediately. You breathe a sigh of relief… but your relief is short-lived.
The next day, you see that your former salesperson is soliciting your clients for a
competitor, using LinkedIn contacts and Twitter followers you helped him develop
while he was your employee.
Are those contacts and followers property of your company?
Would communication to these contacts violate your former salesperson’s
noncompetition and nonsolicitation agreement?
Social Media Security November, 2012
Social Media Security and Human Resources
Pinnacle Human Resources, LLC
Social Media Security November, 2012
About Pinnacle Human Resources, LLC
Pinnacle’s staff is comprised of certified Senior Professionals in HR (SPHR) from the Certification Institute in Princeton, NJ and Masters in Education. Pinnacle employes over a dozen HR Professionals plus partners within a network of independent consultants to increase bandwidth.
Rose Miller is the President of Pinnacle Human Resources with over 25 years experience in strategic human resources management. Rose recently was awarded HR Leader of the Year from the Albany Chapter of the Society of Human Resources Management (SHRM)!
Rose Miller, SPHR/Owner [email protected]
7 Century Hill Drive, Latham, NY 518-486-8151
www.pinnaclehrllc.com
Social Media Security November, 2012
Changes in the Workplace
Technology & Social
Media has Changed the
Way We Work
Pros and Cons
Social Media Security November, 2012
Management Concerns
New Policies Need to be
Developed
Multi-generational Issues
Answers May Be Complicated
or Not Yet Available
Social Media Security November, 2012
Company Facebook
– Car Dealership
• The salesman, the cashier
and a third party on
Social Media Security November, 2012
The Importance of Employee Communications
The result of poor communications
– Architect Firm
• What happens when
terminations are not
explained properly
– Engineering Firm
• Misuse of Smartphone, skype,
and email equal harassment
Social Media Security November, 2012
Supporting Technology, Communications & Social Media Policies
Reading and Understanding Policies
Communicating Expectations- No Privacy
Background Checks and Monitoring Social Sites
Reporting Claims and Supporting Claims
Developing Performance Measures
Recording Hours Worked
Checking for Abuse of Technology
Collection of Signed Acknowledgements
Social Media Security November, 2012
Effective Supervision
Being a Good Example
Communicating Policies
and Following Procedures
Communicating Standards
Monitoring Performance
Training
Top Related