Social media is here to stay. Sounds pretty self-evident doesn’t it? Well, it is, except to numerous bosses, commanders and agency heads. Many are still fighting what they see as the “good fight” to keep social media (Facebook, Twitter and their ilk) banned from enterprise computer networks.
OK, I’m the security guy. Why am I defending social media when nearly everyone who has any knowledge of this subject says they introduce potential vulnerabilities into networks? It is because I am also a realist. Kids today (defined for me as anyone younger than my 55 years) live on this stuff. They communicate on it, work on it, collaborate through it, nearly without fail. They are our workforce guys, telling them to stay off it is like telling an action officer in the Pentagon to not use PowerPoint (if that does not resonate with you, you’ve never worked in Washington). It is crippling and will result in sub-optimum performance from your folks, or they will more likely depart your organization to find one that has entered the 21st century already.
So what do we do? Social Media DOES introduce vulnerabilities, and we are not going to live without it. Quite simply, we have to give bosses more options than an ON/OFF switch. We need a way to “dial” how much social media is acceptable for the risk analysis of a particular organization. The decision must be geared to as much of it as possible, to maximize productivity without giving away the store.
So far, I have not seen a good construct to provide the needed “rheostat.” Lot’s of research is underway to try and develop one, or at least to grade how risky certain behavior is to a given network. That would be a huge step forward. It would allow for training and hiring practices that enable employees and still protect networks.
“Just say No!” is not the answer in this case. Let’s be enlightened but still wise. We can do this.