Facebook: A boon to business security?

Facebook: A boon to business security?

Summary: The Australian division of GE Commercial Finance argues Facebook is a useful tool for educating staff in good security practices

TOPICS: Security

While some employers are banning staff from accessing Facebook, fearing security risks and lowered productivity, GE Commercial Finance is encouraging use of the social networking site to improve staff security practices.

The Australian division of GE Commercial Finance is encouraging more than 1,000 staff in its Australian and New Zealand operations — from the mail room to the boardroom — to embrace the social networking website as a means of improving staff security practices at work, GE Commercial Finance's IT security and risk analyst, Ashley Jones, said.

Jones said he has noticed staff putting far too much information on websites such as Facebook, including where they work and their date of birth — key details he is trying to get staff to be more protective of. By teaching employees to look after their details on social networking sites such as Facebook, GE Commercial is hoping to extend good security practice across the organisation.

Social networking sites have been cited by security firms as a major risk to organisations' information security, due to staff putting too many personal details on publicly accessible websites, which can be used by criminals to perpetrate identity fraud.

Facebook specifically has also been blamed for negatively impacting worker productivity. Security firm Sophos recently conducted a survey of 500 staff which found that 10 percent of the respondents visited Facebook over 10 times a day, while 14.7 percent were logged onto their accounts all day.

While this may be true, GE Commercial Finance's Jones said that Facebook can help staff overcome difficulties around understanding complex security concepts and also prove more effective for communicating with workers than traditional methods.

"If I sent out a mass mail to staff members which said: 'Don't write your passwords down because, if someone gets it, they can get into our system and steal millions of dollars', they might say: 'Whatever'. But if I say: 'Don't put your personal information onto Facebook because someone can steal your identity and can steal money from your bank account', they are likely to take notice because the threat is personal, rather than to the organisation as such," said Jones.

A good measurement of the success of a company's security policies and practices is when information security is integral to the organisation's culture — for example, when staff dispose of paper by shredding it or putting into a secure storage unit, said Jones.

Read this


Comment: Getting the knack of NAC

Network Access Control could be the best way to manage the security risks associated with the recent explosion in mobile devices connected to corporate networks

Read more

In addition to using Facebook as an education tool, Jones has developed multiple means to communicate security messages to staff, including distributing desktop wallpapers covering a range of security issues, such as how to protect passwords and electronic keys.

Jones said his team has also begun to tailor its approach to security education for different units within the business.

"We've also tried to join team meetings, which enables me to do more business-focused presentations. So, if we go down to the customer contact centre, I could emphasise social engineering, because they are more likely to get people on the phone trying to extract information," said Jones.

Topic: Security

Liam Tung

About Liam Tung

Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney's Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, security and telecommunications journalist with ZDNet Australia. These days Liam is a full time freelance technology journalist who writes for several publications.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to start the discussion