Facebook: The new staff security education tool

Facebook: The new staff security education tool

Summary: While some employers are banning staff from accessing Facebook fearing security risks and productivity hits, GE Commercial Finance is encouraging use of the social network site to improve staff security practices.

SHARE:
4

While some employers are banning staff from accessing Facebook fearing security risks and productivity hits, GE Commercial Finance is encouraging use of the social network site to improve staff security practices.

The Australian division of GE Commercial Finance is encouraging more than 1,000 staff in its Australian and New Zealand operations -- from the mailroom to the boardroom -- to embrace the social networking Web site as a means to improve staff security practices at work, GE Commercial Finance's IT security and risk analyst Ashley Jones told ZDNet Australia.

Jones said he has noticed staff putting far too much information on Web sites such as Facebook, including where they work and their date of birth -- key details he is trying to get staff to be more protective of. By teaching employees to look after their details on social networking sites such as Facebook, GE Commercial is hoping to extend good security practice across the organisation.

Social networking sites have been cited by security firms as a major risk to organisations' information security due to staff putting too many personal details on publicly accessible Web sites, which can be used by criminals to perpetrate identity fraud.

Facebook specifically has also been blamed for negatively impacting worker productivity. Security firm Sophos recently conducted a survey of 500 staff which found that 10 percent of the respondents visited Facebook over 10 times a day while 14.7 percent were logged on to their accounts all day.

While this may be true, GE Commercial Finance's Jones said that Facebook can help staff overcome difficulties around understanding complex security concepts and also prove more effective for communicating with workers than traditional methods.

"If I sent out a mass mail to staff members which said, 'Don't write your passwords down because if someone gets it they can get into our system and steal millions of dollars', they might say, 'whatever'. But if I say, don't put your personal information on to Facebook because someone can steal your identity, and can steal money from your bank account, they are likely to take notice because the threat is personal, rather than to the organisation as such," said Jones.

A good measurement of the success of a company's security policies and practices is when information security is integral to the organisation's culture -- for example, when staff dispose of paper by shredding it or putting into a secure storage unit, said Jones.

In addition to using Facebook as an education tool, Jones has developed multiple means to communicate security messages to staff, including distributing desktop wallpapers covering a range of security issues including how to protect passwords and electronic keys.

Jones said his team has also begun to tailor its approach to security education for different units within the business.

"We've also tried to join team meetings, which enables me to do more business focused presentations. So if we go down to the customer contact centre, I could emphasise social engineering, because they are more likely to get people on the phone trying to extract information," said Jones.

Topic: Social Enterprise

Liam Tung

About Liam Tung

Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney's Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, security and telecommunications journalist with ZDNet Australia. These days Liam is a full time freelance technology journalist who writes for several publications.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

4 comments
Log in or register to join the discussion
  • Facebook

    Ashley Jones is incorrect regarding Facebook.

    He should be advocating to not accept Friend Requests from people they do not know.

    Furthermore, if they met but don't know someone well enough, then implementing privacy controls such as "Limited Profile" is an excellent compromise for privacy.
    anonymous
  • Culture of Security

    Ashley Jones is deluding himself by stating that this Facebook is related a culture of security within GE Commercial Finance.

    Specifically, to quote the ZDNet Article
    <quote>
    "...But if I say, don't put your personal information on to Facebook because someone can steal your identity, and can steal money from your bank account, they are likely to take notice because the threat is personal, rather than to the organisation as such,..."
    <quote>

    Note the last seven words of the above quote, specifically "...rather than to the organisation as such,..."
    anonymous
  • Practice What You Preach!

    Via: http://www.enetica.com.au/regwi.cgi?action=manage_domain&domain=trypical.com&Lookup=Lookup

    Jones, Ashley
    Drumcondra, Vic 3215 AU
    +61.312345678
    ajones77@hotmail.com
    anonymous
  • Psychology at Work

    Ash has some left field thoughts happening here but don't discount them so quickly.

    It is a different approach and quite separate from the typically hysterical paranoia often displayed by security "experts" but there is some psychological merit in it.

    Personally I think social networking sites should be totally banned - what the heck is social about hiding behind a computer? But that's a topic for another time and place!
    anonymous