Stonesoft: 10 Tips for Social Media Security
(Thomson Reuters ONE) -
Stonesoft shares ten tips for utilizing social media services in a safe way
Helsinki, Finland - 06 July 2010 - Social media is growing in importance.
According to Gartner, Inc.*, around 20 percent of business users will be using
the so-called social networking services as their most important communication
tools by 2014. However, at the same time, IT and company managers are expressing
growing concerns about security.
Recent studies show that as many as 25% of companies have banned the use of
social networks; whereas other sources set this figure as high as nearly 50
percent. Yet security concerns simultaneously limit the enormous potential that
social media offers for marketing, sales and corporate communication. Stonesoft
Corporation, a provider of integrated network security and business continuity
solutions, shares ten tips that help organizations to use social media without
compromising security.
Ten tips for the safe use of social media
1. Increase employee awareness - People can change the way they behave in
social networks only if they are aware of the security risks. Therefore,
organizations should inform their employees about the risks present in the
social media and raise their awareness of the fact that even seemingly
harmless information can reveal too much about the company or the person's
private life. Providing continuous information about new threats and
maintaining rules of conduct can further help with employee awareness. It is
helpful to appoint a social media expert within the company who acts as a
permanent contact for employees.
2. Establish firm processes - Administrators need to remain up-to-date about
the most recent risks on the Web. It is therefore advisable to establish
firm processes that are systematically linked to daily workflows. For
example, administrators should make sure to download the latest security
updates. These seemingly mundane mechanisms enable IT administrators to
identify network attacks in time or to avoid them altogether.
3. Maintain a strong set of rules - With in-house guidelines, network
administrators can define the network areas and applications that can be
accessed by specific people at specific times. This makes it possible to
control and monitor access to critical data, and to track such access at any
time, which reduces the risk of information falling into wrong hands through
unauthorised channels. Companies should also take compliance requirements
into account. The important thing is to keep the policies up to date and
adapt them to changing circumstances.
4. Block infected websites - Someone clicks on an infected website and
downloads a Trojan - this can easily happen despite regular employee
training. URL filters enable companies to block access to known malware and
phishing websites, and this can also be applied to any other suspicious site
on the Internet. The filter function is kept continuously up-to-date by
maintaining so-called blacklists and whitelists.
5. Use next-generation firewalls - Organizations should always keep their
security technology up to date. For example, modern firewalls provide a
comprehensive analysis of all data traffic. Deep traffic inspection makes it
possible to monitor any type of data traffic, from Web browsing and
peer-to-peer applications to encrypted data traffic in an SSL tunnel. In a
process known as SSL inspection, the firewall decrypts the SSL data stream
for inspection and encrypts it again before forwarding the data to the
network. This effectively protects workstations, internal networks, hosts
and servers against attacks within SSL tunnels.
6. Define access to business applications - Mobile users, partners and
distributors often need to access a corporate network from the outside.
Within this group, the use of social media can be monitored only on a very
limited basis or not at all. This makes it even more important to assign the
rights for defining all network access centrally, for example using an SSL
VPN portal. At the same time, on the user level strong authentication via
single sign-on makes the administrator's work easier. As a result, a single
login enables users to access only the network areas and services for which
they are authorised.
7. Protect against vulnerability - Vulnerabilities present a special challenge
to any network. In addition, attacks on vulnerabilities via the social Web
services are increasing. An Intrusion Prevention System (IPS), such as
StoneGate IPS from Stonesoft, can act as a protective barrier. An IPS
automatically prevents attacks by worms, viruses or other malware. Once an
attack has been identified, the IPS immediately stops it and prevents it
from spreading in the network. The system also enables virtual patching of
servers and services by securing threatened servers, which will then be
patched during the next maintenance window.
8. Securing the intranet - The intranet of every company contains highly
sensitive information. These areas need to be isolated from the rest of the
internal network by segmenting the intranet with firewalls. This enables the
company to separate departments such as Finance or Accounting from the rest
of the intranet and thereby prevent infections from penetrating these
critical segments of the corporate network.
9. Include mobile devices in the security policy - Many users navigate social
web services with mobile devices such as laptops, PDAs and smart phones -
the same devices they use to log into the corporate network. Administrators
therefore need to include mobile devices in their security policies. This
can be done, for example, with the assessment function, which checks the
log-in device for the required security settings and for the presence of
security-relevant software packages. This function checks, for example,
whether the proper and latest host firewall is installed and whether both
the operating system and antivirus software are up to date, as well as all
patches. If one of these criteria is not met, the device is automatically
denied access, or access may be limited. If necessary, mobile devices can be
forwarded directly to a website containing the required updates.
10. Use centralized management -Centralized management allows the
administrators to manage, monitor and configure the entire network and all
devices using a single management console. They can also view reports, for
example about who has accessed which data at which time. This helps
administrators to prevent attacks more effectively and to provide more
efficient protection for applications at risk. At the same time, a central
management console makes it possible to roll out and maintain standard
security guidelines for the entire corporate network.
"The increasing use of social media presents additional risks for corporate
networks. Continuous employee training is limited in its ability to avoid new
risks. On the other hand, internal network protection mechanisms that identify
and terminate attacks in time are becoming more and more important. With a
proper security strategy that combines employee training with the newest
technologies, organizations of all sizes can benefit from the advantages of
social networking," says Klaus Majewski, Vice President of Marketing at
Stonesoft.
* Gartner, Inc. "Predicts 2010: Social Software Is an Enterprise Reality",
December 2009
About Stonesoft
Stonesoft Corporation (NASDAQ OMX: SFT1V) is an innovative provider of
integrated network security solutions to secure the information flow of
distributed organizations. Stonesoft customers include enterprises with growing
business needs requiring advanced network security and always-on business
connectivity.
StoneGate(TM) Secure Connectivity Solution unifies firewall, VPN, IPS and SSL
VPN blending network security, end-to-end availability and award-winning load
balancing into a unified and centrally managed system. The key benefits of the
StoneGate solution include low TCO, excellent price-performance ratio and high
ROI. The StoneGate Virtual Security Solutions protect the network and ensure
business continuity in both virtual and physical network environments.
StoneGate Management Center provides unified management for StoneGate Firewall
with VPN, IPS and SSL VPN. StoneGate Firewall and IPS work together to provide
intelligent defense all over the enterprise network while StoneGate SSL VPN
provides enhanced security for mobile and remote use.
Founded in 1990, Stonesoft Corporation is a global company with corporate
headquarters in Helsinki, Finland and Americas headquarters in Atlanta, Georgia.
For more information, visit www.stonesoft.com and the corporate blog
http://stoneblog.stonesoft.com.
For more details, please contact:
Klaus Majewski
VP, Marketing
Stonesoft Corporation
Tel. +358 9 476 711
E-mail:klaus.majewski(at)stonesoft.com
[HUG#1429618]
This announcement is distributed by Thomson Reuters on behalf of Thomson Reuters clients.
The owner of this announcement warrants that:
(i) the releases contained herein are protected by copyright and other applicable laws; and
(ii) they are solely responsible for the content, accuracy and originality of the information contained therein.
All reproduction for further distribution is prohibited.
Source: Stonesoft Oyj via Thomson Reuters ONE
Unternehmensinformation / Kurzprofil:
Datum: 06.07.2010 - 09:00 Uhr
Sprache: Deutsch
News-ID 23512
Anzahl Zeichen: 0
contact information:
Town:
Helsinki
Kategorie:
Business News
Diese Pressemitteilung wurde bisher 237 mal aufgerufen.
Die Pressemitteilung mit dem Titel:
"Stonesoft: 10 Tips for Social Media Security"
steht unter der journalistisch-redaktionellen Verantwortung von
Stonesoft Oyj (Nachricht senden)
Beachten Sie bitte die weiteren Informationen zum Haftungsauschluß (gemäß TMG - TeleMedianGesetz) und dem Datenschutz (gemäß der DSGVO).
