Secure social networking in the corporate world

Web 2.0 and social networking is now an important part of the communication mix, and companies that don't engage via these channels will lose their competitive advantage.

So how do you embrace social media while ensuring your business is protected from the myriad of threats that come with it? Developing and enforcing an Acceptable Usage Policy (AUP) for staff internet use is critical.

Creating a work environment with acceptable email and Internet use
Historically, many organisations were forced to develop draconian email and internet AUPs to protect their network resources and proprietary information.

Today, there are advanced internet and email security solutions available that enable organisations to develop and enforce highly customised and flexible AUPs that enable staff productivity rather than inhibit it.

So how do you create an AUP for today's office environment that provides maximum protection and security for your organisation's assets while enabling staff to leverage social media to build business relationships and opportunities?

Email, web and endpoint security technology enables organisations to enforce AUPs that are flexible and customised to meet the requirements of different individuals and/or user groups.

Defining acceptable internet usage
Today's AUP needs to be flexible, particularly when it relates to internet usage. Some users need full access to the web for research and day-to-day tasks. Others only need access to a few pages.

Companies can now define acceptable use of the internet for different user groups by incorporating the following:

- Blocking access to websites known to contain damaging, offensive or non-work-related content, for example, websites containing malware, pornography, gambling or offensive content.

- Browsing quota management. Organisations can now set limits to web access for specific user groups by total bandwidth or total active browsing time. Quotas can vary for specific user groups, applications, file types, URLs, and times of day. They can even apply flexible policies that prevent personal use during work time but allow personal use during lunchtime and out-of-hours.

- User-defined keywords: selected user groups can be prohibited from visiting web pages containing certain key words.

- Upload or download of specified file types or file sizes, for example, marketing staff may be permitted to download large BMP or EPS files while other user groups cannot.

Achieving AUP compliance
Including staff in the development of the AUP is a great opportunity to ensure the policy has been suitably customised to meet individual user group needs. It is also a good way to win their support for the policy.

Informing and educating staff about the AUP is critical if an organisation intends to enforce it. If people understand the need for a responsible security policy, they will be much more inclined to comply.

The use of technology to enforce rules and help educate users helps to embed AUP into the corporate ethos. Using the right security solutions will assist you in training users to adopt best practice information security policies.

Security is a journey, not a destination. Larger organisations need to be vigilant and proactive in their management of e-security. Daily maintenance and enforcement of security policies is required to ensure the ongoing protection of critical network resources and data.

Jeremy Hulse is responsible for Marshal8e6's sales, marketing, channel and business development strategy in Asia-Pacific.