1

Sarah Carter, Vice President, Actiance, Inc.

Learn the evolving risks of social networking, how educational

institutions are managing those risks and explore ideas for leveraging

this technology to support your compliance efforts

• Learn how to stop saying no to social media in the workplace

• Discover how compliance issues go far beyond data leakage

• Find out how you can moderate posts, filter content and archive

everything

1

2

Agenda

I’ll explain why I’m here

Social media has changed the way we communicate

Who wants to use it?

Why do they want to use it?

Cautions with Social Media

Who’s actually using it?

What are the risks of using social media

Best Practice for Using Social Media

So what can you control with Technology?

Why am I standing here today?

I run social media for Actiance

I have a global remit, with varied experience

– From driving taxi’s, to taking companies through IPO, to training teams on Social Media, to

implementing campaigns, to an officer of the company.

I work with clients in Financial Services, Utilities, Energy on policies, best practice Social Media adoption

I was a late adopter, but now

My name is Sarah and I’m social.

Twitter: @SarahActiance

LinkedIn: http://www.linkedin.com/in/sarahlouisecarter

Facebook: Actiance

3

3

The Internet has Changed

• Financial IM• Unified Communications• Web Conferencing• VoIP• Remote Admin Tools

• Financial IM• Unified Communications• Web Conferencing• VoIP• Remote Admin Tools

• Public IM• P2P• Anonymizers• VoIP• Social Networks• Games• Virtual Worlds• IPTV

• Public IM• P2P• Anonymizers• VoIP• Social Networks• Games• Virtual Worlds• IPTV

Source: FaceTime Annual Greynets Surveys 2007 – 2010 & Projected

Source: Actiance Annual Collaborative Internet Surveys 2008 – 2011 & Projected

The Enterprise and Web 2.0 Are Converging

2008 2009 2010 2011 2010 2009 2008

4

End Users Adopting Web 2.0 Faster Than IT Can Control

Actual customer traffic history (~155 organizations)

Representing all Internet activity from over 150K end users (Actiance Internet Survey 2010)

Source: Actiance Annual Internet Survey 2010

Why Use Social?

The size of the market 600m +90m + 140m

Listen, Learn, Discuss, Share, Collaborate

Our response is tribal

Generate buzz and increase visibility

Engagement for the future

Collaborate Worldwide, like never before

Strengthen Alumni connections

Extend your brand

5

LinkedIn by the Numbers & What?

Site was launched on May 5, 2003

Over 90 million users

2 billion people searches in 2010

All Fortune 500 executives are members

More than one million companies have LinkedIn Company Pages

LinkedIn Profile/Co page

Basic info

Employment history

Education

Summary

Facebook by the Numbers

Born on February 4, 2004

Over 600 million active users

700 billion minutes per month spent on Facebook

30 billion pieces of content shared each month

2.5 million websites have integrated with Facebook

Facebook Pages

Personal

Fan

Group

Community

Basic info

Credentials

Interests, hobbies, etc.

Objective

6

Twitter by the Numbers

Site was launched in July 2006

Over 190 million users

100 million tweets written per day

Over 1,100 tweets written per second

140-character limit for tweets

Twitter Profile

Basic info

Location

Brief description

Find Connections

Engage, Communicate,

Answer

So who’s using Social Media? And Why?

� Sales & Marketing� Promotions

� Advertising� Branding

� HR� Background checks� Recruiting

� Scientists & Researchers� Information exchange� Collaboration

� IT� Investigation of security breaches

� Students and Analysts� Collaboration

7

Social Media Types of Usage

Institution

– LinkedIn Company Pages

– Department Twitter Account

– Facebook Fan Page

– YouTube Channel

Individual Professional

– My LinkedIn Profile

� Groups I belong to

� Questions I answer

� Status updates I place

– My Facebook profile

� Family, friends, colleagues

– My Twitter Account (@SarahActiance)

� Personal commentary

� Professional promotion

What’s personal and what’s professional?Email address? ID as someone who works for the organization?what are the rules?

Presenting Significant Risks When Unmanaged

Data Leakage

Personal Information

Intellectual Property

Credit Card, SSN

Patient Records

Incoming Threats

Malware, Spyware

Viruses, Trojans

Inappropriate Content

User Behavior

Employee Productivity

Bandwidth Explosion

Every employee is the face of the business

8

What Can Go Wrong?

Fedex & Ketchum

Nestle & Greenpeace

A Best Practice Approach to Social Media

9

Best Practices for Social Media Usage

Research social media usage

Draft a social media policy

Identify who needs access

Determine extent of access

Archive

Moderate, if necessary

Research social media usage

Find out if employees/students are already using social media to do work-related tasks

– How many public-facing pages do they have?

– How many Facebook, LinkedIn, and Twitter accounts do they have?

– Are they actively using these social media tools?

10

Draft a social media policy WITH THE STAKEHOLDERS

Be clear on what the policy covers

– Which sites

– Permissible uses

– Ramifications for breach

– Effective date

– Archiving policy

Disseminate the policy company-wide

– Make sure everyone understands it

Inform users of updates to the policy

Identify who needs access

What are the objectives for social media?

Who really needs to use to reach the objectives?

– Marketing

– HR, Admissions

– IT

– Legal

– Alumni / Researchers

11

Ensure your Users are Educated

Risks

Appropriate Actions

Sanctions

Compliance Requirements

Re Educate

Determine extent of use

Read-only?

Write-only?

Which sites?

Which sections/features of specific sites?

Engagement with Colleagues/Students?

Confidential and Proprietary © 2011, Actiance, Inc. All rights reserved.

12

Archiving

Archive everything relevant (what about irrelevance?)

Include posts to all social media sites, including messages that were blocked by the administrator

Log user activities for each site session

Retain data for however long the applicable legislation/regulations says for you to keep it

Moderation

If necessary, moderate or pre approve the content before external publication to ensure compliance (pre-review)

If it’s post-review, take down inappropriate content

Apply lexicons to make the review process more efficient

Use alerts to notify admins of questionable content

Use “warnings” to caution individuals about what they’re posting

13

Review and Revise

February 3, 2004

600 million people

Things change!

Appropriate Technological Controls

14

Appropriate Controls: The Basics

Who’s using social media in the organization?

Which groups or individuals need to be monitored?

What controls need to be applied?

How do I implement and manage the controls?

What can you control through Technology?

Identity management Ensure that all the different logins of an individual link back to corporate identity

Activity control Posting of content allowed for marketing but read-only for everyone else

Granular application control Employees can access Facebook, but not Facebook Chat or Facebook Games

Anti-malware Protect network against hidden phishing or Trojan attacks

Data leak prevention Protect organization from employees disclosing sensitive information

Moderation Messages posted only upon approval by designated officer

Logging and archiving Log all content posted to social networks

Export of data Export stored data to any email archive or WORM storage

Issue Control Requirements

27

15

Thanks!