Corporate response to the influx of Web 2.0 technologies is as varied as companies themselves. Here are some tips for developing security policies and practices that best fit your company, including pointers for communicating these new Web 2.0 policies to workers.
How to: Guard corporate secrets in a Web 2.0 world
Re-evaluate whether you need to update your antivirus and malicious code protection for Web traffic. Consider a combination approach recommended by Gartner Inc. that involves antivirus, URL filters, application controls, Web site reputation services and safe search tools.
Establish a blog oversight committee — a group of fellow employee bloggers committed to promoting blogging within the company and making sure the company’s interests are served.
Update acceptable-use, ethics, trade secret and other employee policies to deal with blogs and other community sites.
Consider whether to deploy content monitoring and filtering technology, and update your URL filtering tools.
How to: Protect your network and your data from mini devices
Establish corporate policy specifying who can use which devices and when.
Account for corporate-owned devices, and determine whether workers are using personal devices at work.
Complement policy with technology. Allow only corporate-owned devices onto your network.
How to: Manage security risk from instant messaging
Before imposing an IM ban, examine business uses for the technology and weigh the trade-offs.
Consider incorporating IM into established rules for e-mail usage and best practices.
Determine immediately whether industry regulation or internal policies mandate IM archiving, and plan accordingly.
Suspend IM messages that run afoul of industry regulations.
How to: Get the word out to staff
Know your audience and consider the most effective media for getting a particular message across to different crowds.
Interactive communication techniques can be engaging while providing managers with a means of assessing their effectiveness.
Top-down edicts on corporate security policies don’t resonate well with younger workers.
Try to make newsletters or e-mails colourful.
In meetings with workers, explain not only what is being done but why it’s being done. Be sure to let employees ask questions and offer feedback. It not only helps them feel like their opinions matter, but managers can also draw from their ideas.
If you offer information security recommendations that can be applied outside the workplace — on the technical risks of sharing iPod songs on a peer-to-peer level, for example — employees are more likely to pay attention to policies that apply at work.
Having a communications specialist or executive discuss the importance of information security can convince employees that the topic is a business issue, and not something they normally equate solely with IT.
QuickLink 070294
