Social Media from a Security Social Media from a Security Point of ViewPoint of ViewHow does SpareBank 1 perceive security risk in social media?

Mari Grini, SpareBank 1 Gruppen, Telenor GoToSec, September 28th 2010

http://www.flickr.com/photos/jackjenkins/117015092/

Comments or questions?Comments or questions?

@MariGrini

You can’t say no to social media f i i f ifrom a security point of view

Big Trends to Watch right now

1 The Web Will Be Accessible Anywhere1. The Web Will Be Accessible Anywhere

2. Web Access Will Not Focus Around theComputerComputer

3. The Web Will be Media-Centric

4. Social Media Will Be Its LargestComponent

Source: Mashable, January 2010

How do we workHow do we workwith social media in a securityyperspective?Out togheter a team with members from manydifferent diciplines

Photo: http://www.flickr.com/photos/lumaxart/2137737248/sizes/l/in/photostream/

Five major risks

1. Pitfalls of sharing and dialogue

1. Pitfalls of sharing and dialogue.T t t t h i f ti i th tiTo protect or to share information is the question

”Social media is dialogue and sharing

online”

Photo: from halifax magazine July 29th 2010

2. Personal Life vs. Business Life

2. Personal Life vs. Business Life

Mari: Surprised that the authorities in France and Germany advise against the use of IE until vulnerability is patched: http://bit.ly/7t6xoV, or what? 4:05 PM Jan 18th

Bente: France joins Germany by advising citizens to avoid Internet Explorer. I've turned up the heat in UK: http://bit.ly/4txkxD (via

) h f@tom_watson) 7:16 PM Jan 18th from Tweetie

Mari:@bente It will be interesting to see if this is standard procedure for all 0-day vulnerabilities in browsers;) 8:01 PM Jan 18th

Bente: @MariGrini Are you thinking to warn users against IE? 9:12 AM Jan 19th from TweetDeck in reply to MariGrini

M i @b A f I k h h i b i Mari: @bente As far as I know we have no such warning - but notice that I move on the border between me as a private person and me as an employee;) 10:40 AM Jan 19th

http://www.flickr.com/photos/ijustine/2231394513/sizes/o/in/photostream/

3. Social media spreads malware

3. Social media spreads malwareB t tf l b t t iBe trustful but not naive

4. Identities on the Internet

4. Identities on the InternetF f l d fi id titi th I t tFew formal procedures confirm identities on the Internet

5. Targeted Attacks

5. Targeted AttacksL l i f ti b t Low value information may be a means to access more valuable information

So what do you do as an organization?g

Make an internal campaign to buildk l d d i i i dknowledge and a positive attitudesamong employees

Some activities

http

://ww

w.sli

• Seminars

• Intranet

Q i

idesh

are.net/S

pareB

• Quiz

• Online discussions

• Gadgets

Ban

k1/n

ettvettregle• Gadgets

• Symbols

er-for-an

satte-i-spa

And we shared our campaign with those whowanted it. Even competitors!

reban

k-1

How important was the campaign to l ?our employees?

Almost 80% think that it is important or very importantthat SpareBank 1 discussescommon attitudes to socialmedia (5/6)

Not important Very important

“The best way to control the e best ay to co t o t econversation is by improving th ti ”the conversation.”Hugh MacLeod gapingvoid com (Vi Ei ik S lh i NRKb t )Hugh MacLeod, gapingvoid.com (Via Eirik Solheim, NRKbeta.no)

Thanks for your time!y@MariGrini

+47 93022482 mari.grini@sparebank1.no

http://no.linkedin.com/marigrinihttp://www.facebook.com/mari.grinip // / g

You can dowload this presentation here: http://www.slideshare.net/SpareBank1