For many businesses, the use of social media and collaboration apps is essential for staying connected to customers and employees alike. From Facebook to LinkedIn to Slack, these apps let us connect on any device and are especially important in the new age of remote work.
For most users of digital communication apps, the daily toggle between professional and personal use is constant, opening up new vectors of digital risk. Security teams must fully understand that the cloud-based social media and collaboration apps that live on employees’ devices often sit right alongside their organizations’ proprietary data. This presents challenges that businesses are now only starting to address.
According to 2021 research conducted by SafeGuard Cyber, 85% of IT security leaders state that they possess limitations and vulnerabilities that prevent them from fully protecting their digital communication channels and assets. Those same respondents cite a lack of visibility, the use of unsanctioned apps and channels, and monitoring dispersed teams as their primary challenges in safeguarding human connections on cloud applications.
Fortunately, there are a number of thought leaders out there who focus on digital risk protection. They have insights and strategies on how to recognize and mitigate risk, so we can still use social and collaboration tools to their fullest effect. Here are five experts in the field whose thought leadership you should key in on:
Brian Krebs, Investigative Reporter and Founder of krebsonecurity.com
LinkedIn | Twitter
A recent breach on a popular social media site exposed personal data for more than 553 million users. If your employee (or executive!) had his or her phone number attached to their social media profile, they could now be the target of a phishing attack. “My advice has long been to remove phone numbers from your online accounts wherever you can, and avoid selecting SMS or phone calls for second factor or one-time codes,” Says Brian. “Phone numbers were never designed to be identity documents, but that’s effectively what they’ve become. It’s time we stopped letting everyone treat them that way.”
One of the most trusted voices in the cybersecurity community, Brian has been interested in the topic for 20 years, ever since he was the victim of a computer worm. He has written about cybersecurity for The Washington Post and established his own blog, Krebs on Security, which has become one of the most trusted sources of thought leadership in the space in the past decade.
Social media and collaboration apps frequently offer SDKs to allow developers to enhance the service. But these add-ons can compromise users’ safety. Graham reported on one such breach that compromised both Facebook and Twitter users’ data.
“What are users supposed to do to protect themselves?” he asks. “When they install an app, they have no way of knowing whether the developers chose to make use of a malicious SDK which might leave personal information exposed.”
Graham advises users to “exercise restraint regarding which third-party apps you connect to your social media profiles. The fewer apps you connect to your Facebook and Twitter, the smaller the chance that someone’s code will be abusing that connection to access information you would rather not share.”
Graham has been working in the cybersecurity space for almost 30 years, spearheading projects at Microsoft, Sophos, and McAfee. Since 2013, he’s been blogging about computer security issues, and his Smashing Security podcast features a host of thought leaders opining on the hottest topics in the field.
When speaking to employees about security related to social media apps, you might get some pushback, as their attitude toward Facebook or Instagram may differ greatly from their thoughts on other platforms. They key to this discussion, says Naomi, is empathy: “You need to be great at empathy and have high emotional intelligence. You simply can’t make security happen without the full buy-in from the business. Win hearts and minds,” she says.
Naomi has a background in computer science and has worked as a Lead Field Security Architect for Vanguard as well as a software engineer in the US Army. Among her passions is application penetration testing. She’s taken her experience in that arena and used it to drive decision-making in leadership roles where she’s focused on security engineering and architecture as well as security leadership.
As the SafeGuard Cyber study shows, insider threats can come from anywhere in an organization, up to and including top executives. That’s why Dawn emphasizes the need for keeping a close eye on your own people in addition to outside threats. “If you do not have an Insider Risk Program that addresses cyber sabotage, you need to start one!” she says.
Dawn has an impressive resume, having previously developed software for nuclear power plants. She’s a Senior Member of the Technical Staff in CERT at Carnegie Mellon University’s Software Engineering Institute, and has been operating in the space for over 25 years. She now heads up holistic cybersecurity strategy for Rockwell Automation.
Patricia Titus is a prolific blogger and speaker on the topic of cybersecurity. She often gives her readers pithy bon mots that encapsulate truths about cybersecurity, such as her “Goldilocks Theory to Risk Management”: “As companies continue to adopt cutting edge capabilities and technologies to help build the bottom lines, security must to the same.” In other words, cybersecurity must keep up with the pace of digital innovation across your company.
Patricia has served as the Vice President and Chief Information Security Officer at Freddie Mac, Symantec, Unisys Corporation, and the Transportation Security Administration within the Department of Homeland Security. She now serves as CISO and Chief Privacy Officer at Markel Corporation, where she oversees thes security and privacy of both Markel assets and customer information.
Guide: Read our guide on Digital Risk Protection
Safeguard Your Employees and Your Business
Social media serves as a lifeline for businesses in disseminating important information and is vitally important for brands in communicating with consumers. Collaboration apps are critical for staying connected with employees on work-from-anywhere teams.
Online risk changes rapidly, and as businesses turn further to cloud-based communications apps, it only grows more complex. Add to this the tendency for both workers and executives to be a bit cavalier with their use of third-party apps, and you have a recipe for a potential security disaster.
If you’re looking for the latest best practices and advice, the above cybersecurity experts are a great place to start. And, when you’re ready to protect your digital applications the same way you protect your network, SafeGuard Cyber has the solutions you’re looking for.