Social networking sites and online collaboration tools make it easier for employees to collaborate and share their knowledge. Add email and instant messaging (IM) to the mix and the result is a knowledge-sharing system that can bolster communication and productivity throughout an enterprise.
“You now have a variety of available technologies that allow you to create applications and content,” says Joseph Feiman, VP and Gartner Fellow at research firm Gartner, Inc. “For the first time, individuals are able to create their own applications, even if they’re not application developers. They create their own content, their own websites, and they can express themselves.”
While this is good news for employees, it can mean bad news for companies. While employees are creating this content and expressing themselves in a variety of social media and messaging applications, the truth is that they are also sharing this company-centric content with entities that aren’t on the payroll; entities that can be dangerous enough to lead to an organization’s downfall.
“What’s happened is that the tools that companies use today to be productive, to collaborate, and to communicate are not just within a corporate firewall, they are often out there on the web,” says Ed Brice, SVP of worldwide marketing for security software solution provider Lumension. “They are browser-based types of applications. We also have this emergence of social communities where people are sharing information, collaborating with each other, and this is also outside of the corporate firewall. As such, they’ve become a very ripe environment for cyber criminals to exploit.”
It usually starts innocently enough. Mark Thompson, VP of product management of Verdasys, a data risk management solution provider, recalls how a client employed an individual who wanted to use Google Calendar. “They were just going to use it for this one group and they were just going to post group activities and no proprietary data was going to get posted into it,” says Thompson. “They actually thought about it before they started it, but within 2 weeks after they started using it, the security guys looked through it and what did they find? Attachments added to those calendar entries that had proprietary data that shouldn’t have been there.”
Through a combination of social networking sites, instant messaging, and even email, companies and their employees can easily leak valuable proprietary content to external sources—and not even realize it. “People are using calendars that are available to everyone. It’s pretty dangerous,” says Feiman. “People believe that if it’s their information, it belongs to them. Wrong. On the web, whatever you’ve posted, it doesn’t belong to you anymore.”
Right or not, information can be taken and used by anyone who can find it, including computer hackers who seek to cause harm to organizations. Feiman explains how hackers can take bits of information from these sources and wreak havoc. “They get a piece of information by intercepting some IM that your enterprise is planning to have a board of directors meeting. Then by intercepting an email, they understand that your enterprise is working on some innovative product. Then you’ve published through Google Calendar where that board of directors meeting takes place. Putting all of this together, they’re coming to a pretty correct conclusion that you’re about to announce your new innovative product on such and such date. Then they buy your stock at a lower price.”
This may seem like an extreme scenario, but it illustrates the seriousness of breaches that can be caused by today’s online collaborative work environments.