SMC Seattle

Social Media allows you to engage in conversations with users, build your brand and drive customers to buy.  But with every great opportunity comes problems — from careless employees to criminals looking to exploit weaknesses.

Christopher Burgess, Senior Security Advisor

Christopher Burgess has been studying security and its role in social media as part of his job as Senior Security Advisor to Cisco.  He says he became interested in the topic when he saw how criminals were using the online environment to their advantage.

“If businesses and individuals understand how their information may be used by an individual with malevolent intent, they can appropriately adjust,“ says Burgess.  ”I help with the understanding. It is one of the reasons I volunteered for, and am a member of the Washington State Attorney General’s Internet Safety Taskforce.

Burgess will be speaking on how businesses and teams can create policies that minimize risk to their company while making sure they are asking the right questions of their IT team. He will offer tips, best practices and case studies.  If you are a business owner, marketer, PR consultant, or brand manager, you won’t want to miss this presentation. We are anticipating another sold-out event, so be sure to register soon!

Before his talk we caught up with Burgess to ask him a few questions.

What are the biggest security threats posed by social media to businesses?

I’ll share two which are top of my mind for me at this time, but do understand, as we move forward on the timeline and new methodologies evolve so do new threats.

1. Not having a social media handbook or guide which educates your employees on how social media is to be used in support of the business internally and externally
2. Data migration to uncontrolled environments

You mention that writing a company social media handbook is a good thing to do but many company handbooks regarding social media seem to crack down on employee use and completely ignore the possible benefits of having your employees talk about your company. How do you strike a balance?

Hopefully there are far fewer iterations of a policy or handbook which lockdown their employees, and more which are created to guide their employees in the use of social media tools both internal and external to the company. Without such the business leaves to interpretation as to how to triage situations and define what and how the company prefers the tools to be used. I think most of us prefer to remove ambiguity and provide our employees with direction and resources to make good decisions.

When did you first realize that company security was at risk because of employee use of social media?

A great question. Risk is a broadly defined word which can be quantified and defined in a variety of ways.

So let me give you two examples and I’ll hit on these and a few more during the presentation.

The first I’ll take right out chapter one of my book “Secrets Stolen, Fortunes Lost.” The “The Tale of the Targeted Trojan” discusses a case which demonstrated how the confluence of physical and technical surveillance conducted by those with criminal intent allowed for the creation of a one-off piece of malware which was specifically designed to extract competitive data from an unsuspecting business and did so across a number of international borders. The surveillance included the mining and observation of the information the unsuspecting business and their employees had placed online and thus was available for harvest. A number of companies were successfully targeted and lost a host of information. The different types of information included intellectual property, go to market plans, customer data, personnel data, etc.

The second has to do with taking internal data and exposing it externally. Specifically, I witnessed, from afar, a company in the healthcare industry take their internal coordination of their patient records and services and organically migrate the coordination to a convenient external environment which gave them connectivity in such a way that their internal infrastructure did not. Unfortunately, the external environment wasn’t designed with the level of security required by regulatory directive.

What different security issues do small companies face compared to large ones?

Small companies by definition have more limited resources than larger ones and thus don’t readily have the infrastructure or head-count to throw at the issue, but other than the resource difference, the issues are identical. They still have their data, their customer data, their intellectual property and trade secrets and their brand to protect, the differences is scale.

Are there technical security issues business owners and managers should be discussing with their IT team?

Absolutely. Both large and small companies should be discussing how a given technological implementation meets the business needs, while also conforming with the company’s information security policies and regulatory guidelines. Lets return to my prior example of the company which had an organic migration to a third-party environment for the purposes of doing their job in a more collaborative and coordinated manner. It would appear the intent was noble, but it also appears that the security and privacy regime surrounding that environment were not fully understood. It is this understanding that I believe are amongst the most important to be discussing with those providing IT.

Why should people come see you speak? — Why is your talk so important?

Those who are able to attend should take away a perspective and context which they may not have given much thought too previously. There is no turning back time nor the tide, the evolution of social media is continuing, and we are all participants, keeping our businesses, ourselves and our families safe and secure is what this talk is about – that’s important.

Any last thoughts?

I do enjoy sharing information and am very much looking forward to the event on the 29th of June when I will be amongst my friends, family, and colleagues within the Social Media Club of Seattle, a club which I am a member. I hope this is just the beginning of this conversation.

See Christopher Burgess at our June Event:

Date – June 29, 2010
Time – 6-9 p.m.
Tickets – $15 includes two drinks and appetizers
Location – 415 Westlake – 415 Westlake Ave. N. Seattle, Washington  98109
Register Now - http://smcseajune.eventbrite.com/

(Complimentary on-site parking available)

Thank you to sponsors CBS Radio Seattle and Tungle.me

More About Christopher Burgess:

Christopher Burgess is a senior security advisor to the chief security officer of Cisco, where he focuses on intellectual property strategies. Additionally, Christopher leads the Global Investigative Support team, the Government Security Office, and the Global Threat Analysis team. Burgess co-authored the book “Secrets Stolen, Fortunes Lost, Preventing Intellectual Property Theft and Economic Espionage in the 21st Century” (Syngress, March 2008). In December 2009, The Huffington Post published his piece “A Common Sense Approach to Social Media.” Follow Christopher Burgess on Twitter: @burgessct and Cisco: http://twitter.com/CiscoSystems