Q

What are the best security practices to consider when developing a corporate blog?

Creating a corporate blog can sensitize your corporation to attacks or information theft. In this SearchSecurity.com Q&A, security expert Mike Rothman unveils the best practices to consider when developing a blog for your enterprise.

What are some security best practices to incorporate when creating a corporate blog?
This is as much a marketing question as a security one. The good news is that I have also worked in marketing professionally and can address both aspects. First and foremost, blogs are all about new and interesting content. Someone needs to be responsible for the blog and accountable for ensuring new content gets added at least a few times per week; this is usually a corporate marketing function.

From a security standpoint, there are three different scenarios to be concerned about. The first involves sensitive corporate data being divulged on the blog. Although this may be unintentional, it's a good idea to have some kind of review cycle and/or approval process for content before it's published. This can be challenging, considering blog posts can't be reviewed in committee for weeks and are expected to provide timely, relevant...

information.

The second scenario involves the posting of inappropriate information by an employee. This occurs mostly on personal blogs, but employees' actions reflect on an organization whether they are on the clock or not. It's within reason to set behavior guidelines for employees . At a minimum, a disclaimer on an employee's personal blog saying that these views are personal should be required. The best practice to remedy this is to define an acceptable use policy (AUP) for blogging, both on corporate blogs and personal blogs. As with email and Web AUPs, it's important to manage expectations about behavior before you have problems.

Finally, be conscious of reader comments. Blogs are open by nature and they solicit passionate responses from increasingly anonymous respondents. Inevitably, someone will say something unflattering about your company and you need to be aware of that.

For more information:

  • Blogging on corporate machines can increase your company's vunerability to online information theft.
  • Don't fall victim to IM or email threats. Visit our Messaging Security School, which features lessons on IM security, mobile device protection, countermeasures for malicious email code and best practices for Microsoft Exchange users
  • This was first published in May 2007

    Dig deeper on Enterprise Data Governance

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    -ADS BY GOOGLE

    SearchCloudSecurity

    SearchNetworking

    SearchCIO

    SearchConsumerization

    SearchEnterpriseDesktop

    SearchCloudComputing

    ComputerWeekly

    Close