I've noticed a trend of chief information security officers (CISOs) maintaining an active presence on social media....
Is maintaining a high profile on social media something you recommend for CISOs? With so much information passing through social media, is it beneficial -- or would it open up the CISO and her associated organization to more trouble? What are some enterprise social media best practices for CISOs?
There is danger in using social media. People can track your whereabouts, they can find out if you are traveling and not at home, they can look at your connections and deduce things about your interests, hobbies, family and your employment. Identity thieves sometimes send friend requests tailored just for you to look like it's coming from a friend, but a closer look reveals it is bogus.
A recent article in Dark Reading listed the top 10 CISOs that use Twitter. The list's top three CISOs are from Deloitte, Yahoo and US Bancorp. Their tweets are focused on technology and cybersecurity, parsed with occasional words of wisdom. What they do not share are personal facts about their lives, loved ones or their opinions of controversial religious or political views. They might have other personal Twitter or Facebook accounts for that but they appear to separate the personal from business.
The question is whether visibility in social media would be detrimental to the CISO or possibly spill over to their place of employment. Only time will tell the full extent of possibilities, but there is already the occasional loss of employment or lawsuits for that inappropriate Tweet or Facebook post.
If you're going to use social media, it's critical to make smart choices that couldn't negatively impact you or your organization. Here are ten enterprise social media best practices for CISOs and other professionals:
- Keep a separate account for family and friends and set privacy settings. Make it a closed user group so you can share what you are proud of.
- Do not use social media as a channel to denigrate anyone personally.
- Do not share personal information such as your home address, birthdate, personal emails, or pictures of your family, spouse or children. Use closed groups such as "Family" on Facebook to restrict such information and share it with only people you know.
- Do not share any information about your company or employer that could show it in a bad light. This would be what some call a career limiting move.
- Keep your tone civil, professional and respectful. We can bash hackers, terrorists and criminals, but temper it with prudence.
- If you choose to use humor, make sure it is not derogatory in word, against ethnic groups, races, or controversial ideologies such as religion, politics or lifestyles different from your own.
- Be careful who you add to your friends list. Always vet who they are. Look at their profile to see who their friends are and how many they have before you let them into your inner circle.
- Change your password periodically as you would any other account in business or personal life. There is a reason as CISOs we require sound password syntax rules with 90-day change intervals.
- Be consistent in your messages for whatever you are advocating. Tweets years past do tend to resurface if you're not careful and consistent.
- And, please. Do not tweet and drive.
Ask the Expert:
Have questions about enterprise security? Send them via email today. (All questions are anonymous.)
Dig Deeper on Social media security risks
Related Q&A from Mike O. Villegas
A social media security policy is necessary for most enterprises today. Expert Mike O. Villegas discusses what should be included in social media ... Continue Reading
A cybersecurity training center could help security professionals continue their education, but are the benefits worth the investment for enterprises... Continue Reading
Yahoo reportedly rejected a forced password reset after numerous data breaches compromised user data. Expert Mike O. Villegas discusses whether this ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.