Problem solve Get help with specific problems with your technologies, process and projects.

What are the best security practices to consider when developing a corporate blog?

Creating a corporate blog can sensitize your corporation to attacks or information theft. In this SearchSecurity.com Q&A, security expert Mike Rothman unveils the best practices to consider when developing a blog for your enterprise.

What are some security best practices to incorporate when creating a corporate blog?
This is as much a marketing question as a security one. The good news is that I have also worked in marketing professionally and can address both aspects. First and foremost, blogs are all about new and interesting content. Someone needs to be responsible for the blog and accountable for ensuring new content gets added at least a few times per week; this is usually a corporate marketing function.

From a security standpoint, there are three different scenarios to be concerned about. The first involves sensitive...

corporate data being divulged on the blog. Although this may be unintentional, it's a good idea to have some kind of review cycle and/or approval process for content before it's published. This can be challenging, considering blog posts can't be reviewed in committee for weeks and are expected to provide timely, relevant information.

The second scenario involves the posting of inappropriate information by an employee. This occurs mostly on personal blogs, but employees' actions reflect on an organization whether they are on the clock or not. It's within reason to set behavior guidelines for employees . At a minimum, a disclaimer on an employee's personal blog saying that these views are personal should be required. The best practice to remedy this is to define an acceptable use policy (AUP) for blogging, both on corporate blogs and personal blogs. As with email and Web AUPs, it's important to manage expectations about behavior before you have problems.

Finally, be conscious of reader comments. Blogs are open by nature and they solicit passionate responses from increasingly anonymous respondents. Inevitably, someone will say something unflattering about your company and you need to be aware of that.

For more information:

  • Blogging on corporate machines can increase your company's vunerability to online information theft.
  • Don't fall victim to IM or email threats. Visit our Messaging Security School, which features lessons on IM security, mobile device protection, countermeasures for malicious email code and best practices for Microsoft Exchange users
  • This was last published in May 2007

    Dig Deeper on Data security strategies and governance

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    Start the conversation

    Send me notifications when other members comment.

    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

    Please create a username to comment.