Sunday, January 18, 2009

Web2.0 security risks: driving is dangerous too!

I interviewed Rolf Kleef of Nivocer for my Dutch blog and a booklet that we are writing about web2.0 for learning and collaboration. It really made me rethink my online sign up behaviour and see that I usually don't see any dangers.

I asked Rolf what the most important dangers are if you look at web2.0 from an IT/management perspective. He outlined the following 5 security issues.

  1. The risk of bringing virusses on board when you are working with pieces of software that you have to download (eg. skype)
  2. The risk of giving outsiders access to your company confidential information. All connections can potentially give access to everything that your office computer has access to.
  3. The use of your broadband capacity. Some applications like skype use the bandwidth of the whole network. In case you have a quotum, this may lead to higher costs.
  4. Loss of information. If crucial information is stored in web2.0 services online, you don't have a garantee that your data will be available when the services goes bankrupt.
  5. A non-technical risk is the risk posed by employees posting information about your company to web2.0 sites.

With regards to the fourth, we discussed the fact that conversational data like in twitter may not be crucial information, it is dynamic, so you may run the risk of loosing that information. However, the information about your twitter network may be important social capital, so you may want to make backup copies of your twitter network at times.

It all sounds super risky. But as Rolf said: "driving on the highway is dangerous too", the risks should not lead to the conclusion that web2.0 is too dangerous. So how to reduce those risks if you believe in the potential of working with web2.0? We discussed 3 major strategies an organisation may adopt:

  • Develop a living code of conduct for use of web2.0 site and above all what and how employees share.
  • Create awareness about these risks amongst employees, help them make good decisions and employ a good password strategy. Help them to be conscious about what they share in public on the web and what in password protected environments. And what not at all.
  • Work with software with web2.0 functionalities behind the firewall for optimum security. Ofcourse there is the downside that you may not be able to integrate with other professionals outside the organisation. So a two-prone strategie might work best (internal in-house software for confidential information and external services for networking).

Rolf also had some tips about passwords, which I will share in a separate blogpost.

No comments: