Reset password:

Strategic insights
Security in a Social World

Written by on February 17, 2010

Not a day goes by without someone talking about security issues on Facebook and Twitter - and how scary that world is for companies. Recently, we heard about a phishing attack on Twitter, and Sophos posted a graph showing Facebook to be a really scary place.

But, you know... it’s crap! There is no substantial security risk in using social networks.

Take Twitter. All you can do is to post 140 characters of plain text. You cannot post viruses or malicious code - just text. So how can Twitter be a security risk?

Sure you can post a link, but then the actual security risk is not on Twitter (or Facebook), but on some external site. And you know what, it is far easier to spread malicious links via email, search results, ads, forum posts or comments on blogs, than it is on Twitter or Facebook. Facebook even present you with a warning that you shouldn’t click on things you do not trust.

Of all the so called security issues we hear about, it is not about the your network. E.g. if a phishing attack manages to steal a the password to an employee Twitter account, so what? That doesn’t pose a risk to your network. Having access to someone's Twitter account doesn’t give them access to your internal network.

But still, 63% of all companies feel that social poses a risk to their company. They scared of what they do not understand, and the media’s blatant misuse of the phrase “security risk.”

Notice: And don’t get me started on the companies, who think social is a security risk, while enforcing an IT policy that every employee should use XP and IE6.

If IT security people think that blocking social networks is a good idea, then I suggest that they block Google, every single blog in the world, and prevent their employees from using email. They all pose a much greater risk than any social network.

The real issue here isn’t security threats. Those are a fact of life. If you expose yourself to the world, bad things might happen. So what? You play it smart, and focus on living!

The problem is that IT security, and security companies generally, are trying to scare us into creating a fortress.

They want to protect the company at all cost, creating barriers not only for the outside world, but more damaging, preventing your employees to socially interact with your potential costumers.

This is what companies like Sophos want’s you to do. Put up a wall, block social networks, and prevent your employees in engaging your customers outside the confines of your company firewall ... and often... even within it too.

Note: image credits - izahorsky - slightly modified for editorial effect

You are not a bank!

The security community is looking at the world the wrong way. They think you are a bank. They see company data as something that should be protected, and employee interaction as something that should be prevented.

A bank sells safety. That means that the business model for a bank, is to take what you have, bring that into the bank - and protect it as best they can.

A bank never shares anything, because you pay them not to. A bank employee never speaks about you in public, because you pay her to be silent. A bank never writes a blog post about you, because you pay them to keep your financial information safe.

Security, when it comes to banks, is all about closing in information, and preventing it from ever being published or shared.

But you are not a bank. You are the opposite of a bank.

You create remarkable products, which you then want to share with as many people as possible. Your business model is to share, to spread, to open up your doors and let people in. You have to engage your customers, hear what they have to say, so that you can make the right decision - and make the right products.

You want your employees to go outside the confines of your company, to send them out into the real world so that they can listen, get inspired, identify the real issues and connect with other people. You want them to share what you do with your friends, and their friend’s friends.

Your success depends entirely on how good you are at reaching out to other people. To be where other people spend their time, and to talk with them.

When security companies recommend that you protect your data, that you lock it in, then they completely fail to understand what your market is about. They think you are a bank, but you are anything but a bank.

When they put up firewalls and systems making it hard or even impossible to share what you have created with other people. They think they need to protect, what you really need is to share.

Security companies tries to scare you into being a bank, but really need is to be a tribe.

Traditional vs. Social Security

Traditional security is about disrupting, protecting, preventing, and forcing you to stay in your room. You are not allowed, unless you get permission. And even then, only through approved channels, devices, and systems.

Social security, on the other hand, is like having a very good butler. He will help you do whatever you need to do. Open doors, park the car, make your guest feel comfortable, entertain them if they have to wait, and always support your every move. But, if something bad happens, he will intervene and protect you.

Or think of it like an airbag in a car. It doesn’t prevent you from going where you want to go. You can bring all your friends, and it is never in the way. But, if you crash into a tree, it instantly jumps into action trying to save your life as best it can.

Ask yourself. Are you creating walls, hiring guards, restricting movement, and trying to turn your company into a bank? ...or do you employ a really friendly and helpful butler that can punch someone in the face if needs be?

Share on

Thomas Baekdal

Thomas Baekdal

Founder of Baekdal, author, writer, strategic consultant, and new media advocate.


Baekdal PLUS: Premium content that helps you make the right decisions, take the right actions, and focus on what really matters.

There is always more...