Skip to page contents

---

International (select)  Extranet |

---

---

Products    Training    Support    Downloads    Partners Contact | About us | Press & Media | Investor Relations

---

Press Releases | RSS Feeds | Events | Expert Insights | Newsroom | Brand Place | Contact Information | Use Terms |

---

• English
• English (US)
• 2010
• 2009
• 2008
• 2007
• Deutsch
• Español
• Français
• Italiano
• Suomeksi

---

---

Press Release

Stonesoft shares ten tips for utilizing social media services in a safe way

ATLANTA – July 6, 2010 – As social media’s relevance to business development continues to grow, so do the security challenges surrounding its use in the enterprise. Gartner, Inc. estimates 20 percent of business users will use social networking services as their most important communication tools by 2014. Stonesoft, an innovative provider of integrated network security and business continuity solutions, shares 10 tips to help organizations use social media without compromising security.

Ten tips for the safe use of social media

1.    Increase employee awareness – Inform employees about the risks present in social media to increase awareness of the fact that even seemingly harmless information can reveal too much about the company or the person's private life. Provide continuous information about new threats and maintain rules of conduct. Appoint a social media expert within the company who acts as a permanent contact for employees.

2.    Establish firm processes – Administrators need to remain up to date about the most recent risks on the Web and establish firm processes that are systematically linked to daily workflows. For example, administrators should make sure to download the latest security updates. These seemingly mundane mechanisms will enable IT administrators to identify network attacks in time or to avoid them altogether.

3.    Maintain a strong set of rules – With in-house guidelines, network administrators can define the network areas and applications that can be accessed by specific people at specific times. This makes it possible to control and monitor access to critical data, and to track such access at any time, which reduces the risk of information falling into wrong hands through unauthorised channels. Don’t forget about compliance requirements – make sure policies are updated and adaptive to changing circumstances. 

4.    Block infected websites – Someone clicks on an infected website and downloads a Trojan – this can easily happen despite regular employee training. Implement URL filters to block access to known malware and phishing websites, as well as other suspicious site. The filter function should be updated continuously by maintaining blacklists and whitelists.

5.    Use next-generation firewalls – Combating today’s security threats require a multi-layered security approach at the perimeter. Through next generation firewalls, any type of data traffic goes through deep traffic inspection, including traffic from Web browsing and peer-to-peer applications. SSL inspection at the firewall enable companies to decrypt the SSL data stream for inspection and re-encrypt it again before forwarding the data to the network. This effectively protects workstations, internal networks, hosts and servers against attacks within SSL tunnels.

6.    Define access to business applications – Mobile users, partners and distributors often need to access a corporate network from the outside. Within this group, the use of social media can be monitored only on a very limited basis or not at all. This makes it even more important to assign the rights for defining all network access centrally, for example using an SSL VPN portal. At the same time, on the user level strong authentication via single sign-on makes the administrator's work easier. As a result, a single login enables users to access only the network areas and services for which they are authorised.

7.    Protect against vulnerability – Attacks on vulnerabilities via social Web services are increasing. An intrusion prevention system (IPS), such as StoneGate IPS from Stonesoft, can act as a protective barrier. An IPS automatically prevents attacks by worms, viruses or other malware. Once an attack has been identified, the IPS immediately stops it and prevents it from spreading in the network. The system also enables virtual patching of servers and services by securing threatened servers, which will then be patched during the next maintenance window.

8.    Securing the intranet – Corporate intranets contain highly sensitive information and should be isolated from the rest of the internal network by segmenting with firewalls. This enables the company to separate departments such as finance or accounting and prevent infections from penetrating these critical segments of the corporate network.

9.    Include mobile devices in the security policy – Many users navigate social web services with mobile devices such as laptops, PDAs and smart phones – the same devices they use to log into the corporate network. Therefore, administrators need to include mobile devices in their security policies. For example, the login device should be checked for the required security settings and for the presence of security-relevant software packages. This process will determine if the proper and latest host firewall is installed as well as if the  operating system, antivirus software and patches are up to date. If one of these criteria is not met, the device is automatically denied access, or access may be limited. If necessary, mobile devices can be forwarded directly to a website containing the required updates.

10.    Use centralized management – Centralized management allows the administrators to manage, monitor and configure the entire network and all devices using a single management console. They can also view reports, for example about who has accessed which data at which time. This helps administrators to prevent attacks more effectively and to provide more efficient protection for applications at risk. At the same time, a central management console makes it possible to roll out and maintain standard security guidelines for the entire corporate network.

"The increasing use of social media presents additional risks for corporate networks. A combination of security training with the newest technologies can be the difference between a security disaster or a profitable use of social media", says Jeff Hajek, senior vice president of operations for Stonesoft, Inc.

*Gartner, Inc. "Predicts 2010: Social Software Is an Enterprise Reality", December 2009

About Stonesoft

Stonesoft Corporation (NASDAQ OMX: SFT1V) delivers proven, innovative solutions that simplify network security management for even the most complex network environments. The StoneGate Platform unifies management of entire networks—including StoneGate and third-party devices—blending integrated threat management, end-to-end high availability and network optimization into a centrally controlled system. As a result, Stonesoft provides the highest levels of proactive control, always-on connectivity and compliance at the lowest total cost of ownership (TCO) on the market today. Founded in 1990, the company is an established leader in network security innovation with corporate headquarters in Helsinki, Finland and Americas headquarters in Atlanta, Georgia. For more information, visit www.stonesoft.com and http://stoneblog.stonesoft.com.

Media Contact

Hannah Bower
hannah@bower-communications.com
404.371.3989

Wednesday, July 7, 2010

---