Expert: Corporate Protocols for Employee Use of Social Networking Sites are Missing Larger Picture

    TORONTO, Nov. 28 /CNW/ -


    While companies race to develop policies to deal with employee use of
social networking sites such as Facebook, YouTube and blogging, they may be
overlooking some real potential dangers. Corporate policies tend to focus on
reputation management and productivity issues, disregarding what experts say
is the bigger threat: social engineering.
    Social engineering, where hackers steal sensitive personal and corporate
information, has become even easier because there is no way to authenticate
the person behind the profile. Acting as a fellow employee or new 'friend',
these imposters are experts in penetrating computers and luring information
out of people in online conversations without raising a flag.
    Kevin Lo is an Electronic Discover Expert at LECG Canada. Lo travels the
globe with a 90 pound, black waterproof case that he uses for mobile forensic
imaging on hard drives to help corporations determine damages from electronic
correspondence for regulatory compliance, litigation, and corporate


    1.  Create a social media policy for use outside the office. Prohibit
        using the company name in personal profiles and electronic
        correspondence. "An imposter would pose as an employee from another
        office, as an example, to find out policy information and
        passwords," said Lo.
    2.  Companies should set up an official site that is controlled and
        monitored. "There's great potential for a corporate Facebook profile
        for recruiting purposes," said Lo. "The idea is not to ban it, but
        help prevent private company information from being disclosed."
    3.  Educate employees about how to protect themselves. "Just having a
        company name, your birthday and pet's name as part of your profile,
        is enough for a hacker to access personal information."
    4.  Ban web2.0 applications in the office if you work with sensitive
        information. "Spam is a great example of social engineering," said
        Lo. "People click and download disguised malicious software that can
        penetrate a computer and then the entire network."
    5.  Conduct regular internal audits to see where the company name comes
        up on the worldwide web. Electronic discovery identifies key players,
        irregular patterns, data transfer and even common key words used in
        Google searches. In addition to capturing the data, forensic IT
        experts preserve the information to make sure it will stand up in a
        court of law.


    Hackers now work with organized crime, largely in Eastern Europe and
Asia, selling credit card numbers for as low as 50 cents each. Sophisticated
hackers sell higher priced CDs full of identity information as well as the
know-how for hacking.
    Electronic discovery experts work directly with outside counsel, general
counsel, corporate executives, bank examiners, bankruptcy trustees, forensic
accountants, fraud examiners, and damages experts and provide objective

    ABOUT LECG: LECG Canada is one of this country's largest independent
firms dedicated exclusively to providing expert opinion reports and testimony
in matters involving the valuation of business enterprises, financial damages,
personal injury damages, forensic accounting, computer forensics, electronic
discovery, and corporate investigations. Our professionals are consistently
recognized as experts in their fields in various levels of courts, government
agencies and tribunals in Canada, the United States, Europe, Asia, South
America and the Middle East.

For further information:

For further information: Brown & Cohen Communications & Public Affairs
Inc., (416) 484-1132, Rowena Calpito, ext 4,, Wendy
Kauffman, ext. 3,

Organization Profile


More on this organization

Custom Packages

Browse our custom packages or build your own to meet your unique communications needs.

Start today.

CNW Membership

Fill out a CNW membership form or contact us at 1 (877) 269-7890

Learn about CNW services

Request more information about CNW products and services or call us at 1 (877) 269-7890