Sunday 22 July 2012

Corporate identity theft in Social Networks


Colaboration by Beth Ojeda, Social Media Manager at Continuam

One of the most common and relevant problems in social networks are the company identity theft. This kind of attacks generate business chaos if they are not covered in Business Continuity Plan due to recovery from this attacks are laborious, although is not imposible. This attacks use to generate a lot of inconveniences, because one of the main reasons for a corporate identity theft is discredit and damage their reputation, generating distrust in customers, providers and general followers.

There is also present a latent threat of fraudulent actions which carry theft of followers information, controlling confidential information that could be exchanged between the Community Managers and users.

Preventive measures:

  • Owning an alternative corporate account, with corporative image and not publicly available, in order to be activated only if a crisis occurs.
  • In those social networks that could be possible, define a super-administrator account
  • Having an email, from other domain than the corporate, to access social networks and store the initial codes that the social network gives to recover the account, deleting it from the email account.
  • Establish different passwords for each social network, and further, define strong passwords.
  • Send to each follower in social networks an initial message with the official customer attendance email, for more information.
  • Designate a spokesman for on-line crisis situations who will use his or her own profile in this situations.
  • Write down all actuation plan, password recovery methods and actors that has to participate in the recovery
  • Conduct a drill to identify faults.
  • Develop a template for reporting to the police, since it must be done immediately after the theft.
  • Create monitoring alerts in each social network in order to receive feedback about the company reputation and to identify problems in communication.
«Remember that everything you can think of, the cyber-criminal has also thought it before»

Managing Crisis:

  • Activate the crisis profile
  • •Publish an online press release, advertise the corporate identity theft and announce the new social network account and the spokesman designation.
  • Forward the oficial email to users communicating that the social network profile has been theft and that they can establish contact with the company in case of problems.
  • Maintain a relaxed communications level and focus on the situation, without personalize the attack.
  • Send the account recovery codes to the social networks administrators.
  • Identify the spokesman as a VIP user (with a special character adjacently the name singing he messages)
  • Create internal report about the monitoring in order to know the impact of the identity theft.
Although in a first approach could be the better response, silence is not a good option because ciber-criminals will continue casting doubts in the company followers, even creating false offers to compromise organization credibility. Even revealing internal information, although this information could be false, they are talking on behalf of the company.
Beth Ojeda
Social Media Manager at Instituto de Continuidad de Negocio.
No comments:
Tags:

Monday 9 July 2012

Legionella, a real threat

As every year at this time, we face in Spain with recurring news about Legionella, which impact is very high, not only from a health point of view, but also about business continuity. This year the focal point has been in a hotel in Calpe, closed since last 3th of July and in a restaurant in Mostoles, where there is 52 people affected and a dead person.

Legionella first infection of large proportions occurred in 1977, during a congress of the American Legion in Philadelphia. In the hotel in which the congress took place there was an outbreak of an infectious disease that killed 34 people and affected more than 180. Studies determined that the source of infection was a bacterium that had been spread by the air-conditioned hotel and, due to the nature of the conference attendees, was named as Legionella
In Spain, Legionella prevention is regulated by the Real Decreto 865/2003, from 4th of July of 2003, in which are identified different health and hygiene procedures for prevention and control of legionellosis. As every health activity, the RD identifies actions to carry out in both, to prevent and to act in case of an outbreak takes place.

Leaving aside the health and hygiene aspect, from a business continuity point of view the most important chapter of whole RD is the number 12, which identifies activities to do in facilities when an outbreak is detected. This chapter describes the following:
"In the presence of cases or outbreaks, very poor facilities, contaminated by Legionella, obsolete, or poor maintenance, the health authority may order the temporary closure of the facility until the defects are corrected or decommissioning. May not be placed back on track these facilities without the express permission of the competent health authority."
If we rely on the historical cases that have product in recent years, we could say that the risk important, and therefore the scenario of facilities unavailability is more than justified. Mainly, for the facilities most likely to proliferation and spread of Legionella, identified in the RD as follows:
  • Cooling towers and evaporative condensers.
  • Hot water systems with storage and return circuit.
  • Heated water systems with constant stirring and recirculation through high-speed jets or air injection (spas, Jacuzzis, pools, glasses or therapeutic tubs, whirlpools, jets treatments, etc.).
  • Industrial humidifiers centrals.
That’s mean every installation with refrigeration systems and/or air conditioner is likely to host a Legionella outbreak,mainly if a proper maintenance is not done that grant everything is clean.
Even more, the RD also includes sanctions, classified as minor, serious or very serious, which have economic penalties from 30.000€ to 600.000€, that also should also be taken into account by business continuity responsibles.

As a conclusion we can say that the Legionella must be taken into account when identifying business continuity scenarios and carrying out the following actions:
  1. Identify the level of responsibility of the company in the refrigeration system and cooling towers.
    • If the site is an owned site, the company has to make reviews and regular checks.
    • If the site is rented, company has to require the leaseholder to perform the checks
  2. Perform an impact analysis, with changes over the time, in which economic sanctions will be taken into account.
  3. Define actions to be performed in case of outbreak will be detected: alternative sites, communication procedures to employees and customers, media communications, etc.
No comments:
Tags:
Subscribe to: Posts (Atom)