social media: an internal audit reality · 2018-11-05 · •social media hackers. currently,...
TRANSCRIPT
![Page 1: Social Media: An Internal Audit Reality · 2018-11-05 · •Social media hackers. Currently, according to in depth statistics, there are more than 3 billion active social network](https://reader033.vdocuments.site/reader033/viewer/2022060500/5f1ad67dbee8e5412f742648/html5/thumbnails/1.jpg)
Social Media: An Internal Audit Reality
Presented by:Joe Schmidt, Manager
Stephen Chasser, Experienced Consultant
Moderated by:Sara O’Banion
![Page 2: Social Media: An Internal Audit Reality · 2018-11-05 · •Social media hackers. Currently, according to in depth statistics, there are more than 3 billion active social network](https://reader033.vdocuments.site/reader033/viewer/2022060500/5f1ad67dbee8e5412f742648/html5/thumbnails/2.jpg)
TODAY’S PRESENTERS
Stephen Chasser Experienced Consultant
Columbus
Joe SchmidtManagerCincinnati
![Page 3: Social Media: An Internal Audit Reality · 2018-11-05 · •Social media hackers. Currently, according to in depth statistics, there are more than 3 billion active social network](https://reader033.vdocuments.site/reader033/viewer/2022060500/5f1ad67dbee8e5412f742648/html5/thumbnails/3.jpg)
Agenda
Social Media – An operational perspective
•Overview
•Social media objectives
•Social media risks
•Internal audit response/approach
•Examples
![Page 4: Social Media: An Internal Audit Reality · 2018-11-05 · •Social media hackers. Currently, according to in depth statistics, there are more than 3 billion active social network](https://reader033.vdocuments.site/reader033/viewer/2022060500/5f1ad67dbee8e5412f742648/html5/thumbnails/4.jpg)
Social Media’s Impact on the World
![Page 5: Social Media: An Internal Audit Reality · 2018-11-05 · •Social media hackers. Currently, according to in depth statistics, there are more than 3 billion active social network](https://reader033.vdocuments.site/reader033/viewer/2022060500/5f1ad67dbee8e5412f742648/html5/thumbnails/5.jpg)
Overview – Social Media Impact
Social Network – a network of social interactions and personal relationships
Social Media – websites and applications that enable users to share content/participate in social networks
• Societal Impact• Increased transparency• Information availability
2018 Study, Pew Research Center
![Page 6: Social Media: An Internal Audit Reality · 2018-11-05 · •Social media hackers. Currently, according to in depth statistics, there are more than 3 billion active social network](https://reader033.vdocuments.site/reader033/viewer/2022060500/5f1ad67dbee8e5412f742648/html5/thumbnails/6.jpg)
• Corporate Impact• Corporation Customer barriers• Platform economy• Social media linkages
2.62 billion global social media users
in 2018 (34% penetration)
By 2021; mobile e-commerce = 54% of all online sales
Facebook Ad revenue in the US
> total print ad spending by 2019
2018 Study, Forbes Magazine
Overview – Social Media Impact
![Page 7: Social Media: An Internal Audit Reality · 2018-11-05 · •Social media hackers. Currently, according to in depth statistics, there are more than 3 billion active social network](https://reader033.vdocuments.site/reader033/viewer/2022060500/5f1ad67dbee8e5412f742648/html5/thumbnails/7.jpg)
Corporate Objectives
![Page 8: Social Media: An Internal Audit Reality · 2018-11-05 · •Social media hackers. Currently, according to in depth statistics, there are more than 3 billion active social network](https://reader033.vdocuments.site/reader033/viewer/2022060500/5f1ad67dbee8e5412f742648/html5/thumbnails/8.jpg)
Corporate Objectives
A corporation’s social media objectives should be measurable and trackable.
• Brand Awareness• Number of consumers being exposed to the brand• Developing a brand reputation• Increase the size of social networks and communities
• Monitor consumer activity and feedback
• Social followers new business
![Page 9: Social Media: An Internal Audit Reality · 2018-11-05 · •Social media hackers. Currently, according to in depth statistics, there are more than 3 billion active social network](https://reader033.vdocuments.site/reader033/viewer/2022060500/5f1ad67dbee8e5412f742648/html5/thumbnails/9.jpg)
Risks Inherent in Social Media Use
![Page 10: Social Media: An Internal Audit Reality · 2018-11-05 · •Social media hackers. Currently, according to in depth statistics, there are more than 3 billion active social network](https://reader033.vdocuments.site/reader033/viewer/2022060500/5f1ad67dbee8e5412f742648/html5/thumbnails/10.jpg)
Social Media Risks
Brand and Reputational Damage• Speed of information and
organizational transparencyare main factors
![Page 11: Social Media: An Internal Audit Reality · 2018-11-05 · •Social media hackers. Currently, according to in depth statistics, there are more than 3 billion active social network](https://reader033.vdocuments.site/reader033/viewer/2022060500/5f1ad67dbee8e5412f742648/html5/thumbnails/11.jpg)
Social Media Risks
Compliance •NLRA (National Labor Relations Act) Section 7• Gramm Leach Bliley Act (GLBA)• Financial Industry Regulatory Authority (FINRA)
Outsourcing Social Media Activity
![Page 12: Social Media: An Internal Audit Reality · 2018-11-05 · •Social media hackers. Currently, according to in depth statistics, there are more than 3 billion active social network](https://reader033.vdocuments.site/reader033/viewer/2022060500/5f1ad67dbee8e5412f742648/html5/thumbnails/12.jpg)
Social Media Risks
Information Leakage• Sensitive and important information
open to the public• Customer information, intellectual
property, M&A, etc.
Lack of Governance
• IT oversight
• Corporate strategy
• Goal consistencyGreenfile Developments
![Page 13: Social Media: An Internal Audit Reality · 2018-11-05 · •Social media hackers. Currently, according to in depth statistics, there are more than 3 billion active social network](https://reader033.vdocuments.site/reader033/viewer/2022060500/5f1ad67dbee8e5412f742648/html5/thumbnails/13.jpg)
Internal Audit Response & Corporate Social Media Policy
![Page 14: Social Media: An Internal Audit Reality · 2018-11-05 · •Social media hackers. Currently, according to in depth statistics, there are more than 3 billion active social network](https://reader033.vdocuments.site/reader033/viewer/2022060500/5f1ad67dbee8e5412f742648/html5/thumbnails/14.jpg)
A Risk-Based Approach
• Develop controls to mitigate risks
• Educate personnel
• Periodically validate effectiveness of controls
![Page 15: Social Media: An Internal Audit Reality · 2018-11-05 · •Social media hackers. Currently, according to in depth statistics, there are more than 3 billion active social network](https://reader033.vdocuments.site/reader033/viewer/2022060500/5f1ad67dbee8e5412f742648/html5/thumbnails/15.jpg)
A Risk-Based ApproachImportant Internal Audit responses
Brand damage• Help to develop an organization-wide social media policy• Policies should be established for personal and company
social media accounts• Crisis management plan(s)
Compliance• Educate personnel on applicable regulations and laws• Develop procedures consistent/perform gap assessments
![Page 16: Social Media: An Internal Audit Reality · 2018-11-05 · •Social media hackers. Currently, according to in depth statistics, there are more than 3 billion active social network](https://reader033.vdocuments.site/reader033/viewer/2022060500/5f1ad67dbee8e5412f742648/html5/thumbnails/16.jpg)
A Risk-Based Approach
Important Internal Audit responses• Third Party Risk and Information Leakage• Loss prevention• Strict third-party selection criteria• Evaluation of third-party’s business and
control environment (SOC reporting)
Operational/Effectiveness Audit• Are objectives being met?•Utilize metrics (ROI/KPIs)
![Page 17: Social Media: An Internal Audit Reality · 2018-11-05 · •Social media hackers. Currently, according to in depth statistics, there are more than 3 billion active social network](https://reader033.vdocuments.site/reader033/viewer/2022060500/5f1ad67dbee8e5412f742648/html5/thumbnails/17.jpg)
Overview – Drivers
Business Awareness
Business/ Employee Productivity
Employee Education
Acceptable Use
![Page 18: Social Media: An Internal Audit Reality · 2018-11-05 · •Social media hackers. Currently, according to in depth statistics, there are more than 3 billion active social network](https://reader033.vdocuments.site/reader033/viewer/2022060500/5f1ad67dbee8e5412f742648/html5/thumbnails/18.jpg)
Business Awareness
What is Business Awareness?Visibility and security controls/ policies in place for all levels of business. In addition to company social media presence with access to those accounts.
What is the value?Prevention of phishing, posting and additional risk leading to exposure of company information exposed to the public.
What is the scope?Frequently viewed as though personal communication tool rather than a business platform, risk monitoring & governance, employee security awareness and corporate security policies.
What restrictions are used? A two sided approach, establishing user usage restrictions and company monitoring of social media platforms where there is a presence.
![Page 19: Social Media: An Internal Audit Reality · 2018-11-05 · •Social media hackers. Currently, according to in depth statistics, there are more than 3 billion active social network](https://reader033.vdocuments.site/reader033/viewer/2022060500/5f1ad67dbee8e5412f742648/html5/thumbnails/19.jpg)
Business Awareness
Enterprise Social Media
Accounts
Administration Posting
Social Media Accounts
Management
Monitoring User Posts and
Comments
Monitoring Employees
Posting
![Page 20: Social Media: An Internal Audit Reality · 2018-11-05 · •Social media hackers. Currently, according to in depth statistics, there are more than 3 billion active social network](https://reader033.vdocuments.site/reader033/viewer/2022060500/5f1ad67dbee8e5412f742648/html5/thumbnails/20.jpg)
Administrations Role
Security Administration
User Population
Controls & Restrictions
![Page 21: Social Media: An Internal Audit Reality · 2018-11-05 · •Social media hackers. Currently, according to in depth statistics, there are more than 3 billion active social network](https://reader033.vdocuments.site/reader033/viewer/2022060500/5f1ad67dbee8e5412f742648/html5/thumbnails/21.jpg)
Social Media Account Administration
Single Point Posting
Company Endorsement
Controls & Restrictions
![Page 22: Social Media: An Internal Audit Reality · 2018-11-05 · •Social media hackers. Currently, according to in depth statistics, there are more than 3 billion active social network](https://reader033.vdocuments.site/reader033/viewer/2022060500/5f1ad67dbee8e5412f742648/html5/thumbnails/22.jpg)
Social Media Account Administration
Company Endorsements
Company Responses
Removal of Defamatory Content
![Page 23: Social Media: An Internal Audit Reality · 2018-11-05 · •Social media hackers. Currently, according to in depth statistics, there are more than 3 billion active social network](https://reader033.vdocuments.site/reader033/viewer/2022060500/5f1ad67dbee8e5412f742648/html5/thumbnails/23.jpg)
Monitoring Account Activity
![Page 24: Social Media: An Internal Audit Reality · 2018-11-05 · •Social media hackers. Currently, according to in depth statistics, there are more than 3 billion active social network](https://reader033.vdocuments.site/reader033/viewer/2022060500/5f1ad67dbee8e5412f742648/html5/thumbnails/24.jpg)
Monitoring Account Activity
• Centralized promotion and sharing through the established social media account.
• Responding and resolving customer responses on social media.
Company Monitoring
• Having visibility to the employee user social media accounts.
• Controlling the content that is posted by the employee that may impact the company.
Employee Monitoring
![Page 25: Social Media: An Internal Audit Reality · 2018-11-05 · •Social media hackers. Currently, according to in depth statistics, there are more than 3 billion active social network](https://reader033.vdocuments.site/reader033/viewer/2022060500/5f1ad67dbee8e5412f742648/html5/thumbnails/25.jpg)
Employee Accountability
Acceptable Use
• Having a clear and established policy for the rules and behavior of the employee
• Employee acknowledgment of the Acceptable Use Policy
Employee Education
• On going security awareness training, through annual classes or staging phishing attempts approved by management, internally
• Receiving a conformation that the training was successful
Accountability
• Empowering the employee to report any issues that are discovered
• Recognition of possible issues they notice or report
![Page 26: Social Media: An Internal Audit Reality · 2018-11-05 · •Social media hackers. Currently, according to in depth statistics, there are more than 3 billion active social network](https://reader033.vdocuments.site/reader033/viewer/2022060500/5f1ad67dbee8e5412f742648/html5/thumbnails/26.jpg)
Exploits Through Social Media
• Social media hackers. Currently, according to in depth statistics, there are more than 3 billion active social network users worldwide. They use links on social media to direct you to download virus, these links may be disguised as ‘like’ buttons or links to other pages. Attempts are also made to acquire information through social media such as usernames and passwords
• Average time to detect a malicious or criminal attack by a global study sample of organizations was 170 days.
• 98% of tested web apps are vulnerable to attack.
• Only 38 percent of global organizations claim they are prepared to handle a sophisticated cyber attack.
![Page 27: Social Media: An Internal Audit Reality · 2018-11-05 · •Social media hackers. Currently, according to in depth statistics, there are more than 3 billion active social network](https://reader033.vdocuments.site/reader033/viewer/2022060500/5f1ad67dbee8e5412f742648/html5/thumbnails/27.jpg)
Exploits Through Social Media
• Experienced DOS attacks
• Discovered malicious code and botnets
• Experienced phishing & social engineering attacks
• Percentage of companies that have experienced web based attacks
68% 62%
51%59%
![Page 28: Social Media: An Internal Audit Reality · 2018-11-05 · •Social media hackers. Currently, according to in depth statistics, there are more than 3 billion active social network](https://reader033.vdocuments.site/reader033/viewer/2022060500/5f1ad67dbee8e5412f742648/html5/thumbnails/28.jpg)
Conclusion
How do we protect ourselves from Social
Media Exploits?