Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security / Privacy Advice?

Posted by kdawson on from the all-ears dept.

James-NSC writes "My employer is changing its policy towards employee use of social networks. I've been asked to give a 40-minute presentation to the entire company, with attendance mandatory, on the security and privacy concerns relating to social networking. While I was putting it together, I ended up with some miscellaneous information that pertains to security/privacy in general, for example: the emerging ATM skimming (mainly for our European employees), a reminder that email is not private, malware/drive-by in popular search results, etc. Since these topics don't directly relate to the subject I've been asked to address, I've ended up with a section titled 'While I have you...' I'm going to have the mandatory attention of every employee and I thought it would be a great opportunity to give advice on security/privacy issues across the board. As it's an opportunity that one seldom gets, I certainly want to utilize it fullly. If you had the attention of an entire company with employees in the US, UK, Asia, and Australia, what security / privacy advice would you give?"

7 of 260 comments (clear)

  1. Mandatory? by DoofusOfDeath · · Score: 5, Insightful

    I'm going to have the mandatory attention of every employee

    No, you're going to have the mandatory presence of every employee. And unless you make the talk riveting, every seconds of unnecessary content will make them despise you more.

    1. Re:Mandatory? by CannonballHead · · Score: 5, Insightful

      I have found that food helps everyone like you more; perhaps he should provide lunch. Or at least cookies.

    2. Re:Mandatory? by PylonHead · · Score: 5, Insightful

      This is correct.

      Present just the information you've been tasked to convey.

      Present it in at least 2 different ways.

      Take questions.

      Summarize once more and let them out early.

      Honestly, the more you try to cram in there the less they're going to take away.

      --
      # (/.);;
      - : float -> float -> float =
    3. Re:Mandatory? by BadAnalogyGuy · · Score: 5, Insightful

      Have you ever tried growing tomatoes? It's very difficult because there are lots of things that can go wrong. Bugs, bad soil, wind, even the tomatoes themselves can be too heavy and break off the vine. It's not a matter of planting the seed and then letting it grow. You've got to be involved almost every day to make sure the growth is under control, that the vine is tied where it needs to be, that the plant is properly pruned so that you don't end up with a scraggly set of leaves and scrawny tomatoes. It's a very difficult, but very rewarding activity.

      So when you say:
      Take questions.

      You are wrong.

      Ask questions. If you want your audience involved, you need to solicit feedback. You can't expect them to come with any questions, so you need to frame your speech to include questions *to* your audience so that they become part of the program, not just spectators.

  2. krsmav by krsmav · · Score: 5, Insightful

    When you have a captive audience, the temptation is nearly irresistible to force-feed them something they wouldn't willingly listen to. Put yourself in their place. Don't say anything that you would resent being forced to sit through. Keep it short and jargon-free, and lighten up if possible.

  3. Cutting off social networking? by syousef · · Score: 5, Insightful

    My employer is changing its policy towards employee use of social networks. I've been asked to give a 40-minute presentation to the entire company, with attendance mandatory, on the security and privacy concerns relating to social networking.

    Correct me if I'm wrong but that just sounds to me like your employer is going to start blocking Facebook, Myspace, Youtube, private email, and possibly everything else your filtering software classifies as social networking. Or at least a prelude to this.

    If I'm right, the only opportunity you're being given here is to become the public face of a very unpopular move. Adding a lecture on security to this will only irritate people who'll be thinking "Well it's not going to matter anyway once it's blocked". It's going to be very difficult to come across as anything but condescending. People are quite likely to associate the decision with you personally. Your aim should be to stay brief and informative, not to "utilize" the opportunity, because it's an opportunity for social suicide. Ideally this should have been undertaken by email, been short and been to the point.

    --
    These posts express my own personal views, not those of my employer
  4. Re:Back it up with a little detail helps. by s.d. · · Score: 5, Insightful

    You really think that secretaries and accountants and HR reps, who are being forced to sit through a "don't put stupid shit on Facebook because it reflects badly on us" or "don't Twitter about company business or you'll get fired" presentation would understand or care about brute force ssh attacks?

    Everyone is being told, "This discussion of social networking and how to protect yourself and the company is mandatory." Don't waste their time with things that they won't understand and are totally off-topic.