Chapter 4 Cybersecurity Policies and Procedures
The Institute for Risk Management (IRM) Elliot Bryan, IRM and Willis Towers Watson, UK Alexander Larsen, IRM, and President of Baldwin Global Risk Services Ltd., UK
Tom, the CEO, was surprised. He challenged his chief risk officer, Nathan, and chief information security officer, Maria: “Are you telling me there is not one but six types of policies I need to sign off for cyber risk?” The two answered in tandem: “Yes! Social media, ransomware, cloud computing/third-party vendors, Big Data analytics, the Internet of Things, and bring-your-own-device (BYOD)/mobile devices.”
Social Media Risk Policy
Social media is an Internet-based communication tool and platform that increases and enhances the sharing of information and media. It is often overlooked as an area of risk by organizations that underestimate its potential negative impact—particularly on reputation.
A McDonald’s social-media effort is one example of a known social media risk being realized. The fast-food leader set up the hashtag #McDstories on Twitter to encourage users to share and promote positive stories about the restaurant. It didn’t take long for people to use the hashtag to post mostly negative stories of their experiences, derailing the campaign and embarrassing McDonald’s.
Understand Your Social Media Risks
Currently, there are literally thousands of social media platforms with over 2 billion active users. These include forums, blogs, networking sites, and ...
Get The Cyber Risk Handbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
