Compliance concerns affect businesses in many different ways--depending of course on the regulation that a business is subject to. For public companies there are regulations set forth in Sarbanes-Oxley (SOX) legislation, while healthcare organizations are bound by Health Insurance Portability and Accountability Act regulations, retail establishments have to follow Payment Card Industry regulation, and other professions--such as law, financial services, and others--have their own sets of rules to follow.
Now that Google is looking to launch a social networking solution for businesses, based upon its newly minted Google+ offering, compliance concerns are going to grow exponentially for many businesses, simply because any technology that makes it easier to share information makes information that much easier to share.
Therein lies the problem--how does an IT manager control that information and make sure that the information does not violate compliance rules, expose proprietary intellectual property, or potentially reveal trade secrets?
Here are five tips on how to remain compliant in a world driven by social networking:
1. Block Access: The most obvious way to protect a company and its data from compliance violations is to simply block access to social networking sites. It is an easy concept, but also proves difficult to execute. Blocking access requires advanced firewall settings, or possibly purchasing security appliances. However, the simplest way to build an effective blocking technique may be by incorporating Web-filtering software or hardware. Here, policies can be implemented that will block access to those sites.
2. Deploy Data Leakage Protection Technologies: For some, the answer may be to simply control the content that enters and leaves the network. With DLP, data is examined during transit to make sure it does not contain information that violates compliance policies. DLP is one step above filtering, because it allows access, yet examines inbound and outbound traffic.
3. Education: Perhaps one of the most basic methods to protect data is to educate the end users. By informing users of company policy, compliance requirements, and having them sign an agreement to protect data, most, if not all, compliance issues can be prevented. However, education usually proves to be the hardest solution to pull off.
4. Control Access: Limit access to social networking sites to those who only need it as part of their job function and define clear-cut policies on what is and what is not acceptable communications. To enforce limited access, you may have to rely on implementing the first three steps above to make controlled access possible.
5. Define Policies: A majority of companies lack comprehensive policies for social networking. Although policies tie into employee education, the fact is that most policies do not target the rules and regulations surrounding social networking and legislative compliance requirements. Clear-cut policies help to educate employees, define acceptable behavior, and ease auditing--all of which are key components of effective compliance enforcement.
With a little forethought and a bit of planning, the benefits offered by business social networking can be realized by most businesses, without risking a compliance nightmare.
At the 2011 InformationWeek 500 Conference, C-level executives from leading global companies will gather to discuss how their organizations are turbo-charging business execution and growth--how their accelerated enterprises manage cash more effectively, invest more wisely, delight customers more consistently, manage risk more profitably. The conference will feature a range of keynote, panel, and workshop sessions. St. Regis Monarch Beach, Calif., Sept. 11-13. Find out more and register.