Proofpoint: Security, Compliance and the Cloud

I'm sure many of you have seen this widely syndicated story from the San Francisco Chronicle - "Don't share vacation plans on social media" (or the similar Associated Press/USA Today story - "Could Twittering about your vacation put your home at risk?") - which includes an anecdote about a small business owner who suspects that his home was burglarized while he was on vacation because he "Tweeted" about his trip. According to the article:

Israel Hyman, an Arizona video editor who says he has close to 2,000 people following him on Twitter and also uses Facebook "a lot," recently was burglarized while he was in Kansas City.

"We had mentioned that we were going out of town for an extended period and even Twittered about the trip as we drove for three days," he told an Arizona television station. While he was gone, video-editing equipment was stolen from his home. Although he is not sure his tweeting tipped off the burglars, he says he will be more careful in the future about what he shares online.

I think that many have taken these stories as living proof that using social media is inherently risky... Even though the SF Chronicle article goes on to quote Joanne McNabb, chief of the California Office of Privacy Protection, who says that her office hasn't received any similar complaints, noting that:

"It's not that these Web 2.0 things are creating new crimes. They are providing some new vectors or venues for the crimes that can happen anyway."

I'm inclined to agree with McNabb on this one, though I'm sure that many consumers and enterprises could use more education on the basics of social media security and privacy protection. Should individuals really worry about posting their whereabouts on Twitter? Hard to say at this point, but I think users of these systems (especially publicly-searchable ones like Twitter) should at least be aware of the possibilities and use appropriate judgment before posting.

I do know a few things about enterprise risks related to social media and I've been thinking a lot about these issues lately as I'm currently working on the research for the 2009 edition of Proofpoint's Outbound Email and Data Loss Prevention in Today's Enterprise report. In the 2008 edition (you can request a copy of the complete report here), we asked enterprises about their concerns about social networking sites as a conduit for data loss and found the following interesting facts:

• 12% of large US companies investigated the exposure of confidential, sensitive or private information via a posting to a social networking site (during the period March 07 - March 08)
• 13% had disciplined an employee for violating social networking policies in that same period
• 4% had fired an employee for violating social networking policies in that period
• 44% said they were "concerned" or "very concerned" about the risk of information leakage via posts to social networking sites

In the 2009 report, I'll be taking an even closer look at enterprise concerns about social media, including specific concerns around short messaging services like Twitter. It'll be interesting to see if enterprise concerns are on the rise this year with social media so much in the spotlight. Watch this blog for updates about the availability of the new report.

In the meantime, if you're interested in these topics, the latest edition of our complete report (currently the 2008 edition) has many more such statistics and is always available at the following URL:

http://www.proofpoint.com/outbound