Microsoft released an updated Outlook Social Connector on Tuesday, July 13, 2010. This social connector promises to integrate users’ social network connections, contacts and updates all within their Outlook client. The same Outlook client and same workstation that hold countless internal communications that could contain not only, corporate confidential information, but also Personally Identifiable Information and Payment Card Data.

This functionality is built into Outlook 2010, but is also available for Outlook 2003 and Outlook 2007 with the installation of the Outlook Social Connector software.

When using the Outlook Social Connector, users have an added pane that shows: a profile picture, the social networks the user is on, any previous posts or status updates for connected profiles, and previous emails and meetings.

Social Networking Issues

Many corporations restrict access to networking web sites and software, and have policies that instruct employees to refrain from using them during work. While corporate security and privacy departments are still trying to control and classify information, users are proving that they want a more seamless social network environment.

The new features and software for social networking have the possibility to seamlessly bridge public networks with internal corporate communications. Presently, the Social Connector is more of a read only tool since it lacks the ability to post content to social networks via the Outlook Social Connector. That does not necessarily mean that the add-on will always stay that way.

The integration of social networks can also pose an issue for Human Resources departments, since not all information posted or shared on those networks is appropriate at a place of business. This could leave a business open to lawsuits or complaints due to sensitive, non-public information posted to a social network, but viewed in a corporate application.

Protecting your corporate information from public disclosure

Any previous initiatives to prevent data loss (DLP) should compliment this situation as well. Email and internet communication, even without the Social Connector, are one of the top vectors for data loss, and the Outlook Social Connector uses both.

Blocking networking sites with a firewall, web filter, or proxy server may keep separation while the user is in the office. Unfortunately, most classic web filtering products do not have the capability of restricting access while employees are away from the filtering infrastructure. A number of companies have begun moving web filtering to the cloud with proxy servers available anywhere that can continue to protect users and corporate information in a consistent manner. This may help separate networking sites from corporate assets and information, preventing installed connectors from working.

Possibly the best way to prevent employees from improperly using Outlook Social Network Connector is something security professionals have been saying for some time: remove users administrative rights. Administrative access is required to install the social connector software. If your business does not grant administrator access to users, your job may be easier since administrator access is required to install the Outlook Social Connector and any actual network site connectors.

Honest communication with users is critical to prevent a backlash from users who just see the heavy hand of the Security Department preventing users from social network interaction.

Conclusion

Social Networking has turned into the Internet equivalent of the proverbial water cooler. Unlike the classic water cooler where employees congregated to talk and gossip, we are now inviting all the friends and friends of friends of the employees. Not all of those connections are trustworthy, or should even be asked to be. As services like Outlook Social Network Connector continue their incursion into the corporate environment, Security Departments need to maintain a strong and understandable posture to protect the corporation from improper disclosure.

Companies need to use a multi-pronged approach to successfully protect confidential information. Companies should create clear and concise policies that instruct on both the inappropriate and appropriate uses of social networks. Many include statements that you are not to use your corporate email address unless you are authorized to make corporate communications for the company. Companies should consider restricting network access with a content filter or other technological solution. Cheapest smm Panel