smAlbany 2013 People hacking with social media 07 17 2013
42
People Hacking with Social Media Reg Harnish, CISSP, CISM, CISA Chief Security Strategist GreyCastle Security Rose Miller, SPHR Chief Executive Officer Pinnacle HR Joanmarie M. Dowling, Esq. Dowling Law, PLLC July 17, 2013
First Name Last Name Company Name Middle Name? Company Type? Sex? Nationality? Username? Password? Are they on vacation? If yes, where did they go and when are they coming back? Who do they delegate responsibilities to?
People are not awesome Copyright Universal Pictures All Rights Reserved
Presenter
Presentation Notes
Because people are horrible at estimating risks by themselves What are you more afraid of, sharks or vending machines? You’re three times as likely to be killed at the beach by a vending machine, now what are you more afraid of? Exactly, sharks. You can’t help it. 1. We overestimate risks that we can’t control (sharks) and underestimate risks that we can (vending machines).�“90 people get swine flu and we all want to wears masks, but 100M people get HIV and no one wants to wear a condom.” 2. When risks are thrust upon you you will overreact 3. We also exaggerate rare and spectacular risks and downplay common risks The Internet and media make this harder (Advice from Bruce Schnier – if it’s in the news, then don’t worry about it because the news by definition is something that almost never happens)
People who care: here they are
Presenter
Presentation Notes
We’re evolving,
Compliance regulations
Presenter
Presentation Notes
Because the industry wants you to
Social Media Horror Stories
Social Media Security Solutions
1. Operationalize security
2. Implement a policy
3. Train relentlessly
4. Test relentlessly
“Everybody has a plan until they get punched in the face.”
- Mike Tyson 5. Plan for the worst
“We’ve been on a lot of adventures together, and it seems like you haven’t learned anything. Anything.” - Alan
Social Media: Old Rules, New Game
About Dowling Law, PLLC
• Dowling Law, a labor and employment boutique firm, provides strategic legal advice and representation to private-sector employers in Tech Valley and across New York State.
• Joanmarie M. Dowling, Esq., is an attorney and founding member of Dowling Law. Joanmarie counsels and represents employers of all sizes, with a special focus on small to mid-size companies and not-for-profit employers. Joanmarie also currently serves as Vice President of the Capital Region Human Resource Association.
The Applicant You are about to hire a new salesperson.
Before you make an offer, should you:
conduct an internet search for the applicant’s name and background information?
check the applicant’s Facebook, LinkedIn, and other accounts?
request the applicant’s social media account user names and passwords?
The Salesperson
One year later, your assistant informs you that your salesperson recently set up a website with your company’s name and logo prominently displayed. On that website, he has been complaining about your company and its commission plan - and insulting your management style as “boorish” and “incompetent.”
The Salesperson Strikes Again This same salesperson has been
posting derogatory comments about your assistant on his Facebook
page.
She believes he is retaliating against her because she refused to go out
with him.
On the Way Out the Door
Before you even had an opportunity to speak with your salesperson, you receive a terse email from him, advising you that he is leaving your company effective immediately. You breathe a sigh of relief… but your relief is short-lived.
The next day, you see that your former salesperson is soliciting your clients for a competitor, using LinkedIn contacts and Twitter followers you helped him develop while he was your employee.
Are those contacts and followers property of your company?
Would communication to these contacts violate your former salesperson’s noncompetition and nonsolicitation agreement?
Social Media Security and Human Resources
Pinnacle Human Resources, LLC
Presenter
Presentation Notes
Background for the Trainer: Be prepared to discuss your organization’s policies and procedures concerning alternative work arrangements. Familiarize yourself with examples of alternative work arrangements currently �in effect in the organization. Talk to the managers and supervisors involved and find out what problems they have experienced and what suggestions they have �for their colleagues. Also talk to some employees involved in different types of alternative work arrangements and learn how they feel about their situation. Speaker’s Notes: This training session will focus on supervising alternative work arrangements. As the workforce becomes more diversified and employers struggle to cope with the demands of a rapidly changing marketplace, alternative work arrangements are becoming more popular and more common. During this training session, you will be provided with the information you need to successfully supervise alternative work arrangements and make the most of what they have to offer you, your employees, and the organization.
About Pinnacle Human Resources, LLC
Pinnacle’s staff is comprised of certified Senior Professionals in HR (SPHR) from the Certification Institute in Princeton, NJ and Masters in Education. Pinnacle employes over a dozen HR Professionals plus partners within a network of independent consultants to increase bandwidth.
Rose Miller is the President of Pinnacle Human Resources with over 25 years experience in strategic human resources management. Rose recently was awarded HR Leader of the Year from the Albany Chapter of the Society of Human Resources Management (SHRM)!
Rose Miller, SPHR/Owner [email protected] 7 Century Hill Drive, Latham, NY 518-486-8151
Technology & Social Media has Changed the Way We Work
Pros and Cons
Presenter
Presentation Notes
Speaker’s Notes: You should handle requests and proposed assignments for flexible scheduling the way you would any other employment or placement decision. In addition to the qualities we’ve already discussed, legitimate eligibility requirements for selecting employees for alternative work arrangements include length of time with the organization, length of time in the current job, and satisfactory performance evaluations. Remember, however, that using consistent selection criteria doesn’t necessarily mean making the same arrangements for each individual. Even though you need to use the same selection criteria, each arrangement must be worked out to the mutual satisfaction of the supervisor and the employee. Finally, alternative work arrangements work best when employees choose them. If they are forced or mandated, they are no longer “flexible” or “alternative.”
Management Concerns
New Policies Need to be
Developed
Multi-generational Issues Answers May Be Complicated
or Not Yet Available
Presenter
Presentation Notes
Speaker’s Notes: Here are some other important points to remember about alternative work arrangements. First of all, not everyone wants a nontraditional work schedule. Many—maybe even �most—of your employees are perfectly happy with the standard work arrangement. Not all jobs are well suited to alternative work arrangements, just as not all employees �are suited to them. Jobs that require employees to be on-site and �full-time during regular working hours, for example, are usually not suitable. In addition, different jobs lend themselves to different work arrangements. For example, �an office worker may be able to do some work at home, while compressed workweeks �would be a better option for a production worker.
Company Facebook
– Car Dealership • The salesman, the cashier and a third party on Facebook
Presenter
Presentation Notes
Speaker’s Notes: Here are some other important points to remember about alternative work arrangements. First of all, not everyone wants a nontraditional work schedule. Many—maybe even �most—of your employees are perfectly happy with the standard work arrangement. Not all jobs are well suited to alternative work arrangements, just as not all employees �are suited to them. Jobs that require employees to be on-site and �full-time during regular working hours, for example, are usually not suitable. In addition, different jobs lend themselves to different work arrangements. For example, �an office worker may be able to do some work at home, while compressed workweeks �would be a better option for a production worker.
The Importance of Employee Communications
The result of poor communications – Architect Firm
• What happens when terminations are not explained properly
– Engineering Firm • Misuse of Smartphone, skype,
and email equal harassment
Presenter
Presentation Notes
Speaker’s Notes: Here are some other important points to remember about alternative work arrangements. First of all, not everyone wants a nontraditional work schedule. Many—maybe even �most—of your employees are perfectly happy with the standard work arrangement. Not all jobs are well suited to alternative work arrangements, just as not all employees �are suited to them. Jobs that require employees to be on-site and �full-time during regular working hours, for example, are usually not suitable. In addition, different jobs lend themselves to different work arrangements. For example, �an office worker may be able to do some work at home, while compressed workweeks �would be a better option for a production worker.
Supporting Technology, Communications & Social Media Policies
Reading and Understanding Policies Communicating Expectations- No Privacy Background Checks and Monitoring Social Sites Reporting Claims and Supporting Claims Developing Performance Measures Recording Hours Worked Checking for Abuse of Technology Collection of Signed Acknowledgements
Presenter
Presentation Notes
Speaker’s Notes: A number of factors contribute to the success of alternative work arrangements. Several of them concern the employees involved. Not all employees are suited to these arrangements. For alternative work arrangements to succeed, employees need to be self-motivated and self-disciplined. They must also be independent individuals who can work well without a lot of supervision and who know how and when to take initiative. They must be mature people with self-confidence in their ability to handle the work and related problems. They need to be reliable as well. You have to be able to count on them even though you may not have as much direct contact with them as with other employees. It’s best if they are well-organized, task-oriented individuals. Finally, it’s essential that they be familiar with the job and the company, and experienced in their field of work so that they can handle the particular responsibilities that come with their nontraditional work arrangement.
Effective Supervision
Being a Good Example Communicating Policies
and Following Procedures Communicating Standards Monitoring Performance Training
Presenter
Presentation Notes
Speaker’s Notes: Supervising alternative work arrangements successfully involves a number of key factors in addition to those we’ve already talked about. Objectives, expectations, and timetables must all be spelled out. Misunderstandings on any of these issues are likely to lead to serious problems with the arrangement. Communication is critical not only when you set up an alternative work arrangement but also once it is in operation. You must ensure that all employees receive necessary information regardless of the hours they work or whether they work on-site or off. This means using e-mail and other technological links as well as standard communication methods, such as memos, meetings, bulletin boards, and employee handbooks. It is also vital to enforce the same standards for employees with alternative work arrangements as for all employees. You must make it clear that you are doing so. A flexible work schedule is not an acceptable excuse for late or poor-quality work. In addition, you have to carefully monitor the performance of employees who are working flexible schedules. Just because they may be out of sight some or all of the time doesn’t mean they should ever be out of mind. Of course, you need to be sure that all employees get required job training and have access to other training opportunities that will help them grow and develop as well. With employees working flexible schedules, this may take more than the usual planning and coordination.
